Changeset 3737
- Timestamp:
- 04/21/06 21:18:32 (2 years ago)
- Files:
-
- branches/2.0/wp-admin/cat-js.php (modified) (1 diff)
- branches/2.0/wp-admin/categories.php (modified) (2 diffs)
- branches/2.0/wp-admin/edit-comments.php (modified) (1 diff)
- branches/2.0/wp-admin/edit-form-ajax-cat.php (modified) (2 diffs)
- branches/2.0/wp-admin/inline-uploading.php (modified) (1 diff)
- branches/2.0/wp-admin/link-categories.php (modified) (3 diffs)
- branches/2.0/wp-admin/link-import.php (modified) (1 diff)
- branches/2.0/wp-admin/list-manipulation.js (modified) (2 diffs)
- branches/2.0/wp-admin/list-manipulation.php (modified) (2 diffs)
- branches/2.0/wp-admin/moderation.php (modified) (1 diff)
- branches/2.0/wp-admin/options-permalink.php (modified) (1 diff)
- branches/2.0/wp-admin/plugin-editor.php (modified) (1 diff)
- branches/2.0/wp-admin/post.php (modified) (2 diffs)
- branches/2.0/wp-admin/templates.php (modified) (1 diff)
- branches/2.0/wp-admin/theme-editor.php (modified) (1 diff)
- branches/2.0/wp-includes/classes.php (modified) (1 diff)
- branches/2.0/wp-includes/comment-functions.php (modified) (1 diff)
- branches/2.0/wp-includes/pluggable-functions.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/2.0/wp-admin/cat-js.php
r3500 r3737 145 145 var catString = ''; 146 146 147 catString = 'ajaxnewcat=' + encodeURIComponent(newcat.value);147 catString = ajaxCat.encVar('ajaxnewcat', newcat.value) + '&' + ajaxCat.encVar('cookie', document.cookie); 148 148 ajaxCat.requestFile = 'edit-form-ajax-cat.php'; 149 ajaxCat.method = ' GET';149 ajaxCat.method = 'POST'; 150 150 ajaxCat.onLoading = newCatLoading; 151 151 ajaxCat.onLoaded = newCatLoaded; branches/2.0/wp-admin/categories.php
r3422 r3737 25 25 26 26 case 'addcat': 27 28 check_admin_referer(); 27 29 28 30 if ( !current_user_can('manage_categories') ) … … 95 97 96 98 case 'editedcat': 99 check_admin_referer(); 100 97 101 if ( !current_user_can('manage_categories') ) 98 102 die (__('Cheatin’ uh?')); branches/2.0/wp-admin/edit-comments.php
r3422 r3737 40 40 <?php 41 41 if ( !empty( $_POST['delete_comments'] ) ) : 42 check_admin_referer(); 43 42 44 $i = 0; 43 45 foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each branches/2.0/wp-admin/edit-form-ajax-cat.php
r3135 r3737 8 8 if ( !current_user_can('manage_categories') ) 9 9 die('-1'); 10 if ( !check_ajax_referer() ) 11 die('-1'); 10 12 11 13 function get_out_now() { exit; } … … 13 15 add_action('shutdown', 'get_out_now', -1); 14 16 15 $names = explode(',', rawurldecode($_ GET['ajaxnewcat']) );17 $names = explode(',', rawurldecode($_POST['ajaxnewcat']) ); 16 18 $ids = array(); 17 19 branches/2.0/wp-admin/inline-uploading.php
r3469 r3737 2 2 3 3 require_once('admin.php'); 4 5 check_admin_referer(); 4 6 5 7 header('Content-Type: text/html; charset=' . get_option('blog_charset')); branches/2.0/wp-admin/link-categories.php
r3422 r3737 27 27 case 'addcat': 28 28 { 29 check_admin_referer(); 30 29 31 if ( !current_user_can('manage_links') ) 30 32 die (__("Cheatin' uh ?")); … … 81 83 case 'Delete': 82 84 { 85 check_admin_referer(); 86 83 87 $cat_id = (int) $_GET['cat_id']; 84 88 $cat_name=get_linkcatname($cat_id); … … 200 204 case "editedcat": 201 205 { 206 check_admin_referer(); 207 202 208 if ( !current_user_can('manage_links') ) 203 209 die (__("Cheatin' uh ?")); branches/2.0/wp-admin/link-import.php
r3480 r3737 64 64 65 65 case 1: { 66 check_admin_referer(); 67 66 68 include_once('admin-header.php'); 67 69 if ( !current_user_can('manage_links') ) branches/2.0/wp-admin/list-manipulation.js
