diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-07-20 20:06:52 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2006-07-20 20:06:52 +0000 |
commit | 154936342cdacb86d6d921b709c89f184f5bcc2a (patch) | |
tree | 635351cc1627c34109f960d8ccb48cfb6da03a35 /wp-admin/wpmu-edit.php | |
parent | 85215fc32703b0dedf6cb54b8d06942348b1c4a5 (diff) | |
download | wordpress-mu-154936342cdacb86d6d921b709c89f184f5bcc2a.tar.gz wordpress-mu-154936342cdacb86d6d921b709c89f184f5bcc2a.tar.xz wordpress-mu-154936342cdacb86d6d921b709c89f184f5bcc2a.zip |
Nonce the blogs admin page.
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@699 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/wpmu-edit.php')
-rw-r--r-- | wp-admin/wpmu-edit.php | 42 |
1 files changed, 31 insertions, 11 deletions
diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php index 174456e..57f16d5 100644 --- a/wp-admin/wpmu-edit.php +++ b/wp-admin/wpmu-edit.php @@ -207,7 +207,8 @@ switch( $_GET[ 'action' ] ) { if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } - $id = $_GET[ 'id' ]; + check_admin_referer('deleteblog'); + $id = intval( $_REQUEST[ 'id' ] ); if( $id != '0' && $id != '1' ) wpmu_delete_blog( $id, true ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); @@ -216,6 +217,7 @@ switch( $_GET[ 'action' ] ) { if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } + check_admin_referer('allblogs'); if( is_array( $_POST[ 'allblogs' ] ) ) { while( list( $key, $val ) = each( $_POST[ 'allblogs' ] ) ) { if( $val != '0' && $val != '1' ) { @@ -238,40 +240,58 @@ switch( $_GET[ 'action' ] ) { if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } - update_archived( $_GET[ 'id' ], '0' ); + check_admin_referer('activateblog'); + $id = intval( $_REQUEST[ 'id' ] ); + update_archived( $id, '0' ); + do_action( "activate_blog", $id ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); break; case "deactivateblog": if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } - do_action( "deactivate_blog", $_GET[ 'id' ] ); - update_archived( $_GET[ 'id' ], '1' ); + check_admin_referer('deactivateblog'); + $id = intval( $_REQUEST[ 'id' ] ); + do_action( "deactivate_blog", $id ); + update_archived( $id, '1' ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); break; case "unspamblog": if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } - update_blog_status( $_GET[ 'id' ], "spam", '0' ); + check_admin_referer('unspamblog'); + $id = intval( $_REQUEST[ 'id' ] ); + update_blog_status( $id, "spam", '0' ); + do_action( "unspam_blog", $id ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); break; case "spamblog": if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } - do_action( "make_spam_blog", $_GET[ 'id' ] ); - update_blog_status( $_GET[ 'id' ], "spam", '1' ); + check_admin_referer('spamblog'); + $id = intval( $_REQUEST[ 'id' ] ); + do_action( "make_spam_blog", $id ); + update_blog_status( $id, "spam", '1' ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); break; case "mature": - update_blog_status( $_GET[ 'id' ], 'mature', '1' ); - do_action( 'mature_blog', $_GET[ 'id' ] ); + if( is_site_admin() == false ) { + die( __('<p>You do not have permission to access this page.</p>') ); + } + $id = intval( $_REQUEST[ 'id' ] ); + update_blog_status( $id, 'mature', '1' ); + do_action( 'mature_blog', $id ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); break; case "unmature": - update_blog_status( $_GET[ 'id' ], 'mature', '0' ); - do_action( 'unmature_blog', $_GET[ 'id' ] ); + if( is_site_admin() == false ) { + die( __('<p>You do not have permission to access this page.</p>') ); + } + $id = intval( $_REQUEST[ 'id' ] ); + update_blog_status( $id, 'mature', '0' ); + do_action( 'unmature_blog', $id ); wpmu_admin_do_redirect( "wpmu-blogs.php" ); break; case "updateuser": |