mirror of
https://github.com/WordPress/WordPress.git
synced 2025-01-12 03:13:29 +01:00
Separate out multiple _ajax_nonce fields on post forms. Yay, validation. fixes #13383.
git-svn-id: http://svn.automattic.com/wordpress/trunk@14933 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9584b002b3
commit
aac7b130c0
wp-admin
@ -218,7 +218,7 @@ function _wp_ajax_delete_comment_response( $comment_id ) {
|
|||||||
function _wp_ajax_add_hierarchical_term() {
|
function _wp_ajax_add_hierarchical_term() {
|
||||||
$action = $_POST['action'];
|
$action = $_POST['action'];
|
||||||
$taxonomy = get_taxonomy(substr($action, 4));
|
$taxonomy = get_taxonomy(substr($action, 4));
|
||||||
check_ajax_referer( $action );
|
check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
|
||||||
if ( !current_user_can( $taxonomy->cap->edit_terms ) )
|
if ( !current_user_can( $taxonomy->cap->edit_terms ) )
|
||||||
die('-1');
|
die('-1');
|
||||||
$names = explode(',', $_POST['new'.$taxonomy->name]);
|
$names = explode(',', $_POST['new'.$taxonomy->name]);
|
||||||
@ -702,7 +702,7 @@ case 'get-comments' :
|
|||||||
$x->send();
|
$x->send();
|
||||||
break;
|
break;
|
||||||
case 'replyto-comment' :
|
case 'replyto-comment' :
|
||||||
check_ajax_referer( $action );
|
check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
|
||||||
|
|
||||||
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
||||||
if ( !current_user_can( 'edit_post', $comment_post_ID ) )
|
if ( !current_user_can( 'edit_post', $comment_post_ID ) )
|
||||||
@ -771,7 +771,7 @@ case 'replyto-comment' :
|
|||||||
$x->send();
|
$x->send();
|
||||||
break;
|
break;
|
||||||
case 'edit-comment' :
|
case 'edit-comment' :
|
||||||
check_ajax_referer( 'replyto-comment' );
|
check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
|
||||||
|
|
||||||
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
$comment_post_ID = (int) $_POST['comment_post_ID'];
|
||||||
if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
|
if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
|
||||||
@ -845,7 +845,7 @@ case 'add-menu-item' :
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'add-meta' :
|
case 'add-meta' :
|
||||||
check_ajax_referer( 'add-meta' );
|
check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
|
||||||
$c = 0;
|
$c = 0;
|
||||||
$pid = (int) $_POST['post_id'];
|
$pid = (int) $_POST['post_id'];
|
||||||
$post = get_post( $pid );
|
$post = get_post( $pid );
|
||||||
|
@ -336,7 +336,7 @@ function post_categories_meta_box( $post, $box ) {
|
|||||||
</label>
|
</label>
|
||||||
<?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —', 'tab_index' => 3 ) ); ?>
|
<?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —', 'tab_index' => 3 ) ); ?>
|
||||||
<input type="button" id="<?php echo $taxonomy; ?>-add-submit" class="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add button category-add-sumbit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" tabindex="3" />
|
<input type="button" id="<?php echo $taxonomy; ?>-add-submit" class="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add button category-add-sumbit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" tabindex="3" />
|
||||||
<?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce', false ); ?>
|
<?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce-add-'.$taxonomy, false ); ?>
|
||||||
<span id="<?php echo $taxonomy; ?>-ajax-response"></span>
|
<span id="<?php echo $taxonomy; ?>-ajax-response"></span>
|
||||||
</p>
|
</p>
|
||||||
</div>
|
</div>
|
||||||
|
@ -2286,7 +2286,7 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
|
|||||||
<input type="hidden" name="position" id="position" value="<?php echo $position; ?>" />
|
<input type="hidden" name="position" id="position" value="<?php echo $position; ?>" />
|
||||||
<input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" />
|
<input type="hidden" name="checkbox" id="checkbox" value="<?php echo $checkbox ? 1 : 0; ?>" />
|
||||||
<input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" />
|
<input type="hidden" name="mode" id="mode" value="<?php echo esc_attr($mode); ?>" />
|
||||||
<?php wp_nonce_field( 'replyto-comment', '_ajax_nonce', false ); ?>
|
<?php wp_nonce_field( 'replyto-comment', '_ajax_nonce-replyto-comment', false ); ?>
|
||||||
<?php wp_comment_form_unfiltered_html_nonce(); ?>
|
<?php wp_comment_form_unfiltered_html_nonce(); ?>
|
||||||
<?php if ( $table_row ) : ?>
|
<?php if ( $table_row ) : ?>
|
||||||
</td></tr></tbody></table>
|
</td></tr></tbody></table>
|
||||||
@ -2462,7 +2462,7 @@ function meta_form() {
|
|||||||
|
|
||||||
<tr><td colspan="2" class="submit">
|
<tr><td colspan="2" class="submit">
|
||||||
<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php esc_attr_e( 'Add Custom Field' ) ?>" />
|
<input type="submit" id="addmetasub" name="addmeta" class="add:the-list:newmeta" tabindex="9" value="<?php esc_attr_e( 'Add Custom Field' ) ?>" />
|
||||||
<?php wp_nonce_field( 'add-meta', '_ajax_nonce', false ); ?>
|
<?php wp_nonce_field( 'add-meta', '_ajax_nonce-add-meta', false ); ?>
|
||||||
</td></tr>
|
</td></tr>
|
||||||
</tbody>
|
</tbody>
|
||||||
</table>
|
</table>
|
||||||
|
Loading…
Reference in New Issue
Block a user