Move the nonce on the import upload form to the action url so it always arrives even if the post data exceeds post_max_size. Also add some phpdoc. See #10830.

git-svn-id: http://svn.automattic.com/wordpress/trunk@11962 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2009-09-23 06:59:20 +00:00 · 2009-09-23 06:59:20 +00:00 · 7ee91c9aeb
parent 5cc8fc22a9
commit 7ee91c9aeb
1 changed files with 4 additions and 5 deletions
--- a/wp-admin/includes/template.php
+++ b/wp-admin/includes/template.php
@ -2814,11 +2814,11 @@ function wp_max_upload_size() {
 }

 /**
- * {@internal Missing Short Description}}
+ * Outputs the form used by the importers to accept the data to be imported
 *
- * @since unknown
+ * @since 2.0
 *
- * @param unknown_type $action
+ * @param string $action The action attribute for the form.
 */
 function wp_import_upload_form( $action ) {
 	$bytes = apply_filters( 'import_upload_size_limit', wp_max_upload_size() );
@ -2829,9 +2829,8 @@ function wp_import_upload_form( $action ) {
 		<p><strong><?php echo $upload_dir['error']; ?></strong></p></div><?php
 	else :
 ?>
-<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr($action) ?>">
+<form enctype="multipart/form-data" id="import-upload-form" method="post" action="<?php echo esc_attr(wp_nonce_url($action, 'import-upload')); ?>">
 <p>
-<?php wp_nonce_field('import-upload'); ?>
 <label for="upload"><?php _e( 'Choose a file from your computer:' ); ?></label> (<?php printf( __('Maximum size: %s' ), $size ); ?>)
 <input type="file" id="upload" name="import" size="25" />
 <input type="hidden" name="action" value="save" />