Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-29 23:57:41 +02:00
Code Issues Projects Releases Wiki Activity

Update nonce action strings. Props mdawaffe.

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3805 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-26 23:31:24 +00:00
parent bcc0151f73
commit b4affc0640
19 changed files with 42 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/admin-functions.php
View File

@ -599,7 +599,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
$default_cat_id = get_option('default_category');
if ($category->cat_ID != $default_cat_id)
$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;. All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&amp;cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category &quot;%s&quot;. All of its posts will go to the default category.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";
else
$edit .= "<td style='text-align:center'>".__("Default");
}
@ -643,7 +643,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0) {
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php

4
wp-admin/categories.php
View File

@ -37,7 +37,7 @@ break;
case 'delete':
$cat_ID = (int) $_GET['cat_ID'];
check_admin_referer('delete-category' . $cat_ID);
check_admin_referer('delete-category_' . $cat_ID);
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));
@ -97,7 +97,7 @@ break;
case 'editedcat':
$cat_ID = (int) $_POST['cat_ID'];
check_admin_referer('update-category' . $cat_ID);
check_admin_referer('update-category_' . $cat_ID);
if ( !current_user_can('manage_categories') )
die (__('Cheatin&#8217; uh?'));

2
wp-admin/edit-comments.php
View File

@ -98,7 +98,7 @@ if ('view' == $mode) {
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "' );\">" . __('Delete Comment') . '</a> ';
} // end if any comments to show
// Get post title
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {

4
wp-admin/edit-form-advanced.php
View File

@ -26,7 +26,7 @@ if (0 == $post_ID) {
} else {
$form_action = 'editpost';
$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
wp_nonce_field('update-post' . $post_ID);
wp_nonce_field('update-post_' . $post_ID);
}
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@ -266,7 +266,7 @@ if($metadata = has_meta($post_ID)) {
</div>
<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post' . $post_ID ); ?>
<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
<?php endif; ?>

2
wp-admin/edit-link-form.php
View File

@ -4,7 +4,7 @@ if ( ! empty($link_id) ) {
$heading = __('Edit a link:');
$submit_text = __('Save Changes &raquo;');
$form = '<form action="" method="post" name="editlink" id="editlink">';
$nonce_action = 'update-bookmark' . $link_id;
$nonce_action = 'update-bookmark_' . $link_id;
} else {
$editing = false;
$heading = __('<strong>Add</strong> a link:');

2
wp-admin/edit-page-form.php
View File

@ -10,7 +10,7 @@ if (0 == $post_ID) {
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
} else {
$form_action = 'editpost';
$nonce_action = 'update-post' . $post_ID;
$nonce_action = 'update-post_' . $post_ID;
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
}

2
wp-admin/edit-pages.php
View File

@ -52,7 +52,7 @@ foreach ( $posts as $post ) :
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&amp;post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; page.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
</tr>
<?php
endforeach;

8
wp-admin/edit.php
View File

@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
case 'control_delete':
?>
<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&amp;post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post &quot;%s&quot;.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>
<?php
break;
@ -262,13 +262,13 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
<?php
if ( current_user_can('edit_post', $post->ID) ) {
echo "[ <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete.") . "');\">" . __('Delete') . '</a> ';
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
} else {
echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&amp;p=' . $post->ID . '&amp;comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
}
}
echo "]";

