WordPress-C
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

using check_admin_referer for moves/deletions 

git-svn-id: http://svn.automattic.com/wordpress/trunk@1300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
michelvaldrighi 2004-05-17 20:34:05 +00:00
parent 0dbe04e28e
commit f70ae04419
2 changed files with 20 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
wp-admin/link-manager.php
View File

@ -85,6 +85,8 @@ switch ($action) {
$standalone = 1;
include_once('admin-header.php');
check_admin_referer();
// check the current user's level first.
if ($user_level < get_settings('links_minadminlevel'))
die (__("Cheatin' uh ?"));
@ -116,6 +118,8 @@ switch ($action) {
$standalone = 1;
include_once('admin-header.php');
check_admin_referer();
// check the current user's level first.
if ($user_level < get_settings('links_minadminlevel'))
die (__("Cheatin' uh ?"));
@ -153,6 +157,9 @@ switch ($action) {
{
$standalone = 1;
include_once('admin-header.php');
check_admin_referer();
// check the current user's level first.
if ($user_level < get_settings('links_minadminlevel'))
die (__("Cheatin' uh ?"));
@ -175,6 +182,8 @@ switch ($action) {
$standalone = 1;
include_once('admin-header.php');
check_admin_referer();
$link_url = $_POST['linkurl'];
$link_name = $_POST['name'];
$link_image = $_POST['image'];
@ -222,6 +231,8 @@ switch ($action) {
$standalone = 1;
include_once('admin-header.php');
check_admin_referer();
$link_id = $_POST['link_id'];
$link_url = $_POST['linkurl'];
$link_name = $_POST['name'];
@ -265,6 +276,8 @@ switch ($action) {
$standalone = 1;
include_once('admin-header.php');
check_admin_referer();
$link_id = $_GET["link_id"];
if ($user_level < get_settings('links_minadminlevel'))

7
wp-admin/users.php
View File

@ -24,6 +24,9 @@ switch ($action) {
case 'adduser':
$standalone = 1;
require_once('admin-header.php');
check_admin_referer()
function filter($value) {
return ereg('^[a-zA-Z0-9\_-\|]+$',$value);
}
@ -101,6 +104,8 @@ case 'promote':
$standalone = 1;
require_once('admin-header.php');
check_admin_referer()
if (empty($_GET['prom'])) {
header('Location: users.php');
}
@ -133,6 +138,8 @@ case 'delete':
$standalone = 1;
require_once('admin-header.php');
check_admin_referer()
$id = intval($_GET['id']);
if (!$id) {