diff options
| -rw-r--r-- | wp-admin/wpmu-blogs.php | 1 | ||||
| -rw-r--r-- | wp-admin/wpmu-edit.php | 1 |
2 files changed, 2 insertions, 0 deletions
diff --git a/wp-admin/wpmu-blogs.php b/wp-admin/wpmu-blogs.php index e2c3d61..323ec09 100644 --- a/wp-admin/wpmu-blogs.php +++ b/wp-admin/wpmu-blogs.php @@ -28,6 +28,7 @@ switch( $_GET[ 'action' ] ) { print "<a href='http://{$details[ 'domain' ]}/'>{$details[ 'domain' ]}</a>"; ?> <form name="form1" method="post" action="wpmu-edit.php?action=updateblog"> + <?php wp_nonce_field( "editblog" ); ?> <input type="hidden" name="id" value="<?php echo $_GET[ 'id' ] ?>" /> <table><td valign='top'> <div class="wrap"> diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php index 57f16d5..65a8a23 100644 --- a/wp-admin/wpmu-edit.php +++ b/wp-admin/wpmu-edit.php @@ -139,6 +139,7 @@ switch( $_GET[ 'action' ] ) { if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } + check_admin_referer('editblog'); $options_table_name = $wpmuBaseTablePrefix . $id ."_options"; // themes |