Changeset 3804
- Timestamp:
- 05/26/2006 11:08:05 PM (20 years ago)
- Location:
- trunk/wp-admin
- Files:
-
- 21 edited
-
admin-functions.php (modified) (2 diffs)
-
categories.php (modified) (2 diffs)
-
comment.php (modified) (4 diffs)
-
edit-category-form.php (modified) (1 diff)
-
edit-comments.php (modified) (1 diff)
-
edit-form-advanced.php (modified) (2 diffs)
-
edit-link-form.php (modified) (1 diff)
-
edit-page-form.php (modified) (1 diff)
-
edit.php (modified) (2 diffs)
-
link-manager.php (modified) (1 diff)
-
link.php (modified) (2 diffs)
-
page.php (modified) (3 diffs)
-
plugin-editor.php (modified) (2 diffs)
-
plugins.php (modified) (3 diffs)
-
post.php (modified) (3 diffs)
-
profile-update.php (modified) (1 diff)
-
profile.php (modified) (1 diff)
-
templates.php (modified) (2 diffs)
-
theme-editor.php (modified) (2 diffs)
-
themes.php (modified) (2 diffs)
-
user-edit.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-functions.php
r3788 r3804 657 657 658 658 if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) ) 659 $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category ' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";659 $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>"; 660 660 else 661 661 $edit .= "<td style='text-align:center'>".__("Default"); … … 710 710 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 711 711 <td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='page.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 712 <td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page ' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>712 <td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 713 713 </tr> 714 714 -
trunk/wp-admin/categories.php
r3788 r3804 37 37 case 'delete': 38 38 $cat_ID = (int) $_GET['cat_ID']; 39 check_admin_referer('delete-category ' . $cat_ID);39 check_admin_referer('delete-category_' . $cat_ID); 40 40 41 41 if ( !current_user_can('manage_categories') ) … … 68 68 case 'editedcat': 69 69 $cat_ID = (int) $_POST['cat_ID']; 70 check_admin_referer('update-category ' . $cat_ID);70 check_admin_referer('update-category_' . $cat_ID); 71 71 72 72 if ( !current_user_can('manage_categories') ) -
trunk/wp-admin/comment.php
r3783 r3804 52 52 $p = (int) $_GET['p']; 53 53 $formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment'; 54 $nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment ' : 'approve-comment';54 $nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment_' : 'approve-comment_'; 55 55 $nonce_action .= $comment; 56 56 … … 94 94 case 'deletecomment': 95 95 $comment = (int) $_REQUEST['comment']; 96 check_admin_referer('delete-comment ' . $comment);96 check_admin_referer('delete-comment_' . $comment); 97 97 98 98 $p = (int) $_REQUEST['p']; … … 127 127 case 'unapprovecomment': 128 128 $comment = (int) $_GET['comment']; 129 check_admin_referer('unapprove-comment ' . $comment);129 check_admin_referer('unapprove-comment_' . $comment); 130 130 131 131 $p = (int) $_GET['p']; … … 154 154 case 'approvecomment': 155 155 $comment = (int) $_GET['comment']; 156 check_admin_referer('approve-comment ' . $comment);156 check_admin_referer('approve-comment_' . $comment); 157 157 158 158 $p = (int) $_GET['p']; -
trunk/wp-admin/edit-category-form.php
r3777 r3804 5 5 $form = '<form name="editcat" id="editcat" method="post" action="categories.php">'; 6 6 $action = 'editedcat'; 7 $nonce_action = 'update-category ' . $cat_ID;7 $nonce_action = 'update-category_' . $cat_ID; 8 8 } else { 9 9 $heading = __('Add Category'); -
trunk/wp-admin/edit-comments.php
r3788 r3804 120 120 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 121 121 echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>'; 122 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment ' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';122 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> '; 123 123 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 124 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment ' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';125 echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment ' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';124 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>'; 125 echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>'; 126 126 } 127 echo " | <a href=\" comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";127 echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=" . $comment->comment_post_ID . "&comment=" . $comment->comment_ID", 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> "; 128 128 } 129 129 $post = get_post($comment->comment_post_ID); -
trunk/wp-admin/edit-form-advanced.php
