mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 01:27:36 +01:00
Add nonces to importers
git-svn-id: http://svn.automattic.com/wordpress/trunk@5404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
9b1b9b2084
commit
ef4ad331e1
@ -2030,6 +2030,7 @@ function wp_import_upload_form( $action ) {
|
|||||||
?>
|
?>
|
||||||
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
|
<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo attribute_escape($action) ?>">
|
||||||
<p>
|
<p>
|
||||||
|
<?php wp_nonce_field('import-upload'); ?>
|
||||||
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
|
<label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?> )
|
||||||
<input type="file" id="upload" name="import" size="25" />
|
<input type="file" id="upload" name="import" size="25" />
|
||||||
<input type="hidden" name="action" value="save" />
|
<input type="hidden" name="action" value="save" />
|
||||||
|
@ -743,10 +743,11 @@ class Blogger_Import {
|
|||||||
|
|
||||||
// Step 9: Congratulate the user
|
// Step 9: Congratulate the user
|
||||||
function congrats() {
|
function congrats() {
|
||||||
|
$blog = (int) $_GET['blog'];
|
||||||
echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>';
|
echo '<h1>'.__('Congratulations!').'</h1><p>'.__('Now that you have imported your Blogger blog into WordPress, what are you going to do? Here are some suggestions:').'</p><ul><li>'.__('That was hard work! Take a break.').'</li>';
|
||||||
if ( count($this->import['blogs']) > 1 )
|
if ( count($this->import['blogs']) > 1 )
|
||||||
echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
|
echo '<li>'.__('In case you haven\'t done it already, you can import the posts from your other blogs:'). $this->show_blogs() . '</li>';
|
||||||
if ( $n = count($this->import['blogs'][$_GET['blog']]['newusers']) )
|
if ( $n = count($this->import['blogs'][$blog]['newusers']) )
|
||||||
echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors & Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>';
|
echo '<li>'.sprintf(__('Go to <a href="%s" target="%s">Authors & Users</a>, where you can modify the new user(s) or delete them. If you want to make all of the imported posts yours, you will be given that option when you delete the new authors.'), 'users.php', '_parent').'</li>';
|
||||||
echo '<li>'.__('For security, click the link below to reset this importer.').'</li>';
|
echo '<li>'.__('For security, click the link below to reset this importer.').'</li>';
|
||||||
echo '</ul>';
|
echo '</ul>';
|
||||||
@ -765,6 +766,7 @@ class Blogger_Import {
|
|||||||
|
|
||||||
if ( isset( $_REQUEST['blog'] ) ) {
|
if ( isset( $_REQUEST['blog'] ) ) {
|
||||||
$blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
|
$blog = is_array($_REQUEST['blog']) ? array_shift( array_keys( $_REQUEST['blog'] ) ) : $_REQUEST['blog'];
|
||||||
|
$blog = (int) $blog;
|
||||||
$this->import_blog( $blog );
|
$this->import_blog( $blog );
|
||||||
} elseif ( isset($_GET['token']) )
|
} elseif ( isset($_GET['token']) )
|
||||||
$this->auth();
|
$this->auth();
|
||||||
|
@ -147,8 +147,9 @@ class Dotclear_Import {
|
|||||||
echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog. Mileage may vary.').'</p>';
|
echo '<div class="narrow"><p>'.__('Howdy! This importer allows you to extract posts from a DotClear database into your blog. Mileage may vary.').'</p>';
|
||||||
echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
|
echo '<p>'.__('Your DotClear Configuration settings are as follows:').'</p>';
|
||||||
echo '<form action="admin.php?import=dotclear&step=1" method="post">';
|
echo '<form action="admin.php?import=dotclear&step=1" method="post">';
|
||||||
|
wp_nonce_field('import-dotclear');
|
||||||
$this->db_form();
|
$this->db_form();
|
||||||
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' »" /></p>';
|
echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>';
|
||||||
echo '</form></div>';
|
echo '</form></div>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -558,7 +559,8 @@ class Dotclear_Import {
|
|||||||
|
|
||||||
|
|
||||||
echo '<form action="admin.php?import=dotclear&step=2" method="post">';
|
echo '<form action="admin.php?import=dotclear&step=2" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
|
wp_nonce_field('import-dotclear');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -570,7 +572,8 @@ class Dotclear_Import {
