A couple more nonces. #2678

git-svn-id: https://develop.svn.wordpress.org/trunk@3760 602fd350-edb4-49c9-b593-d223f7449a82
2006-05-04 09:20:44 +00:00 · 2006-05-04 09:20:44 +00:00 · 7a2c1664ee
parent fcfda4db13
commit 7a2c1664ee
2 changed files with 4 additions and 2 deletions
--- a/wp-admin/link-import.php
+++ b/wp-admin/link-import.php
@ -24,6 +24,7 @@ switch ($step) {
 <div class="wrap">
 <h2><?php _e('Import your blogroll from another system') ?> </h2>
 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
+<?php wp_nonce_field('import-bookmarks') ?>

 <p><?php _e('If a program or website you use allows you to export your bookmarks or subscriptions as OPML you may import them here.'); ?>
 <div style="width: 70%; margin: auto; height: 8em;">
@ -63,7 +64,7 @@ foreach ($categories as $category) {
            } // end case 0

    case 1: {
-		check_admin_referer();
+		check_admin_referer('import-bookmarks');

                include_once('admin-header.php');
                if ( !current_user_can('manage_links') )
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@ -32,7 +32,7 @@ break;

 case 'update':

-check_admin_referer();
+check_admin_referer('update-user' . $user_id);

 if (!current_user_can('edit_users'))
 	$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
@ -74,6 +74,7 @@ if (!current_user_can('edit_users'))
 <h2><?php _e('Edit User'); ?></h2>

 <form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user' . $user_ID) ?>
 <p>
 <input type="hidden" name="from" value="profile" />
 <input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />