Make WordPress Core

Changeset 21504


Ignore:
Timestamp:
08/14/2012 06:39:15 PM (12 years ago)
Author:
ryan
Message:

Remove post type from post nonces. Fixes attachment deletion when EMPTY_TRASH_DAYS is 0. Props c3mdigital, kurtpayne, SergeyBiryukov. fixes #21194

Location:
trunk
Files:
9 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/css/colors-classic.dev.css

    r21461 r21504  
    517517
    518518.submitbox .submitdelete:hover,
    519 #media-items a.delete:hover {
     519#media-items a.delete:hover,
     520#media-items a.delete-permanently:hover {
    520521    color: #fff;
    521522    background-color: #f00;
     
    608609#media-upload a.del-link,
    609610#media-items a.delete,
     611#media-items a.delete-permanently,
    610612.plugins a.delete,
    611613.ui-tabs-nav a {
  • trunk/wp-admin/css/colors-fresh.dev.css

    r21461 r21504  
    508508
    509509.submitbox .submitdelete:hover,
    510 #media-items a.delete:hover {
     510#media-items a.delete:hover,
     511#media-items a.delete-permanently:hover {
    511512    color: #fff;
    512513    background-color: #f00;
     
    599600#media-upload a.del-link,
    600601#media-items a.delete,
     602#media-items a.delete-permanently,
    601603.plugins a.delete,
    602604.ui-tabs-nav a {
  • trunk/wp-admin/edit-form-advanced.php

    r21311 r21504  
    8484
    8585$form_action = 'editpost';
    86 $nonce_action = 'update-' . $post_type . '_' . $post_ID;
     86$nonce_action = 'update-post_' . $post_ID;
    8787$form_extra .= "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
    8888
  • trunk/wp-admin/includes/ajax-actions.php

    r21413 r21504  
    17281728        $post_type = $_POST['post_type'];
    17291729
    1730     check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce');
     1730    check_ajax_referer('update-post_' . $post_id, '_wpnonce');
    17311731
    17321732    $post_id = edit_post();
     
    17701770        wp_die( 0 );
    17711771
    1772     check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id );
     1772    check_ajax_referer( 'update-post_' . $post_id );
    17731773
    17741774    if ( ! current_user_can( 'edit_post', $post_id ) )
  • trunk/wp-admin/includes/class-wp-media-list-table.php

    r21323 r21504  
    361361            if ( current_user_can( 'delete_post', $post->ID ) )
    362362                if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) {
    363                     $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&amp;post=$post->ID", 'trash-attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
     363                    $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&amp;post=$post->ID", 'trash-post_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
    364364                } else {
    365365                    $delete_ays = !MEDIA_TRASH ? " onclick='return showNotice.warn();'" : '';
    366                     $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&amp;post=$post->ID", 'delete-attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
     366                    $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
    367367                }
    368368            $actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;' ), $att_title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>';
     
    375375            if ( current_user_can( 'delete_post', $post->ID ) ) {
    376376                if ( $this->is_trash )
    377                     $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&amp;post=$post->ID", 'untrash-attachment_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
     377                    $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&amp;post=$post->ID", 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
    378378                elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH )
    379                     $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&amp;post=$post->ID", 'trash-attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
     379                    $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&amp;post=$post->ID", 'trash-post_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
    380380                if ( $this->is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) {
    381381                    $delete_ays = ( !$this->is_trash && !MEDIA_TRASH ) ? " onclick='return showNotice.warn();'" : '';
    382                     $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&amp;post=$post->ID", 'delete-attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
     382                    $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
    383383                }
    384384            }
  • trunk/wp-admin/includes/class-wp-posts-list-table.php

    r21323 r21504  
    546546                if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {
    547547                    if ( 'trash' == $post->post_status )
    548                         $actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $post->ID ) ), 'untrash-' . $post->post_type . '_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
     548                        $actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&amp;action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
    549549                    elseif ( EMPTY_TRASH_DAYS )
    550550                        $actions['trash'] = "<a class='submitdelete' title='" . esc_attr( __( 'Move this item to the Trash' ) ) . "' href='" . get_delete_post_link( $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
  • trunk/wp-admin/includes/media.php

    r21353 r21504  
    11571157    if ( $delete && current_user_can( 'delete_post', $attachment_id ) ) {
    11581158        if ( !EMPTY_TRASH_DAYS ) {
    1159             $delete = "<a href='" . wp_nonce_url( "post.php?action=delete&amp;post=$attachment_id", 'delete-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Delete Permanently' ) . '</a>';
     1159            $delete = "<a href='" . wp_nonce_url( "post.php?action=delete&amp;post=$attachment_id", 'delete-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete-permanently'>" . __( 'Delete Permanently' ) . '</a>';
    11601160        } elseif ( !MEDIA_TRASH ) {
    11611161            $delete = "<a href='#' class='del-link' onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __( 'Delete' ) . "</a>
    11621162             <div id='del_attachment_$attachment_id' class='del-attachment' style='display:none;'><p>" . sprintf( __( 'You are about to delete <strong>%s</strong>.' ), $filename ) . "</p>
    1163              <a href='" . wp_nonce_url( "post.php?action=delete&amp;post=$attachment_id", 'delete-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a>
     1163             <a href='" . wp_nonce_url( "post.php?action=delete&amp;post=$attachment_id", 'delete-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a>
    11641164             <a href='#' class='button' onclick=\"this.parentNode.style.display='none';return false;\">" . __( 'Cancel' ) . "</a>
    11651165             </div>";
    11661166        } else {
    1167             $delete = "<a href='" . wp_nonce_url( "post.php?action=trash&amp;post=$attachment_id", 'trash-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Move to Trash' ) . "</a>
    1168             <a href='" . wp_nonce_url( "post.php?action=untrash&amp;post=$attachment_id", 'untrash-attachment_' . $attachment_id ) . "' id='undo[$attachment_id]' class='undo hidden'>" . __( 'Undo' ) . "</a>";
     1167            $delete = "<a href='" . wp_nonce_url( "post.php?action=trash&amp;post=$attachment_id", 'trash-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Move to Trash' ) . "</a>
     1168            <a href='" . wp_nonce_url( "post.php?action=untrash&amp;post=$attachment_id", 'untrash-post_' . $attachment_id ) . "' id='undo[$attachment_id]' class='undo hidden'>" . __( 'Undo' ) . "</a>";
    11691169        }
    11701170    } else {
  • trunk/wp-admin/post.php

    r20623 r21504  
    178178
    179179case 'editattachment':
    180     check_admin_referer('update-attachment_' . $post_id);
     180    check_admin_referer('update-post_' . $post_id);
    181181
    182182    // Don't let these be changed
     
    191191
    192192case 'editpost':
    193     check_admin_referer('update-' . $post_type . '_' . $post_id);
     193    check_admin_referer('update-post_' . $post_id);
    194194
    195195    $post_id = edit_post();
     
    201201
    202202case 'trash':
    203     check_admin_referer('trash-' . $post_type . '_' . $post_id);
     203    check_admin_referer('trash-post_' . $post_id);
    204204
    205205    $post = & get_post($post_id);
     
    216216
    217217case 'untrash':
    218     check_admin_referer('untrash-' . $post_type . '_' . $post_id);
     218    check_admin_referer('untrash-post_' . $post_id);
    219219
    220220    if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
     
    229229
    230230case 'delete':
    231     check_admin_referer('delete-' . $post_type . '_' . $post_id);
     231    check_admin_referer('delete-post_' . $post_id);
    232232
    233233    if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
  • trunk/wp-includes/link-template.php

    r21414 r21504  
    972972    $delete_link = add_query_arg( 'action', $action, admin_url( sprintf( $post_type_object->_edit_link, $post->ID ) ) );
    973973
    974     return apply_filters( 'get_delete_post_link', wp_nonce_url( $delete_link, "$action-{$post->post_type}_{$post->ID}" ), $post->ID, $force_delete );
     974    return apply_filters( 'get_delete_post_link', wp_nonce_url( $delete_link, "$action-post_{$post->ID}" ), $post->ID, $force_delete );
    975975}
    976976
Note: See TracChangeset for help on using the changeset viewer.