Changeset 5404 for trunk/wp-admin/import/textpattern.php
- Timestamp:
- 05/07/2007 03:56:53 PM (19 years ago)
- File:
-
- 1 edited
-
trunk/wp-admin/import/textpattern.php (modified) (11 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/import/textpattern.php
r4608 r5404 57 57 echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>'; 58 58 echo '<form action="admin.php?import=textpattern&step=1" method="post">'; 59 wp_nonce_field('import-textpattern'); 59 60 $this->db_form(); 60 echo '<p class="submit"><input type="submit" name="submit" value="'. __('Import Categories').' »" /></p>';61 echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>'; 61 62 echo '</form>'; 62 63 echo '</div>'; … … 484 485 485 486 echo '<form action="admin.php?import=textpattern&step=2" method="post">'; 486 printf('<input type="submit" name="submit" value="%s" />', __('Import Users')); 487 wp_nonce_field('import-textpattern'); 488 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users'))); 487 489 echo '</form>'; 488 490 … … 496 498 497 499 echo '<form action="admin.php?import=textpattern&step=3" method="post">'; 498 printf('<input type="submit" name="submit" value="%s" />', __('Import Posts')); 500 wp_nonce_field('import-textpattern'); 501 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts'))); 499 502 echo '</form>'; 500 503 } … … 507 510 508 511 echo '<form action="admin.php?import=textpattern&step=4" method="post">'; 509 printf('<input type="submit" name="submit" value="%s" />', __('Import Comments')); 512 wp_nonce_field('import-textpattern'); 513 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments'))); 510 514 echo '</form>'; 511 515 } … … 518 522 519 523 echo '<form action="admin.php?import=textpattern&step=5" method="post">'; 520 printf('<input type="submit" name="submit" value="%s" />', __('Import Links')); 524 wp_nonce_field('import-textpattern'); 525 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links'))); 521 526 echo '</form>'; 522 527 } … … 530 535 531 536 echo '<form action="admin.php?import=textpattern&step=6" method="post">'; 532 printf('<input type="submit" name="submit" value="%s" />', __('Finish')); 537 wp_nonce_field('import-textpattern'); 538 printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish'))); 533 539 echo '</form>'; 534 540 } … … 591 597 if ( $step > 0 ) 592 598 { 599 check_admin_referer('import-textpattern'); 600 593 601 if($_POST['dbuser']) 594 602 { 595 603 if(get_option('txpuser')) 596 604 delete_option('txpuser'); 597 add_option('txpuser', $_POST['dbuser']);605 add_option('txpuser', sanitize_user($_POST['dbuser'], true)); 598 606 } 599 607 if($_POST['dbpass']) … … 601 609 if(get_option('txppass')) 602 610 delete_option('txppass'); 603 add_option('txppass', $_POST['dbpass']);611 add_option('txppass', sanitize_user($_POST['dbpass'], true)); 604 612 } 605 613 … … 608 616 if(get_option('txpname')) 609 617 delete_option('txpname'); 610 add_option('txpname', $_POST['dbname']);618 add_option('txpname', sanitize_user($_POST['dbname'], true)); 611 619 } 612 620 if($_POST['dbhost']) … … 614 622 if(get_option('txphost')) 615 623 delete_option('txphost'); 616 add_option('txphost', $_POST['dbhost']);624 add_option('txphost', sanitize_user($_POST['dbhost'], true)); 617 625 } 618 626 if($_POST['dbprefix']) … … 620 628 if(get_option('tpre')) 621 629 delete_option('tpre'); 622 add_option('tpre', $_POST['dbprefix']);630 add_option('tpre', sanitize_user($_POST['dbprefix'])); 623 631 } 624 632
Note: See TracChangeset
for help on using the changeset viewer.