Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add some nonce checks to the uploaders. Props duck_. For the 3.0 branch. 

git-svn-id: http://svn.automattic.com/wordpress/branches/3.0@17602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2011-04-05 16:23:46 +00:00
parent 3c25793f2f
commit 00ff325f29
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/includes/media.php
View File

@ -493,6 +493,7 @@ function media_upload_image() {
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
@ -598,6 +599,7 @@ function media_upload_audio() {
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
@ -656,6 +658,7 @@ function media_upload_video() {
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
@ -714,6 +717,7 @@ function media_upload_file() {
$id = 0;
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);

1
wp-admin/media-upload.php
View File

@ -35,6 +35,7 @@ if ( isset($_GET['inline']) ) {
$errors = array();
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);