WordPress.org

Make WordPress Core

Changeset 9231


Ignore:
Timestamp:
10/17/2008 07:55:51 PM (10 years ago)
Author:
ryan
Message:

Fix nonce collision and delete all spam

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-comments.php

    r9217 r9231  
    1616
    1717if ( ( isset( $_POST['delete_all_spam'] ) || isset( $_POST['delete_all_spam2'] ) ) && !empty( $_POST['pagegen_timestamp'] ) ) {
    18     check_admin_referer('bulk-spam-delete');
    19 
    20     $delete_time = $wpdb->escape( $_POST['display_time'] );
     18    check_admin_referer('bulk-spam-delete', '_spam_nonce');
     19
     20    $delete_time = $wpdb->escape( $_POST['pagegen_timestamp'] );
    2121    $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
    2222
    23     wp_redirect('edit-comments.php?deleted=' . (int) $deleted_spam);
    24 }
    25 
    26 if ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) {
     23    wp_redirect('edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam);
     24} elseif ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) {
    2725    check_admin_referer('bulk-comments');
    2826    $doaction = ( -1 != $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2'];
     
    241239
    242240if ( 'spam' == $comment_status ) {
    243     wp_nonce_field('bulk-spam-delete'); ?>
     241    wp_nonce_field('bulk-spam-delete', '_spam_nonce'); ?>
    244242<input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
    245243<?php } ?>
Note: See TracChangeset for help on using the changeset viewer.