Changeset 3774

Show
Ignore:
Timestamp:
05/17/06 00:28:26 (3 years ago)
Author:
ryan
Message:

Fallback to admin referer check instead of nonce if no action is given to check_admin_referer(). For plugin compatibility.

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-includes/pluggable-functions.php

    r3761 r3774  
    233233    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 
    234234    $referer = strtolower($_SERVER['HTTP_REFERER']); 
    235     if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) { 
     235    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && 
     236        !(-1 == $action && strstr($referer, $adminurl)) ) { 
     237         
    236238        $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n"; 
    237239        $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";