From 9869401a21a143eb2369beb24d8446d855c41464 Mon Sep 17 00:00:00 2001
From: donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36>
Date: Thu, 27 Jul 2006 12:10:24 +0000
Subject: Nonce fixes

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@711 7be80a69-a1ef-0310-a953-fb0f7c49ff36
---
 wp-admin/wpmu-blogs.php | 32 ++++++++++---------------
 wp-admin/wpmu-edit.php  | 27 ++++++++++++---------
 wp-admin/wpmu-users.php | 63 +++++++++++++++++++++++++++++--------------------
 3 files changed, 66 insertions(+), 56 deletions(-)

(limited to 'wp-admin')

diff --git a/wp-admin/wpmu-blogs.php b/wp-admin/wpmu-blogs.php
index 323ec09..363df32 100644
--- a/wp-admin/wpmu-blogs.php
+++ b/wp-admin/wpmu-blogs.php
@@ -1,7 +1,7 @@
 <?php
 require_once('admin.php');
 
-$title = __('WPMU Admin');
+$title = __('WPMU Admin: Blogs');
 $parent_file = 'wpmu-admin.php';
 require_once('admin-header.php');
 if( is_site_admin() == false ) {
@@ -309,9 +309,6 @@ function check_all_rows() {
 	}
 }
 
-function confirm_action( msg ) {
-	return confirm( msg );
-}
 //  -->
 </script>
 
@@ -404,6 +401,11 @@ if ($blog_list) {
 			}
 		}
 		print "<tr $bgcolour class='$class'>";
+		if( constant( "VHOST" ) == 'yes' ) { 
+			$blogname = str_replace( '.' . $current_site->domain, '', $blog[ 'domain' ] ); 
+		} else { 
+			$blogname = $blog[ 'path' ]; 
+		}
 
 foreach($posts_columns as $column_name=>$column_display_name) {
 
@@ -417,7 +419,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'blogname':
 		?>
-		<td valign='top'><label for='<?php echo $blog[ 'blog_id' ] ?>'><?php if( constant( "VHOST" ) == 'yes' ) { echo str_replace( '.' . $current_site->domain, '', $blog[ 'domain' ] ); } else { echo $blog[ 'path' ]; } ?></label>
+		<td valign='top'><label for='<?php echo $blog[ 'blog_id' ] ?>'><?php echo $blogname ?></label>
 		</td>
 		<?php
 		break;
@@ -461,15 +463,11 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 	case 'control_spam':
 		if( get_blog_status( $blog[ 'blog_id' ], "spam" ) == '1' ) {
 			?>
-			<td valign='top'><form action='wpmu-edit.php?action=unspamblog' method='POST' onSubmit='return confirm_action( "<?php _e("You are about to mark this blog as not spam.") ?>" )'>
-			<?php wp_nonce_field( "unspamblog" ); ?>
-			<input type='hidden' name='id' value='<?php echo $blog[ 'blog_id' ] ?>'><input type='submit' value='<?php _e('Not Spam') ?>'></form></td>
+			<td valign='top'><a class='edit' href="wpmu-edit.php?action=confirm&action2=unspamblog&id=<?php echo $blog[ 'blog_id' ] ?>&msg=<?php echo urlencode( sprintf( __( "You are about to unspam the blog %s" ), $blogname ) ) ?>"><?php _e("Not Spam") ?></a></td>
 			<?php
 		} else {
 			?>
-			<td valign='top'><form action='wpmu-edit.php?action=spamblog' method='POST' onSubmit='return confirm_action( "<?php _e("You are about to mark this blog as spam.") ?>" )'>
-			<?php wp_nonce_field( "spamblog" ); ?>
-			<input type='hidden' name='id' value='<?php echo $blog[ 'blog_id' ] ?>'><input type='submit' value='<?php _e('Spam') ?>'></form></td>
+			<td valign='top'><a class='edit' href="wpmu-edit.php?action=confirm&action2=spamblog&id=<?php echo $blog[ 'blog_id' ] ?>&msg=<?php echo urlencode( sprintf( __( "You are about to mark the blog %s as spam" ), $blogname ) ) ?>"><?php _e("Spam") ?></a></td>
 			<?php
 		}
 		break;
@@ -477,24 +475,18 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 	case 'control_deactivate':
 		if( is_archived( $blog[ 'blog_id' ] ) == '1' ) {
 			?>
-			<td valign='top'><form action='wpmu-edit.php?action=activateblog' method='POST' onSubmit='return confirm_action( "<?php _e("You are about to activate this blog.") ?>" )'>
-			<?php wp_nonce_field( "activateblog" ); ?>
-			<input type='hidden' name='id' value='<?php echo $blog[ 'blog_id' ] ?>'><input type='submit' value='<?php _e('Activate') ?>'></form></td>
+			<td valign='top'><a class='edit' href="wpmu-edit.php?action=confirm&action2=activateblog&id=<?php echo $blog[ 'blog_id' ] ?>&msg=<?php echo urlencode( sprintf( __( "You are about to activate the blog %s" ), $blogname ) ) ?>"><?php _e("Activate") ?></a></td>
 			<?php
 		} else {
 			?>
-			<td valign='top'><form action='wpmu-edit.php?action=deactivateblog' method='POST' onSubmit='return confirm_action( "<?php _e("You are about to deactivate this blog.") ?>" )'>
-			<?php wp_nonce_field( "deactivateblog" ); ?>
-			<input type='hidden' name='id' value='<?php echo $blog[ 'blog_id' ] ?>'><input type='submit' value='<?php _e('Deactivate') ?>'></form></td>
+			<td valign='top'><a class='edit' href="wpmu-edit.php?action=confirm&action2=deactivateblog&id=<?php echo $blog[ 'blog_id' ] ?>&msg=<?php echo urlencode( sprintf( __( "You are about to deactivate the blog %s" ), $blogname ) ) ?>"><?php _e("Deactivate") ?></a></td>
 			<?php
 		}
 		break;
 