8
wp-admin/link-categories.php
View File

@ -83,7 +83,7 @@ switch ($action) {
case 'Delete':
{
$cat_id = (int) $_GET['cat_id'];
check_admin_referer('delete-link-category' . $cat_id);
check_admin_referer('delete-link-category_' . $cat_id);
$cat_name=get_linkcatname($cat_id);
@ -116,7 +116,7 @@ switch ($action) {
<h2><?php printf(__('Edit &#8220%s&#8221; Category'), wp_specialchars($row->cat_name)); ?></h2>
<form name="editcat" method="post">
<?php wp_nonce_field('update-link-category' . $row->cat_id) ?>
<?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
<input type="hidden" name="action" value="editedcat" />
<input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
<fieldset class="options">
@ -205,7 +205,7 @@ switch ($action) {
case "editedcat":
{
$cat_id = (int)$_POST["cat_id"];
check_admin_referer('update-link-category' . $cat_id);
check_admin_referer('update-link-category_' . $cat_id);
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
@ -356,7 +356,7 @@ foreach ($results as $row) {
<td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
<td><?php echo $row->list_limit ?></td>
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&amp;action=Edit" class="edit"><?php _e('Edit') ?></a></td>
<td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
<td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&amp;action=Delete", 'delete-link-category_' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the &quot;%s&quot; link category.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
</tr>
<?php
++$i;

2
wp-admin/link-manager.php
View File

@ -382,7 +382,7 @@ LINKS;
if ($show_buttons) {
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&amp;action=linkedit" class="edit">' . __('Edit') . '</a></td>';
echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&amp;action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the &quot;%s&quot; bookmark to %s.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
} else {
echo "<td>&nbsp;</td><td>&nbsp;</td><td>&nbsp;</td>\n";

4
wp-admin/plugin-editor.php
View File

@ -34,7 +34,7 @@ switch($action) {
case 'update':
check_admin_referer('edit-plugin' . $file);
check_admin_referer('edit-plugin_' . $file);
if ( !current_user_can('edit_plugins') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
@ -97,7 +97,7 @@ if ($plugin_files) :
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="plugin-editor.php" method="post">
<?php wp_nonce_field('edit-plugin' . $file) ?>
<?php wp_nonce_field('edit-plugin_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />

8
wp-admin/plugins.php
View File

@ -3,7 +3,7 @@ require_once('admin.php');
if ( isset($_GET['action']) ) {
if ('activate' == $_GET['action']) {
check_admin_referer('activate-plugin' . $_GET['plugin']);
check_admin_referer('activate-plugin_' . $_GET['plugin']);
$current = get_settings('active_plugins');
if (!in_array($_GET['plugin'], $current)) {
$current[] = trim( $_GET['plugin'] );
@ -14,7 +14,7 @@ if ( isset($_GET['action']) ) {
}
header('Location: plugins.php?activate=true');
} else if ('deactivate' == $_GET['action']) {
check_admin_referer('deactivate-plugin' . $_GET['plugin']);
check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
$current = get_settings('active_plugins');
array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
update_option('active_plugins', $current);
@ -98,11 +98,11 @@ if (empty($plugins)) {
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&amp;plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
$style .= $style == 'alternate' ? ' active' : 'active';
} else {
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&amp;plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
}
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
if ($style != '') $style = 'class="' . $style . '"';

14
wp-admin/post.php
View File

@ -89,7 +89,7 @@ case 'edit':
case 'editattachment':
$post_id = (int) $_POST['post_ID'];
check_admin_referer('update-attachment' . $post_id);
check_admin_referer('update-attachment_' . $post_id);
// Don't let these be changed
unset($_POST['guid']);
@ -106,7 +106,7 @@ case 'editattachment':
case 'editpost':
$post_ID = (int) $_POST['post_ID'];
check_admin_referer('update-post' . $post_ID);
check_admin_referer('update-post_' . $post_ID);
$post_ID = edit_post();
@ -132,7 +132,7 @@ case 'editpost':
case 'delete':
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
check_admin_referer('delete-post' . $post_id);
check_admin_referer('delete-post_' . $post_id);
$post = & get_post($post_id);
@ -213,7 +213,7 @@ case 'confirmdeletecomment':
case 'deletecomment':
$comment = (int) $_GET['comment'];
check_admin_referer('delete-comment' . $comment);
check_admin_referer('delete-comment_' . $comment);
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {
@ -243,7 +243,7 @@ case 'deletecomment':
case 'unapprovecomment':
$comment = (int) $_GET['comment'];
check_admin_referer('unapprove-comment' . $comment);
check_admin_referer('unapprove-comment_' . $comment);
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {
@ -270,7 +270,7 @@ case 'unapprovecomment':
case 'mailapprovecomment':
$comment = (int) $_GET['comment'];
check_admin_referer('approve-comment' . $comment);
check_admin_referer('approve-comment_' . $comment);
if ( ! $comment = get_comment($comment) )
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
@ -290,7 +290,7 @@ case 'mailapprovecomment':
case 'approvecomment':
$comment = (int) $_GET['comment'];
check_admin_referer('approve-comment' . $comment);
check_admin_referer('approve-comment_' . $comment);
$p = (int) $_GET['p'];
if (isset($_GET['noredir'])) {

