Remove post type from post nonces. Fixes attachment deletion when EMPTY_TRASH_DAYS is 0. Props c3mdigital, kurtpayne, SergeyBiryukov. fixes #21194
git-svn-id: http://core.svn.wordpress.org/trunk@21504 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
4d014c4f40
commit
15dd7f70b0
|
@ -516,7 +516,8 @@ div.dashboard-widget-submit input:hover,
|
||||||
}
|
}
|
||||||
|
|
||||||
.submitbox .submitdelete:hover,
|
.submitbox .submitdelete:hover,
|
||||||
#media-items a.delete:hover {
|
#media-items a.delete:hover,
|
||||||
|
#media-items a.delete-permanently:hover {
|
||||||
color: #fff;
|
color: #fff;
|
||||||
background-color: #f00;
|
background-color: #f00;
|
||||||
border-bottom-color: #f00;
|
border-bottom-color: #f00;
|
||||||
|
@ -607,6 +608,7 @@ a,
|
||||||
#the-comment-list p.comment-author strong a,
|
#the-comment-list p.comment-author strong a,
|
||||||
#media-upload a.del-link,
|
#media-upload a.del-link,
|
||||||
#media-items a.delete,
|
#media-items a.delete,
|
||||||
|
#media-items a.delete-permanently,
|
||||||
.plugins a.delete,
|
.plugins a.delete,
|
||||||
.ui-tabs-nav a {
|
.ui-tabs-nav a {
|
||||||
color: #21759b;
|
color: #21759b;
|
||||||
|
|
|
@ -507,7 +507,8 @@ div.dashboard-widget-submit input:hover,
|
||||||
}
|
}
|
||||||
|
|
||||||
.submitbox .submitdelete:hover,
|
.submitbox .submitdelete:hover,
|
||||||
#media-items a.delete:hover {
|
#media-items a.delete:hover,
|
||||||
|
#media-items a.delete-permanently:hover {
|
||||||
color: #fff;
|
color: #fff;
|
||||||
background-color: #f00;
|
background-color: #f00;
|
||||||
border-bottom-color: #f00;
|
border-bottom-color: #f00;
|
||||||
|
@ -598,6 +599,7 @@ a,
|
||||||
#the-comment-list p.comment-author strong a,
|
#the-comment-list p.comment-author strong a,
|
||||||
#media-upload a.del-link,
|
#media-upload a.del-link,
|
||||||
#media-items a.delete,
|
#media-items a.delete,
|
||||||
|
#media-items a.delete-permanently,
|
||||||
.plugins a.delete,
|
.plugins a.delete,
|
||||||
.ui-tabs-nav a {
|
.ui-tabs-nav a {
|
||||||
color: #21759b;
|
color: #21759b;
|
||||||
|
|
|
@ -83,7 +83,7 @@ if ( 'auto-draft' == $post->post_status ) {
|
||||||
}
|
}
|
||||||
|
|
||||||
$form_action = 'editpost';
|
$form_action = 'editpost';
|
||||||
$nonce_action = 'update-' . $post_type . '_' . $post_ID;
|
$nonce_action = 'update-post_' . $post_ID;
|
||||||
$form_extra .= "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
|
$form_extra .= "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr($post_ID) . "' />";
|
||||||
|
|
||||||
// Detect if there exists an autosave newer than the post and if that autosave is different than the post
|
// Detect if there exists an autosave newer than the post and if that autosave is different than the post
|
||||||
|
|
|
@ -1727,7 +1727,7 @@ function wp_ajax_wp_fullscreen_save_post() {
|
||||||
elseif ( isset( $_POST['post_type'] ) && post_type_exists( $_POST['post_type'] ) )
|
elseif ( isset( $_POST['post_type'] ) && post_type_exists( $_POST['post_type'] ) )
|
||||||
$post_type = $_POST['post_type'];
|
$post_type = $_POST['post_type'];
|
||||||
|
|
||||||
check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce');
|
check_ajax_referer('update-post_' . $post_id, '_wpnonce');
|
||||||
|
|
||||||
$post_id = edit_post();
|
$post_id = edit_post();
|
||||||
|
|
||||||
|
@ -1769,7 +1769,7 @@ function wp_ajax_wp_remove_post_lock() {
|
||||||
if ( ! $post = get_post( $post_id ) )
|
if ( ! $post = get_post( $post_id ) )
|
||||||
wp_die( 0 );
|
wp_die( 0 );
|
||||||
|
|
||||||
check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id );
|
check_ajax_referer( 'update-post_' . $post_id );
|
||||||
|
|
||||||
if ( ! current_user_can( 'edit_post', $post_id ) )
|
if ( ! current_user_can( 'edit_post', $post_id ) )
|
||||||
wp_die( -1 );
|
wp_die( -1 );
|
||||||
|
|
|
@ -360,10 +360,10 @@ foreach ( $columns as $column_name => $column_display_name ) {
|
||||||
$actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
|
$actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
|
||||||
if ( current_user_can( 'delete_post', $post->ID ) )
|
if ( current_user_can( 'delete_post', $post->ID ) )
|
||||||
if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) {
|
if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) {
|
||||||
$actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash-attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
|
$actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash-post_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
|
||||||
} else {
|
} else {
|
||||||
$delete_ays = !MEDIA_TRASH ? " onclick='return showNotice.warn();'" : '';
|
$delete_ays = !MEDIA_TRASH ? " onclick='return showNotice.warn();'" : '';