 	case 'control_delete':
 		?>
-		<td valign='top'><form action='wpmu-edit.php?action=deleteblog' method='POST' onSubmit='return confirm_action( "<?php _e("You are about to completely delete this blog, its database tables and uploaded files.") ?>" )'>
-		<?php wp_nonce_field( "deleteblog" ); ?>
-		<input type='hidden' name='id' value='<?php echo $blog[ 'blog_id' ] ?>'><input type='submit' value='<?php _e('Delete') ?>'></form></td>
+			<td valign='top'><a class='edit' href="wpmu-edit.php?action=confirm&action2=deleteblog&id=<?php echo $blog[ 'blog_id' ] ?>&msg=<?php echo urlencode( sprintf( __( "You are about to delete the blog %s" ), $blogname ) ) ?>"><?php _e("Delete") ?></a></td>
 		<?php
 		break;
 
diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php
index 65a8a23..a94b70c 100644
--- a/wp-admin/wpmu-edit.php
+++ b/wp-admin/wpmu-edit.php
@@ -5,9 +5,9 @@ do_action( "wpmuadminedit", "" );
 
 $_POST[ 'id' ] = intval( $_POST[ 'id' ] );
 $_GET[ 'id' ] = intval( $_GET[ 'id' ] );
-$id = $_POST[ 'id' ];
+$id = intval( $_REQUEST[ 'id' ] );
 
