WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
05/02/2006 10:36:06 PM (20 years ago)
Author:
ryan
Message:

Nonce from above. #2678

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/plugins.php

    r3517 r3759  
    33
    44if ( isset($_GET['action']) ) {
    5     check_admin_referer();
    6 
    75    if ('activate' == $_GET['action']) {
     6        check_admin_referer('activate-plugin' . $_GET['plugin']);
    87        $current = get_settings('active_plugins');
    98        if (!in_array($_GET['plugin'], $current)) {
     
    1615        header('Location: plugins.php?activate=true');
    1716    } else if ('deactivate' == $_GET['action']) {
     17        check_admin_referer('deactivate-plugin' . $_GET['plugin']);
    1818        $current = get_settings('active_plugins');
    1919        array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
     
    9999
    100100        if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
    101             $action = "<a href='plugins.php?action=deactivate&amp;plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
     101            $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
    102102            $plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
    103103            $style .= $style == 'alternate' ? ' active' : 'active';
    104104        } else {
    105             $action = "<a href='plugins.php?action=activate&amp;plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
     105            $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
    106106        }
    107107        $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
Note: See TracChangeset for help on using the changeset viewer.