root/tags/2.0.9/wp-admin/list-manipulation.php

Revision 3808, 1.6 kB (checked in by ryan, 3 years ago)

nonce and comment fixes from Juergen. fixes #2748

  • Property svn:eol-style set to native
Line 
1 <?php
2 require_once('../wp-config.php');
3 require_once('admin-functions.php');
4 require_once('admin-db.php');
5 header("Content-type: text/plain", true);
6
7 if ( !is_user_logged_in() )
8     die('-1');
9 if ( !check_ajax_referer() )
10     die('-1');
11
12 function grab_results() {
13     global $ajax_results;
14     $ajax_results = func_get_arg(0);
15 }
16
17 function get_out_now() { exit; }
18 add_action('shutdown', 'get_out_now', -1);
19
20 switch ( $_POST['action'] ) :
21 case 'delete-link' :
22     $id = (int) $_POST['id'];
23     if ( !current_user_can('manage_links') )
24         die ('-1');
25
26     if ( wp_delete_link($id) )
27         die('1');
28     else    die('0');
29     break;
30 case 'delete-post' :
31 case 'delete-page' :
32     $id = (int) $_POST['id'];
33     if ( !current_user_can('edit_post', $id) )    {
34         die('-1');
35     }
36
37     if ( wp_delete_post($id) ) {
38         die('1');
39     } else    die('0');
40     break;
41 case 'delete-cat' :
42     if ( !current_user_can('manage_categories') )
43         die ('-1');
44
45     $id = (int) $_POST['id'];
46     $cat_name = get_catname($cat_ID);
47
48     if ( wp_delete_category($id) )
49         die('1');
50     else    die('0');
51     break;
52 case 'delete-comment' :
53     $id = (int) $_POST['id'];
54
55     if ( !$comment = get_comment($id) )
56         die('0');
57     if ( !current_user_can('edit_post', $comment->comment_post_ID) )   
58         die('-1');
59
60     if ( wp_delete_comment($comment->comment_ID) ) {
61         die('1');
62     } else {
63         die('0');
64     }
65     break;
66 case 'delete-link-category' :
67     $id = (int) $_POST['id'];
68     if ( 1 == $id )
69         die('0');
70     if ( !current_user_can('manage_links') )
71         die('-1');
72
73     if ( $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$id'") ) {
74         $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$id'");
75         die('1');
76     } else {
77         die('0');
78     }
79     break;
80 endswitch;       
81 ?>
82
Note: See TracBrowser for help on using the browser.