Make WordPress Core

Changeset 3774


Ignore:
Timestamp:
05/17/2006 12:28:26 AM (19 years ago)
Author:
ryan
Message:

Fallback to admin referer check instead of nonce if no action is given to check_admin_referer(). For plugin compatibility.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable-functions.php

    r3761 r3774  
    233233    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
    234234    $referer = strtolower($_SERVER['HTTP_REFERER']);
    235     if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) {
     235    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
     236        !(-1 == $action && strstr($referer, $adminurl)) ) {
     237       
    236238        $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
    237239        $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
Note: See TracChangeset for help on using the changeset viewer.