2
wp-admin/profile-update.php
View File

@ -2,7 +2,7 @@
require_once('admin.php');
check_admin_referer('update-profile' . $user_ID);
check_admin_referer('update-profile_' . $user_ID);
if ( !$_POST )
die( __('No post?') );

2
wp-admin/profile.php
View File

@ -19,7 +19,7 @@ $bookmarklet_height= 440;
<div class="wrap">
<h2><?php _e('Your Profile and Personal Options'); ?></h2>
<form name="profile" id="your-profile" action="profile-update.php" method="post">
<?php wp_nonce_field('update-profile' . $user_ID) ?>
<?php wp_nonce_field('update-profile_' . $user_ID) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />

4
wp-admin/templates.php
View File

@ -36,7 +36,7 @@ switch($action) {
case 'update':
check_admin_referer('edit-file' . $file);
check_admin_referer('edit-file_' . $file);
if ( ! current_user_can('edit_files') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
@ -128,7 +128,7 @@ endif;
</div>
<?php if (!$error) { ?>
<form name="template" id="template" action="templates.php" method="post">
<?php wp_nonce_field('edit-file' . $file) ?>
<?php wp_nonce_field('edit-file_' . $file) ?>
<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />

4
wp-admin/theme-editor.php
View File

@ -47,7 +47,7 @@ switch($action) {
case 'update':
check_admin_referer('edit-theme' . $file . $theme);
check_admin_referer('edit-theme_' . $file . $theme);
if ( !current_user_can('edit_themes') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
@ -131,7 +131,7 @@ if ($allowed_files) :
if (!$error) {
?>
<form name="template" id="template" action="theme-editor.php" method="post">
<?php wp_nonce_field('edit-theme' . $file . $theme) ?>
<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
<input type="hidden" name="action" value="update" />
<input type="hidden" name="file" value="<?php echo $file ?>" />

4
wp-admin/themes.php
View File

@ -2,7 +2,7 @@
require_once('admin.php');
if ( isset($_GET['action']) ) {
check_admin_referer('switch-theme' . $_GET['template']);
check_admin_referer('switch-theme_' . $_GET['template']);
if ('activate' == $_GET['action']) {
if ( isset($_GET['template']) )
@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
$author = $themes[$theme_name]['Author'];
$screenshot = $themes[$theme_name]['Screenshot'];
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme' . $template);
$activate_link = wp_nonce_url("themes.php?action=activate&amp;template=$template&amp;stylesheet=$stylesheet", 'switch-theme_' . $template);
?>
<div class="available-theme">
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>

4
wp-admin/user-edit.php
View File

@ -32,7 +32,7 @@ break;
case 'update':
check_admin_referer('update-user' . $user_id);
check_admin_referer('update-user_' . $user_id);
$errors = array();
@ -73,7 +73,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi
<h2><?php _e('Edit User'); ?></h2>
<form name="profile" id="your-profile" action="user-edit.php" method="post">
<?php wp_nonce_field('update-user' . $user_ID) ?>
<?php wp_nonce_field('update-user_' . $user_ID) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />