WordPress.org

Make WordPress Core

Changeset 9231


Ignore:
Timestamp:
10/17/08 19:55:51 (6 years ago)
Author:
ryan
Message:

Fix nonce collision and delete all spam

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-comments.php

    r9217 r9231  
    1616 
    1717if ( ( isset( $_POST['delete_all_spam'] ) || isset( $_POST['delete_all_spam2'] ) ) && !empty( $_POST['pagegen_timestamp'] ) ) { 
    18     check_admin_referer('bulk-spam-delete'); 
    19  
    20     $delete_time = $wpdb->escape( $_POST['display_time'] ); 
     18    check_admin_referer('bulk-spam-delete', '_spam_nonce'); 
     19 
     20    $delete_time = $wpdb->escape( $_POST['pagegen_timestamp'] ); 
    2121    $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); 
    2222 
    23     wp_redirect('edit-comments.php?deleted=' . (int) $deleted_spam); 
    24 } 
    25  
    26 if ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) { 
     23    wp_redirect('edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam); 
     24} elseif ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) { 
    2725    check_admin_referer('bulk-comments'); 
    2826    $doaction = ( -1 != $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2']; 
     
    241239 
    242240if ( 'spam' == $comment_status ) { 
    243     wp_nonce_field('bulk-spam-delete'); ?> 
     241    wp_nonce_field('bulk-spam-delete', '_spam_nonce'); ?> 
    244242<input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" /> 
    245243<?php } ?> 
Note: See TracChangeset for help on using the changeset viewer.