WP Merge and new features

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@550 7be80a69-a1ef-0310-a953-fb0f7c49ff36
author: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> 2006-06-07 14:28:14 +0000
committer: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> 2006-06-07 14:28:14 +0000
commit: 9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe (patch)
tree: a0bb93e81f1856204377f936a97a8a285f77f2b7 /wp-inst/wp-admin/inline-uploading.php
parent: 16cdc878fce216364bd57f498baeeb1b94ca8662 (diff)
download: wordpress-mu-9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe.tar.gz
wordpress-mu-9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe.tar.xz
wordpress-mu-9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe.zip
1 files changed, 16 insertions, 11 deletions
diff --git a/wp-inst/wp-admin/inline-uploading.php b/wp-inst/wp-admin/inline-uploading.php
index 1e3b812..601f530 100644
--- a/wp-inst/wp-admin/inline-uploading.php
+++ b/wp-inst/wp-admin/inline-uploading.php
@@ -34,16 +34,20 @@ break;
 
 case 'delete':
 
+check_admin_referer('inlineuploading');
+
 if ( !current_user_can('edit_post', (int) $attachment) )
 	die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&amp;all=$all&amp;action=upload\">".__('Go back').'</a>');
 
 wp_delete_attachment($attachment);
 
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
+header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
 die;
 
 case 'save':
 
+check_admin_referer('inlineuploading');
+
 $overrides = array('action'=>'save');
 
 $file = wp_handle_upload($_FILES['image'], $overrides);
@@ -101,7 +105,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) {
 	add_post_meta($id, '_wp_attachment_metadata', array());
 }
 
-header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
+header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
 die();
 
 case 'upload':
@@ -140,7 +144,7 @@ if ( '' == $sort )
 $attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_type = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
 
 if ( count($attachments) == 0 ) {
-	header("Location: ".basename(__FILE__)."?post=$post&action=upload");
+	header("Location: " . basename(__FILE__) ."?post=$post&action=upload" );
 	die;
 } elseif ( count($attachments) > $num ) {
 	$next = $start + count($attachments) - $num;
@@ -214,7 +218,7 @@ var icon = new Array();
 		</noscript>
 ";
 		$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
-<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post\">$__delete</a>
+<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&amp;attachment={$ID}&amp;all=$all&amp;start=$start&amp;post=$post", inlineuploading) . "\">$__delete</a>
 		<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
 ";
 		$uwidth_sum += 128;
@@ -642,25 +646,25 @@ th {
 </head>
 <body>
 <ul id="upload-menu">
-<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
+<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&amp;post=$post&amp;all=$all&amp;start=$start"; ?>"><?php _e('Upload'); ?></a></li>
 <?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
-<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=false"><?php _e('Browse'); ?></a></li>
+<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=false"; ?>"><?php _e('Browse'); ?></a></li>
 <?php } ?>
 <?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_type = 'attachment'")) { ?>
-<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&amp;post=<?php echo $post; ?>&amp;all=true"><?php _e('Browse All'); ?></a></li>
+<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&amp;post=$post&amp;all=true"; ?>"><?php _e('Browse All'); ?></a></li>
 <?php } ?>
 <li> </li>
 <?php if ( $action == 'view' ) { ?>
 <?php if ( false !== $back ) : ?>
-<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=0" title="<?php _e('First'); ?>">|&laquo;</a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $back; ?>"">&laquo; <?php _e('Back'); ?></a></li>
+<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=0"; ?>" title="<?php _e('First'); ?>">|&laquo;</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$back"; ?>">&laquo; <?php _e('Back'); ?></a></li>
 <?php else : ?>
 <li class="inactive spacer">|&laquo;</li>
 <li class="inactive">&laquo; <?php _e('Back'); ?></li>
 <?php endif; ?>
 <?php if ( false !== $next ) : ?>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;start=<?php echo $next; ?>"><?php _e('Next &raquo;'); ?></a></li>
-<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&amp;post=<?php echo $post; ?>&amp;all=<?php echo $all; ?>&amp;last=true" title="<?php _e('Last'); ?>">&raquo;|</a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;start=$next"; ?>"><?php _e('Next &raquo;'); ?></a></li>
+<li><a href="<?php echo basename(__FILE__) . "?action=$action&amp;post=$post&amp;all=$all&amp;last=true"; ?>" title="<?php _e('Last'); ?>">&raquo;|</a></li>
 <?php else : ?>
 <li class="inactive"><?php _e('Next &raquo;'); ?></li>
 <li class="inactive">&raquo;|</li>
@@ -702,6 +706,7 @@ th {
 <input type="hidden" name="post" value="<?php echo $post; ?>" />
 <input type="hidden" name="all" value="<?php echo $all; ?>" />
 <input type="hidden" name="start" value="<?php echo $start; ?>" />
+<?php wp_nonce_field( 'inlineuploading' ); ?>
 <div id="submit">
 <input type="submit" value="<?php _e('Upload'); ?>" />
 <?php if ( !empty($all) ) : ?>
author	donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>	2006-06-07 14:28:14 +0000
committer	donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>	2006-06-07 14:28:14 +0000
commit	9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe (patch)
tree	a0bb93e81f1856204377f936a97a8a285f77f2b7 /wp-inst/wp-admin/inline-uploading.php
parent	16cdc878fce216364bd57f498baeeb1b94ca8662 (diff)
download	wordpress-mu-9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe.tar.gz wordpress-mu-9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe.tar.xz wordpress-mu-9d42ec4ee5db0437e9ad14b793f044fa0f5de8fe.zip