Navigation

← Previous Changeset
Next Changeset →

Changeset 3771

Timestamp:

05/11/06 23:05:45 (2 years ago)

Author:

ryan

Message:

Backport nonces and pluggable cookies.

Files:

branches/2.0/wp-admin/admin-functions.php (modified) (1 diff)
branches/2.0/wp-admin/admin.php (modified) (1 diff)
branches/2.0/wp-admin/categories.php (modified) (5 diffs)
branches/2.0/wp-admin/edit-comments.php (modified) (3 diffs)
branches/2.0/wp-admin/edit-form-advanced.php (modified) (2 diffs)
branches/2.0/wp-admin/edit-form-ajax-cat.php (modified) (1 diff)
branches/2.0/wp-admin/edit-form-comment.php (modified) (1 diff)
branches/2.0/wp-admin/edit-link-form.php (modified) (3 diffs)
branches/2.0/wp-admin/edit-page-form.php (modified) (3 diffs)
branches/2.0/wp-admin/edit-pages.php (modified) (1 diff)
branches/2.0/wp-admin/edit.php (modified) (2 diffs)
branches/2.0/wp-admin/inline-uploading.php (modified) (9 diffs)
branches/2.0/wp-admin/link-categories.php (modified) (7 diffs)
branches/2.0/wp-admin/link-import.php (modified) (2 diffs)
branches/2.0/wp-admin/link-manager.php (modified) (9 diffs)
branches/2.0/wp-admin/list-manipulation.php (modified) (1 diff)
branches/2.0/wp-admin/moderation.php (modified) (2 diffs)
branches/2.0/wp-admin/options-discussion.php (modified) (1 diff)
branches/2.0/wp-admin/options-general.php (modified) (1 diff)
branches/2.0/wp-admin/options-misc.php (modified) (1 diff)
branches/2.0/wp-admin/options-permalink.php (modified) (3 diffs)
branches/2.0/wp-admin/options-reading.php (modified) (1 diff)
branches/2.0/wp-admin/options-writing.php (modified) (1 diff)
branches/2.0/wp-admin/options.php (modified) (3 diffs)
branches/2.0/wp-admin/page-new.php (modified) (1 diff)
branches/2.0/wp-admin/plugin-editor.php (modified) (2 diffs)
branches/2.0/wp-admin/plugins.php (modified) (3 diffs)
branches/2.0/wp-admin/post.php (modified) (9 diffs)
branches/2.0/wp-admin/profile-update.php (modified) (1 diff)
branches/2.0/wp-admin/profile.php (modified) (1 diff)
branches/2.0/wp-admin/templates.php (modified) (2 diffs)
branches/2.0/wp-admin/theme-editor.php (modified) (2 diffs)
branches/2.0/wp-admin/themes.php (modified) (2 diffs)
branches/2.0/wp-admin/user-edit.php (modified) (2 diffs)
branches/2.0/wp-admin/users.php (modified) (7 diffs)
branches/2.0/wp-comments-post.php (modified) (3 diffs)
branches/2.0/wp-includes/capabilities.php (modified) (1 diff)
branches/2.0/wp-includes/classes.php (modified) (2 diffs)
branches/2.0/wp-includes/comment-functions.php (modified) (1 diff)
branches/2.0/wp-includes/functions-compat.php (modified) (1 diff)
branches/2.0/wp-includes/functions.php (modified) (3 diffs)
branches/2.0/wp-includes/kses.php (modified) (1 diff)
branches/2.0/wp-includes/pluggable-functions.php (modified) (6 diffs)
branches/2.0/wp-includes/registration-functions.php (modified) (2 diffs)
branches/2.0/wp-includes/template-functions-general.php (modified) (2 diffs)
branches/2.0/wp-login.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

branches/2.0/wp-admin/admin-functions.php

r3748	r3771
644	644	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
645	645	<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
646		<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
	646	<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
647	647	</tr>
648	648

branches/2.0/wp-admin/admin.php

r3608	r3771
18	18	update_category_cache();
19	19
20		~~get_currentuserinfo~~();
	20	wp_get_current_user();
21	21
22	22	$posts_per_page = get_settings('posts_per_page');

