Make WordPress Core

Changeset 17568


Ignore:
Timestamp:
03/28/2011 09:30:59 PM (14 years ago)
Author:
ryan
Message:

Add some nonce checks to the uploaders. Props duck_. For trunk.

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/media.php

    r17347 r17568  
    500500
    501501    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     502        check_admin_referer('media-form');
    502503        // Upload File button was clicked
    503504        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     
    605606
    606607    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     608        check_admin_referer('media-form');
    607609        // Upload File button was clicked
    608610        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     
    663665
    664666    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     667        check_admin_referer('media-form');
    665668        // Upload File button was clicked
    666669        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     
    721724
    722725    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     726        check_admin_referer('media-form');
    723727        // Upload File button was clicked
    724728        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
  • trunk/wp-admin/media-upload.php

    r16847 r17568  
    3939
    4040    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     41        check_admin_referer('media-form');
    4142        // Upload File button was clicked
    4243        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
Note: See TracChangeset for help on using the changeset viewer.