IntenseWebs/WordPress
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add nonce protection for setting/removing featured post image. fixes #13438

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/trunk@14730 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
markjaquith
2010-05-18 22:08:49 +00:00
parent af59c18f45
commit 20cb3ed21b
8 changed files with 18 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
wp-admin/js/post.dev.js
View File

@@ -218,9 +218,9 @@ WPSetThumbnailID = function(id){
}
};
WPRemoveThumbnail = function(){
WPRemoveThumbnail = function(nonce){
$.post(ajaxurl, {
action:"set-post-thumbnail", post_id: $('#post_ID').val(), thumbnail_id: -1, cookie: encodeURIComponent(document.cookie)
action:"set-post-thumbnail", post_id: $('#post_ID').val(), thumbnail_id: -1, _ajax_nonce: nonce, cookie: encodeURIComponent(document.cookie)
}, function(str){
if ( str == '0' ) {
alert( setPostThumbnailL10n.error );

2
wp-admin/js/post.js
View File

File diff suppressed because one or more lines are too long

4
wp-admin/js/set-post-thumbnail.dev.js
View File

@@ -1,9 +1,9 @@
function WPSetAsThumbnail(id){
function WPSetAsThumbnail(id, nonce){
var $link = jQuery('a#wp-post-thumbnail-' + id);
$link.text( setPostThumbnailL10n.saving );
jQuery.post(ajaxurl, {
action:"set-post-thumbnail", post_id: post_id, thumbnail_id: id, cookie: encodeURIComponent(document.cookie)
action:"set-post-thumbnail", post_id: post_id, thumbnail_id: id, _ajax_nonce: nonce, cookie: encodeURIComponent(document.cookie)
}, function(str){
var win = window.dialogArguments || opener || parent || top;
$link.text( setPostThumbnailL10n.setThumbnail );

2
wp-admin/js/set-post-thumbnail.js
View File

@@ -1 +1 @@
function WPSetAsThumbnail(id){var $link=jQuery("a#wp-post-thumbnail-"+id);$link.text(setPostThumbnailL10n.saving);jQuery.post(ajaxurl,{action:"set-post-thumbnail",post_id:post_id,thumbnail_id:id,cookie:encodeURIComponent(document.cookie)},function(str){var win=window.dialogArguments||opener||parent||top;$link.text(setPostThumbnailL10n.setThumbnail);if(str=="0"){alert(setPostThumbnailL10n.error)}else{jQuery("a.wp-post-thumbnail").show();$link.text(setPostThumbnailL10n.done);$link.fadeOut(2000);win.WPSetThumbnailID(id);win.WPSetThumbnailHTML(str)}})};
function WPSetAsThumbnail(id,nonce){var $link=jQuery("a#wp-post-thumbnail-"+id);$link.text(setPostThumbnailL10n.saving);jQuery.post(ajaxurl,{action:"set-post-thumbnail",post_id:post_id,thumbnail_id:id,_ajax_nonce:nonce,cookie:encodeURIComponent(document.cookie)},function(str){var win=window.dialogArguments||opener||parent||top;$link.text(setPostThumbnailL10n.setThumbnail);if(str=="0"){alert(setPostThumbnailL10n.error)}else{jQuery("a.wp-post-thumbnail").show();$link.text(setPostThumbnailL10n.done);$link.fadeOut(2000);win.WPSetThumbnailID(id);win.WPSetThumbnailHTML(str)}})};