Changeset 9231

Timestamp:

10/17/2008 07:55:51 PM (18 years ago)

Author:

ryan

Message:

Fix nonce collision and delete all spam

File:

• trunk/wp-admin/edit-comments.php (modified) (2 diffs)

trunk/wp-admin/edit-comments.php

@@ -16 +16 @@
 
 if ( ( isset( $_POST['delete_all_spam'] ) || isset( $_POST['delete_all_spam2'] ) ) && !empty( $_POST['pagegen_timestamp'] ) ) {
-    check_admin_referer('bulk-spam-delete');
-
-    $delete_time = $wpdb->escape( $_POST['display_time'] );
+    check_admin_referer('bulk-spam-delete', '_spam_nonce');
+
+    $delete_time = $wpdb->escape( $_POST['pagegen_timestamp'] );
     $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
 
-    wp_redirect('edit-comments.php?deleted=' . (int) $deleted_spam);
-}
-
-if ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) {
+    wp_redirect('edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam);
+} elseif ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) {
     check_admin_referer('bulk-comments');
     $doaction = ( -1 != $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2'];
@@ -241 +239 @@
 
 if ( 'spam' == $comment_status ) {
-    wp_nonce_field('bulk-spam-delete'); ?>
+    wp_nonce_field('bulk-spam-delete', '_spam_nonce'); ?>
 <input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
 <?php } ?>