r3778 r3804 27 27 $form_action = 'editpost'; 28 28 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 29 wp_nonce_field('update-post ' . $post_ID);29 wp_nonce_field('update-post_' . $post_ID); 30 30 } 31 31 … … 221 221 </div> 222 222 223 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post ' . $post_ID ); ?>223 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?> 224 224 <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> /> 225 225 <?php endif; ?> -
trunk/wp-admin/edit-link-form.php
r3759 r3804 4 4 $submit_text = __('Save Changes »'); 5 5 $form = '<form name="editlink" id="editlink" method="post" action="link.php">'; 6 $nonce_action = 'update-bookmark ' . $link_id;6 $nonce_action = 'update-bookmark_' . $link_id; 7 7 } else { 8 8 $heading = __('Create Bookmark'); -
trunk/wp-admin/edit-page-form.php
r3775 r3804 11 11 } else { 12 12 $form_action = 'editpost'; 13 $nonce_action = 'update-page ' . $post_ID;13 $nonce_action = 'update-page_' . $post_ID; 14 14 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 15 15 } -
trunk/wp-admin/edit.php
r3788 r3804 212 212 case 'control_delete': 213 213 ?> 214 <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post ' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>214 <td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 215 215 <?php 216 216 break; … … 274 274 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 275 275 echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>'; 276 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment ' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';276 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> '; 277 277 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 278 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment ' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';279 echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment ' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';278 echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>'; 279 echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>'; 280 280 } 281 echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment ' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";281 echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]"; 282 282 } // end if any comments to show 283 283 ?> -
trunk/wp-admin/link-manager.php
r3788 r3804 177 177 178 178 echo '<td><a href="link.php?link_id='.$link->link_id.'&action=edit" class="edit">'.__('Edit').'</a></td>'; 179 echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark ' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';179 echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>'; 180 180 echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>'; 181 181 echo "\n </tr>\n"; -
trunk/wp-admin/link.php
r3788 r3804 82 82 case 'save' : 83 83 $link_id = (int) $_POST['link_id']; 84 check_admin_referer('update-bookmark ' . $link_id);84 check_admin_referer('update-bookmark_' . $link_id); 85 85 86 86 edit_link($link_id); … … 92 92 case 'delete' : 93 93 $link_id = (int) $_GET['link_id']; 94 check_admin_referer('delete-bookmark ' . $link_id);94 check_admin_referer('delete-bookmark_' . $link_id); 95 95 96 96 if (!current_user_can('manage_links')) -
trunk/wp-admin/page.php
r3783 r3804 77 77 case 'editattachment': 78 78 $page_id = $post_ID = (int) $_POST['post_ID']; 79 check_admin_referer('update-attachment ' . $page_id);79 check_admin_referer('update-attachment_' . $page_id); 80 80 81 81 // Don't let these be changed … … 94 94 case 'editpost': 95 95 $page_ID = (int) $_POST['post_ID']; 96 check_admin_referer('update-page ' . $page_ID);96 check_admin_referer('update-page_' . $page_ID); 97 97 98 98 $page_ID = edit_post(); … … 120 120 case 'delete': 121 121 $page_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); 122 check_admin_referer('delete-page ' . $page_id);122 check_admin_referer('delete-page_' . $page_id); 123 123 124 124 $page = & get_post($page_id); -
trunk/wp-admin/plugin-editor.php
r3759 r3804 35 35 case 'update': 36 36 37 check_admin_referer('edit-plugin ' . $file);37 check_admin_referer('edit-plugin_' . $file); 38 38 39 39 if ( !current_user_can('edit_plugins') ) … … 98 98 <?php if (!$error) { ?> 99 99 <form name="template" id="template" action="plugin-editor.php" method="post"> 100 <?php wp_nonce_field('edit-plugin ' . $file) ?>100 <?php wp_nonce_field('edit-plugin_' . $file) ?> 101 101 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 102 102 <input type="hidden" name="action" value="update" /> -
trunk/wp-admin/plugins.php
