Changeset 3805
- Timestamp:
- 05/26/06 23:31:24 (2 years ago)
- Files:
-
- branches/2.0/wp-admin/admin-functions.php (modified) (2 diffs)
- branches/2.0/wp-admin/categories.php (modified) (2 diffs)
- branches/2.0/wp-admin/edit-comments.php (modified) (1 diff)
- branches/2.0/wp-admin/edit-form-advanced.php (modified) (2 diffs)
- branches/2.0/wp-admin/edit-link-form.php (modified) (1 diff)
- branches/2.0/wp-admin/edit-page-form.php (modified) (1 diff)
- branches/2.0/wp-admin/edit-pages.php (modified) (1 diff)
- branches/2.0/wp-admin/edit.php (modified) (2 diffs)
- branches/2.0/wp-admin/link-categories.php (modified) (4 diffs)
- branches/2.0/wp-admin/link-manager.php (modified) (1 diff)
- branches/2.0/wp-admin/plugin-editor.php (modified) (2 diffs)
- branches/2.0/wp-admin/plugins.php (modified) (3 diffs)
- branches/2.0/wp-admin/post.php (modified) (7 diffs)
- branches/2.0/wp-admin/profile-update.php (modified) (1 diff)
- branches/2.0/wp-admin/profile.php (modified) (1 diff)
- branches/2.0/wp-admin/templates.php (modified) (2 diffs)
- branches/2.0/wp-admin/theme-editor.php (modified) (2 diffs)
- branches/2.0/wp-admin/themes.php (modified) (2 diffs)
- branches/2.0/wp-admin/user-edit.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
branches/2.0/wp-admin/admin-functions.php
r3779 r3805 600 600 601 601 if ($category->cat_ID != $default_cat_id) 602 $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category ' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>";602 $edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s". All of its posts will go to the default category.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."</a>"; 603 603 else 604 604 $edit .= "<td style='text-align:center'>".__("Default"); … … 644 644 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 645 645 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 646 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-p age' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>646 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 647 647 </tr> 648 648 branches/2.0/wp-admin/categories.php
r3771 r3805 38 38 case 'delete': 39 39 $cat_ID = (int) $_GET['cat_ID']; 40 check_admin_referer('delete-category ' . $cat_ID);40 check_admin_referer('delete-category_' . $cat_ID); 41 41 42 42 if ( !current_user_can('manage_categories') ) … … 98 98 case 'editedcat': 99 99 $cat_ID = (int) $_POST['cat_ID']; 100 check_admin_referer('update-category ' . $cat_ID);100 check_admin_referer('update-category_' . $cat_ID); 101 101 102 102 if ( !current_user_can('manage_categories') ) branches/2.0/wp-admin/edit-comments.php
r3803 r3805 99 99 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 100 100 echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>"; 101 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment ' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete Comment') . '</a> ';101 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "' );\">" . __('Delete Comment') . '</a> '; 102 102 } // end if any comments to show 103 103 // Get post title branches/2.0/wp-admin/edit-form-advanced.php
r3779 r3805 27 27 $form_action = 'editpost'; 28 28 $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />"; 29 wp_nonce_field('update-post ' . $post_ID);29 wp_nonce_field('update-post_' . $post_ID); 30 30 } 31 31 … … 267 267 </div> 268 268 269 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post ' . $post_ID ); ?>269 <?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?> 270 270 <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> /> 271 271 <?php endif; ?> branches/2.0/wp-admin/edit-link-form.php
r3771 r3805 5 5 $submit_text = __('Save Changes »'); 6 6 $form = '<form action="" method="post" name="editlink" id="editlink">'; 7 $nonce_action = 'update-bookmark ' . $link_id;7 $nonce_action = 'update-bookmark_' . $link_id; 8 8 } else { 9 9 $editing = false; branches/2.0/wp-admin/edit-page-form.php
r3771 r3805 11 11 } else { 12 12 $form_action = 'editpost'; 13 $nonce_action = 'update-post ' . $post_ID;13 $nonce_action = 'update-post_' . $post_ID; 14 14 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 15 15 } branches/2.0/wp-admin/edit-pages.php
r3771 r3805 53 53 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 54 54 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 55 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post ' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>55 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 56 56 </tr> 57 57 <?php branches/2.0/wp-admin/edit.php
r3803 r3805 211 211 case 'control_delete': 212 212 ?> 213 <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post ' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td>213 <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title())) . "' );\">" . __('Delete') . "</a>"; } ?></td> 214 214 <?php 215 215 break; … … 263 263 if ( current_user_can('edit_post', $post->ID) ) { 264 264 echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>"; 265 echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment ' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "');\">" . __('Delete') . '</a> ';265 echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return confirm(\'' . __("You are about to delete this comment.\\n"Cancel" to stop, "OK" to delete.") . "');\">" . __('Delete') . '</a> '; 266 266 267 267 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 268 268 if ('approved' == wp_get_comment_status($comment->comment_ID)) { 269 echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment ' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';269 echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> '; 270 270 } else { 271 echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment ' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';271 echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '">' . __('Approve') . '</a> '; 272 272 } 273 273 } branches/2.0/wp-admin/link-categories.php
r3771 r3805 84 84 { 85 85 $cat_id = (int) $_GET['cat_id']; 86 check_admin_referer('delete-link-category ' . $cat_id);86 check_admin_referer('delete-link-category_' . $cat_id); 87 87 88 88 $cat_name=get_linkcatname($cat_id); … … 117 117 118 118 <form name="editcat" method="post"> 119 <?php wp_nonce_field('update-link-category ' . $row->cat_id) ?>119 <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?> 120 120 <input type="hidden" name="action" value="editedcat" /> 121 121 <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" /> … … 206 206 { 207 207 $cat_id = (int)$_POST["cat_id"]; 208 check_admin_referer('update-link-category ' . $cat_id);208 check_admin_referer('update-link-category_' . $cat_id); 209 209 210 210 if ( !current_user_can('manage_links') ) … … 357 357 <td><?php echo $row->list_limit ?></td> 358 358 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td> 359 <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category ' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>359 <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td> 360 360 </tr> 361 361 <?php branches/2.0/wp-admin/link-manager.php
r3771 r3805 383 383 if ($show_buttons) { 384 384 echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>'; 385 echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark ' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';385 echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>'; 386 386 echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>'; 387 387 } else { branches/2.0/wp-admin/plugin-editor.php
r3771 r3805 35 35 case 'update': 36 36 37 check_admin_referer('edit-plugin ' . $file);37 check_admin_referer('edit-plugin_' . $file); 38 38 39 39 if ( !current_user_can('edit_plugins') ) … … 98 98 <?php if (!$error) { ?> 99 99 <form name="template" id="template" action="plugin-editor.php" method="post"> 100 <?php wp_nonce_field('edit-plugin ' . $file) ?>100 <?php wp_nonce_field('edit-plugin_' . $file) ?> 101 101 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 102 102 <input type="hidden" name="action" value="update" /> branches/2.0/wp-admin/plugins.php
r3771 r3805 4 4 if ( isset($_GET['action']) ) { 5 5 if ('activate' == $_GET['action']) { 6 check_admin_referer('activate-plugin ' . $_GET['plugin']);6 check_admin_referer('activate-plugin_' . $_GET['plugin']); 7 7 $current = get_settings('active_plugins'); 8 8 if (!in_array($_GET['plugin'], $current)) { … … 15 15 header('Location: plugins.php?activate=true'); 16 16 } else if ('deactivate' == $_GET['action']) { 17 check_admin_referer('deactivate-plugin ' . $_GET['plugin']);17 check_admin_referer('deactivate-plugin_' . $_GET['plugin']); 18 18 $current = get_settings('active_plugins'); 19 19 array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! … … 99 99 100 100 if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { 101 $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin ' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";101 $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>"; 102 102 $plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>"; 103 103 $style .= $style == 'alternate' ? ' active' : 'active'; 104 104 } else { 105 $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin ' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";105 $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; 106 106 } 107 107 $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; branches/2.0/wp-admin/post.php