branches/2.0/wp-admin/categories.php

r3737	r3771
26	26	case 'addcat':
27	27
28		check_admin_referer();
	28	check_admin_referer('add-category');
29	29
30	30	if ( !current_user_can('manage_categories') )
…	…
37	37
38	38	case 'delete':
39
40		check_admin_referer();
	39	$cat_ID = (int) $_GET['cat_ID'];
	40	check_admin_referer('delete-category' . $cat_ID);
41	41
42	42	if ( !current_user_can('manage_categories') )
43	43	die (__('Cheatin’ uh?'));
44	44
45		~~$cat_ID = (int) $_GET['cat_ID'];~~
46	45	$cat_name = get_catname($cat_ID);
47	46
…	…
65	64	<h2><?php _e('Edit Category') ?></h2>
66	65	<form name="editcat" action="categories.php" method="post">
	66	<?php wp_nonce_field('update-category' . $category->cat_ID); ?>
67	67	<table class="editform" width="100%" cellspacing="2" cellpadding="5">
68	68	<tr>
…	…
97	97
98	98	case 'editedcat':
99		check_admin_referer();
	99	$cat_ID = (int) $_POST['cat_ID'];
	100	check_admin_referer('update-category' . $cat_ID);
100	101
101	102	if ( !current_user_can('manage_categories') )
…	…
151	152	<h2><?php _e('Add New Category') ?></h2>
152	153	<form name="addcat" id="addcat" action="categories.php" method="post">
153
	154	<?php wp_nonce_field('add-category'); ?>
154	155	<p><?php _e('Name:') ?><br />
155	156	<input type="text" name="cat_name" value="" /></p>

branches/2.0/wp-admin/edit-comments.php

r3755	r3771
40	40	<?php
41	41	if ( !empty( $_POST['delete_comments'] ) ) :
42		check_admin_referer();
	42	check_admin_referer('bulk-comments');
43	43
44	44	$i = 0;
…	…
99	99	if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
100	100	echo " \| <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
101		echo " \| <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Delete Comment') . "</a> — ";
	101	echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete Comment') . '</a> ';
102	102	} // end if any comments to show
103	103	// Get post title
…	…
127	127
128	128	if ($comments) {
129		echo '<form name="deletecomments" id="deletecomments" action="" method="post">
130		<table width="100%" cellpadding="3" cellspacing="3">
	129	echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
	130	wp_nonce_field('bulk-comments');
	131	echo '<table width="100%" cellpadding="3" cellspacing="3">
131	132	<tr>
132	133	<th scope="col">*</th>

branches/2.0/wp-admin/edit-form-advanced.php

r3456	r3771
23	23	$temp_ID = -1 * time();
24	24	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
	25	wp_nonce_field('add-post');
25	26	} else {
26	27	$form_action = 'editpost';
27	28	$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
	29	wp_nonce_field('update-post' . $post_ID);
28	30	}
29	31
…	…
221	223	if (current_user_can('upload_files')) {
222	224	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
223		$uploading_iframe_src = ~~"inline-uploading.php?action=view&post=$uploading_iframe_ID"~~;
	225	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
224	226	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
225	227	if ( false != $uploading_iframe_src )

branches/2.0/wp-admin/edit-form-ajax-cat.php

r3737	r3771
3	3	require_once('admin-functions.php');
4	4	require_once('admin-db.php');
5
6		~~get_currentuserinfo();~~
7	5
8	6	if ( !current_user_can('manage_categories') )

branches/2.0/wp-admin/edit-form-comment.php

r3283	r3771
7	7
8	8	<form name="post" action="post.php" method="post" id="post">
	9	<?php wp_nonce_field('update-comment' . $comment->comment_ID) ?>
9	10	<div class="wrap">
10	11	<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />

branches/2.0/wp-admin/edit-link-form.php

r3257	r3771
5	5	$submit_text = __('Save Changes »');
6	6	$form = '<form action="" method="post" name="editlink" id="editlink">';
	7	$nonce_action = 'update-bookmark' . $link_id;
7	8	} else {
8	9	$editing = false;
…	…
10	11	$submit_text = __('Add Link »');
11	12	$form = '<form name="addlink" method="post" action="link-manager.php">';
	13	$nonce_action = 'add-bookmark';
12	14	}
13	15
…	…
34	36	<div class="wrap">
35	37	<?php echo $form ?>
	38	<?php wp_nonce_field($nonce_action); ?>
36	39	<h2><?php echo $heading ?></h2>
37	40	<fieldset class="options">

branches/2.0/wp-admin/edit-page-form.php

r3456	r3771
6	6	if (0 == $post_ID) {
7	7	$form_action = 'post';
	8	$nonce_action = 'add-post';
8	9	$temp_ID = -1 * time();
9	10	$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
10	11	} else {
11	12	$form_action = 'editpost';
12		$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
	13	$nonce_action = 'update-post' . $post_ID;
	14	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
13	15	}
14	16
…	…
24	26
25	27	<?php
	28	wp_nonce_field($nonce_action);
	29
26	30	if (isset($mode) && 'bookmarklet' == $mode) {
27	31	echo '<input type="hidden" name="mode" value="bookmarklet" />';
…	…
187	191	if (current_user_can('upload_files')) {
188	192	$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
189		$uploading_iframe_src = ~~"inline-uploading.php?action=view&post=$uploading_iframe_ID"~~;
	193	$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
190	194	$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
191	195	if ( false != $uploading_iframe_src )

branches/2.0/wp-admin/edit-pages.php

r3555	r3771
53	53	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
54	54	<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
55		<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='~~post.php?action=delete&post=$post->ID~~' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
	55	<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
56	56	</tr>
57	57	<?php

branches/2.0/wp-admin/edit.php

r3757	r3771
211	211	case 'control_delete':
212	212	?>
213		<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
	213	<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
214	214	<?php
215	215	break;
…	…
263	263	if ( current_user_can('edit_post', $post->ID) ) {
264	264	echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
265		echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), wp_specialchars( $comment->comment_author, 1 )) . "')\">" . __('Delete') . "</a> ";
	265	echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "');\">" . __('Delete') . '</a> ';
	266
266	267	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
267	268	if ('approved' == wp_get_comment_status($comment->comment_ID)) {
268		echo ~~" - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> "~~;
	269	echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
269	270	} else {
270		echo ~~" - <a href=\"post.php?action=approvecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Approve') . "</a> "~~;
	271	echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
271	272	}
272	273	}