|
|||||||
$this->users2wp($users);
|
$this->users2wp($users);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=dotclear&step=3" method="post">';
|
echo '<form action="admin.php?import=dotclear&step=3" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
|
wp_nonce_field('import-dotclear');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -581,7 +584,8 @@ class Dotclear_Import {
|
|||||||
$this->posts2wp($posts);
|
$this->posts2wp($posts);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=dotclear&step=4" method="post">';
|
echo '<form action="admin.php?import=dotclear&step=4" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
|
wp_nonce_field('import-dotclear');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -592,7 +596,8 @@ class Dotclear_Import {
|
|||||||
$this->comments2wp($comments);
|
$this->comments2wp($comments);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=dotclear&step=5" method="post">';
|
echo '<form action="admin.php?import=dotclear&step=5" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
|
wp_nonce_field('import-dotclear');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -604,7 +609,8 @@ class Dotclear_Import {
|
|||||||
add_option('dc_links', $links);
|
add_option('dc_links', $links);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=dotclear&step=6" method="post">';
|
echo '<form action="admin.php?import=dotclear&step=6" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
|
wp_nonce_field('import-dotclear');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -667,42 +673,44 @@ class Dotclear_Import {
|
|||||||
|
|
||||||
if ( $step > 0 )
|
if ( $step > 0 )
|
||||||
{
|
{
|
||||||
|
check_admin_referer('import-dotclear');
|
||||||
|
|
||||||
if($_POST['dbuser'])
|
if($_POST['dbuser'])
|
||||||
{
|
{
|
||||||
if(get_option('dcuser'))
|
if(get_option('dcuser'))
|
||||||
delete_option('dcuser');
|
delete_option('dcuser');
|
||||||
add_option('dcuser',$_POST['dbuser']);
|
add_option('dcuser', sanitize_user($_POST['dbuser'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dbpass'])
|
if($_POST['dbpass'])
|
||||||
{
|
{
|
||||||
if(get_option('dcpass'))
|
if(get_option('dcpass'))
|
||||||
delete_option('dcpass');
|
delete_option('dcpass');
|
||||||
add_option('dcpass',$_POST['dbpass']);
|
add_option('dcpass', sanitize_user($_POST['dbpass'], true));
|
||||||
}
|
}
|
||||||
|
|
||||||
if($_POST['dbname'])
|
if($_POST['dbname'])
|
||||||
{
|
{
|
||||||
if(get_option('dcname'))
|
if(get_option('dcname'))
|
||||||
delete_option('dcname');
|
delete_option('dcname');
|
||||||
add_option('dcname',$_POST['dbname']);
|
add_option('dcname', sanitize_user($_POST['dbname'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dbhost'])
|
if($_POST['dbhost'])
|
||||||
{
|
{
|
||||||
if(get_option('dchost'))
|
if(get_option('dchost'))
|
||||||
delete_option('dchost');
|
delete_option('dchost');
|
||||||
add_option('dchost',$_POST['dbhost']);
|
add_option('dchost', sanitize_user($_POST['dbhost'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dccharset'])
|
if($_POST['dccharset'])
|
||||||
{
|
{
|
||||||
if(get_option('dccharset'))
|
if(get_option('dccharset'))
|
||||||
delete_option('dccharset');
|
delete_option('dccharset');
|
||||||
add_option('dccharset',$_POST['dccharset']);
|
add_option('dccharset', sanitize_user($_POST['dccharset'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dbprefix'])
|
if($_POST['dbprefix'])
|
||||||
{
|
{
|
||||||
if(get_option('dcdbprefix'))
|
if(get_option('dcdbprefix'))
|
||||||
delete_option('dcdbprefix');
|
delete_option('dcdbprefix');
|
||||||
add_option('dcdbprefix',$_POST['dbprefix']);
|
add_option('dcdbprefix', sanitize_user($_POST['dbprefix'], true));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -34,6 +34,7 @@ class GM_Import {
|
|||||||
<form name="stepOne" method="get">
|
<form name="stepOne" method="get">
|
||||||
<input type="hidden" name="import" value="greymatter" />
|
<input type="hidden" name="import" value="greymatter" />
|
||||||
<input type="hidden" name="step" value="1" />
|
<input type="hidden" name="step" value="1" />
|
||||||
|
<?php wp_nonce_field('import-greymatter'); ?>
|
||||||
<h3><?php _e('Second step: GreyMatter details:') ?></h3>
|
<h3><?php _e('Second step: GreyMatter details:') ?></h3>
|
||||||
<p><table cellpadding="0">
|
<p><table cellpadding="0">
|
||||||
<tr>
|
<tr>
|
||||||
