WordPress.org

Make WordPress Core

Changeset 17569


Ignore:
Timestamp:
03/28/11 21:32:01 (3 years ago)
Author:
ryan
Message:

Add some nonce checks to the uploaders. Props duck_. For 3.1.

Location:
branches/3.1/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.1/wp-admin/includes/media.php

    r17347 r17569  
    500500 
    501501    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     502        check_admin_referer('media-form'); 
    502503        // Upload File button was clicked 
    503504        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     
    605606 
    606607    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     608        check_admin_referer('media-form'); 
    607609        // Upload File button was clicked 
    608610        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     
    663665 
    664666    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     667        check_admin_referer('media-form'); 
    665668        // Upload File button was clicked 
    666669        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     
    721724 
    722725    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     726        check_admin_referer('media-form'); 
    723727        // Upload File button was clicked 
    724728        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
  • branches/3.1/wp-admin/media-upload.php

    r16847 r17569  
    3939 
    4040    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     41        check_admin_referer('media-form'); 
    4142        // Upload File button was clicked 
    4243        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
Note: See TracChangeset for help on using the changeset viewer.