branches/2.0/wp-admin/inline-uploading.php

r3737	r3771
2	2
3	3	require_once('admin.php');
4
5		~~check_admin_referer();~~
6	4
7	5	header('Content-Type: text/html; charset=' . get_option('blog_charset'));
…	…
37	35	case 'delete':
38	36
	37	check_admin_referer('inlineuploading');
	38
39	39	if ( !current_user_can('edit_post', (int) $attachment) )
40	40	die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&all=$all&action=upload\">".__('Go back').'</a>');
…	…
42	42	wp_delete_attachment($attachment);
43	43
44		header("Location: "~~.basename(__FILE__)~~."?post=$post&all=$all&action=view&start=$start");
	44	header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
45	45	die;
46	46
47	47	case 'save':
	48
	49	check_admin_referer('inlineuploading');
48	50
49	51	$overrides = array('action'=>'save');
…	…
101	103	}
102	104
103		header("Location: "~~.basename(__FILE__).~~"?post=$post&all=$all&action=view&start=0");
	105	header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
104	106	die();
105	107
…	…
140	142
141	143	if ( count($attachments) == 0 ) {
142		header("Location: "~~.basename(__FILE__)."?post=$post&action=upload"~~);
	144	header("Location: " . basename(__FILE__) ."?post=$post&action=upload" );
143	145	die;
144	146	} elseif ( count($attachments) > $num ) {
…	…
214	216	";
215	217	$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
216		<a onclick=\"return confirm('$__confirmdelete')\" href=\""~~.basename(__FILE__)."?action=delete&attachment={$ID}&all=$all&start=$start&post=$post~~\">$__delete</a>
	218	<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&attachment={$ID}&all=$all&start=$start&post=$post", inlineuploading) . "\">$__delete</a>
217	219	<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
218	220	";
…	…
642	644	<body>
643	645	<ul id="upload-menu">
644		<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__)~~; ?>?action=upload&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $start~~; ?>"><?php _e('Upload'); ?></a></li>
	646	<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&post=$post&all=$all&start=$start"; ?>"><?php _e('Upload'); ?></a></li>
645	647	<?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
646		<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__)~~; ?>?action=view&post=<?php echo $post; ?>&all=false~~"><?php _e('Browse'); ?></a></li>
	648	<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=false"; ?>"><?php _e('Browse'); ?></a></li>
647	649	<?php } ?>
648	650	<?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
649		<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__)~~; ?>?action=view&post=<?php echo $post; ?>&all=true~~"><?php _e('Browse All'); ?></a></li>
	651	<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=true"; ?>"><?php _e('Browse All'); ?></a></li>
650	652	<?php } ?>
651	653	<li> </li>
652	654	<?php if ( $action == 'view' ) { ?>
653	655	<?php if ( false !== $back ) : ?>
654		<li class="spacer"><a href="<?php echo basename(__FILE__)~~; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=0~~" title="<?php _e('First'); ?>">\|«</a></li>
655		<li><a href="<?php echo basename(__FILE__)~~; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $back; ?>"~~">« <?php _e('Back'); ?></a></li>
	656	<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=0"; ?>" title="<?php _e('First'); ?>">\|«</a></li>
	657	<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$back"; ?>">« <?php _e('Back'); ?></a></li>
656	658	<?php else : ?>
657	659	<li class="inactive spacer">\|«</li>
…	…
659	661	<?php endif; ?>
660	662	<?php if ( false !== $next ) : ?>
661		<li><a href="<?php echo basename(__FILE__)~~; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $next; ?>"><?php _e('Next'); ?> »~~</a></li>
662		<li><a href="<?php echo basename(__FILE__)~~; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&last=true~~" title="<?php _e('Last'); ?>">»\|</a></li>
	663	<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$next"; ?>"><?php _e('Next »'); ?></a></li>
	664	<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&last=true"; ?>" title="<?php _e('Last'); ?>">»\|</a></li>
663	665	<?php else : ?>
664	666	<li class="inactive"><?php _e('Next'); ?> »</li>
…	…
698	700	<input type="hidden" name="all" value="<?php echo $all; ?>" />
699	701	<input type="hidden" name="start" value="<?php echo $start; ?>" />
	702	<?php wp_nonce_field( 'inlineuploading' ); ?>
700	703	<div id="submit">
701	704	<input type="submit" value="<?php _e('Upload'); ?>" />

branches/2.0/wp-admin/link-categories.php

r3737	r3771
27	27	case 'addcat':
28	28	{
29		check_admin_referer();
	29	check_admin_referer('add-link-category');
30	30
31	31	if ( !current_user_can('manage_links') )
…	…
83	83	case 'Delete':
84	84	{
85		~~check_admin_referer()~~;
86
87		$cat_id = (int) $_GET['cat_id'];
	85	$cat_id = (int) $_GET['cat_id'];
	86	check_admin_referer('delete-link-category' . $cat_id);
	87
88	88	$cat_name=get_linkcatname($cat_id);
89	89
…	…
117	117
118	118	<form name="editcat" method="post">
	119	<?php wp_nonce_field('update-link-category' . $row->cat_id) ?>
119	120	<input type="hidden" name="action" value="editedcat" />
120	121	<input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
…	…
204	205	case "editedcat":
205	206	{
206		check_admin_referer();
	207	$cat_id = (int)$_POST["cat_id"];
	208	check_admin_referer('update-link-category' . $cat_id);
207	209
208	210	if ( !current_user_can('manage_links') )
…	…
211	213	$submit=$_POST["submit"];
212	214	if (isset($submit)) {
213
214		~~$cat_id = (int)$_POST["cat_id"];~~
215	215
216	216	$cat_name= wp_specialchars($_POST["cat_name"]);
…	…
357	357	<td><?php echo $row->list_limit ?></td>
358	358	<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td>
359		<td><a href="~~link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Delete"~~ onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
	359	<td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
360	360	</tr>
361	361	<?php
…	…
372	372	<div class="wrap">
373	373	<form name="addcat" method="post">
	374	<?php wp_nonce_field('add-link-category'); ?>
374	375	<input type="hidden" name="action" value="addcat" />
375	376	<h2><?php _e('Add a Link Category:') ?></h2>

