diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php index 28952320b..098287471 100644 --- a/wp-admin/admin-functions.php +++ b/wp-admin/admin-functions.php @@ -709,7 +709,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0, $hierarchy = true) { post_modified); ?> " . __('Edit') . ""; } ?> - " . __('Delete') . ""; } ?> + " . __('Delete') . ""; } ?>

+ cat_ID); ?> @@ -99,7 +99,8 @@ case 'edit': break; case 'editedcat': - check_admin_referer(); + $cat_ID = (int) $_POST['cat_ID']; + check_admin_referer('update-category' . $cat_ID); if ( !current_user_can('manage_categories') ) die (__('Cheatin’ uh?')); @@ -157,6 +158,7 @@ cat_rows();

+


diff --git a/wp-admin/comment.php b/wp-admin/comment.php index d687514c3..851b5827f 100644 --- a/wp-admin/comment.php +++ b/wp-admin/comment.php @@ -89,10 +89,9 @@ case 'mailapprovecomment': break; case 'deletecomment': - - check_admin_referer(); - $comment = (int) $_REQUEST['comment']; + check_admin_referer('delete-comment' . $comment); + $p = (int) $_REQUEST['p']; if ( isset($_REQUEST['noredir']) ) { $noredir = true; @@ -123,10 +122,9 @@ case 'deletecomment': break; case 'unapprovecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('unapprove-comment' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -151,10 +149,9 @@ case 'unapprovecomment': break; case 'approvecomment': - - check_admin_referer(); - $comment = (int) $_GET['comment']; + check_admin_referer('approve-comment' . $comment); + $p = (int) $_GET['p']; if (isset($_GET['noredir'])) { $noredir = true; @@ -184,7 +181,7 @@ case 'approvecomment': case 'editedcomment': - check_admin_referer(); + check_admin_referer('update-comment'); edit_comment(); diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php index de3d814d9..eff027780 100644 --- a/wp-admin/edit-comments.php +++ b/wp-admin/edit-comments.php @@ -51,7 +51,7 @@ function getNumChecked(form)

|

comment_post_ID) ) { echo " " . __('Edit') . ''; - echo ' | comment_author, 1)) . "' );\">" . __('Delete') . ' '; + echo ' | comment_author, 1)) . "' );\">" . __('Delete') . ' '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { - echo ' | ' . __('Unapprove') . ' '; - echo ' | ' . __('Approve') . ' '; + echo ' | ' . __('Unapprove') . ' '; + echo ' | ' . __('Approve') . ' '; } echo " | comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Spam') . " "; } @@ -150,8 +150,9 @@ $post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title; } elseif ('edit' == $mode) { if ($comments) { - echo ' -
+ echo ' '; + wp_nonce_field('bulk-comments'); + echo '
diff --git a/wp-admin/edit-form-advanced.php b/wp-admin/edit-form-advanced.php index 32b41e1f8..b6ea6adf0 100644 --- a/wp-admin/edit-form-advanced.php +++ b/wp-admin/edit-form-advanced.php @@ -22,9 +22,11 @@ if (0 == $post_ID) { $form_action = 'post'; $temp_ID = -1 * time(); $form_extra = ""; + wp_nonce_field('add-post'); } else { $form_action = 'editpost'; $form_extra = ""; + wp_nonce_field('update-post' . $post_ID); } $form_pingback = ''; @@ -173,7 +175,7 @@ else ' . __('This feature requires iframe support.') . ''; diff --git a/wp-admin/edit-form-comment.php b/wp-admin/edit-form-comment.php index fa7752d19..5b28966cf 100644 --- a/wp-admin/edit-form-comment.php +++ b/wp-admin/edit-form-comment.php @@ -6,6 +6,7 @@ $form_extra = "' />\ncomment_ID) ?>
diff --git a/wp-admin/edit-link-form.php b/wp-admin/edit-link-form.php index 849d655cc..06bb201f4 100644 --- a/wp-admin/edit-link-form.php +++ b/wp-admin/edit-link-form.php @@ -2,11 +2,13 @@ if ( ! empty($link_id) ) { $heading = __('Edit Bookmark'); $submit_text = __('Save Changes »'); - $form = ''; + $form = ''; + $nonce_action = 'update-bookmark' . $link_id; } else { $heading = __('Create Bookmark'); $submit_text = __('Add Bookmark »'); $form = ''; + $nonce_action = 'add-bookmark'; } function xfn_check($class, $value = '', $type = 'check') { @@ -31,7 +33,8 @@ function xfn_check($class, $value = '', $type = 'check') {

