From aac7b130c0cf45d433021c2b1a2964750823cefb Mon Sep 17 00:00:00 2001
From: nacin
Date: Wed, 26 May 2010 04:55:21 +0000
Subject: [PATCH] Separate out multiple _ajax_nonce fields on post forms. Yay,
validation. fixes #13383.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
wp-admin/admin-ajax.php | 8 ++++----
wp-admin/includes/meta-boxes.php | 2 +-
wp-admin/includes/template.php | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php
index 187970a561..f20b860489 100644
--- a/wp-admin/admin-ajax.php
+++ b/wp-admin/admin-ajax.php
@@ -218,7 +218,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
function _wp_ajax_add_hierarchical_term() {
$action = $_POST['action'];
$taxonomy = get_taxonomy(substr($action, 4));
- check_ajax_referer( $action );
+ check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
if ( !current_user_can( $taxonomy->cap->edit_terms ) )
die('-1');
$names = explode(',', $_POST['new'.$taxonomy->name]);
@@ -702,7 +702,7 @@ case 'get-comments' :
$x->send();
break;
case 'replyto-comment' :
- check_ajax_referer( $action );
+ check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
$comment_post_ID = (int) $_POST['comment_post_ID'];
if ( !current_user_can( 'edit_post', $comment_post_ID ) )
@@ -771,7 +771,7 @@ case 'replyto-comment' :
$x->send();
break;
case 'edit-comment' :
- check_ajax_referer( 'replyto-comment' );
+ check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
$comment_post_ID = (int) $_POST['comment_post_ID'];
if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
@@ -845,7 +845,7 @@ case 'add-menu-item' :
}
break;
case 'add-meta' :
- check_ajax_referer( 'add-meta' );
+ check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
$c = 0;
$pid = (int) $_POST['post_id'];
$post = get_post( $pid );
diff --git a/wp-admin/includes/meta-boxes.php b/wp-admin/includes/meta-boxes.php
index 231ea18346..44036191b7 100644
--- a/wp-admin/includes/meta-boxes.php
+++ b/wp-admin/includes/meta-boxes.php
@@ -336,7 +336,7 @@ function post_categories_meta_box( $post, $box ) {
$taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —', 'tab_index' => 3 ) ); ?>
-
+
diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php
index 0c756b8204..5c5aa268d1 100644
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@@ -2286,7 +2286,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
-
+
@@ -2462,7 +2462,7 @@ function meta_form() {
-
+
|