Add some nonce checks to the uploaders. Props duck_. For the 3.0 branch.
git-svn-id: http://svn.automattic.com/wordpress/branches/3.0@17602 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3c25793f2f
commit
00ff325f29
|
@ -493,6 +493,7 @@ function media_upload_image() {
|
|||
$id = 0;
|
||||
|
||||
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
|
||||
check_admin_referer('media-form');
|
||||
// Upload File button was clicked
|
||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||
unset($_FILES);
|
||||
|
@ -598,6 +599,7 @@ function media_upload_audio() {
|
|||
$id = 0;
|
||||
|
||||
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
|
||||
check_admin_referer('media-form');
|
||||
// Upload File button was clicked
|
||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||
unset($_FILES);
|
||||
|
@ -656,6 +658,7 @@ function media_upload_video() {
|
|||
$id = 0;
|
||||
|
||||
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
|
||||
check_admin_referer('media-form');
|
||||
// Upload File button was clicked
|
||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||
unset($_FILES);
|
||||
|
@ -714,6 +717,7 @@ function media_upload_file() {
|
|||
$id = 0;
|
||||
|
||||
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
|
||||
check_admin_referer('media-form');
|
||||
// Upload File button was clicked
|
||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||
unset($_FILES);
|
||||
|
|
|
@ -35,6 +35,7 @@ if ( isset($_GET['inline']) ) {
|
|||
$errors = array();
|
||||
|
||||
if ( isset($_POST['html-upload']) && !empty($_FILES) ) {
|
||||
check_admin_referer('media-form');
|
||||
// Upload File button was clicked
|
||||
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
|
||||
unset($_FILES);
|
||||
|
|
Loading…
Reference in New Issue