|
||||||
$actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete-attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
|
$actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
|
||||||
}
|
}
|
||||||
$actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View “%s”' ), $att_title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>';
|
$actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View “%s”' ), $att_title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>';
|
||||||
if ( current_user_can( 'edit_post', $post->ID ) )
|
if ( current_user_can( 'edit_post', $post->ID ) )
|
||||||
|
@ -374,12 +374,12 @@ foreach ( $columns as $column_name => $column_display_name ) {
|
||||||
$actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
|
$actions['edit'] = '<a href="' . get_edit_post_link( $post->ID, true ) . '">' . __( 'Edit' ) . '</a>';
|
||||||
if ( current_user_can( 'delete_post', $post->ID ) ) {
|
if ( current_user_can( 'delete_post', $post->ID ) ) {
|
||||||
if ( $this->is_trash )
|
if ( $this->is_trash )
|
||||||
$actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&post=$post->ID", 'untrash-attachment_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
|
$actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=untrash&post=$post->ID", 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
|
||||||
elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH )
|
elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH )
|
||||||
$actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash-attachment_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
|
$actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url( "post.php?action=trash&post=$post->ID", 'trash-post_' . $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
|
||||||
if ( $this->is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) {
|
if ( $this->is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) {
|
||||||
$delete_ays = ( !$this->is_trash && !MEDIA_TRASH ) ? " onclick='return showNotice.warn();'" : '';
|
$delete_ays = ( !$this->is_trash && !MEDIA_TRASH ) ? " onclick='return showNotice.warn();'" : '';
|
||||||
$actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete-attachment_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
|
$actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url( "post.php?action=delete&post=$post->ID", 'delete-post_' . $post->ID ) . "'>" . __( 'Delete Permanently' ) . "</a>";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if ( !$this->is_trash ) {
|
if ( !$this->is_trash ) {
|
||||||
|
|
|
@ -545,7 +545,7 @@ class WP_Posts_List_Table extends WP_List_Table {
|
||||||
}
|
}
|
||||||
if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {
|
if ( current_user_can( $post_type_object->cap->delete_post, $post->ID ) ) {
|
||||||
if ( 'trash' == $post->post_status )
|
if ( 'trash' == $post->post_status )
|
||||||
$actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&action=untrash', $post->ID ) ), 'untrash-' . $post->post_type . '_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
|
$actions['untrash'] = "<a title='" . esc_attr( __( 'Restore this item from the Trash' ) ) . "' href='" . wp_nonce_url( admin_url( sprintf( $post_type_object->_edit_link . '&action=untrash', $post->ID ) ), 'untrash-post_' . $post->ID ) . "'>" . __( 'Restore' ) . "</a>";
|
||||||
elseif ( EMPTY_TRASH_DAYS )
|
elseif ( EMPTY_TRASH_DAYS )
|
||||||
$actions['trash'] = "<a class='submitdelete' title='" . esc_attr( __( 'Move this item to the Trash' ) ) . "' href='" . get_delete_post_link( $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
|
$actions['trash'] = "<a class='submitdelete' title='" . esc_attr( __( 'Move this item to the Trash' ) ) . "' href='" . get_delete_post_link( $post->ID ) . "'>" . __( 'Trash' ) . "</a>";
|
||||||
if ( 'trash' == $post->post_status || !EMPTY_TRASH_DAYS )
|
if ( 'trash' == $post->post_status || !EMPTY_TRASH_DAYS )
|
||||||
|
|
|
@ -1156,16 +1156,16 @@ function get_media_item( $attachment_id, $args = null ) {
|
||||||
$send = get_submit_button( __( 'Insert into Post' ), 'button', "send[$attachment_id]", false );
|
$send = get_submit_button( __( 'Insert into Post' ), 'button', "send[$attachment_id]", false );
|
||||||
if ( $delete && current_user_can( 'delete_post', $attachment_id ) ) {
|
if ( $delete && current_user_can( 'delete_post', $attachment_id ) ) {
|
||||||
if ( !EMPTY_TRASH_DAYS ) {
|
if ( !EMPTY_TRASH_DAYS ) {
|
||||||
$delete = "<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Delete Permanently' ) . '</a>';
|
$delete = "<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete-permanently'>" . __( 'Delete Permanently' ) . '</a>';
|
