Ref checks from mdawaffe.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3665 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/categories.php

@@ -24,6 +24,8 @@ switch($action) {
 
 case 'addcat':
 
+	check_admin_referer();
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin’ uh?'));
 
@@ -93,6 +95,8 @@ case 'edit':
 break;
 
 case 'editedcat':
+	check_admin_referer();
+
 	if ( !current_user_can('manage_categories') )
 		die (__('Cheatin’ uh?'));
 

wp-admin/comment.php

@@ -164,6 +164,8 @@ case 'mailapprovecomment':
 
 case 'approvecomment':
 
+	check_admin_referer();
+
 	$comment = (int) $_GET['comment'];
 	$p = (int) $_GET['p'];
 	if (isset($_GET['noredir'])) {
@@ -194,6 +196,8 @@ case 'approvecomment':
 
 case 'editedcomment':
 
+	check_admin_referer();
+
 	edit_comment();
 
 	$referredby = $_POST['referredby'];
@@ -208,4 +212,4 @@ default:
 	break;
 } // end switch
 include('admin-footer.php');
-?>
+?>

wp-admin/edit-comments.php

@@ -51,6 +51,8 @@ function getNumChecked(form)
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer();
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;

wp-admin/inline-uploading.php

@@ -2,6 +2,8 @@
 
 require_once('admin.php');
 
+check_admin_referer();
+
 header('Content-Type: text/html; charset=' . get_option('blog_charset'));
 
 if (!current_user_can('upload_files'))

wp-admin/link-import.php

@@ -63,6 +63,8 @@ foreach ($categories as $category) {
             } // end case 0
 
     case 1: {
+		check_admin_referer();
+
                 include_once('admin-header.php');
                 if ( !current_user_can('manage_links') )
                     die (__("Cheatin' uh ?"));

wp-admin/moderation.php

@@ -32,6 +32,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( ! current_user_can('moderate_comments') )
 	die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
 

wp-admin/options-permalink.php

@@ -58,6 +58,8 @@ include('admin-header.php');
 $home_path = get_home_path();
 
 if ( isset($_POST) ) {
+	check_admin_referer();
+
 	if ( isset($_POST['permalink_structure']) ) {
 		$permalink_structure = $_POST['permalink_structure'];
 		if (! empty($permalink_structure) )

wp-admin/plugin-editor.php

@@ -34,6 +34,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( !current_user_can('edit_plugins') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 

wp-admin/templates.php

@@ -36,8 +36,10 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( ! current_user_can('edit_files') )
-	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
+		die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
 	$newcontent = stripslashes($_POST['newcontent']);
 	if (is_writeable($real_file)) {

wp-admin/theme-editor.php

@@ -47,6 +47,8 @@ switch($action) {
 
 case 'update':
 
+	check_admin_referer();
+
 	if ( !current_user_can('edit_themes') )
 	die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 

wp-includes/classes.php

@@ -40,7 +40,7 @@ class retrospam_mgr {
 					if ( empty( $word ) )
 						continue;
 					$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
-					if( strpos( $fulltext, strtolower($word) ) != FALSE ) {
+					if( false !== strpos( $fulltext, strtolower($word) ) ) {
 						$this->found_comments[] = $comment->ID;
 						break;
 					}