Update nonce action strings. Props mdawaffe.
git-svn-id: http://svn.automattic.com/wordpress/trunk@3804 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
1dff136d6f
commit
96c3f739a8
|
@ -656,7 +656,7 @@ function cat_rows($parent = 0, $level = 0, $categories = 0) {
|
|||
$default_link_cat_id = get_option('default_link_category');
|
||||
|
||||
if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) )
|
||||
$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";
|
||||
$edit .= "<td><a href='" . wp_nonce_url("categories.php?action=delete&cat_ID=$category->cat_ID", 'delete-category_' . $category->cat_ID ) . "' onclick=\"return deleteSomething( 'cat', $category->cat_ID, '" . sprintf(__("You are about to delete the category "%s".\\nAll of its posts will go into the default category of "%s"\\nAll of its bookmarks will go into the default category of "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name), js_escape(get_catname($default_cat_id)), js_escape(get_catname($default_link_cat_id))) . "' );\" class='delete'>".__('Delete')."</a>";
|
||||
else
|
||||
$edit .= "<td style='text-align:center'>".__("Default");
|
||||
}
|
||||
|
@ -709,7 +709,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0, $hierarchy = true) {
|
|||
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
|
||||
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
|
||||
<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='page.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('edit_page', $id) ) { echo "<a href='" . wp_nonce_url("page.php?action=delete&post=$id", 'delete-page_' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
</tr>
|
||||
|
||||
<?php
|
||||
|
|
|
@ -36,7 +36,7 @@ break;
|
|||
|
||||
case 'delete':
|
||||
$cat_ID = (int) $_GET['cat_ID'];
|
||||
check_admin_referer('delete-category' . $cat_ID);
|
||||
check_admin_referer('delete-category_' . $cat_ID);
|
||||
|
||||
if ( !current_user_can('manage_categories') )
|
||||
die (__('Cheatin’ uh?'));
|
||||
|
@ -67,7 +67,7 @@ break;
|
|||
|
||||
case 'editedcat':
|
||||
$cat_ID = (int) $_POST['cat_ID'];
|
||||
check_admin_referer('update-category' . $cat_ID);
|
||||
check_admin_referer('update-category_' . $cat_ID);
|
||||
|
||||
if ( !current_user_can('manage_categories') )
|
||||
die (__('Cheatin’ uh?'));
|
||||
|
|
|
@ -51,7 +51,7 @@ case 'mailapprovecomment':
|
|||
$comment = (int) $_GET['comment'];
|
||||
$p = (int) $_GET['p'];
|
||||
$formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
|
||||
$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment' : 'approve-comment';
|
||||
$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment_' : 'approve-comment_';
|
||||
$nonce_action .= $comment;
|
||||
|
||||
if ( ! $comment = get_comment($comment) )
|
||||
|
@ -93,7 +93,7 @@ case 'mailapprovecomment':
|
|||
|
||||
case 'deletecomment':
|
||||
$comment = (int) $_REQUEST['comment'];
|
||||
check_admin_referer('delete-comment' . $comment);
|
||||
check_admin_referer('delete-comment_' . $comment);
|
||||
|
||||
$p = (int) $_REQUEST['p'];
|
||||
if ( isset($_REQUEST['noredir']) ) {
|
||||
|
@ -126,7 +126,7 @@ case 'deletecomment':
|
|||
|
||||
case 'unapprovecomment':
|
||||
$comment = (int) $_GET['comment'];
|
||||
check_admin_referer('unapprove-comment' . $comment);
|
||||
check_admin_referer('unapprove-comment_' . $comment);
|
||||
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
|
@ -153,7 +153,7 @@ case 'unapprovecomment':
|
|||
|
||||
case 'approvecomment':
|
||||
$comment = (int) $_GET['comment'];
|
||||
check_admin_referer('approve-comment' . $comment);
|
||||
check_admin_referer('approve-comment_' . $comment);
|
||||
|
||||
$p = (int) $_GET['p'];
|
||||
if (isset($_GET['noredir'])) {
|
||||
|
|
|
@ -4,7 +4,7 @@ if ( ! empty($cat_ID) ) {
|
|||
$submit_text = __('Edit Category »');
|
||||
$form = '<form name="editcat" id="editcat" method="post" action="categories.php">';
|
||||
$action = 'editedcat';
|
||||
$nonce_action = 'update-category' . $cat_ID;
|
||||
$nonce_action = 'update-category_' . $cat_ID;
|
||||
} else {
|
||||
$heading = __('Add Category');
|
||||
$submit_text = __('Add Category »');
|
||||
|
|
|
@ -119,12 +119,12 @@ if ('view' == $mode) {
|
|||
<?php
|
||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||
echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>';
|
||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
|
