Navigation

← Previous Changeset
Next Changeset →

Changeset 3804

Timestamp:

05/26/06 23:08:05 (2 years ago)

Author:

ryan

Message:

Update nonce action strings. Props mdawaffe.

Files:

trunk/wp-admin/admin-functions.php (modified) (2 diffs)
trunk/wp-admin/categories.php (modified) (2 diffs)
trunk/wp-admin/comment.php (modified) (4 diffs)
trunk/wp-admin/edit-category-form.php (modified) (1 diff)
trunk/wp-admin/edit-comments.php (modified) (1 diff)
trunk/wp-admin/edit-form-advanced.php (modified) (2 diffs)
trunk/wp-admin/edit-link-form.php (modified) (1 diff)
trunk/wp-admin/edit-page-form.php (modified) (1 diff)
trunk/wp-admin/edit.php (modified) (2 diffs)
trunk/wp-admin/link-manager.php (modified) (1 diff)
trunk/wp-admin/link.php (modified) (2 diffs)
trunk/wp-admin/page.php (modified) (3 diffs)
trunk/wp-admin/plugin-editor.php (modified) (2 diffs)
trunk/wp-admin/plugins.php (modified) (3 diffs)
trunk/wp-admin/post.php (modified) (3 diffs)
trunk/wp-admin/profile-update.php (modified) (1 diff)
trunk/wp-admin/profile.php (modified) (1 diff)
trunk/wp-admin/templates.php (modified) (2 diffs)
trunk/wp-admin/theme-editor.php (modified) (2 diffs)
trunk/wp-admin/themes.php (modified) (2 diffs)
trunk/wp-admin/user-edit.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-admin/admin-functions.php

r3788	r3804
657	657
658	658	if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) )
659		$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";
	659	$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";
660	660	else
661	661	$edit .= "<td style='text-align:center'>".__("Default");
…	…
710	710	<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
711	711	<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='page.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
712		<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
	712	<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
713	713	</tr>
714	714

trunk/wp-admin/categories.php

r3788	r3804
37	37	case 'delete':
38	38	$cat_ID = (int) $_GET['cat_ID'];
39		check_admin_referer('delete-category' . $cat_ID);
	39	check_admin_referer('delete-category_' . $cat_ID);
40	40
41	41	if ( !current_user_can('manage_categories') )
…	…
68	68	case 'editedcat':
69	69	$cat_ID = (int) $_POST['cat_ID'];
70		check_admin_referer('update-category' . $cat_ID);
	70	check_admin_referer('update-category_' . $cat_ID);
71	71
72	72	if ( !current_user_can('manage_categories') )

trunk/wp-admin/comment.php

r3783	r3804
52	52	$p = (int) $_GET['p'];
53	53	$formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
54		$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment~~' : 'approve-comment~~';
	54	$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment_' : 'approve-comment_';
55	55	$nonce_action .= $comment;
56	56
…	…
94	94	case 'deletecomment':
95	95	$comment = (int) $_REQUEST['comment'];
96		check_admin_referer('delete-comment' . $comment);
	96	check_admin_referer('delete-comment_' . $comment);
97	97
98	98	$p = (int) $_REQUEST['p'];
…	…
127	127	case 'unapprovecomment':
128	128	$comment = (int) $_GET['comment'];
129		check_admin_referer('unapprove-comment' . $comment);
	129	check_admin_referer('unapprove-comment_' . $comment);
130	130
131	131	$p = (int) $_GET['p'];
…	…
154	154	case 'approvecomment':
155	155	$comment = (int) $_GET['comment'];
156		check_admin_referer('approve-comment' . $comment);
	156	check_admin_referer('approve-comment_' . $comment);
157	157
158	158	$p = (int) $_GET['p'];

trunk/wp-admin/edit-category-form.php

r3777	r3804
5	5	$form = '<form name="editcat" id="editcat" method="post" action="categories.php">';
6	6	$action = 'editedcat';
7		$nonce_action = 'update-category' . $cat_ID;
	7	$nonce_action = 'update-category_' . $cat_ID;
8	8	} else {
9	9	$heading = __('Add Category');

trunk/wp-admin/edit-comments.php

r3788	r3804
120	120	if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
121	121	echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>';
122		echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
	122	echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
123	123	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
124		echo '<span class="unapprove"> \| <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
125		echo '<span class="approve"> \| <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
	124	echo '<span class="unapprove"> \| <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
	125	echo '<span class="approve"> \| <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
126	126	}
127		echo " \| <a href=\"~~comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID.~~"\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";
	127	echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=" . $comment->comment_post_ID . "&comment=" . $comment->comment_ID", 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";
128	128	}
129	129	$post = get_post($comment->comment_post_ID);