branches/2.0/wp-admin/link-import.php

r3737	r3771
25	25	<h2><?php _e('Import your blogroll from another system') ?> </h2>
26	26	<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
	27	<?php wp_nonce_field('import-bookmarks') ?>
27	28
28	29	<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
…	…
64	65
65	66	case 1: {
66		check_admin_referer();
	67	check_admin_referer('import-bookmarks');
67	68
68	69	include_once('admin-header.php');

branches/2.0/wp-admin/link-manager.php

r3422	r3771
40	40	case 'assign':
41	41	{
42		~~check_admin_referer(~~);
	42	check_admin_referer('bulk-bookmarks');
43	43
44	44	// check the current user's level first.
…	…
68	68	case 'visibility':
69	69	{
70		~~check_admin_referer(~~);
	70	check_admin_referer('bulk-bookmarks');
71	71
72	72	// check the current user's level first.
…	…
105	105	case 'move':
106	106	{
107		~~check_admin_referer(~~);
	107	check_admin_referer('bulk-bookmarks');
108	108
109	109	// check the current user's level first.
…	…
126	126	case 'Add':
127	127	{
128		~~check_admin_referer(~~);
	128	check_admin_referer('add-bookmark');
129	129
130	130	add_link();
…	…
136	136	case 'editlink':
137	137	{
138
139		check_admin_referer();
	138	$link_id = (int) $_POST['link_id'];
	139	check_admin_referer('update-bookmark' . $link_id);
140	140
141	141	if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
…	…
148	148	$links_show_cat_id = $cat_id;
149	149
150		~~$link_id = (int) $_POST['link_id'];~~
151	150	edit_link($link_id);
152	151
…	…
158	157	case 'Delete':
159	158	{
160		check_admin_referer();
	159	$link_id = (int) $_GET['link_id'];
	160	check_admin_referer('delete-bookmark' . $link_id);
161	161
162	162	if ( !current_user_can('manage_links') )
163	163	die (__("Cheatin' uh ?"));
164
165		~~$link_id = (int) $_GET['link_id'];~~
166	164
167	165	wp_delete_link($link_id);
…	…
321	319	<div class="wrap">
322	320
	321	<?php wp_nonce_field('bulk-bookmarks') ?>
323	322	<input type="hidden" name="link_id" value="" />
324	323	<input type="hidden" name="action" value="" />
…	…
384	383	if ($show_buttons) {
385	384	echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>';
386		echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=Delete"' . " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
	385	echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
387	386	echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
388	387	} else {
389	388	echo "<td> </td><td> </td><td> </td>\n";
390	389	}
	390
391	391	echo "\n </tr>\n";
392	392	}

branches/2.0/wp-admin/list-manipulation.php

r3737 r3771

4 4 require_once('admin-db.php');
5 5
6 ~~get_currentuserinfo();~~
7 6 if ( !is_user_logged_in() )
8 7 die('-1');

branches/2.0/wp-admin/moderation.php

r3737	r3771
33	33	case 'update':
34	34
35		check_admin_referer();
	35	check_admin_referer('moderate-comments');
36	36
37	37	if ( ! current_user_can('moderate_comments') )
…	…
133	133	<h2><?php _e('Moderation Queue') ?></h2>
134	134	<form name="approval" action="moderation.php" method="post">
	135	<?php wp_nonce_field('moderate-comments') ?>
135	136	<input type="hidden" name="action" value="update" />
136	137	<ol id="the-list" class="commentlist">

branches/2.0/wp-admin/options-discussion.php

r3345	r3771
22	22	<h2><?php _e('Discussion Options') ?></h2>
23	23	<form method="post" action="options.php">
	24	<?php wp_nonce_field('update-options') ?>
24	25	<fieldset class="options">
25	26	<legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend>