||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
|
||||
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
||||
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
|
||||
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
|
||||
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
|
||||
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
|
||||
}
|
||||
echo " | <a href=\"comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";
|
||||
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=" . $comment->comment_post_ID . "&comment=" . $comment->comment_ID", 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ";
|
||||
}
|
||||
$post = get_post($comment->comment_post_ID);
|
||||
$post_title = wp_specialchars( $post->post_title, 'double' );
|
||||
|
|
|
@ -26,7 +26,7 @@ if (0 == $post_ID) {
|
|||
} else {
|
||||
$form_action = 'editpost';
|
||||
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
|
||||
wp_nonce_field('update-post' . $post_ID);
|
||||
wp_nonce_field('update-post_' . $post_ID);
|
||||
}
|
||||
|
||||
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
|
||||
|
@ -220,7 +220,7 @@ list_meta($metadata);
|
|||
|
||||
</div>
|
||||
|
||||
<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post' . $post_ID ); ?>
|
||||
<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
|
||||
<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
|
||||
<?php endif; ?>
|
||||
|
||||
|
|
|
@ -3,7 +3,7 @@ if ( ! empty($link_id) ) {
|
|||
$heading = __('Edit Bookmark');
|
||||
$submit_text = __('Save Changes »');
|
||||
$form = '<form name="editlink" id="editlink" method="post" action="link.php">';
|
||||
$nonce_action = 'update-bookmark' . $link_id;
|
||||
$nonce_action = 'update-bookmark_' . $link_id;
|
||||
} else {
|
||||
$heading = __('Create Bookmark');
|
||||
$submit_text = __('Add Bookmark »');
|
||||
|
|
|
@ -10,7 +10,7 @@ if (0 == $post_ID) {
|
|||
$form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
|
||||
} else {
|
||||
$form_action = 'editpost';
|
||||
$nonce_action = 'update-page' . $post_ID;
|
||||
$nonce_action = 'update-page_' . $post_ID;
|
||||
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
|
||||
}
|
||||
|
||||
|
|
|
@ -211,7 +211,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
|
|||
|
||||
case 'control_delete':
|
||||
?>
|
||||
<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
<td><?php if ( current_user_can('delete_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post_' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), js_escape(get_the_title()) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||
<?php
|
||||
break;
|
||||
|
||||
|
@ -273,12 +273,12 @@ foreach ($comments as $comment) {
|
|||
<?php
|
||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||
echo " <a href='comment.php?action=editcomment&comment=".$comment->comment_ID."\'>" . __('Edit') . '</a>';
|
||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
|
||||
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), js_escape($comment->comment_author)) . "' );\">" . __('Delete') . '</a> ';
|
||||
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
||||
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
|
||||
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
|
||||
echo '<span class="unapprove"> | <a href="' . wp_nonce_url('comment.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Unapprove') . '</a> </span>';
|
||||
echo '<span class="approve"> | <a href="' . wp_nonce_url('comment.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment_' . $comment->comment_ID) . '" onclick="return dimSomething( \'comment\', ' . $comment->comment_ID . ', \'unapproved\' );">' . __('Approve') . '</a> </span>';
|
||||
}
|
||||
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";
|
||||
echo " | <a href=\"" . wp_nonce_url("comment.php?action=deletecomment&delete_type=spam&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment_' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), js_escape( $comment->comment_author)) . "' );\">" . __('Spam') . "</a> ]";
|
||||
} // end if any comments to show
|
||||
?>
|
||||
</p>
|
||||
|
|
|
@ -176,7 +176,7 @@ if ($links)
|
|||
<?php
|
||||
|
||||
echo '<td><a href="link.php?link_id='.$link->link_id.'&action=edit" class="edit">'.__('Edit').'</a></td>';
|
||||
echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
|
||||
echo '<td><a href="' . wp_nonce_url('link.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