r3771 r3805 90 90 $post_id = (int) $_POST['post_ID']; 91 91 92 check_admin_referer('update-attachment ' . $post_id);92 check_admin_referer('update-attachment_' . $post_id); 93 93 94 94 // Don't let these be changed … … 107 107 case 'editpost': 108 108 $post_ID = (int) $_POST['post_ID']; 109 check_admin_referer('update-post ' . $post_ID);109 check_admin_referer('update-post_' . $post_ID); 110 110 111 111 $post_ID = edit_post(); … … 133 133 case 'delete': 134 134 $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); 135 check_admin_referer('delete-post ' . $post_id);135 check_admin_referer('delete-post_' . $post_id); 136 136 137 137 $post = & get_post($post_id); … … 214 214 case 'deletecomment': 215 215 $comment = (int) $_GET['comment']; 216 check_admin_referer('delete-comment ' . $comment);216 check_admin_referer('delete-comment_' . $comment); 217 217 218 218 $p = (int) $_GET['p']; … … 244 244 case 'unapprovecomment': 245 245 $comment = (int) $_GET['comment']; 246 check_admin_referer('unapprove-comment ' . $comment);246 check_admin_referer('unapprove-comment_' . $comment); 247 247 248 248 $p = (int) $_GET['p']; … … 271 271 case 'mailapprovecomment': 272 272 $comment = (int) $_GET['comment']; 273 check_admin_referer('approve-comment ' . $comment);273 check_admin_referer('approve-comment_' . $comment); 274 274 275 275 if ( ! $comment = get_comment($comment) ) … … 291 291 case 'approvecomment': 292 292 $comment = (int) $_GET['comment']; 293 check_admin_referer('approve-comment ' . $comment);293 check_admin_referer('approve-comment_' . $comment); 294 294 295 295 $p = (int) $_GET['p']; branches/2.0/wp-admin/profile-update.php
r3771 r3805 3 3 require_once('admin.php'); 4 4 5 check_admin_referer('update-profile ' . $user_ID);5 check_admin_referer('update-profile_' . $user_ID); 6 6 7 7 if ( !$_POST ) branches/2.0/wp-admin/profile.php
r3771 r3805 20 20 <h2><?php _e('Your Profile and Personal Options'); ?></h2> 21 21 <form name="profile" id="your-profile" action="profile-update.php" method="post"> 22 <?php wp_nonce_field('update-profile ' . $user_ID) ?>22 <?php wp_nonce_field('update-profile_' . $user_ID) ?> 23 23 <p> 24 24 <input type="hidden" name="from" value="profile" /> branches/2.0/wp-admin/templates.php
r3771 r3805 37 37 case 'update': 38 38 39 check_admin_referer('edit-file ' . $file);39 check_admin_referer('edit-file_' . $file); 40 40 41 41 if ( ! current_user_can('edit_files') ) … … 129 129 <?php if (!$error) { ?> 130 130 <form name="template" id="template" action="templates.php" method="post"> 131 <?php wp_nonce_field('edit-file ' . $file) ?>131 <?php wp_nonce_field('edit-file_' . $file) ?> 132 132 <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 133 133 <input type="hidden" name="action" value="update" /> branches/2.0/wp-admin/theme-editor.php
r3771 r3805 48 48 case 'update': 49 49 50 check_admin_referer('edit-theme ' . $file . $theme);50 check_admin_referer('edit-theme_' . $file . $theme); 51 51 52 52 if ( !current_user_can('edit_themes') ) … … 132 132 ?> 133 133 <form name="template" id="template" action="theme-editor.php" method="post"> 134 <?php wp_nonce_field('edit-theme ' . $file . $theme) ?>134 <?php wp_nonce_field('edit-theme_' . $file . $theme) ?> 135 135 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 136 136 <input type="hidden" name="action" value="update" /> branches/2.0/wp-admin/themes.php
r3771 r3805 3 3 4 4 if ( isset($_GET['action']) ) { 5 check_admin_referer('switch-theme ' . $_GET['template']);5 check_admin_referer('switch-theme_' . $_GET['template']); 6 6 7 7 if ('activate' == $_GET['action']) { … … 70 70 $screenshot = $themes[$theme_name]['Screenshot']; 71 71 $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir']; 72 $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme ' . $template);72 $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template); 73 73 ?> 74 74 <div class="available-theme"> branches/2.0/wp-admin/user-edit.php
r3771 r3805 33 33 case 'update': 34 34 35 check_admin_referer('update-user ' . $user_id);35 check_admin_referer('update-user_' . $user_id); 36 36 37 37 $errors = array(); … … 74 74 75 75 <form name="profile" id="your-profile" action="user-edit.php" method="post"> 76 <?php wp_nonce_field('update-user ' . $user_ID) ?>76 <?php wp_nonce_field('update-user_' . $user_ID) ?> 77 77 <p> 78 78 <input type="hidden" name="from" value="profile" />
