Changeset 8917

Timestamp:

09/17/2008 11:32:33 AM (17 years ago)

Author:

azaozz

Message:

Add nonces to quick edit, see #6815

Location:

trunk/wp-admin

Files:

• admin-ajax.php (modified) (1 diff)
• includes/template.php (modified) (3 diffs)
• js/inline-edit.js (modified) (3 diffs)
• wp-admin.css (modified) (5 diffs)

trunk/wp-admin/admin-ajax.php

@@ -729 +729 @@
 break;
 case 'inline-data':
-    get_inline_data( explode(',', $_POST['posts']) );
+    check_ajax_referer( 'inlineeditnonce', 'inline_edit_nonce' );
+
+    if ( isset($_POST['posts']) )
+        get_inline_data( explode(',', $_POST['posts']) );
+
     die();
 break;
 case 'inline-save':
+    check_ajax_referer( 'inlineeditnonce', 'inline_edit_nonce' );
+    
+    if ( ! isset($_POST['post_ID']) )
+        exit;
+    
     inline_save_row( $_POST );
+    
+    $post = array();
     if ( 'page' == $_POST['post_type'] ) {
-        $post = array();
         $post[] = get_post($_POST['post_ID']);
-        page_rows( $post );
+        page_rows($post);
     } elseif ( 'post' == $_POST['post_type'] ) {
         $mode = $_POST['post_view'];
-        $post = array();
         $post[] = get_post($_POST['post_ID']);
         post_rows($post);

trunk/wp-admin/includes/template.php

@@ -497 +497 @@
             ?>
                 <td <?php echo $attributes ?>>
+                    <?php wp_nonce_field( 'inlineeditnonce', 'inline_edit_nonce', false ) ?>
                     <div class="title">
                         <input type="text" name="post_title" class="title" value="" /><br />
@@ -520 +521 @@
                     <?php endif; ?>
                     <div class="clear"></div>
+                    <div class="save">
                     <?php
                     $actions = array();
@@ -532 +534 @@
                     }
                     ?>
+                    </div>
                 </td>
                 <?php

trunk/wp-admin/js/inline-edit.js

@@ -52 +52 @@
         return false;
     
-    jQuery.post('admin-ajax.php', 
-        { 
+    jQuery.post('admin-ajax.php', {
+            'inline_edit_nonce': jQuery('#inline_edit_nonce').val(),
             action: 'inline-data', 
             posts: id 
@@ -80 +80 @@
     // add the new blank row
     var editRow = blankRow.clone(true);
-    jQuery(editRow).attr('id', 'edit-'+id).addClass('inline').show();
+    jQuery(editRow).attr('id', 'edit-'+id).addClass('inline-editor').show();
     if(jQuery('#'+postType+'-'+id).hasClass('alternate'))
         jQuery(editRow).addClass('alternate');
@@ -140 +140 @@
       id = getRowId(id);
 
-    jQuery('#edit-'+id+' .check-column').html('<img src="images/loading.gif" alt="Saving..." />');
+    jQuery('#edit-'+id+' .check-column').html('<img src="images/loading.gif" alt="" />');
 
     var params = {
-        action:    'inline-save',
+        'inline_edit_nonce': jQuery('#inline_edit_nonce').val(),
+        action: 'inline-save',
         post_type: postType,
-        post_ID:   id,
+        post_ID: id,
         edit_date: 'true',
         post_view: postView

trunk/wp-admin/wp-admin.css

@@ -2156 +2156 @@
 
 /* Inline Editor */
-
-.inline {
-    font-size: 10px;
-}
-
-.inline td {
+.inline-editor {
+    font-size: 11px;
+}
+
+.inline-editor .save {
+    padding-top: 5px;
+}
+
+.inline-editor td {
     padding-right: 4px;
     padding-left: 7px;
 }
 
-.inline input, .inline select, .inline textarea {
+.inline-editor input, .inline-editor select, .inline-editor textarea {
     font-size: 10px !important;
     padding: 2px;
@@ -2172 +2175 @@
 }
 
-.inline td.date {
+.inline-editor td.date {
     width: 87px;
 }
 
-.inline td.page-title {
+.inline-editor td.page-title {
     width: 495px;
 }
 
-.inline td.post-title input.title {
+.inline-editor td.post-title input.title {
     width: 250px;
 }
 
-.inline td.post-title input.slug {
+.inline-editor td.post-title input.slug {
     width: 222px;
     float: right;
 }
 
-.inline div.title {
-    float: left;
-}
-
-.inline div.title input.title {
+.inline-editor div.title {
+    float: left;
+}
+
+.inline-editor div.title input.title {
     font-size: 12px !important;
 }
 
-.inline div.title label {
+.inline-editor div.title label {
     float: left;
     margin-top: 4px;
 }
 
-.inline td.page-title input.slug {
+.inline-editor td.page-title input.slug {
     width: 123px;
     float: right;
 }
 
-.inline div.other, .inline div.more {
+.inline-editor div.other, .inline-editor div.more {
     width: 190px;
     float: left;
@@ -2213 +2216 @@
 }
 
-.inline div.other label, .inline div.more label {
+.inline-editor div.other label, .inline-editor div.more label {
     display: block; float: left;
     width: 54px;
@@ -2219 +2222 @@
 }
 
-.inline div.other select {
+.inline-editor div.other select {
     width: 133px;
 }
 
-.inline div.more {
+.inline-editor div.more {
     width: 125px;
 }
 
-.inline div.more input {
+.inline-editor div.more input {
     width: 60px;
 }
 
-.inline td.author select {
+.inline-editor td.author select {
     width: 110px;
 }
 
-.inline ul.categories {
+.inline-editor ul.categories {
     list-style: none;
     padding: 0; margin: 0;
@@ -2243 +2246 @@
 }
 
-.inline ul.categories ul.children {
+.inline-editor ul.categories ul.children {
     list-style: none;
     padding-left: 15px;
 }
 
-.inline ul.categories li {
+.inline-editor ul.categories li {
     margin-bottom: 2px;
 }
 
-.inline ul.categories input {
+.inline-editor ul.categories input {
     vertical-align: middle;
     padding: 0; border: 0;
 }
 
-.inline td.tags textarea {
+.inline-editor td.tags textarea {
     height: 58px; width: 100%;
 }
 
-.inline td.comments {
+.inline-editor td.comments {
     padding-left: 0;
 }
 
-.inline td.status select {
+.inline-editor td.status select {
     width: 98px;
 }
 
-.inline td.status input {
+.inline-editor td.status input {
     vertical-align: middle;
 }