|
||||
echo '<td align="center"><input type="checkbox" name="linkcheck[]" value="'.$link->link_id.'" /></td>';
|
||||
echo "\n </tr>\n";
|
||||
}
|
||||
|
|
|
@ -81,7 +81,7 @@ switch ($action) {
|
|||
|
||||
case 'save' :
|
||||
$link_id = (int) $_POST['link_id'];
|
||||
check_admin_referer('update-bookmark' . $link_id);
|
||||
check_admin_referer('update-bookmark_' . $link_id);
|
||||
|
||||
edit_link($link_id);
|
||||
|
||||
|
@ -91,7 +91,7 @@ switch ($action) {
|
|||
|
||||
case 'delete' :
|
||||
$link_id = (int) $_GET['link_id'];
|
||||
check_admin_referer('delete-bookmark' . $link_id);
|
||||
check_admin_referer('delete-bookmark_' . $link_id);
|
||||
|
||||
if (!current_user_can('manage_links'))
|
||||
die(__("Cheatin' uh ?"));
|
||||
|
|
|
@ -76,7 +76,7 @@ case 'edit':
|
|||
|
||||
case 'editattachment':
|
||||
$page_id = $post_ID = (int) $_POST['post_ID'];
|
||||
check_admin_referer('update-attachment' . $page_id);
|
||||
check_admin_referer('update-attachment_' . $page_id);
|
||||
|
||||
// Don't let these be changed
|
||||
unset($_POST['guid']);
|
||||
|
@ -93,7 +93,7 @@ case 'editattachment':
|
|||
|
||||
case 'editpost':
|
||||
$page_ID = (int) $_POST['post_ID'];
|
||||
check_admin_referer('update-page' . $page_ID);
|
||||
check_admin_referer('update-page_' . $page_ID);
|
||||
|
||||
$page_ID = edit_post();
|
||||
|
||||
|
@ -119,7 +119,7 @@ case 'editpost':
|
|||
|
||||
case 'delete':
|
||||
$page_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
|
||||
check_admin_referer('delete-page' . $page_id);
|
||||
check_admin_referer('delete-page_' . $page_id);
|
||||
|
||||
$page = & get_post($page_id);
|
||||
|
||||
|
|
|
@ -34,7 +34,7 @@ switch($action) {
|
|||
|
||||
case 'update':
|
||||
|
||||
check_admin_referer('edit-plugin' . $file);
|
||||
check_admin_referer('edit-plugin_' . $file);
|
||||
|
||||
if ( !current_user_can('edit_plugins') )
|
||||
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
||||
|
@ -97,7 +97,7 @@ if ($plugin_files) :
|
|||
</div>
|
||||
<?php if (!$error) { ?>
|
||||
<form name="template" id="template" action="plugin-editor.php" method="post">
|
||||
<?php wp_nonce_field('edit-plugin' . $file) ?>
|
||||
<?php wp_nonce_field('edit-plugin_' . $file) ?>
|
||||
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
|
||||
<input type="hidden" name="action" value="update" />
|
||||
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
||||
|
|
|
@ -3,7 +3,7 @@ require_once('admin.php');
|
|||
|
||||
if ( isset($_GET['action']) ) {
|
||||
if ('activate' == $_GET['action']) {
|
||||
check_admin_referer('activate-plugin' . $_GET['plugin']);
|
||||
check_admin_referer('activate-plugin_' . $_GET['plugin']);
|
||||
$current = get_settings('active_plugins');
|
||||
if (!in_array($_GET['plugin'], $current)) {
|
||||
$current[] = trim( $_GET['plugin'] );
|
||||
|
@ -14,7 +14,7 @@ if ( isset($_GET['action']) ) {
|
|||
}
|
||||
header('Location: plugins.php?activate=true');
|
||||
} else if ('deactivate' == $_GET['action']) {
|
||||
check_admin_referer('deactivate-plugin' . $_GET['plugin']);
|
||||
check_admin_referer('deactivate-plugin_' . $_GET['plugin']);
|
||||
$current = get_settings('active_plugins');
|
||||
array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
|
||||
update_option('active_plugins', $current);
|
||||
|
@ -100,11 +100,11 @@ if (empty($plugins)) {
|
|||
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
|
||||
|
||||
if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
|
||||
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
|
||||
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
|
||||
$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
|
||||
$style .= $style == 'alternate' ? ' active' : 'active';
|
||||
} else {
|
||||
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
|
||||
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
|
||||
}
|
||||
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
|
||||
if ($style != '') $style = 'class="' . $style . '"';
|
||||
|
|
|
@ -82,7 +82,7 @@ case 'edit':
|
|||
case 'editattachment':
|
||||
$post_id = (int) $_POST['post_ID'];
|
||||
|
||||
check_admin_referer('update-attachment' . $post_id);
|
||||
check_admin_referer('update-attachment_' . $post_id);
|
||||
|
||||
// Don't let these be changed
|
||||
unset($_POST['guid']);
|
||||
|
@ -99,7 +99,7 @@ case 'editattachment':
|
|||
