From 51ce82e5b9f04552261054ddd1b475fca5bf2f18 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Fri, 5 May 2006 09:09:13 +0000
Subject: [PATCH] nonce approve/delete comment confirmations. #2678

git-svn-id: https://develop.svn.wordpress.org/trunk@3764 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/comment.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/wp-admin/comment.php b/wp-admin/comment.php
index 851b5827f4..fa4bd246c4 100644
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -51,6 +51,8 @@ case 'mailapprovecomment':
 	$comment = (int) $_GET['comment'];
 	$p = (int) $_GET['p'];
 	$formaction = 'confirmdeletecomment' == $action ? 'deletecomment' : 'approvecomment';
+	$nonce_action = 'confirmdeletecomment' == $action ? 'delete-comment' : 'approve-comment';
+	$nonce_action .= $comment;
 
 	if ( ! $comment = get_comment($comment) )
 		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
@@ -74,6 +76,7 @@ case 'mailapprovecomment':
 	echo "<p>" . __('Are you sure you want to do that?') . "</p>\n";
 
 	echo "<form action='".get_settings('siteurl')."/wp-admin/comment.php' method='get'>\n";
+	wp_nonce_field($nonce_action);
 	echo "<input type='hidden' name='action' value='$formaction' />\n";
 	if ( 'spam' == $_GET['delete_type'] )
 		echo "<input type='hidden' name='delete_type' value='spam' />\n";