From f70ae04419968d4f4f528c6fa8aefcd2fbd88ee1 Mon Sep 17 00:00:00 2001 From: michelvaldrighi Date: Mon, 17 May 2004 20:34:05 +0000 Subject: [PATCH] using check_admin_referer for moves/deletions git-svn-id: http://svn.automattic.com/wordpress/trunk@1300 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/link-manager.php | 13 +++++++++++++ wp-admin/users.php | 7 +++++++ 2 files changed, 20 insertions(+) diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 3d7d77c5c7..1de6adac25 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -85,6 +85,8 @@ switch ($action) { $standalone = 1; include_once('admin-header.php'); + check_admin_referer(); + // check the current user's level first. if ($user_level < get_settings('links_minadminlevel')) die (__("Cheatin' uh ?")); @@ -116,6 +118,8 @@ switch ($action) { $standalone = 1; include_once('admin-header.php'); + check_admin_referer(); + // check the current user's level first. if ($user_level < get_settings('links_minadminlevel')) die (__("Cheatin' uh ?")); @@ -153,6 +157,9 @@ switch ($action) { { $standalone = 1; include_once('admin-header.php'); + + check_admin_referer(); + // check the current user's level first. if ($user_level < get_settings('links_minadminlevel')) die (__("Cheatin' uh ?")); @@ -175,6 +182,8 @@ switch ($action) { $standalone = 1; include_once('admin-header.php'); + check_admin_referer(); + $link_url = $_POST['linkurl']; $link_name = $_POST['name']; $link_image = $_POST['image']; @@ -222,6 +231,8 @@ switch ($action) { $standalone = 1; include_once('admin-header.php'); + check_admin_referer(); + $link_id = $_POST['link_id']; $link_url = $_POST['linkurl']; $link_name = $_POST['name']; @@ -265,6 +276,8 @@ switch ($action) { $standalone = 1; include_once('admin-header.php'); + check_admin_referer(); + $link_id = $_GET["link_id"]; if ($user_level < get_settings('links_minadminlevel')) diff --git a/wp-admin/users.php b/wp-admin/users.php index 6f4eea4dbf..9769301492 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -24,6 +24,9 @@ switch ($action) { case 'adduser': $standalone = 1; require_once('admin-header.php'); + + check_admin_referer() + function filter($value) { return ereg('^[a-zA-Z0-9\_-\|]+$',$value); } @@ -101,6 +104,8 @@ case 'promote': $standalone = 1; require_once('admin-header.php'); + check_admin_referer() + if (empty($_GET['prom'])) { header('Location: users.php'); } @@ -133,6 +138,8 @@ case 'delete': $standalone = 1; require_once('admin-header.php'); + check_admin_referer() + $id = intval($_GET['id']); if (!$id) {