trunk/wp-admin/edit-form-advanced.php

r3778	r3804
27	27	$form_action = 'editpost';
28	28	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
29		wp_nonce_field('update-post' . $post_ID);
	29	wp_nonce_field('update-post_' . $post_ID);
30	30	}
31	31
…	…
221	221	</div>
222	222
223		<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post' . $post_ID ); ?>
	223	<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
224	224	<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
225	225	<?php endif; ?>

trunk/wp-admin/edit-link-form.php

r3759	r3804
4	4	$submit_text = __('Save Changes »');
5	5	$form = '<form name="editlink" id="editlink" method="post" action="link.php">';
6		$nonce_action = 'update-bookmark' . $link_id;
	6	$nonce_action = 'update-bookmark_' . $link_id;
7	7	} else {
8	8	$heading = __('Create Bookmark');

trunk/wp-admin/edit-page-form.php

r3775	r3804
11	11	} else {
12	12	$form_action = 'editpost';
13		$nonce_action = 'update-page' . $post_ID;
	13	$nonce_action = 'update-page_' . $post_ID;
14	14	$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
15	15	}

trunk/wp-admin/edit.php

r3788	r3804
212	212	case 'control_delete':
213	213	?>
214		<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
	214	<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
215	215	<?php
216	216	break;
…	…
274	274	if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
275	275	echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>';
276		echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
	276	echo ' \| <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
277	277	if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
278		echo '<span class="unapprove"> \| <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
279		echo '<span class="approve"> \| <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
	278	echo '<span class="unapprove"> \| <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
	279	echo '<span class="approve"> \| <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
280	280	}
281		echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";
	281	echo " \| <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";
282	282	} // end if any comments to show
283	283	?>

trunk/wp-admin/link-manager.php

r3788	r3804
177	177
178	178	echo '<td><a href="link.php?link_id='.$link->link_id.'&action=edit" class="edit">'.__('Edit').'</a></td>';
179		echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
	179	echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
180	180	echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>';
181	181	echo "\n </tr>\n";

trunk/wp-admin/link.php

r3788	r3804
82	82	case 'save' :
83	83	$link_id = (int) $_POST['link_id'];
84		check_admin_referer('update-bookmark' . $link_id);
	84	check_admin_referer('update-bookmark_' . $link_id);
85	85
86	86	edit_link($link_id);
…	…
92	92	case 'delete' :
93	93	$link_id = (int) $_GET['link_id'];
94		check_admin_referer('delete-bookmark' . $link_id);
	94	check_admin_referer('delete-bookmark_' . $link_id);
95	95
96	96	if (!current_user_can('manage_links'))

trunk/wp-admin/page.php

r3783	r3804
77	77	case 'editattachment':
78	78	$page_id = $post_ID = (int) $_POST['post_ID'];
79		check_admin_referer('update-attachment' . $page_id);
	79	check_admin_referer('update-attachment_' . $page_id);
80	80
81	81	// Don't let these be changed
…	…
94	94	case 'editpost':
95	95	$page_ID = (int) $_POST['post_ID'];
96		check_admin_referer('update-page' . $page_ID);
	96	check_admin_referer('update-page_' . $page_ID);
97	97
98	98	$page_ID = edit_post();
…	…
120	120	case 'delete':
121	121	$page_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
122		check_admin_referer('delete-page' . $page_id);
	122	check_admin_referer('delete-page_' . $page_id);
123	123
124	124	$page = & get_post($page_id);

trunk/wp-admin/plugin-editor.php

r3759	r3804
35	35	case 'update':
36	36
37		check_admin_referer('edit-plugin' . $file);
	37	check_admin_referer('edit-plugin_' . $file);
38	38
39	39	if ( !current_user_can('edit_plugins') )
…	…
98	98	<?php if (!$error) { ?>
99	99	<form name="template" id="template" action="plugin-editor.php" method="post">
100		<?php wp_nonce_field('edit-plugin' . $file) ?>
	100	<?php wp_nonce_field('edit-plugin_' . $file) ?>
101	101	<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
102	102	<input type="hidden" name="action" value="update" />