- + +
diff --git a/wp-admin/edit-page-form.php b/wp-admin/edit-page-form.php index 8b07bae51..a28c62290 100644 --- a/wp-admin/edit-page-form.php +++ b/wp-admin/edit-page-form.php @@ -5,10 +5,12 @@ "; } else { $form_action = 'editpost'; + $nonce_action = 'update-page' . $post_ID; $form_extra = ""; } @@ -23,6 +25,8 @@ $sendto = wp_specialchars( $sendto ); '; } @@ -150,7 +154,7 @@ if ('publish' != $post->post_status || 0 == $post_ID): ' . __('This feature requires iframe support.') . ''; diff --git a/wp-admin/edit.php b/wp-admin/edit.php index b0f6fb4b0..898e99fbb 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -211,7 +211,7 @@ foreach($posts_columns as $column_name=>$column_display_name) { case 'control_delete': ?> -
+ comment_post_ID) ) { echo " " . __('Edit') . ''; - echo ' | comment_author, 1)) . "' );\">" . __('Delete') . ' '; + echo ' | comment_author, 1)) . "' );\">" . __('Delete') . ' '; if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { - echo ' | ' . __('Unapprove') . ' '; - echo ' | ' . __('Approve') . ' '; + echo ' | ' . __('Unapprove') . ' '; + echo ' | ' . __('Approve') . ' '; } - echo " | comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Spam') . " ]"; + echo " | comment_post_ID."&comment=".$comment->comment_ID, 'delete-comment' . $comment->comment_ID) . "\" onclick=\"return deleteSomething( 'comment-as-spam', $comment->comment_ID, '" . sprintf(__("You are about to mark as spam this comment by "%s".\\n"Cancel" to stop, "OK" to mark as spam."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Spam') . " ]"; } // end if any comments to show ?>

diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php index c6ccac165..ceeb38d5e 100644 --- a/wp-admin/inline-uploading.php +++ b/wp-admin/inline-uploading.php @@ -2,7 +2,7 @@ require_once('admin.php'); -check_admin_referer(); +check_admin_referer('inlineuploading'); header('Content-Type: text/html; charset=' . get_option('blog_charset')); @@ -41,7 +41,7 @@ if ( !current_user_can('edit_post', (int) $attachment) ) wp_delete_attachment($attachment); -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start"); +header("Location: ". wp_nonce_url(basename(__FILE__)."?post=$post&all=$all&action=view&start=$start", 'inlineuploading')); die; case 'save': @@ -100,7 +100,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) { add_post_meta($id, '_wp_attachment_metadata', array()); } -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0"); +header("Location: ". wp_nonce_url(basename(__FILE__)."?post=$post&all=$all&action=view&start=0", 'inlineuploading')); die(); case 'upload': @@ -139,7 +139,7 @@ if ( '' == $sort ) $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_type = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A); if ( count($attachments) == 0 ) { - header("Location: ".basename(__FILE__)."?post=$post&action=upload"); + header("Location: ". wp_nonce_url(basename(__FILE__)."?post=$post&action=upload", 'inlineuploading') ); die; } elseif ( count($attachments) > $num ) { $next = $start + count($attachments) - $num; diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index a30c82ce0..43b328766 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -110,6 +110,7 @@ bookmarks ordered by + @@ -175,7 +176,7 @@ if ($links) '.__('Edit').''; - echo ''; + echo ''; echo ''; echo "\n \n"; } diff --git a/wp-admin/link.php b/wp-admin/link.php index df616923f..d7721b49b 100644 --- a/wp-admin/link.php +++ b/wp-admin/link.php @@ -29,7 +29,7 @@ $this_file = 'link-manager.php'; switch ($action) { case 'deletebookmarks' : - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if (!current_user_can('manage_links')) @@ -53,7 +53,7 @@ switch ($action) { break; case 'move' : - check_admin_referer(); + check_admin_referer('bulk-bookmarks'); // check the current user's level first. if (!current_user_can('manage_links')) @@ -72,7 +72,7 @@ switch ($action) { break; case 'add' : - check_admin_referer(); + check_admin_referer('add-bookmark'); add_link(); @@ -80,9 +80,9 @@ switch ($action) { break; case 'save' : - check_admin_referer(); - $link_id = (int) $_POST['link_id']; + check_admin_referer('update-bookmark' . $link_id); + edit_link($link_id); wp_redirect($this_file); @@ -90,13 +90,12 @@ switch ($action) { break; case 'delete' : - check_admin_referer(); + $link_id = (int) $_GET['link_id']; + check_admin_referer('delete-bookmark' . $link_id); if (!current_user_can('manage_links')) die(__("Cheatin' uh ?")); - $link_id = (int) $_GET['link_id']; - wp_delete_link($link_id); wp_redirect($this_file); diff --git a/wp-admin/moderation.php b/wp-admin/moderation.php index 7c195f8f6..fb00bce06 100644 --- a/wp-admin/moderation.php +++ b/wp-admin/moderation.php @@ -32,7 +32,7 @@ switch($action) { case 'update': - check_admin_referer(); + check_admin_referer('moderate-comments'); if ( ! current_user_can('moderate_comments') ) die('

'.__('Your level is not high enough to moderate comments.').'

