diff options
Diffstat (limited to 'wp-inst/wp-admin/plugins.php')
| -rw-r--r-- | wp-inst/wp-admin/plugins.php | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/wp-inst/wp-admin/plugins.php b/wp-inst/wp-admin/plugins.php index 9f45c10..e289e59 100644 --- a/wp-inst/wp-admin/plugins.php +++ b/wp-inst/wp-admin/plugins.php @@ -9,9 +9,8 @@ if( $menu_perms[ 'plugins' ] != 1 ) return; if ( isset($_GET['action']) ) { - check_admin_referer(); - if ('activate' == $_GET['action']) { + check_admin_referer('activate-plugin_' . $_GET['plugin']); $current = get_settings('active_plugins'); if (!in_array($_GET['plugin'], $current)) { $current[] = trim( $_GET['plugin'] ); @@ -22,6 +21,7 @@ if ( isset($_GET['action']) ) { } header('Location: plugins.php?activate=true'); } else if ('deactivate' == $_GET['action']) { + check_admin_referer('deactivate-plugin_' . $_GET['plugin']); $current = get_settings('active_plugins'); array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! update_option('active_plugins', $current); @@ -85,13 +85,15 @@ if (empty($plugins)) { echo '</p>'; } else { ?> -<table width="100%" cellpadding="3" cellspacing="3"> +<table class="widefat"> + <thead> <tr> - <th><?php _e('Plugin'); ?></th> + <th style="text-align: left"><?php _e('Plugin'); ?></th> <th><?php _e('Version'); ?></th> - <th><?php _e('Description'); ?></th> + <th style="text-align: left"><?php _e('Description'); ?></th> <th><?php _e('Action'); ?></th> </tr> + </thead> <?php $style = ''; @@ -105,11 +107,11 @@ if (empty($plugins)) { $style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate'; if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { - $action = "<a href='plugins.php?action=deactivate&plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>"; + $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin_' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>"; $plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>"; $style .= $style == 'alternate' ? ' active' : 'active'; } else { - $action = "<a href='plugins.php?action=activate&plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; + $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin_' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; } $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; if ($style != '') $style = 'class="' . $style . '"'; |