using check_admin_referer for moves/deletions

git-svn-id: http://svn.automattic.com/wordpress/trunk@1300 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
michelvaldrighi 2004-05-17 20:34:05 +00:00
parent 0dbe04e28e
commit f70ae04419
2 changed files with 20 additions and 0 deletions

View File

@ -85,6 +85,8 @@ switch ($action) {
$standalone = 1; $standalone = 1;
include_once('admin-header.php'); include_once('admin-header.php');
check_admin_referer();
// check the current user's level first. // check the current user's level first.
if ($user_level < get_settings('links_minadminlevel')) if ($user_level < get_settings('links_minadminlevel'))
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
@ -116,6 +118,8 @@ switch ($action) {
$standalone = 1; $standalone = 1;
include_once('admin-header.php'); include_once('admin-header.php');
check_admin_referer();
// check the current user's level first. // check the current user's level first.
if ($user_level < get_settings('links_minadminlevel')) if ($user_level < get_settings('links_minadminlevel'))
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
@ -153,6 +157,9 @@ switch ($action) {
{ {
$standalone = 1; $standalone = 1;
include_once('admin-header.php'); include_once('admin-header.php');
check_admin_referer();
// check the current user's level first. // check the current user's level first.
if ($user_level < get_settings('links_minadminlevel')) if ($user_level < get_settings('links_minadminlevel'))
die (__("Cheatin' uh ?")); die (__("Cheatin' uh ?"));
@ -175,6 +182,8 @@ switch ($action) {
$standalone = 1; $standalone = 1;
include_once('admin-header.php'); include_once('admin-header.php');
check_admin_referer();
$link_url = $_POST['linkurl']; $link_url = $_POST['linkurl'];
$link_name = $_POST['name']; $link_name = $_POST['name'];
$link_image = $_POST['image']; $link_image = $_POST['image'];
@ -222,6 +231,8 @@ switch ($action) {
$standalone = 1; $standalone = 1;
include_once('admin-header.php'); include_once('admin-header.php');
check_admin_referer();
$link_id = $_POST['link_id']; $link_id = $_POST['link_id'];
$link_url = $_POST['linkurl']; $link_url = $_POST['linkurl'];
$link_name = $_POST['name']; $link_name = $_POST['name'];
@ -265,6 +276,8 @@ switch ($action) {
$standalone = 1; $standalone = 1;
include_once('admin-header.php'); include_once('admin-header.php');
check_admin_referer();
$link_id = $_GET["link_id"]; $link_id = $_GET["link_id"];
if ($user_level < get_settings('links_minadminlevel')) if ($user_level < get_settings('links_minadminlevel'))

View File

@ -24,6 +24,9 @@ switch ($action) {
case 'adduser': case 'adduser':
$standalone = 1; $standalone = 1;
require_once('admin-header.php'); require_once('admin-header.php');
check_admin_referer()
function filter($value) { function filter($value) {
return ereg('^[a-zA-Z0-9\_-\|]+$',$value); return ereg('^[a-zA-Z0-9\_-\|]+$',$value);
} }
@ -101,6 +104,8 @@ case 'promote':
$standalone = 1; $standalone = 1;
require_once('admin-header.php'); require_once('admin-header.php');
check_admin_referer()
if (empty($_GET['prom'])) { if (empty($_GET['prom'])) {
header('Location: users.php'); header('Location: users.php');
} }
@ -133,6 +138,8 @@ case 'delete':
$standalone = 1; $standalone = 1;
require_once('admin-header.php'); require_once('admin-header.php');
check_admin_referer()
$id = intval($_GET['id']); $id = intval($_GET['id']);
if (!$id) { if (!$id) {