'); @@ -132,6 +132,7 @@ if ($comments) { ?>

+

    +
    (These settings may be overridden for individual articles.)') ?>
      diff --git a/wp-admin/options-general.php b/wp-admin/options-general.php index 0d48f2cbb..c3c780c6c 100644 --- a/wp-admin/options-general.php +++ b/wp-admin/options-general.php @@ -10,6 +10,7 @@ include('./admin-header.php');

      +
* ' . __('Name') . 'ID) ) { echo "" . __('Delete') . ""; } ?>ID) ) { echo "ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . ""; } ?> link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'
diff --git a/wp-admin/options-misc.php b/wp-admin/options-misc.php index 8e8771c88..6b78dd161 100644 --- a/wp-admin/options-misc.php +++ b/wp-admin/options-misc.php @@ -11,7 +11,7 @@ include('admin-header.php');

- +
diff --git a/wp-admin/options-permalink.php b/wp-admin/options-permalink.php index 3ec746acb..59a40f06e 100644 --- a/wp-admin/options-permalink.php +++ b/wp-admin/options-permalink.php @@ -57,8 +57,8 @@ include('admin-header.php'); $home_path = get_home_path(); -if ( isset($_POST) ) { - check_admin_referer(); +if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) { + check_admin_referer('update-permalink'); if ( isset($_POST['permalink_structure']) ) { $permalink_structure = $_POST['permalink_structure']; @@ -117,6 +117,7 @@ $structures = array( ); ?> +

.htaccess file were writable, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your .htaccess file. Click in the field and press CTRL + a to select all.') ?>

+

diff --git a/wp-admin/options-reading.php b/wp-admin/options-reading.php index 6b9d1e4c4..1254dbad9 100644 --- a/wp-admin/options-reading.php +++ b/wp-admin/options-reading.php @@ -10,6 +10,7 @@ include('admin-header.php');

+
diff --git a/wp-admin/options-writing.php b/wp-admin/options-writing.php index 19e049b81..9bc454ea4 100644 --- a/wp-admin/options-writing.php +++ b/wp-admin/options-writing.php @@ -10,6 +10,7 @@ include('admin-header.php');

+
diff --git a/wp-admin/options.php b/wp-admin/options.php index 9b44a7c0a..8ab7636f3 100644 --- a/wp-admin/options.php +++ b/wp-admin/options.php @@ -29,7 +29,7 @@ switch($action) { case 'update': $any_changed = 0; - check_admin_referer(); + check_admin_referer('update-options'); if (!$_POST['page_options']) { foreach ($_POST as $key => $value) { @@ -89,6 +89,7 @@ default:

+
'.__('You have do not have sufficient permissions to edit templates for this blog.').'

