WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/22/2011 11:18:58 PM (9 years ago)
Author:
ryan
Message:

Add a nonce.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/ms-delete-site.php

    r16061 r17992  
    3535
    3636if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_POST['confirmdelete'] ) && $_POST['confirmdelete'] == '1' ) {
     37    check_admin_referer( 'delete-blog' );
     38
    3739    $hash = wp_generate_password( 20, false );
    3840    update_option( 'delete_blog_hash', $hash );
     
    6971
    7072    <form method="post" name="deletedirect">
     73        <?php wp_nonce_field( 'delete-blog' ) ?>
    7174        <input type="hidden" name="action" value="deleteblog" />
    7275        <p><input id="confirmdelete" type="checkbox" name="confirmdelete" value="1" /> <label for="confirmdelete"><strong><?php printf( __( "I'm sure I want to permanently disable my site, and I am aware I can never get it back or use %s again." ), is_subdomain_install() ? $current_blog->domain : $current_blog->domain . $current_blog->path ); ?></strong></label></p>
    7376        <?php submit_button( __( 'Delete My Site Permanently' ) ); ?>
    7477    </form>
    75     <?php
     78    <?php
    7679}
    7780echo '</div>';
Note: See TracChangeset for help on using the changeset viewer.