Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-07-04 02:35:47 +02:00
Code Issues Projects Releases Wiki Activity

Add nonces to tag importers. Props xknown. fixes #4811

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@5941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-08-25 17:07:10 +00:00
parent a5fbb3f85f
commit a03073ef0a
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/import/utw.php
View File

@ -31,6 +31,9 @@ class UTW_Import {
} else {
$step = (int) $_GET['step'];
}
if ( $step > 1 )
check_admin_referer('import-utw');
// load the header
$this->header();
@ -102,6 +105,7 @@ class UTW_Import {
}
echo '<form action="admin.php?import=utw&amp;step=2" method="post">';
wp_nonce_field('import-utw');
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 2 &raquo;').'" /></p>';
echo '</form>';
echo '</div>';
@ -137,6 +141,7 @@ class UTW_Import {
}
echo '<form action="admin.php?import=utw&amp;step=3" method="post">';
wp_nonce_field('import-utw');
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 3 &raquo;').'" /></p>';
echo '</form>';
echo '</div>';
@ -155,6 +160,7 @@ class UTW_Import {
echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags where added!'), $tags_added ) . '<br /></p>';
echo '<form action="admin.php?import=utw&amp;step=4" method="post">';
wp_nonce_field('import-utw');
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 4 &raquo;').'" /></p>';
echo '</form>';
echo '</div>';

6
wp-admin/import/wp-cat2tag.php
View File

@ -38,6 +38,7 @@ class WP_Categories_to_Tags {
function categories_form() {
print '<form action="admin.php?import=wp-cat2tag&amp;step=2" method="post">';
wp_nonce_field('import-cat2tag');
print '<ul style="list-style:none">';
$hier = _get_term_hierarchy('category');
@ -144,6 +145,7 @@ class WP_Categories_to_Tags {
print '<p>' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '</p>';
print '<form action="admin.php?import=wp-cat2tag" method="post">';
wp_nonce_field('import-cat2tag');
print '<p style="text-align:center" class="submit"><input type="submit" value="' . __('Yes') . '" name="yes_convert_all_cats" />&nbsp;&nbsp;&nbsp;&nbsp;<input type="submit" value="' . __('No') . '" name="no_dont_do_it" /></p>';
print '</form>';
@ -158,7 +160,6 @@ class WP_Categories_to_Tags {
}
function init() {
echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
if (isset($_POST['maybe_convert_all_cats'])) {
$step = 3;
@ -177,6 +178,9 @@ class WP_Categories_to_Tags {
print '<p>' . __('Cheatin&#8217; uh?') . '</p>';
print '</div>';
} else {
if ( $step > 1 )
check_admin_referer('import-cat2tag');
switch ($step) {
case 1 :
$this->welcome();