'); @@ -97,6 +97,7 @@ if ($plugin_files) : +
diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 583494813..84dabf2e8 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -2,9 +2,8 @@ require_once('admin.php'); if ( isset($_GET['action']) ) { - check_admin_referer(); - if ('activate' == $_GET['action']) { + check_admin_referer('activate-plugin' . $_GET['plugin']); $current = get_settings('active_plugins'); if (!in_array($_GET['plugin'], $current)) { $current[] = trim( $_GET['plugin'] ); @@ -15,6 +14,7 @@ if ( isset($_GET['action']) ) { } header('Location: plugins.php?activate=true'); } else if ('deactivate' == $_GET['action']) { + check_admin_referer('deactivate-plugin' . $_GET['plugin']); $current = get_settings('active_plugins'); array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! update_option('active_plugins', $current); @@ -98,11 +98,11 @@ if (empty($plugins)) { $style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate'; if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { - $action = "".__('Deactivate').""; + $action = "".__('Deactivate').""; $plugin_data['Title'] = "{$plugin_data['Title']}"; $style .= $style == 'alternate' ? ' active' : 'active'; } else { - $action = "".__('Activate').""; + $action = "".__('Activate').""; } $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; if ($style != '') $style = 'class="' . $style . '"'; diff --git a/wp-admin/post.php b/wp-admin/post.php index 16802e348..82cb8a453 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -24,7 +24,7 @@ if ( isset( $_POST['deletepost'] ) ) switch($action) { case 'postajaxpost': case 'post': - check_admin_referer(); + check_admin_referer('add-post'); $post_ID = 'post' == $action ? write_post() : edit_post(); @@ -78,10 +78,10 @@ case 'edit': break; case 'editattachment': - check_admin_referer(); - $post_id = (int) $_POST['post_ID']; + check_admin_referer('update-attachment' . $post_id); + // Don't let these be changed unset($_POST['guid']); $_POST['post_type'] = 'attachment'; @@ -96,7 +96,8 @@ case 'editattachment': add_post_meta($post_id, '_wp_attachment_metadata', $newmeta); case 'editpost': - check_admin_referer(); + $post_ID = (int) $_POST['post_ID']; + check_admin_referer('update-post' . $post_ID); $post_ID = edit_post(); @@ -121,9 +122,8 @@ case 'editpost': break; case 'delete': - check_admin_referer(); - $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); + check_admin_referer('delete-post' . $post_id); $post = & get_post($post_id); diff --git a/wp-admin/profile-update.php b/wp-admin/profile-update.php index 4a500e2c8..58efdb08c 100644 --- a/wp-admin/profile-update.php +++ b/wp-admin/profile-update.php @@ -2,7 +2,7 @@ require_once('admin.php'); -check_admin_referer(); +check_admin_referer('update-profile' . $user_ID); if ( !$_POST ) die( __('No post?') ); diff --git a/wp-admin/profile.php b/wp-admin/profile.php index 1966cef87..5b5f07412 100644 --- a/wp-admin/profile.php +++ b/wp-admin/profile.php @@ -19,6 +19,7 @@ $bookmarklet_height= 440;

+

diff --git a/wp-admin/templates.php b/wp-admin/templates.php index 48da99663..e57a78e4e 100644 --- a/wp-admin/templates.php +++ b/wp-admin/templates.php @@ -36,7 +36,7 @@ switch($action) { case 'update': - check_admin_referer(); + check_admin_referer('edit-file' . $file); if ( ! current_user_can('edit_files') ) die('

'.__('You do not have sufficient permissions to edit templates for this blog.').'

'); @@ -128,6 +128,7 @@ endif;
+
diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php index cf0065ef5..ca105a904 100644 --- a/wp-admin/theme-editor.php +++ b/wp-admin/theme-editor.php @@ -47,7 +47,7 @@ switch($action) { case 'update': - check_admin_referer(); + check_admin_referer('edit-theme' . $file . $theme); if ( !current_user_can('edit_themes') ) die('

'.__('You have do not have sufficient permissions to edit templates for this blog.').'

'); @@ -131,6 +131,7 @@ if ($allowed_files) : if (!$error) { ?> +
diff --git a/wp-admin/themes.php b/wp-admin/themes.php index 5a3bd980d..07229bf2d 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -2,7 +2,7 @@ require_once('admin.php'); if ( isset($_GET['action']) ) { - check_admin_referer(); + check_admin_referer('switch-theme' . $_GET['template']); if ('activate' == $_GET['action']) { if ( isset($_GET['template']) ) @@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) { $author = $themes[$theme_name]['Author']; $screenshot = $themes[$theme_name]['Screenshot']; $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir']; - $activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet"; + $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme' . $template); ?>

diff --git a/wp-admin/users.php b/wp-admin/users.php index 890e7e100..cb5959652 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -11,7 +11,7 @@ $update = ''; switch ($action) { case 'promote': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -39,7 +39,7 @@ break; case 'dodelete': - check_admin_referer(); + check_admin_referer('delete-users'); if ( empty($_POST['users']) ) { header('Location: users.php'); @@ -72,7 +72,7 @@ break; case 'delete': - check_admin_referer(); + check_admin_referer('bulk-users'); if (empty($_POST['users'])) { header('Location: users.php'); @@ -86,6 +86,7 @@ case 'delete': include ('admin-header.php'); ?> +

@@ -131,7 +132,7 @@ case 'delete': break; case 'adduser': - check_admin_referer(); + check_admin_referer('add-user'); $user_id = add_user(); if ( is_wp_error( $user_id ) ) @@ -205,6 +206,7 @@ default: ?> +

@@ -257,6 +259,7 @@ default:

'.sprintf(__('Users can register themselves or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'

'; ?> +