||||||
} elseif ( !MEDIA_TRASH ) {
|
} elseif ( !MEDIA_TRASH ) {
|
||||||
$delete = "<a href='#' class='del-link' onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __( 'Delete' ) . "</a>
|
$delete = "<a href='#' class='del-link' onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __( 'Delete' ) . "</a>
|
||||||
<div id='del_attachment_$attachment_id' class='del-attachment' style='display:none;'><p>" . sprintf( __( 'You are about to delete <strong>%s</strong>.' ), $filename ) . "</p>
|
<div id='del_attachment_$attachment_id' class='del-attachment' style='display:none;'><p>" . sprintf( __( 'You are about to delete <strong>%s</strong>.' ), $filename ) . "</p>
|
||||||
<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a>
|
<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a>
|
||||||
<a href='#' class='button' onclick=\"this.parentNode.style.display='none';return false;\">" . __( 'Cancel' ) . "</a>
|
<a href='#' class='button' onclick=\"this.parentNode.style.display='none';return false;\">" . __( 'Cancel' ) . "</a>
|
||||||
</div>";
|
</div>";
|
||||||
} else {
|
} else {
|
||||||
$delete = "<a href='" . wp_nonce_url( "post.php?action=trash&post=$attachment_id", 'trash-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Move to Trash' ) . "</a>
|
$delete = "<a href='" . wp_nonce_url( "post.php?action=trash&post=$attachment_id", 'trash-post_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Move to Trash' ) . "</a>
|
||||||
<a href='" . wp_nonce_url( "post.php?action=untrash&post=$attachment_id", 'untrash-attachment_' . $attachment_id ) . "' id='undo[$attachment_id]' class='undo hidden'>" . __( 'Undo' ) . "</a>";
|
<a href='" . wp_nonce_url( "post.php?action=untrash&post=$attachment_id", 'untrash-post_' . $attachment_id ) . "' id='undo[$attachment_id]' class='undo hidden'>" . __( 'Undo' ) . "</a>";
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
$delete = '';
|
$delete = '';
|
||||||
|
|
|
@ -177,7 +177,7 @@ case 'edit':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'editattachment':
|
case 'editattachment':
|
||||||
check_admin_referer('update-attachment_' . $post_id);
|
check_admin_referer('update-post_' . $post_id);
|
||||||
|
|
||||||
// Don't let these be changed
|
// Don't let these be changed
|
||||||
unset($_POST['guid']);
|
unset($_POST['guid']);
|
||||||
|
@ -190,7 +190,7 @@ case 'editattachment':
|
||||||
wp_update_attachment_metadata( $post_id, $newmeta );
|
wp_update_attachment_metadata( $post_id, $newmeta );
|
||||||
|
|
||||||
case 'editpost':
|
case 'editpost':
|
||||||
check_admin_referer('update-' . $post_type . '_' . $post_id);
|
check_admin_referer('update-post_' . $post_id);
|
||||||
|
|
||||||
$post_id = edit_post();
|
$post_id = edit_post();
|
||||||
|
|
||||||
|
@ -200,7 +200,7 @@ case 'editpost':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'trash':
|
case 'trash':
|
||||||
check_admin_referer('trash-' . $post_type . '_' . $post_id);
|
check_admin_referer('trash-post_' . $post_id);
|
||||||
|
|
||||||
$post = & get_post($post_id);
|
$post = & get_post($post_id);
|
||||||
|
|
||||||
|
@ -215,7 +215,7 @@ case 'trash':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'untrash':
|
case 'untrash':
|
||||||
check_admin_referer('untrash-' . $post_type . '_' . $post_id);
|
check_admin_referer('untrash-post_' . $post_id);
|
||||||
|
|
||||||
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
||||||
wp_die( __('You are not allowed to move this item out of the Trash.') );
|
wp_die( __('You are not allowed to move this item out of the Trash.') );
|
||||||
|
@ -228,7 +228,7 @@ case 'untrash':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
check_admin_referer('delete-' . $post_type . '_' . $post_id);
|
check_admin_referer('delete-post_' . $post_id);
|
||||||
|
|
||||||
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
|
||||||
wp_die( __('You are not allowed to delete this item.') );
|
wp_die( __('You are not allowed to delete this item.') );
|
||||||
|
|
|
@ -971,7 +971,7 @@ function get_delete_post_link( $id = 0, $deprecated = '', $force_delete = false
|
||||||
|
|
||||||
$delete_link = add_query_arg( 'action', $action, admin_url( sprintf( $post_type_object->_edit_link, $post->ID ) ) );
|
$delete_link = add_query_arg( 'action', $action, admin_url( sprintf( $post_type_object->_edit_link, $post->ID ) ) );
|
||||||
|
|
||||||
return apply_filters( 'get_delete_post_link', wp_nonce_url( $delete_link, "$action-{$post->post_type}_{$post->ID}" ), $post->ID, $force_delete );
|
return apply_filters( 'get_delete_post_link', wp_nonce_url( $delete_link, "$action-post_{$post->ID}" ), $post->ID, $force_delete );
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue