nonce approve/delete comment confirmations. #2678
git-svn-id: http://svn.automattic.com/wordpress/trunk@3764 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
293b3b4dee
commit
8bab10e90d
|
@ -51,6 +51,8 @@ case 'mailapprovecomment':
|
||||||
$comment = (int) $_GET['comment'];
|
$comment = (int) $_GET['comment'];
|
||||||
$p = (int) $_GET['p'];
|
$p = (int) $_GET['p'];
|
||||||
$formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
|
$formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
|
||||||
|
$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment' : 'approve-comment';
|
||||||
|
$nonce_action .= $comment;
|
||||||
|
|
||||||
if ( ! $comment = get_comment($comment) )
|
if ( ! $comment = get_comment($comment) )
|
||||||
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
||||||
|
@ -74,6 +76,7 @@ case 'mailapprovecomment':
|
||||||
echo "<p>" . __('Are you sure you want to do that?') . "</p>\n";
|
echo "<p>" . __('Are you sure you want to do that?') . "</p>\n";
|
||||||
|
|
||||||
echo "<form action='".get_settings('siteurl')."/wp-admin/comment.php' method='get'>\n";
|
echo "<form action='".get_settings('siteurl')."/wp-admin/comment.php' method='get'>\n";
|
||||||
|
wp_nonce_field($nonce_action);
|
||||||
echo "<input type='hidden' name='action' value='$formaction' />\n";
|
echo "<input type='hidden' name='action' value='$formaction' />\n";
|
||||||
if ( 'spam' == $_GET['delete_type'] )
|
if ( 'spam' == $_GET['delete_type'] )
|
||||||
echo "<input type='hidden' name='delete_type' value='spam' />\n";
|
echo "<input type='hidden' name='delete_type' value='spam' />\n";
|
||||||
|
|
Loading…
Reference in New Issue