r3061 r3737 34 34 ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; }; 35 35 ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); }; 36 ajaxDel.runAJAX('action=delete-' + what + '&id=' + id );36 ajaxDel.runAJAX('action=delete-' + what + '&id=' + id + '&' + ajaxDel.encVar('cookie', document.cookie)); 37 37 return false; 38 38 } … … 40 40 function removeThisItem(id) { 41 41 var response = ajaxDel.response; 42 if ( isNaN(response) ) { a lert(response); }42 if ( isNaN(response) ) { ajaxDel.myResponseElement.innerHTML = response; return false; } 43 43 response = parseInt(response, 10); 44 44 if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; } branches/2.0/wp-admin/list-manipulation.php
r3622 r3737 6 6 get_currentuserinfo(); 7 7 if ( !is_user_logged_in() ) 8 die('-1'); 9 if ( !check_ajax_referer() ) 8 10 die('-1'); 9 11 … … 15 17 function get_out_now() { exit; } 16 18 add_action('shutdown', 'get_out_now', -1); 17 18 // check_admin_referer();19 19 20 20 switch ( $_POST['action'] ) : branches/2.0/wp-admin/moderation.php
r3422 r3737 32 32 33 33 case 'update': 34 35 check_admin_referer(); 34 36 35 37 if ( ! current_user_can('moderate_comments') ) branches/2.0/wp-admin/options-permalink.php
r3373 r3737 59 59 60 60 if ( isset($_POST) ) { 61 check_admin_referer(); 62 61 63 if ( isset($_POST['permalink_structure']) ) { 62 64 $permalink_structure = $_POST['permalink_structure']; branches/2.0/wp-admin/plugin-editor.php
r3295 r3737 34 34 35 35 case 'update': 36 37 check_admin_referer(); 36 38 37 39 if ( !current_user_can('edit_plugins') ) branches/2.0/wp-admin/post.php
r3620 r3737 293 293 case 'approvecomment': 294 294 295 check_admin_referer(); 296 295 297 $comment = (int) $_GET['comment']; 296 298 $p = (int) $_GET['p']; … … 322 324 323 325 case 'editedcomment': 326 327 check_admin_referer(); 324 328 325 329 edit_comment(); branches/2.0/wp-admin/templates.php
r3364 r3737 36 36 37 37 case 'update': 38 39 check_adimn_referer(); 38 40 39 41 if ( ! current_user_can('edit_files') ) branches/2.0/wp-admin/theme-editor.php
r3295 r3737 47 47 48 48 case 'update': 49 50 check_admin_referer(); 49 51 50 52 if ( !current_user_can('edit_themes') ) branches/2.0/wp-includes/classes.php
r3602 r3737 827 827 continue; 828 828 $fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text); 829 if( strpos( $fulltext, strtolower($word) ) != FALSE) {829 if( false !== strpos( $fulltext, strtolower($word) ) ) { 830 830 $this->found_comments[] = $comment->ID; 831 831 break; branches/2.0/wp-includes/comment-functions.php
r3584 r3737 185 185 // Merge old and new fields with new fields overwriting old ones. 186 186 $commentarr = array_merge($comment, $commentarr); 187 188 $commentarr = wp_filter_comment( $commentarr ); 187 189 188 190 // Now extract the merged array. branches/2.0/wp-includes/pluggable-functions.php
r3497 r3737 231 231 die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.')); 232 232 do_action('check_admin_referer'); 233 } 234 endif; 235 236 if ( !function_exists('check_ajax_referer') ) : 237 function check_ajax_referer() { 238 $cookie = explode(';', urldecode(empty($_POST['cookie']) ? $_GET['cookie'] : $_POST['cookie'])); // AJAX scripts must pass cookie=document.cookie 239 foreach ( $cookie as $tasty ) { 240 if ( false !== strpos($tasty, USER_COOKIE) ) 241 $user = substr(strstr($tasty, '='), 1); 242 if ( false !== strpos($tasty, PASS_COOKIE) ) 243 $pass = substr(strstr($tasty, '='), 1); 244 } 245 if ( wp_login( $user, $pass, true ) ) 246 return true; 247 return false; 233 248 } 234 249 endif;
