From 8bab10e90dcf99a3ae80e97b6cd19e3e73a28cea Mon Sep 17 00:00:00 2001 From: ryan Date: Fri, 5 May 2006 09:09:13 +0000 Subject: [PATCH] nonce approve/delete comment confirmations. #2678 git-svn-id: http://svn.automattic.com/wordpress/trunk@3764 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/comment.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/wp-admin/comment.php b/wp-admin/comment.php index 851b5827f4..fa4bd246c4 100644 --- a/wp-admin/comment.php +++ b/wp-admin/comment.php @@ -51,6 +51,8 @@ case 'mailapprovecomment': $comment = (int) $_GET['comment']; $p = (int) $_GET['p']; $formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment'; + $nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment' : 'approve-comment'; + $nonce_action .= $comment; if ( ! $comment = get_comment($comment) ) die(sprintf(__('Oops, no comment with this ID. Go back!'), 'edit.php')); @@ -74,6 +76,7 @@ case 'mailapprovecomment': echo "

" . __('Are you sure you want to do that?') . "

\n"; echo "
\n"; + wp_nonce_field($nonce_action); echo "\n"; if ( 'spam' == $_GET['delete_type'] ) echo "\n";