@ -87,10 +88,12 @@ class GM_Import {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (!chdir($archivespath))
|
if (!chdir($archivespath))
|
||||||
wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $archivespath));
|
wp_die(__("Wrong path, the path to the GM entries does not exist on the server"));
|
||||||
|
|
||||||
if (!chdir($gmpath))
|
if (!chdir($gmpath))
|
||||||
wp_die(sprintf(__("Wrong path, %s\ndoesn't exist\non the server"), $gmpath));
|
wp_die(__("Wrong path, the path to the GM files does not exist on the server"));
|
||||||
|
|
||||||
|
$lastentry = (int) $lastentry;
|
||||||
|
|
||||||
$this->header();
|
$this->header();
|
||||||
?>
|
?>
|
||||||
@ -297,6 +300,7 @@ class GM_Import {
|
|||||||
$this->greet();
|
$this->greet();
|
||||||
break;
|
break;
|
||||||
case 1:
|
case 1:
|
||||||
|
check_admin_referer('import-greymatter');
|
||||||
$this->import();
|
$this->import();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -153,6 +153,7 @@ class LJ_Import {
|
|||||||
$this->greet();
|
$this->greet();
|
||||||
break;
|
break;
|
||||||
case 1 :
|
case 1 :
|
||||||
|
check_admin_referer('import-upload');
|
||||||
$this->import();
|
$this->import();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -147,6 +147,7 @@ class MT_Import {
|
|||||||
$authors = $this->get_mt_authors();
|
$authors = $this->get_mt_authors();
|
||||||
echo '<ol id="authors">';
|
echo '<ol id="authors">';
|
||||||
echo '<form action="?import=mt&step=2&id=' . $this->id . '" method="post">';
|
echo '<form action="?import=mt&step=2&id=' . $this->id . '" method="post">';
|
||||||
|
wp_nonce_field('import-mt');
|
||||||
$j = -1;
|
$j = -1;
|
||||||
foreach ($authors as $author) {
|
foreach ($authors as $author) {
|
||||||
++ $j;
|
++ $j;
|
||||||
@ -417,9 +418,11 @@ class MT_Import {
|
|||||||
$this->greet();
|
$this->greet();
|
||||||
break;
|
break;
|
||||||
case 1 :
|
case 1 :
|
||||||
|
check_admin_referer('import-upload');
|
||||||
$this->select_authors();
|
$this->select_authors();
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
|
check_admin_referer('import-mt');
|
||||||
$this->import();
|
$this->import();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -156,6 +156,7 @@ class RSS_Import {
|
|||||||
$this->greet();
|
$this->greet();
|
||||||
break;
|
break;
|
||||||
case 1 :
|
case 1 :
|
||||||
|
check_admin_referer('import-upload');
|
||||||
$this->import();
|
$this->import();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -56,8 +56,9 @@ class Textpattern_Import {
|
|||||||
echo '<p>'.__('This has not been tested on previous versions of Textpattern. Mileage may vary.').'</p>';
|
echo '<p>'.__('This has not been tested on previous versions of Textpattern. Mileage may vary.').'</p>';
|
||||||
echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
|
echo '<p>'.__('Your Textpattern Configuration settings are as follows:').'</p>';
|
||||||
echo '<form action="admin.php?import=textpattern&step=1" method="post">';
|
echo '<form action="admin.php?import=textpattern&step=1" method="post">';
|
||||||
|
wp_nonce_field('import-textpattern');
|
||||||
$this->db_form();
|
$this->db_form();
|
||||||
echo '<p class="submit"><input type="submit" name="submit" value="'.__('Import Categories').' »" /></p>';
|
echo '<p class="submit"><input type="submit" name="submit" value="'.attribute_escape(__('Import Categories »')).'" /></p>';
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
echo '</div>';
|
echo '</div>';
|
||||||
}
|
}
|
||||||
@ -483,7 +484,8 @@ class Textpattern_Import {
|
|||||||
|
|
||||||
|
|
||||||
echo '<form action="admin.php?import=textpattern&step=2" method="post">';
|
echo '<form action="admin.php?import=textpattern&step=2" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Users'));
|
wp_nonce_field('import-textpattern');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Users')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -495,7 +497,8 @@ class Textpattern_Import {
|
|||||||
$this->users2wp($users);
|
$this->users2wp($users);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=textpattern&step=3" method="post">';
|
echo '<form action="admin.php?import=textpattern&step=3" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Posts'));
|
wp_nonce_field('import-textpattern');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Posts')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -506,7 +509,8 @@ class Textpattern_Import {
|
|||||||
$this->posts2wp($posts);
|
$this->posts2wp($posts);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=textpattern&step=4" method="post">';
|
echo '<form action="admin.php?import=textpattern&step=4" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Comments'));
|
wp_nonce_field('import-textpattern');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Comments')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -517,7 +521,8 @@ class Textpattern_Import {
|
|||||||
$this->comments2wp($comments);
|
$this->comments2wp($comments);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=textpattern&step=5" method="post">';
|
echo '<form action="admin.php?import=textpattern&step=5" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Import Links'));
|
wp_nonce_field('import-textpattern');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Import Links')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -529,7 +534,8 @@ class Textpattern_Import {
|
|||||||
add_option('txp_links', $links);
|
add_option('txp_links', $links);
|
||||||
|
|
||||||
echo '<form action="admin.php?import=textpattern&step=6" method="post">';
|
echo '<form action="admin.php?import=textpattern&step=6" method="post">';
|
||||||
printf('<input type="submit" name="submit" value="%s" />', __('Finish'));
|
wp_nonce_field('import-textpattern');
|
||||||
|
printf('<input type="submit" name="submit" value="%s" />', attribute_escape(__('Finish')));
|
||||||
echo '</form>';
|
echo '</form>';
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -590,36 +596,38 @@ class Textpattern_Import {
|
|||||||
|
|
||||||
if ( $step > 0 )
|
if ( $step > 0 )
|
||||||
{
|
{
|
||||||
|
check_admin_referer('import-textpattern');
|
||||||
|
|
||||||
if($_POST['dbuser'])
|
if($_POST['dbuser'])
|
||||||
{
|
{
|
||||||
if(get_option('txpuser'))
|
if(get_option('txpuser'))
|
||||||
delete_option('txpuser');
|
delete_option('txpuser');
|
||||||
add_option('txpuser',$_POST['dbuser']);
|
add_option('txpuser', sanitize_user($_POST['dbuser'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dbpass'])
|
if($_POST['dbpass'])
|
||||||
{
|
{
|
||||||
if(get_option('txppass'))
|
if(get_option('txppass'))
|
||||||
delete_option('txppass');
|
delete_option('txppass');
|
||||||
add_option('txppass',$_POST['dbpass']);
|
add_option('txppass', sanitize_user($_POST['dbpass'], true));
|
||||||
}
|
}
|
||||||
|
|
||||||
if($_POST['dbname'])
|
if($_POST['dbname'])
|
||||||
{
|
{
|
||||||
if(get_option('txpname'))
|
if(get_option('txpname'))
|
||||||
delete_option('txpname');
|
delete_option('txpname');
|
||||||
add_option('txpname',$_POST['dbname']);
|
add_option('txpname', sanitize_user($_POST['dbname'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dbhost'])
|
if($_POST['dbhost'])
|
||||||
{
|
{
|
||||||
if(get_option('txphost'))
|
if(get_option('txphost'))
|
||||||
delete_option('txphost');
|
delete_option('txphost');
|
||||||
add_option('txphost',$_POST['dbhost']);
|
add_option('txphost', sanitize_user($_POST['dbhost'], true));
|
||||||
}
|
}
|
||||||
if($_POST['dbprefix'])
|
if($_POST['dbprefix'])
|
||||||
{
|
{
|
||||||
if(get_option('tpre'))
|
if(get_option('tpre'))
|
||||||
delete_option('tpre');
|
delete_option('tpre');
|
||||||
add_option('tpre',$_POST['dbprefix']);
|
add_option('tpre', sanitize_user($_POST['dbprefix']));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -159,6 +159,7 @@ class WP_Import {
|
|||||||
$authors = $this->get_wp_authors();
|
$authors = $this->get_wp_authors();
|
||||||
echo '<ol id="authors">';
|
echo '<ol id="authors">';
|
||||||
echo '<form action="?import=wordpress&step=2&id=' . $this->id . '" method="post">';
|
echo '<form action="?import=wordpress&step=2&id=' . $this->id . '" method="post">';
|
||||||
|
wp_nonce_field('import-wordpress');
|
||||||
$j = -1;
|
$j = -1;
|
||||||
foreach ($authors as $author) {
|
foreach ($authors as $author) {
|
||||||
++ $j;
|
++ $j;
|
||||||
@ -363,9 +364,11 @@ class WP_Import {
|
|||||||
$this->greet();
|
$this->greet();
|
||||||
break;
|
break;
|
||||||
case 1 :
|
case 1 :
|
||||||
|
check_admin_referer('import-upload');
|
||||||
$this->select_authors();
|
$this->select_authors();
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
|
check_admin_referer('import-wordpress');
|
||||||
$this->import();
|
$this->import();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user