Changeset 3764

Timestamp:

05/05/2006 09:09:13 AM (19 years ago)

Author:

ryan

Message:

nonce approve/delete comment confirmations. #2678

File:

• trunk/wp-admin/comment.php (modified) (2 diffs)

trunk/wp-admin/comment.php

@@ -52 +52 @@
     $p = (int) $_GET['p'];
     $formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
+    $nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment' : 'approve-comment';
+    $nonce_action .= $comment;
 
     if ( ! $comment = get_comment($comment) )
@@ -75 +77 @@
 
     echo "<form action='".get_settings('siteurl')."/wp-admin/comment.php' method='get'>\n";
+    wp_nonce_field($nonce_action);
     echo "<input type='hidden' name='action' value='$formaction' />\n";
     if ( 'spam' == $_GET['delete_type'] )