trunk/wp-admin/plugins.php

r3770	r3804
4	4	if ( isset($_GET['action']) ) {
5	5	if ('activate' == $_GET['action']) {
6		check_admin_referer('activate-plugin' . $_GET['plugin']);
	6	check_admin_referer('activate-plugin_' . $_GET['plugin']);
7	7	$current = get_settings('active_plugins');
8	8	if (!in_array($_GET['plugin'], $current)) {
…	…
15	15	header('Location: plugins.php?activate=true');
16	16	} else if ('deactivate' == $_GET['action']) {
17		check_admin_referer('deactivate-plugin' . $_GET['plugin']);
	17	check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
18	18	$current = get_settings('active_plugins');
19	19	array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
…	…
101	101
102	102	if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
103		$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
	103	$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
104	104	$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
105	105	$style .= $style == 'alternate' ? ' active' : 'active';
106	106	} else {
107		$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
	107	$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
108	108	}
109	109	$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;

trunk/wp-admin/post.php

r3783	r3804
83	83	$post_id = (int) $_POST['post_ID'];
84	84
85		check_admin_referer('update-attachment' . $post_id);
	85	check_admin_referer('update-attachment_' . $post_id);
86	86
87	87	// Don't let these be changed
…	…
100	100	case 'editpost':
101	101	$post_ID = (int) $_POST['post_ID'];
102		check_admin_referer('update-post' . $post_ID);
	102	check_admin_referer('update-post_' . $post_ID);
103	103
104	104	$post_ID = edit_post();
…	…
126	126	case 'delete':
127	127	$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
128		check_admin_referer('delete-post' . $post_id);
	128	check_admin_referer('delete-post_' . $post_id);
129	129
130	130	$post = & get_post($post_id);

trunk/wp-admin/profile-update.php

r3783	r3804
5	5	require_once('admin.php');
6	6
7		check_admin_referer('update-profile' . $user_ID);
	7	check_admin_referer('update-profile_' . $user_ID);
8	8
9	9	if ( !$_POST )

trunk/wp-admin/profile.php

r3759	r3804
20	20	<h2><?php _e('Your Profile and Personal Options'); ?></h2>
21	21	<form name="profile" id="your-profile" action="profile-update.php" method="post">
22		<?php wp_nonce_field('update-profile' . $user_ID) ?>
	22	<?php wp_nonce_field('update-profile_' . $user_ID) ?>
23	23	<p>
24	24	<input type="hidden" name="from" value="profile" />

trunk/wp-admin/templates.php

r3759	r3804
37	37	case 'update':
38	38
39		check_admin_referer('edit-file' . $file);
	39	check_admin_referer('edit-file_' . $file);
40	40
41	41	if ( ! current_user_can('edit_files') )
…	…
129	129	<?php if (!$error) { ?>
130	130	<form name="template" id="template" action="templates.php" method="post">
131		<?php wp_nonce_field('edit-file' . $file) ?>
	131	<?php wp_nonce_field('edit-file_' . $file) ?>
132	132	<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
133	133	<input type="hidden" name="action" value="update" />

trunk/wp-admin/theme-editor.php

r3759	r3804
48	48	case 'update':
49	49
50		check_admin_referer('edit-theme' . $file . $theme);
	50	check_admin_referer('edit-theme_' . $file . $theme);
51	51
52	52	if ( !current_user_can('edit_themes') )
…	…
132	132	?>
133	133	<form name="template" id="template" action="theme-editor.php" method="post">
134		<?php wp_nonce_field('edit-theme' . $file . $theme) ?>
	134	<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
135	135	<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
136	136	<input type="hidden" name="action" value="update" />

trunk/wp-admin/themes.php

r3759	r3804
3	3
4	4	if ( isset($_GET['action']) ) {
5		check_admin_referer('switch-theme' . $_GET['template']);
	5	check_admin_referer('switch-theme_' . $_GET['template']);
6	6
7	7	if ('activate' == $_GET['action']) {
…	…
70	70	$screenshot = $themes[$theme_name]['Screenshot'];
71	71	$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
72		$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme' . $template);
	72	$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template);
73	73	?>
74	74	<div class="available-theme">

trunk/wp-admin/user-edit.php

r3760	r3804
33	33	case 'update':
34	34
35		check_admin_referer('update-user' . $user_id);
	35	check_admin_referer('update-user_' . $user_id);
36	36
37	37	if (!current_user_can('edit_users'))
…	…
75	75
76	76	<form name="profile" id="your-profile" action="user-edit.php" method="post">
77		<?php wp_nonce_field('update-user' . $user_ID) ?>
	77	<?php wp_nonce_field('update-user_' . $user_ID) ?>
78	78	<p>
79	79	<input type="hidden" name="from" value="profile" />

Navigation

Changeset 3804

Legend:

Download in other formats: