vhad/wordpress-develop
1
0
Fork 0
mirror of https://github.com/gosticks/wordpress-develop.git synced 2026-06-28 14:20:15 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

nonce-protect comments by users with unfiltered_html cap to prevent xsrf/xss. fixes #3973 for trunk

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@5039 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Mark Jaquith
2007-03-14 23:10:57 +00:00
parent 2f7225192d
commit 096395f366
4 changed files with 22 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
wp-includes/functions.php
View File

@@ -1000,9 +1000,11 @@ function wp_nonce_url($actionurl, $action = -1) {
return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
}
function wp_nonce_field($action = -1) {
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
wp_referer_field();
function wp_nonce_field($action = -1, $name = "_wpnonce", $referer = true) {
$name = attribute_escape($name);
echo '<input type="hidden" name="' . $name . '" value="' . wp_create_nonce($action) . '" />';
if ( $referer )
wp_referer_field();
}
function wp_referer_field() {