WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Ref checks from mdawaffe. 

git-svn-id: http://svn.automattic.com/wordpress/trunk@3665 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-03-30 23:12:54 +00:00
parent a7337fded7
commit 805df2b129
11 changed files with 27 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/categories.php
View File

@ -24,6 +24,8 @@ switch($action) {
case 'addcat': case 'addcat':
check_admin_referer();
if ( !current_user_can('manage_categories') ) if ( !current_user_can('manage_categories') )
die (__('Cheatin’ uh?')); die (__('Cheatin’ uh?'));
@ -93,6 +95,8 @@ case 'edit':
break; break;
case 'editedcat': case 'editedcat':
check_admin_referer();
if ( !current_user_can('manage_categories') ) if ( !current_user_can('manage_categories') )
die (__('Cheatin’ uh?')); die (__('Cheatin’ uh?'));

6
wp-admin/comment.php
View File

@ -164,6 +164,8 @@ case 'mailapprovecomment':
case 'approvecomment': case 'approvecomment':
check_admin_referer();
$comment = (int) $_GET['comment']; $comment = (int) $_GET['comment'];
$p = (int) $_GET['p']; $p = (int) $_GET['p'];
if (isset($_GET['noredir'])) { if (isset($_GET['noredir'])) {
@ -194,6 +196,8 @@ case 'approvecomment':
case 'editedcomment': case 'editedcomment':
check_admin_referer();
edit_comment(); edit_comment();
$referredby = $_POST['referredby']; $referredby = $_POST['referredby'];
@ -208,4 +212,4 @@ default:
break; break;
} // end switch } // end switch
include('admin-footer.php'); include('admin-footer.php');
?> ?>

2
wp-admin/edit-comments.php
View File

@ -51,6 +51,8 @@ function getNumChecked(form)
<p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p> <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
<?php <?php
if ( !empty( $_POST['delete_comments'] ) ) : if ( !empty( $_POST['delete_comments'] ) ) :
check_admin_referer();
$i = 0; $i = 0;
foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
$comment = (int) $comment; $comment = (int) $comment;

2
wp-admin/inline-uploading.php
View File

@ -2,6 +2,8 @@
require_once('admin.php'); require_once('admin.php');
check_admin_referer();
header('Content-Type: text/html; charset=' . get_option('blog_charset')); header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (!current_user_can('upload_files')) if (!current_user_can('upload_files'))

2
wp-admin/link-import.php
View File

@ -63,6 +63,8 @@ foreach ($categories as $category) {
} // end case 0 } // end case 0
case 1: { case 1: {
check_admin_referer();
include_once('admin-header.php'); include_once('admin-header.php');
if ( !current_user_can('manage_links') ) if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));

2
wp-admin/moderation.php
View File

@ -32,6 +32,8 @@ switch($action) {
case 'update': case 'update':
check_admin_referer();
if ( ! current_user_can('moderate_comments') ) if ( ! current_user_can('moderate_comments') )
die('<p>'.__('Your level is not high enough to moderate comments.').'</p>'); die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');

2
wp-admin/options-permalink.php
View File

@ -58,6 +58,8 @@ include('admin-header.php');
$home_path = get_home_path(); $home_path = get_home_path();
if ( isset($_POST) ) { if ( isset($_POST) ) {
check_admin_referer();
if ( isset($_POST['permalink_structure']) ) { if ( isset($_POST['permalink_structure']) ) {
$permalink_structure = $_POST['permalink_structure']; $permalink_structure = $_POST['permalink_structure'];
if (! empty($permalink_structure) ) if (! empty($permalink_structure) )

2
wp-admin/plugin-editor.php
View File

@ -34,6 +34,8 @@ switch($action) {
case 'update': case 'update':
check_admin_referer();
if ( !current_user_can('edit_plugins') ) if ( !current_user_can('edit_plugins') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>'); die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');

4
wp-admin/templates.php
View File

@ -36,8 +36,10 @@ switch($action) {
case 'update': case 'update':
check_admin_referer();
if ( ! current_user_can('edit_files') ) if ( ! current_user_can('edit_files') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>'); die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
$newcontent = stripslashes($_POST['newcontent']); $newcontent = stripslashes($_POST['newcontent']);
if (is_writeable($real_file)) { if (is_writeable($real_file)) {

2
wp-admin/theme-editor.php
View File

@ -47,6 +47,8 @@ switch($action) {
case 'update': case 'update':
check_admin_referer();
if ( !current_user_can('edit_themes') ) if ( !current_user_can('edit_themes') )
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>'); die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');

2
wp-includes/classes.php
View File

@ -40,7 +40,7 @@ class retrospam_mgr {
if ( empty( $word ) ) if ( empty( $word ) )
continue; continue;
$fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text); $fulltext = strtolower($comment->email.' '.$comment->url.' '.$comment->ip.' '.$comment->text);
if( strpos( $fulltext, strtolower($word) ) != FALSE ) { if( false !== strpos( $fulltext, strtolower($word) ) ) {
$this->found_comments[] = $comment->ID; $this->found_comments[] = $comment->ID;
break; break;
} }