Update nonce action strings. Props mdawaffe.

git-svn-id: http://svn.automattic.com/wordpress/trunk@3804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-26 23:08:05 +00:00
parent 1dff136d6f
commit 96c3f739a8
21 changed files with 48 additions and 48 deletions

View File

@ -656,7 +656,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
$default_link_cat_id = get_option('default_link_category');
if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) )
$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.\\nAll of its posts will go into the default category of &quot;%s&quot;\\nAll of its bookmarks will go into the default category of &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";
$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;.\\nAll of its posts will go into the default category of &quot;%s&quot;\\nAll of its bookmarks will go into the default category of &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";
else
$edit .= "<td style='text-align:center'>".__("Default");
}
@ -709,7 +709,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0, $hierarchy = true) {
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='page.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&amp;post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&amp;post=$id", 'delete-page_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php

View File

@ -36,7 +36,7 @@ break;
case 'delete':
$cat_ID = (int) $_GET['cat_ID'];
check_admin_referer('delete-category' . $cat_ID);
check_admin_referer('delete-category_' . $cat_ID);
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));
@ -67,7 +67,7 @@ break;
case 'editedcat':
$cat_ID = (int) $_POST['cat_ID'];
check_admin_referer('update-category' . $cat_ID);
check_admin_referer('update-category_' . $cat_ID);
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));

View File

@ -51,7 +51,7 @@ case 'mailapprovecomment':
$comment = (int) $_GET['comment'];
$p = (int) $_GET['p'];
$formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment' : 'approve-comment';
$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment_' : 'approve-comment_';
$nonce_action .= $comment;
if ( ! $comment = get_comment($comment) )
@ -93,7 +93,7 @@ case 'mailapprovecomment':
case 'deletecomment':
$comment = (int) $_REQUEST['comment'];
check_admin_referer('delete-comment' . $comment);
check_admin_referer('delete-comment_' . $comment);
$p = (int) $_REQUEST['p'];
if ( isset($_REQUEST['noredir']) ) {
@ -126,7 +126,7 @@ case 'deletecomment':
case 'unapprovecomment':
$comment = (int) $_GET['comment'];
check_admin_referer('unapprove-comment' . $comment);
check_admin_referer('unapprove-comment_' . $comment);
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {
@ -153,7 +153,7 @@ case 'unapprovecomment':
case 'approvecomment':
$comment = (int) $_GET['comment'];
check_admin_referer('approve-comment' . $comment);
check_admin_referer('approve-comment_' . $comment);
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {

View File

@ -4,7 +4,7 @@ if ( ! empty($cat_ID) ) {
$submit_text = __('Edit Category &raquo;');
$form = '<form name="editcat" id="editcat" method="post" action="categories.php">';
$action = 'editedcat';
$nonce_action = 'update-category' . $cat_ID;
$nonce_action = 'update-category_' . $cat_ID;
} else {
$heading = __('Add Category');
$submit_text = __('Add Category &raquo;');
@ -45,4 +45,4 @@ if ( ! empty($cat_ID) ) {
<p class="submit"><input type="submit" name="submit" value="<?php echo $submit_text ?>" /></p>
<div id="ajax-response"></div>
</form>
</div>
</div>

View File

@ -119,12 +119,12 @@ if ('view' == $mode) {
<?php
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo " <a href='comment.php?action=editcomment&amp;comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>';
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
}
echo " | <a href=\"comment.php?action=deletecomment&amp;delete_type=spam&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;delete_type=spam&amp;p=" . $comment->comment_post_ID . "&amp;comment=" . $comment->comment_ID", 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";
}
$post = get_post($comment->comment_post_ID);
$post_title = wp_specialchars( $post->post_title, 'double' );

View File

@ -26,7 +26,7 @@ if (0 == $post_ID) {
} else {
$form_action = 'editpost';
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
wp_nonce_field('update-post' . $post_ID);
wp_nonce_field('update-post_' . $post_ID);
}
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@ -220,7 +220,7 @@ list_meta($metadata);
</div>
<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post' . $post_ID ); ?>
<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
<?php endif; ?>

View File

@ -3,7 +3,7 @@ if ( ! empty($link_id) ) {
$heading = __('Edit Bookmark');
$submit_text = __('Save Changes &raquo;');
$form = '<form name="editlink" id="editlink" method="post" action="link.php">';
$nonce_action = 'update-bookmark' . $link_id;
$nonce_action = 'update-bookmark_' . $link_id;
} else {
$heading = __('Create Bookmark');
$submit_text = __('Add Bookmark &raquo;');

View File

@ -10,7 +10,7 @@ if (0 == $post_ID) {
$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
} else {
$form_action = 'editpost';
$nonce_action = 'update-page' . $post_ID;
$nonce_action = 'update-page_' . $post_ID;
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
}

View File

@ -211,7 +211,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
case 'control_delete':
?>
<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<?php
break;
@ -273,12 +273,12 @@ foreach ($comments as $comment) {
<?php
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo " <a href='comment.php?action=editcomment&amp;comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>';
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
}
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;delete_type=spam&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&amp;delete_type=spam&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";
} // end if any comments to show
?>
</p>

View File

@ -176,7 +176,7 @@ if ($links)
<?php
echo '<td><a href="link.php?link_id='.$link->link_id.'&amp;action=edit" class="edit">'.__('Edit').'</a></td>';
echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>';
echo "\n </tr>\n";
}

View File

@ -81,7 +81,7 @@ switch ($action) {
case 'save' :
$link_id = (int) $_POST['link_id'];
check_admin_referer('update-bookmark' . $link_id);
check_admin_referer('update-bookmark_' . $link_id);
edit_link($link_id);
@ -91,7 +91,7 @@ switch ($action) {
case 'delete' :
$link_id = (int) $_GET['link_id'];
check_admin_referer('delete-bookmark' . $link_id);
check_admin_referer('delete-bookmark_' . $link_id);
if (!current_user_can('manage_links'))
die(__("Cheatin' uh ?"));

View File

@ -76,7 +76,7 @@ case 'edit':
case 'editattachment':
$page_id = $post_ID = (int) $_POST['post_ID'];
check_admin_referer('update-attachment' . $page_id);
check_admin_referer('update-attachment_' . $page_id);
// Don't let these be changed
unset($_POST['guid']);
@ -93,7 +93,7 @@ case 'editattachment':
case 'editpost':
$page_ID = (int) $_POST['post_ID'];
check_admin_referer('update-page' . $page_ID);
check_admin_referer('update-page_' . $page_ID);
$page_ID = edit_post();
@ -119,7 +119,7 @@ case 'editpost':
case 'delete':
$page_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
check_admin_referer('delete-page' . $page_id);
check_admin_referer('delete-page_' . $page_id);
$page = & get_post($page_id);

View File

@ -34,7 +34,7 @@ switch($action) {
case 'update':
check_admin_referer('edit-plugin' . $file);
check_admin_referer('edit-plugin_' . $file);
if ( !current_user_can('edit_plugins') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
@ -97,7 +97,7 @@ if ($plugin_files) :
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="plugin-editor.php" method="post">
<?php wp_nonce_field('edit-plugin' . $file) ?>
<?php wp_nonce_field('edit-plugin_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />

View File

@ -3,7 +3,7 @@ require_once('admin.php');
if ( isset($_GET['action']) ) {
if ('activate' == $_GET['action']) {
check_admin_referer('activate-plugin' . $_GET['plugin']);
check_admin_referer('activate-plugin_' . $_GET['plugin']);
$current = get_settings('active_plugins');
if (!in_array($_GET['plugin'], $current)) {
$current[] = trim( $_GET['plugin'] );
@ -14,7 +14,7 @@ if ( isset($_GET['action']) ) {
}
header('Location: plugins.php?activate=true');
} else if ('deactivate' == $_GET['action']) {
check_admin_referer('deactivate-plugin' . $_GET['plugin']);
check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
$current = get_settings('active_plugins');
array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
update_option('active_plugins', $current);
@ -100,11 +100,11 @@ if (empty($plugins)) {
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
$style .= $style == 'alternate' ? ' active' : 'active';
} else {
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
}
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
if ($style != '') $style = 'class="' . $style . '"';

View File

@ -82,7 +82,7 @@ case 'edit':
case 'editattachment':
$post_id = (int) $_POST['post_ID'];
check_admin_referer('update-attachment' . $post_id);
check_admin_referer('update-attachment_' . $post_id);
// Don't let these be changed
unset($_POST['guid']);
@ -99,7 +99,7 @@ case 'editattachment':
case 'editpost':
$post_ID = (int) $_POST['post_ID'];
check_admin_referer('update-post' . $post_ID);
check_admin_referer('update-post_' . $post_ID);
$post_ID = edit_post();
@ -125,7 +125,7 @@ case 'editpost':
case 'delete':
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
check_admin_referer('delete-post' . $post_id);
check_admin_referer('delete-post_' . $post_id);
$post = & get_post($post_id);

View File

@ -4,7 +4,7 @@ $parent_file = 'profile.php';
$submenu_file = 'profile.php';
require_once('admin.php');
check_admin_referer('update-profile' . $user_ID);
check_admin_referer('update-profile_' . $user_ID);
if ( !$_POST )
die( __('No post?') );

View File

@ -19,7 +19,7 @@ $bookmarklet_height= 440;
<div class="wrap">
<h2><?php _e('Your Profile and Personal Options'); ?></h2>
<form name="profile" id="your-profile" action="profile-update.php" method="post">
<?php wp_nonce_field('update-profile' . $user_ID) ?>
<?php wp_nonce_field('update-profile_' . $user_ID) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />

View File

@ -36,7 +36,7 @@ switch($action) {
case 'update':
check_admin_referer('edit-file' . $file);
check_admin_referer('edit-file_' . $file);
if ( ! current_user_can('edit_files') )
die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');
@ -128,7 +128,7 @@ endif;
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="templates.php" method="post">
<?php wp_nonce_field('edit-file' . $file) ?>
<?php wp_nonce_field('edit-file_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />

View File

@ -47,7 +47,7 @@ switch($action) {
case 'update':
check_admin_referer('edit-theme' . $file . $theme);
check_admin_referer('edit-theme_' . $file . $theme);
if ( !current_user_can('edit_themes') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
@ -131,7 +131,7 @@ if ($allowed_files) :
if (!$error) {
?>
<form name="template" id="template" action="theme-editor.php" method="post">
<?php wp_nonce_field('edit-theme' . $file . $theme) ?>
<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />

View File

@ -2,7 +2,7 @@
require_once('admin.php');
if ( isset($_GET['action']) ) {
check_admin_referer('switch-theme' . $_GET['template']);
check_admin_referer('switch-theme_' . $_GET['template']);
if ('activate' == $_GET['action']) {
if ( isset($_GET['template']) )
@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
$author = $themes[$theme_name]['Author'];
$screenshot = $themes[$theme_name]['Screenshot'];
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme' . $template);
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme_' . $template);
?>
<div class="available-theme">
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>

View File

@ -32,7 +32,7 @@ break;
case 'update':
check_admin_referer('update-user' . $user_id);
check_admin_referer('update-user_' . $user_id);
if (!current_user_can('edit_users'))
$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
@ -74,7 +74,7 @@ if (!current_user_can('edit_users'))
<h2><?php _e('Edit User'); ?></h2>
<form name="profile" id="your-profile" action="user-edit.php" method="post">
<?php wp_nonce_field('update-user' . $user_ID) ?>
<?php wp_nonce_field('update-user_' . $user_ID) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />