mirror of
https://github.com/WordPress/WordPress.git
synced 2024-10-05 02:58:51 +02:00
Add nonces to tag importers. Props xknown. fixes #4811
git-svn-id: http://svn.automattic.com/wordpress/trunk@5941 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
a5fbb3f85f
commit
a03073ef0a
@ -32,6 +32,9 @@ class UTW_Import {
|
|||||||
$step = (int) $_GET['step'];
|
$step = (int) $_GET['step'];
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if ( $step > 1 )
|
||||||
|
check_admin_referer('import-utw');
|
||||||
|
|
||||||
// load the header
|
// load the header
|
||||||
$this->header();
|
$this->header();
|
||||||
|
|
||||||
@ -102,6 +105,7 @@ class UTW_Import {
|
|||||||
}
|
}
|
||||||
|
|
||||||
echo '<form action="admin.php?import=utw&step=2" method="post">';
|
echo '<form action="admin.php?import=utw&step=2" method="post">';
|
||||||
|
wp_nonce_field('import-utw');
|
||||||
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 2 »').'" /></p>';
|
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 2 »').'" /></p>';
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
@ -137,6 +141,7 @@ class UTW_Import {
|
|||||||
}
|
}
|
||||||
|
|
||||||
echo '<form action="admin.php?import=utw&step=3" method="post">';
|
echo '<form action="admin.php?import=utw&step=3" method="post">';
|
||||||
|
wp_nonce_field('import-utw');
|
||||||
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 3 »').'" /></p>';
|
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 3 »').'" /></p>';
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
@ -155,6 +160,7 @@ class UTW_Import {
|
|||||||
echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags where added!'), $tags_added ) . '<br /></p>';
|
echo '<p>' . sprintf( __('Done! <strong>%s</strong> tags where added!'), $tags_added ) . '<br /></p>';
|
||||||
|
|
||||||
echo '<form action="admin.php?import=utw&step=4" method="post">';
|
echo '<form action="admin.php?import=utw&step=4" method="post">';
|
||||||
|
wp_nonce_field('import-utw');
|
||||||
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 4 »').'" /></p>';
|
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Step 4 »').'" /></p>';
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
|
@ -38,6 +38,7 @@ class WP_Categories_to_Tags {
|
|||||||
|
|
||||||
function categories_form() {
|
function categories_form() {
|
||||||
print '<form action="admin.php?import=wp-cat2tag&step=2" method="post">';
|
print '<form action="admin.php?import=wp-cat2tag&step=2" method="post">';
|
||||||
|
wp_nonce_field('import-cat2tag');
|
||||||
print '<ul style="list-style:none">';
|
print '<ul style="list-style:none">';
|
||||||
|
|
||||||
$hier = _get_term_hierarchy('category');
|
$hier = _get_term_hierarchy('category');
|
||||||
@ -144,6 +145,7 @@ class WP_Categories_to_Tags {
|
|||||||
print '<p>' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '</p>';
|
print '<p>' . __('You are about to convert all categories to tags. Are you sure you want to continue?') . '</p>';
|
||||||
|
|
||||||
print '<form action="admin.php?import=wp-cat2tag" method="post">';
|
print '<form action="admin.php?import=wp-cat2tag" method="post">';
|
||||||
|
wp_nonce_field('import-cat2tag');
|
||||||
print '<p style="text-align:center" class="submit"><input type="submit" value="' . __('Yes') . '" name="yes_convert_all_cats" /> <input type="submit" value="' . __('No') . '" name="no_dont_do_it" /></p>';
|
print '<p style="text-align:center" class="submit"><input type="submit" value="' . __('Yes') . '" name="yes_convert_all_cats" /> <input type="submit" value="' . __('No') . '" name="no_dont_do_it" /></p>';
|
||||||
print '</form>';
|
print '</form>';
|
||||||
|
|
||||||
@ -158,7 +160,6 @@ class WP_Categories_to_Tags {
|
|||||||
}
|
}
|
||||||
|
|
||||||
function init() {
|
function init() {
|
||||||
echo '<!--'; print_r($_POST); print_r($_GET); echo '-->';
|
|
||||||
|
|
||||||
if (isset($_POST['maybe_convert_all_cats'])) {
|
if (isset($_POST['maybe_convert_all_cats'])) {
|
||||||
$step = 3;
|
$step = 3;
|
||||||
@ -177,6 +178,9 @@ class WP_Categories_to_Tags {
|
|||||||
print '<p>' . __('Cheatin’ uh?') . '</p>';
|
print '<p>' . __('Cheatin’ uh?') . '</p>';
|
||||||
print '</div>';
|
print '</div>';
|
||||||
} else {
|
} else {
|
||||||
|
if ( $step > 1 )
|
||||||
|
check_admin_referer('import-cat2tag');
|
||||||
|
|
||||||
switch ($step) {
|
switch ($step) {
|
||||||
case 1 :
|
case 1 :
|
||||||
$this->welcome();
|
$this->welcome();
|
||||||
|
Loading…
Reference in New Issue
Block a user