From 9e7327963f220b8c7a65bca6254f045686c7f39d Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Fri, 24 Dec 2010 17:59:58 +0000
Subject: [PATCH] nonce checks for site-themes.  Props PeteMall. see #15969

git-svn-id: http://svn.automattic.com/wordpress/trunk@17134 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/network/site-themes.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/wp-admin/network/site-themes.php b/wp-admin/network/site-themes.php
index 9907fd254f..35f2c4a83f 100644
--- a/wp-admin/network/site-themes.php
+++ b/wp-admin/network/site-themes.php
@@ -60,6 +60,7 @@ if ( $action ) {
 
 	switch ( $action ) {
 		case 'enable':
+			check_admin_referer( 'enable-theme_' . $_GET['theme'] );
 			$theme = $_GET['theme'];
 			$update = 'enabled';
 			if ( !$allowed_themes )
@@ -68,6 +69,7 @@ if ( $action ) {
 				$allowed_themes[$theme] = true;
 			break;
 		case 'disable':
+			check_admin_referer( 'disable-theme_' . $_GET['theme'] );
 			$theme = $_GET['theme'];
 			$update = 'disabled';
 			if ( !$allowed_themes )
@@ -76,6 +78,7 @@ if ( $action ) {
 				unset( $allowed_themes[$theme] );
 			break;
 		case 'enable-selected':
+			check_admin_referer( 'bulk-themes' );
 			if ( isset( $_POST['checked'] ) ) {
 				$update = 'enable';
 				$themes = (array) $_POST['checked'];
@@ -86,6 +89,7 @@ if ( $action ) {
 			}
 			break;
 		case 'disable-selected':
+			check_admin_referer( 'bulk-themes' );
 			if ( isset( $_POST['checked'] ) ) {
 				$update = 'disable';
 				$themes = (array) $_POST['checked'];