WordPress.org

Make WordPress Core

Changeset 17602


Ignore:
Timestamp:
04/05/11 16:23:46 (4 years ago)
Author:
nacin
Message:

Add some nonce checks to the uploaders. Props duck_. For the 3.0 branch.

Location:
branches/3.0/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/wp-admin/includes/media.php

    r16668 r17602  
    494494 
    495495    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     496        check_admin_referer('media-form'); 
    496497        // Upload File button was clicked 
    497498        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     
    599600 
    600601    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     602        check_admin_referer('media-form'); 
    601603        // Upload File button was clicked 
    602604        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     
    657659 
    658660    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     661        check_admin_referer('media-form'); 
    659662        // Upload File button was clicked 
    660663        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
     
    715718 
    716719    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     720        check_admin_referer('media-form'); 
    717721        // Upload File button was clicked 
    718722        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
  • branches/3.0/wp-admin/media-upload.php

    r15171 r17602  
    3636 
    3737    if ( isset($_POST['html-upload']) && !empty($_FILES) ) { 
     38        check_admin_referer('media-form'); 
    3839        // Upload File button was clicked 
    3940        $id = media_handle_upload('async-upload', $_REQUEST['post_id']); 
Note: See TracChangeset for help on using the changeset viewer.