-switch( $_GET[ 'action' ] ) {
+switch( $_REQUEST[ 'action' ] ) {
 	case "siteoptions":
 		if( is_site_admin() == false ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
@@ -209,7 +209,6 @@ switch( $_GET[ 'action' ] ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
 		check_admin_referer('deleteblog');
-		$id = intval( $_REQUEST[ 'id' ] );
 		if( $id != '0' && $id != '1' )
 			wpmu_delete_blog( $id, true );
 		wpmu_admin_do_redirect( "wpmu-blogs.php" );
@@ -242,7 +241,6 @@ switch( $_GET[ 'action' ] ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
 		check_admin_referer('activateblog');
-		$id = intval( $_REQUEST[ 'id' ] );
 		update_archived( $id, '0' );
 		do_action( "activate_blog", $id );
 		wpmu_admin_do_redirect( "wpmu-blogs.php" );
@@ -252,9 +250,8 @@ switch( $_GET[ 'action' ] ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
 		check_admin_referer('deactivateblog');
-		$id = intval( $_REQUEST[ 'id' ] );
 		do_action( "deactivate_blog", $id );
-		update_archived( $id, '1' );
+		update_blog_status( $id, "archived", '1' );
 		wpmu_admin_do_redirect( "wpmu-blogs.php" );
 	break;
 	case "unspamblog":
@@ -262,17 +259,21 @@ switch( $_GET[ 'action' ] ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
 		check_admin_referer('unspamblog');
-		$id = intval( $_REQUEST[ 'id' ] );
 		update_blog_status( $id, "spam", '0' );
 		do_action( "unspam_blog", $id );
-		wpmu_admin_do_redirect( "wpmu-blogs.php" );
+
+		if( get_blog_status( $wpdb->blogid, "spam" ) == 1 ) {
+			header( "Location: http://{$current_site->domain}{$current_site->path}wp-admin/wpmu-admin.php?updated=true" );
+			die();
+		} else {
+			wpmu_admin_do_redirect( "wpmu-blogs.php" );
+		}
 	break;
 	case "spamblog":
 		if( is_site_admin() == false ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
 		check_admin_referer('spamblog');
-		$id = intval( $_REQUEST[ 'id' ] );
 		do_action( "make_spam_blog", $id );
 		update_blog_status( $id, "spam", '1' );
 		wpmu_admin_do_redirect( "wpmu-blogs.php" );
@@ -281,7 +282,6 @@ switch( $_GET[ 'action' ] ) {
 		if( is_site_admin() == false ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
-		$id = intval( $_REQUEST[ 'id' ] );
 		update_blog_status( $id, 'mature', '1' );
 		do_action( 'mature_blog', $id );
 		wpmu_admin_do_redirect( "wpmu-blogs.php" );
@@ -290,12 +290,12 @@ switch( $_GET[ 'action' ] ) {
 		if( is_site_admin() == false ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
-		$id = intval( $_REQUEST[ 'id' ] );
 		update_blog_status( $id, 'mature', '0' );
 		do_action( 'unmature_blog', $id );
 		wpmu_admin_do_redirect( "wpmu-blogs.php" );
 	break;
     	case "updateuser":
+		check_admin_referer('edituser');
 		if( is_site_admin() == false ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
@@ -336,6 +336,11 @@ switch( $_GET[ 'action' ] ) {
 		}
 		wpmu_admin_do_redirect( "wpmu-themes.php" );
 	break;
+	case "confirm":
+	?>
+		<form action='wpmu-edit.php'><input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>'><input type='hidden' name='id' value='<?php echo wp_specialchars( $_GET[ 'id' ] ) ?>'><?php wp_nonce_field( $_GET[ 'action2' ] ) ?><p><?php echo wp_specialchars( $_GET[ 'msg' ] ) ?></p><input type='submit' value='Confirm'></form>
+	<?php
+	break;
 	default:
 		wpmu_admin_do_redirect( "wpmu-admin.php" );
 	break;
diff --git a/wp-admin/wpmu-users.php b/wp-admin/wpmu-users.php
index dbbc689..3ac294d 100644
--- a/wp-admin/wpmu-users.php
+++ b/wp-admin/wpmu-users.php
@@ -1,37 +1,49 @@
 <?php
 require_once('admin.php');
+$title = __('WPMU Admin: Users');
+$parent_file = 'wpmu-admin.php';
 
-switch( $_GET[ 'action' ] ) {
-	case "delete":
-		$id = intval( $_GET[ 'id' ] );
+$id = intval( $_REQUEST[ 'id' ] );
+
+switch( $_REQUEST[ 'action' ] ) {
+	case "confirm":
+	?>
+		<form action='wpmu-users.php'><input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>'><input type='hidden' name='id' value='<?php echo wp_specialchars( $_GET[ 'id' ] ) ?>'><?php wp_nonce_field( $_GET[ 'action2' ] ) ?><p><?php echo wp_specialchars( $_GET[ 'msg' ] ) ?></p><input type='submit' value='Confirm'></form>
+	<?php
+		die();
+	break;
+	case "deleteuser":
+		check_admin_referer('deleteuser');
 		if( $id != '0' && $id != '1' )
 			wpmu_delete_user($id);
 		wpmu_admin_do_redirect( "wpmu-users.php" );
 		die();
 	break;
 	case "allusers":
+		check_admin_referer('allusers');
 		if( is_site_admin() == false ) {
 			die( __('<p>You do not have permission to access this page.</p>') );
 		}
-	if( is_array( $_POST[ 'allusers' ] ) ) {
-		while( list( $key, $val ) = each( $_POST[ 'allusers' ] ) ) {
-			if( $val != '' && $val != '0' && $val != '1' ) {
-				$user_details = get_userdata( $val );
-				if( $_POST[ 'userfunction' ] == 'delete' ) {
-					wpmu_delete_user($val);
-				} elseif( $_POST[ 'userfunction' ] == 'spam' ) {
-					$blogs = get_blogs_of_user( $val );
-					if( is_array( $blogs ) ) {
-						while( list( $key, $details ) = each( $blogs ) ) { 
-							update_blog_status( $details->userblog_id, "spam", '1' );
-							do_action( "make_spam_blog", $details->userblog_id );
+		if( is_array( $_POST[ 'allusers' ] ) ) {
+			while( list( $key, $val ) = each( $_POST[ 'allusers' ] ) ) {
+				if( $val != '' && $val != '0' && $val != '1' ) {
+					$user_details = get_userdata( $val );
+					if( $_POST[ 'userfunction' ] == 'delete' ) {
+						wpmu_delete_user($val);
+					} elseif( $_POST[ 'userfunction' ] == 'spam' ) {
+						$blogs = get_blogs_of_user( $val );
+						if( is_array( $blogs ) ) {
+							while( list( $key, $details ) = each( $blogs ) ) { 
+								update_blog_status( $details->userblog_id, "spam", '1' );
+								do_action( "make_spam_blog", $details->userblog_id );
+							}
 						}
 					}
 				}
 			}
 		}
-	}
-	wpmu_admin_do_redirect( "wpmu-users.php" );
+		wpmu_admin_do_redirect( "wpmu-users.php" );
+		die();
 	break;
 }
 
@@ -61,17 +73,19 @@ switch( $_GET[ 'action' ] ) {
     ?>
     <table><td valign='top'>
     <form name="form1" method="post" action="wpmu-edit.php?action=updateuser"> 
-    <input type="hidden" name="id" value="<?php echo $_GET[ 'id' ] ?>" /> 
+    <input type="hidden" name="action" value="updateuser" /> 
+    <input type="hidden" name="id" value="<?php echo intval( $_GET[ 'id' ] ) ?>" /> 
+    <?php wp_nonce_field( "edituser" ); ?>
     <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 
     <?php
     unset( $userdetails[0][ 'ID' ] );
     while( list( $key, $val ) = each( $userdetails[0] ) ) { 
-    ?>
+    	?>
 	<tr valign="top"> 
 	<th width="33%" scope="row"><?php echo ucwords( str_replace( "_", " ", $key ) ) ?></th> 
 	<td><input name="option[<?php echo $key ?>]" type="text" id="<?php echo $val ?>" value="<?php echo $val ?>" size="40" /></td> 
 	</tr> 
-    <?php
+    	<?php
     }
     ?>
     </table>
@@ -82,13 +96,13 @@ switch( $_GET[ 'action' ] ) {
     while( list( $key, $val ) = each( $usermetadetails ) ) { 
 	if( substr( $val[ 'meta_key' ], -12 ) == 'capabilities' )
 	    return;
-    ?>
+    	?>
 	<tr valign="top"> 
 	<th width="33%" scope="row"><input name="metaname[<?php echo $val[ 'umeta_id' ] ?>]" type="text" id="<?php echo $val[ 'meta_key' ] ?>" value="<?php echo $val[ 'meta_key' ] ?>"></th> 
 	<td><input name="meta[<?php echo $val[ 'umeta_id' ] ?>]" type="text" id="<?php echo $val[ 'meta_value' ] ?>" value="<?php echo addslashes( $val[ 'meta_value' ] ) ?>" size="40" /></td> 
 	<td><input type='checkbox' name='metadelete[<?php echo $val[ 'umeta_id' ] ?>]'></td>
 	</tr> 
-    <?php
+    	<?php
     }
     ?>
     </table>
@@ -111,8 +125,7 @@ switch( $_GET[ 'action' ] ) {
 			$num = intval( $_GET[ 'num' ] );
 		}
 
-		$query = "SELECT * 
-			FROM ".$wpdb->users;
+		$query = "SELECT * FROM ".$wpdb->users;
 		if( $_GET[ 's' ] != '' ) {
 			$search = '%' . addslashes( $_GET['s'] ) . '%';
 			$query .= " WHERE user_login LIKE '$search' OR user_email LIKE '$search'";
@@ -300,7 +313,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
 
 	case 'control_delete':
 		?>
-		<td><?php echo "<a href='wpmu-users.php?action=delete&amp;id=".$user[ 'ID' ]."&amp;redirect=".wpmu_admin_redirect_url()."' class='delete' onclick=\"return confirm('" . sprintf(__("You are about to delete this user?\\n  \'OK\' to delete, \'Cancel\' to stop.") ) . "')\">" . __('Delete') . "</a>"; ?></td>
+		<td><?php echo "<a href='wpmu-users.php?action=confirm&action2=deleteuser&amp;msg=" . urlencode( __("You are about to delete this user.") ) . "&amp;id=".$user[ 'ID' ]."&amp;redirect=".wpmu_admin_redirect_url()."' class='delete')\">" . __('Delete') . "</a>"; ?></td>
 		<?php
 		break;
 
-- 
cgit