WordPress.org

Make WordPress Core

Changeset 17602


Ignore:
Timestamp:
04/05/2011 04:23:46 PM (7 years ago)
Author:
nacin
Message:

Add some nonce checks to the uploaders. Props duck_. For the 3.0 branch.

Location:
branches/3.0/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/3.0/wp-admin/includes/media.php

    r16668 r17602  
    494494
    495495    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     496        check_admin_referer('media-form');
    496497        // Upload File button was clicked
    497498        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     
    599600
    600601    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     602        check_admin_referer('media-form');
    601603        // Upload File button was clicked
    602604        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     
    657659
    658660    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     661        check_admin_referer('media-form');
    659662        // Upload File button was clicked
    660663        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
     
    715718
    716719    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     720        check_admin_referer('media-form');
    717721        // Upload File button was clicked
    718722        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
  • branches/3.0/wp-admin/media-upload.php

    r15171 r17602  
    3636
    3737    if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
     38        check_admin_referer('media-form');
    3839        // Upload File button was clicked
    3940        $id = media_handle_upload('async-upload', $_REQUEST['post_id']);
Note: See TracChangeset for help on using the changeset viewer.