diff options
Diffstat (limited to 'wp-inst/wp-admin/theme-editor.php')
| -rw-r--r-- | wp-inst/wp-admin/theme-editor.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/wp-inst/wp-admin/theme-editor.php b/wp-inst/wp-admin/theme-editor.php index 153b04a..dfea183 100644 --- a/wp-inst/wp-admin/theme-editor.php +++ b/wp-inst/wp-admin/theme-editor.php @@ -48,6 +48,8 @@ switch($action) { case 'update': + check_admin_referer('edit-theme_' . $file . $theme); + if ( !current_user_can('edit_themes') ) die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>'); @@ -130,6 +132,7 @@ if ($allowed_files) : if (!$error) { ?> <form name="template" id="template" action="theme-editor.php" method="post"> + <?php wp_nonce_field('edit-theme_' . $file . $theme) ?> <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> <input type="hidden" name="action" value="update" /> <input type="hidden" name="file" value="<?php echo $file ?>" /> |