branches/2.0/wp-admin/options-general.php

r3422	r3771
11	11	<h2><?php _e('General Options') ?></h2>
12	12	<form method="post" action="options.php">
	13	<?php wp_nonce_field('update-options') ?>
13	14	<table class="optiontable">
14	15	<tr valign="top">

branches/2.0/wp-admin/options-misc.php

r3437	r3771
12	12	<h2><?php _e('Miscellaneous Options') ?></h2>
13	13	<form method="post" action="options.php">
14
	14	<?php wp_nonce_field('update-options') ?>
15	15	<fieldset class="options">
16	16	<legend><?php _e('Uploading'); ?></legend>

branches/2.0/wp-admin/options-permalink.php

r3737	r3771
58	58	$home_path = get_home_path();
59	59
60		if ( isset($_POST) ) {
61		check_admin_referer();
	60	if ( isset($_POST['permalink_structure']) \|\| isset($_POST['category_base']) ) {
	61	check_admin_referer('update-permalink');
62	62
63	63	if ( isset($_POST['permalink_structure']) ) {
…	…
118	118	?>
119	119	<form name="form" action="options-permalink.php" method="post">
	120	<?php wp_nonce_field('update-permalink') ?>
120	121	<h3><?php _e('Common options:'); ?></h3>
121	122	<p>
…	…
166	167	<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
167	168	<form action="options-permalink.php" method="post">
	169	<?php wp_nonce_field('update-permalink') ?>
168	170	<p>
169	171	<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>

branches/2.0/wp-admin/options-reading.php

r3112	r3771
10	10	<div class="wrap">
11	11	<h2><?php _e('Reading Options') ?></h2>
12		<form name="form1" method="post" action="options.php">
	12	<form name="form1" method="post" action="options.php">
	13	<?php wp_nonce_field('update-options') ?>
	14
13	15	<fieldset class="options">
14	16	<legend><?php _e('Blog Pages') ?></legend>

branches/2.0/wp-admin/options-writing.php

r3223	r3771
11	11	<h2><?php _e('Writing Options') ?></h2>
12	12	<form method="post" action="options.php">
	13	<?php wp_nonce_field('update-options') ?>
13	14	<table width="100%" cellspacing="2" cellpadding="5" class="editform">
14	15	<tr valign="top">

branches/2.0/wp-admin/options.php

r3413	r3771
30	30	$any_changed = 0;
31	31
32		check_admin_referer();
	32	check_admin_referer('update-options');
33	33
34	34	if (!$_POST['page_options']) {
…	…
69	69	// If home changed, write rewrite rules to new location.
70	70	$wp_rewrite->flush_rules();
71		~~// Get currently logged in user and password.~~
72		~~get_currentuserinfo();~~
73	71	// Clear cookies for old paths.
74	72	wp_clearcookie();
…	…
92	90	<h2><?php _e('All options'); ?></h2>
93	91	<form name="form" action="options.php" method="post">
	92	<?php wp_nonce_field('update-options') ?>
94	93	<input type="hidden" name="action" value="update" />
95	94	<table width="98%">

branches/2.0/wp-admin/page-new.php

r2762	r3771
14	14	if ( current_user_can('edit_pages') ) {
15	15	$action = 'post';
16		~~get_currentuserinfo();~~
17
18	16	$post = get_default_post_to_edit();
19	17	$post->post_status = 'static';

branches/2.0/wp-admin/plugin-editor.php

r3737	r3771
35	35	case 'update':
36	36
37		check_admin_referer();
	37	check_admin_referer('edit-plugin' . $file);
38	38
39	39	if ( !current_user_can('edit_plugins') )
…	…
98	98	<?php if (!$error) { ?>
99	99	<form name="template" id="template" action="plugin-editor.php" method="post">
	100	<?php wp_nonce_field('edit-plugin' . $file) ?>
100	101	<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
101	102	<input type="hidden" name="action" value="update" />

