From 0c93cb66be4c315bedd1df8e0d9da5b142c1d6a3 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 22 May 2011 23:18:58 +0000
Subject: [PATCH] Add a nonce.

git-svn-id: http://svn.automattic.com/wordpress/trunk@17992 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/ms-delete-site.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/wp-admin/ms-delete-site.php b/wp-admin/ms-delete-site.php
index 8b26b0b6a..2ae22339b 100644
--- a/wp-admin/ms-delete-site.php
+++ b/wp-admin/ms-delete-site.php
@@ -34,6 +34,8 @@ screen_icon();
 echo '<h2>' . esc_html( $title ) . '</h2>';
 
 if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_POST['confirmdelete'] ) && $_POST['confirmdelete'] == '1' ) {
+	check_admin_referer( 'delete-blog' );
+
 	$hash = wp_generate_password( 20, false );
 	update_option( 'delete_blog_hash', $hash );
 
@@ -68,11 +70,12 @@ Webmaster
 	<p><?php _e( 'Remember, once deleted your site cannot be restored.' ) ?></p>
 
 	<form method="post" name="deletedirect">
+		<?php wp_nonce_field( 'delete-blog' ) ?>
 		<input type="hidden" name="action" value="deleteblog" />
 		<p><input id="confirmdelete" type="checkbox" name="confirmdelete" value="1" /> <label for="confirmdelete"><strong><?php printf( __( "I'm sure I want to permanently disable my site, and I am aware I can never get it back or use %s again." ), is_subdomain_install() ? $current_blog->domain : $current_blog->domain . $current_blog->path ); ?></strong></label></p>
 		<?php submit_button( __( 'Delete My Site Permanently' ) ); ?>
 	</form>
-	<?php
+ 	<?php
 }
 echo '</div>';