Make WordPress Core


Ignore:
Timestamp:
03/28/2011 09:30:59 PM (13 years ago)
Author:
ryan
Message:

Add some nonce checks to the uploaders. Props duck_. For trunk.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/media-upload.php

    r16847 r17568  
    3939
    4040    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     41        check_admin_referer('media-form');
    4142        // Upload File button was clicked
    4243        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
Note: See TracChangeset for help on using the changeset viewer.