branches/2.0/wp-admin/plugins.php

r3479	r3771
3	3
4	4	if ( isset($_GET['action']) ) {
5		~~check_admin_referer();~~
6
7	5	if ('activate' == $_GET['action']) {
	6	check_admin_referer('activate-plugin' . $_GET['plugin']);
8	7	$current = get_settings('active_plugins');
9	8	if (!in_array($_GET['plugin'], $current)) {
…	…
16	15	header('Location: plugins.php?activate=true');
17	16	} else if ('deactivate' == $_GET['action']) {
	17	check_admin_referer('deactivate-plugin' . $_GET['plugin']);
18	18	$current = get_settings('active_plugins');
19	19	array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
…	…
99	99
100	100	if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
101		$action = "<a href='~~plugins.php?action=deactivate&plugin=$plugin_file~~' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
	101	$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
102	102	$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
103	103	$style .= $style == 'alternate' ? ' active' : 'active';
104	104	} else {
105		$action = "<a href='~~plugins.php?action=activate&plugin=$plugin_file~~' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
	105	$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
106	106	}
107	107	$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;

branches/2.0/wp-admin/post.php

r3737	r3771
31	31	switch($action) {
32	32	case 'post':
33		check_admin_referer();
	33	check_admin_referer('add-post');
34	34
35	35	$post_ID = write_post();
…	…
88	88
89	89	case 'editattachment':
90		~~check_admin_referer();~~
91
92	90	$post_id = (int) $_POST['post_ID'];
	91
	92	check_admin_referer('update-attachment' . $post_id);
93	93
94	94	// Don't let these be changed
…	…
106	106
107	107	case 'editpost':
108		check_admin_referer();
	108	$post_ID = (int) $_POST['post_ID'];
	109	check_admin_referer('update-post' . $post_ID);
109	110
110	111	$post_ID = edit_post();
…	…
131	132
132	133	case 'delete':
133		~~check_admin_referer();~~
134
135	134	$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
	135	check_admin_referer('delete-post' . $post_id);
136	136
137	137	$post = & get_post($post_id);
…	…
213	213
214	214	case 'deletecomment':
215
216		check_admin_referer();
217
218		$comment = (int) $_GET['comment'];
	215	$comment = (int) $_GET['comment'];
	216	check_admin_referer('delete-comment' . $comment);
	217
219	218	$p = (int) $_GET['p'];
220	219	if (isset($_GET['noredir'])) {
…	…
244	243
245	244	case 'unapprovecomment':
246
247		check_admin_referer();
248
249		$comment = (int) $_GET['comment'];
	245	$comment = (int) $_GET['comment'];
	246	check_admin_referer('unapprove-comment' . $comment);
	247
250	248	$p = (int) $_GET['p'];
251	249	if (isset($_GET['noredir'])) {
…	…
272	270
273	271	case 'mailapprovecomment':
274
275		~~$comment = (int) $_GET['comment']~~;
	272	$comment = (int) $_GET['comment'];
	273	check_admin_referer('approve-comment' . $comment);
276	274
277	275	if ( ! $comment = get_comment($comment) )
…	…
292	290
293	291	case 'approvecomment':
294
295		check_admin_referer();
296
297		$comment = (int) $_GET['comment'];
	292	$comment = (int) $_GET['comment'];
	293	check_admin_referer('approve-comment' . $comment);
	294
298	295	$p = (int) $_GET['p'];
299	296	if (isset($_GET['noredir'])) {
…	…
325	322	case 'editedcomment':
326	323
327		check_admin_referer();
	324	check_admin_referer('update-comment');
328	325
329	326	edit_comment();

branches/2.0/wp-admin/profile-update.php

r3112 r3771

3 3 require_once('admin.php');
4 4
5 check_admin_referer();
5 check_admin_referer('update-profile' . $user_ID);
6 6
7 7 if ( !$_POS

r3737	r3771
4	4	require_once('admin-db.php');
5	5
6		~~get_currentuserinfo();~~
7	6	if ( !is_user_logged_in() )
8	7	die('-1');

r3112	r3771
3	3	require_once('admin.php');
4	4
5		check_admin_referer();
	5	check_admin_referer('update-profile' . $user_ID);
6	6
7	7	if ( !$_POS