using check_admin_referer for moves/deletions
git-svn-id: http://svn.automattic.com/wordpress/trunk@1300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
0dbe04e28e
commit
f70ae04419
|
@ -85,6 +85,8 @@ switch ($action) {
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer();
|
||||||
|
|
||||||
// check the current user's level first.
|
// check the current user's level first.
|
||||||
if ($user_level < get_settings('links_minadminlevel'))
|
if ($user_level < get_settings('links_minadminlevel'))
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
@ -116,6 +118,8 @@ switch ($action) {
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer();
|
||||||
|
|
||||||
// check the current user's level first.
|
// check the current user's level first.
|
||||||
if ($user_level < get_settings('links_minadminlevel'))
|
if ($user_level < get_settings('links_minadminlevel'))
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
@ -153,6 +157,9 @@ switch ($action) {
|
||||||
{
|
{
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer();
|
||||||
|
|
||||||
// check the current user's level first.
|
// check the current user's level first.
|
||||||
if ($user_level < get_settings('links_minadminlevel'))
|
if ($user_level < get_settings('links_minadminlevel'))
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
@ -175,6 +182,8 @@ switch ($action) {
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer();
|
||||||
|
|
||||||
$link_url = $_POST['linkurl'];
|
$link_url = $_POST['linkurl'];
|
||||||
$link_name = $_POST['name'];
|
$link_name = $_POST['name'];
|
||||||
$link_image = $_POST['image'];
|
$link_image = $_POST['image'];
|
||||||
|
@ -222,6 +231,8 @@ switch ($action) {
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer();
|
||||||
|
|
||||||
$link_id = $_POST['link_id'];
|
$link_id = $_POST['link_id'];
|
||||||
$link_url = $_POST['linkurl'];
|
$link_url = $_POST['linkurl'];
|
||||||
$link_name = $_POST['name'];
|
$link_name = $_POST['name'];
|
||||||
|
@ -265,6 +276,8 @@ switch ($action) {
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer();
|
||||||
|
|
||||||
$link_id = $_GET["link_id"];
|
$link_id = $_GET["link_id"];
|
||||||
|
|
||||||
if ($user_level < get_settings('links_minadminlevel'))
|
if ($user_level < get_settings('links_minadminlevel'))
|
||||||
|
|
|
@ -24,6 +24,9 @@ switch ($action) {
|
||||||
case 'adduser':
|
case 'adduser':
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
require_once('admin-header.php');
|
require_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer()
|
||||||
|
|
||||||
function filter($value) {
|
function filter($value) {
|
||||||
return ereg('^[a-zA-Z0-9\_-\|]+$',$value);
|
return ereg('^[a-zA-Z0-9\_-\|]+$',$value);
|
||||||
}
|
}
|
||||||
|
@ -101,6 +104,8 @@ case 'promote':
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
require_once('admin-header.php');
|
require_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer()
|
||||||
|
|
||||||
if (empty($_GET['prom'])) {
|
if (empty($_GET['prom'])) {
|
||||||
header('Location: users.php');
|
header('Location: users.php');
|
||||||
}
|
}
|
||||||
|
@ -133,6 +138,8 @@ case 'delete':
|
||||||
$standalone = 1;
|
$standalone = 1;
|
||||||
require_once('admin-header.php');
|
require_once('admin-header.php');
|
||||||
|
|
||||||
|
check_admin_referer()
|
||||||
|
|
||||||
$id = intval($_GET['id']);
|
$id = intval($_GET['id']);
|
||||||
|
|
||||||
if (!$id) {
|
if (!$id) {
|
||||||
|
|
Loading…
Reference in New Issue