r3770 r3804 4 4 if ( isset($_GET['action']) ) { 5 5 if ('activate' == $_GET['action']) { 6 check_admin_referer('activate-plugin ' . $_GET['plugin']);6 check_admin_referer('activate-plugin_' . $_GET['plugin']); 7 7 $current = get_settings('active_plugins'); 8 8 if (!in_array($_GET['plugin'], $current)) { … … 15 15 header('Location: plugins.php?activate=true'); 16 16 } else if ('deactivate' == $_GET['action']) { 17 check_admin_referer('deactivate-plugin ' . $_GET['plugin']);17 check_admin_referer('deactivate-plugin_' . $_GET['plugin']); 18 18 $current = get_settings('active_plugins'); 19 19 array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! … … 101 101 102 102 if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { 103 $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin ' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";103 $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>"; 104 104 $plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>"; 105 105 $style .= $style == 'alternate' ? ' active' : 'active'; 106 106 } else { 107 $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin ' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";107 $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; 108 108 } 109 109 $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; -
trunk/wp-admin/post.php
r3783 r3804 83 83 $post_id = (int) $_POST['post_ID']; 84 84 85 check_admin_referer('update-attachment ' . $post_id);85 check_admin_referer('update-attachment_' . $post_id); 86 86 87 87 // Don't let these be changed … … 100 100 case 'editpost': 101 101 $post_ID = (int) $_POST['post_ID']; 102 check_admin_referer('update-post ' . $post_ID);102 check_admin_referer('update-post_' . $post_ID); 103 103 104 104 $post_ID = edit_post(); … … 126 126 case 'delete': 127 127 $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); 128 check_admin_referer('delete-post ' . $post_id);128 check_admin_referer('delete-post_' . $post_id); 129 129 130 130 $post = & get_post($post_id); -
trunk/wp-admin/profile-update.php
r3783 r3804 5 5 require_once('admin.php'); 6 6 7 check_admin_referer('update-profile ' . $user_ID);7 check_admin_referer('update-profile_' . $user_ID); 8 8 9 9 if ( !$_POST ) -
trunk/wp-admin/profile.php
r3759 r3804 20 20 <h2><?php _e('Your Profile and Personal Options'); ?></h2> 21 21 <form name="profile" id="your-profile" action="profile-update.php" method="post"> 22 <?php wp_nonce_field('update-profile ' . $user_ID) ?>22 <?php wp_nonce_field('update-profile_' . $user_ID) ?> 23 23 <p> 24 24 <input type="hidden" name="from" value="profile" /> -
trunk/wp-admin/templates.php
r3759 r3804 37 37 case 'update': 38 38 39 check_admin_referer('edit-file ' . $file);39 check_admin_referer('edit-file_' . $file); 40 40 41 41 if ( ! current_user_can('edit_files') ) … … 129 129 <?php if (!$error) { ?> 130 130 <form name="template" id="template" action="templates.php" method="post"> 131 <?php wp_nonce_field('edit-file ' . $file) ?>131 <?php wp_nonce_field('edit-file_' . $file) ?> 132 132 <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 133 133 <input type="hidden" name="action" value="update" /> -
trunk/wp-admin/theme-editor.php
r3759 r3804 48 48 case 'update': 49 49 50 check_admin_referer('edit-theme ' . $file . $theme);50 check_admin_referer('edit-theme_' . $file . $theme); 51 51 52 52 if ( !current_user_can('edit_themes') ) … … 132 132 ?> 133 133 <form name="template" id="template" action="theme-editor.php" method="post"> 134 <?php wp_nonce_field('edit-theme ' . $file . $theme) ?>134 <?php wp_nonce_field('edit-theme_' . $file . $theme) ?> 135 135 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 136 136 <input type="hidden" name="action" value="update" /> -
trunk/wp-admin/themes.php
r3759 r3804 3 3 4 4 if ( isset($_GET['action']) ) { 5 check_admin_referer('switch-theme ' . $_GET['template']);5 check_admin_referer('switch-theme_' . $_GET['template']); 6 6 7 7 if ('activate' == $_GET['action']) { … … 70 70 $screenshot = $themes[$theme_name]['Screenshot']; 71 71 $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir']; 72 $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme ' . $template);72 $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template); 73 73 ?> 74 74 <div class="available-theme"> -
trunk/wp-admin/user-edit.php
r3760 r3804 33 33 case 'update': 34 34 35 check_admin_referer('update-user ' . $user_id);35 check_admin_referer('update-user_' . $user_id); 36 36 37 37 if (!current_user_can('edit_users')) … … 75 75 76 76 <form name="profile" id="your-profile" action="user-edit.php" method="post"> 77 <?php wp_nonce_field('update-user ' . $user_ID) ?>77 <?php wp_nonce_field('update-user_' . $user_ID) ?> 78 78 <p> 79 79 <input type="hidden" name="from" value="profile" />
Note: See TracChangeset
for help on using the changeset viewer.