|
||||
case 'editpost':
|
||||
$post_ID = (int) $_POST['post_ID'];
|
||||
check_admin_referer('update-post' . $post_ID);
|
||||
check_admin_referer('update-post_' . $post_ID);
|
||||
|
||||
$post_ID = edit_post();
|
||||
|
||||
|
@ -125,7 +125,7 @@ case 'editpost':
|
|||
|
||||
case 'delete':
|
||||
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
|
||||
check_admin_referer('delete-post' . $post_id);
|
||||
check_admin_referer('delete-post_' . $post_id);
|
||||
|
||||
$post = & get_post($post_id);
|
||||
|
||||
|
|
|
@ -4,7 +4,7 @@ $parent_file = 'profile.php';
|
|||
$submenu_file = 'profile.php';
|
||||
require_once('admin.php');
|
||||
|
||||
check_admin_referer('update-profile' . $user_ID);
|
||||
check_admin_referer('update-profile_' . $user_ID);
|
||||
|
||||
if ( !$_POST )
|
||||
die( __('No post?') );
|
||||
|
|
|
@ -19,7 +19,7 @@ $bookmarklet_height= 440;
|
|||
<div class="wrap">
|
||||
<h2><?php _e('Your Profile and Personal Options'); ?></h2>
|
||||
<form name="profile" id="your-profile" action="profile-update.php" method="post">
|
||||
<?php wp_nonce_field('update-profile' . $user_ID) ?>
|
||||
<?php wp_nonce_field('update-profile_' . $user_ID) ?>
|
||||
<p>
|
||||
<input type="hidden" name="from" value="profile" />
|
||||
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
|
||||
|
|
|
@ -36,7 +36,7 @@ switch($action) {
|
|||
|
||||
case 'update':
|
||||
|
||||
check_admin_referer('edit-file' . $file);
|
||||
check_admin_referer('edit-file_' . $file);
|
||||
|
||||
if ( ! current_user_can('edit_files') )
|
||||
die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');
|
||||
|
@ -128,7 +128,7 @@ endif;
|
|||
</div>
|
||||
<?php if (!$error) { ?>
|
||||
<form name="template" id="template" action="templates.php" method="post">
|
||||
<?php wp_nonce_field('edit-file' . $file) ?>
|
||||
<?php wp_nonce_field('edit-file_' . $file) ?>
|
||||
<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
|
||||
<input type="hidden" name="action" value="update" />
|
||||
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
||||
|
|
|
@ -47,7 +47,7 @@ switch($action) {
|
|||
|
||||
case 'update':
|
||||
|
||||
check_admin_referer('edit-theme' . $file . $theme);
|
||||
check_admin_referer('edit-theme_' . $file . $theme);
|
||||
|
||||
if ( !current_user_can('edit_themes') )
|
||||
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
||||
|
@ -131,7 +131,7 @@ if ($allowed_files) :
|
|||
if (!$error) {
|
||||
?>
|
||||
<form name="template" id="template" action="theme-editor.php" method="post">
|
||||
<?php wp_nonce_field('edit-theme' . $file . $theme) ?>
|
||||
<?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
|
||||
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
|
||||
<input type="hidden" name="action" value="update" />
|
||||
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
require_once('admin.php');
|
||||
|
||||
if ( isset($_GET['action']) ) {
|
||||
check_admin_referer('switch-theme' . $_GET['template']);
|
||||
check_admin_referer('switch-theme_' . $_GET['template']);
|
||||
|
||||
if ('activate' == $_GET['action']) {
|
||||
if ( isset($_GET['template']) )
|
||||
|
@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
|
|||
$author = $themes[$theme_name]['Author'];
|
||||
$screenshot = $themes[$theme_name]['Screenshot'];
|
||||
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
|
||||
$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme' . $template);
|
||||
$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme_' . $template);
|
||||
?>
|
||||
<div class="available-theme">
|
||||
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
|
||||
|
|
|
@ -32,7 +32,7 @@ break;
|
|||
|
||||
case 'update':
|
||||
|
||||
check_admin_referer('update-user' . $user_id);
|
||||
check_admin_referer('update-user_' . $user_id);
|
||||
|
||||
if (!current_user_can('edit_users'))
|
||||
$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
|
||||
|
@ -74,7 +74,7 @@ if (!current_user_can('edit_users'))
|
|||
<h2><?php _e('Edit User'); ?></h2>
|
||||
|
||||
<form name="profile" id="your-profile" action="user-edit.php" method="post">
|
||||
<?php wp_nonce_field('update-user' . $user_ID) ?>
|
||||
<?php wp_nonce_field('update-user_' . $user_ID) ?>
|
||||
<p>
|
||||
<input type="hidden" name="from" value="profile" />
|
||||
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
|
||||
|
|
Loading…
Reference in New Issue