From f3981a0ed8b8f12a8c48116fafcbb9ed892c02f2 Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 17 Oct 2008 19:55:51 +0000 Subject: [PATCH] Fix nonce collision and delete all spam git-svn-id: http://svn.automattic.com/wordpress/trunk@9231 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit-comments.php | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index b47d860f04..cb556dac49 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -15,15 +15,13 @@ wp_enqueue_script( 'admin-forms' ); enqueue_comment_hotkeys_js(); if ( ( isset( $_POST['delete_all_spam'] ) || isset( $_POST['delete_all_spam2'] ) ) && !empty( $_POST['pagegen_timestamp'] ) ) { - check_admin_referer('bulk-spam-delete'); + check_admin_referer('bulk-spam-delete', '_spam_nonce'); - $delete_time = $wpdb->escape( $_POST['display_time'] ); + $delete_time = $wpdb->escape( $_POST['pagegen_timestamp'] ); $deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" ); - wp_redirect('edit-comments.php?deleted=' . (int) $deleted_spam); -} - -if ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) { + wp_redirect('edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam); +} elseif ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) { check_admin_referer('bulk-comments'); $doaction = ( -1 != $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2']; @@ -240,7 +238,7 @@ if ( $page_links ) + wp_nonce_field('bulk-spam-delete', '_spam_nonce'); ?>