switch ($action) {
case 'addcat':
{
+ check_admin_referer('add-link-category');
+
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
" '$show_rating', '$show_updated', '$sort_order', '$sort_desc', '$text_before_link', '$text_after_link', \n" .
" '$text_after_all', $list_limit)");
- header('Location: link-categories.php');
+ wp_redirect('link-categories.php');
break;
} // end addcat
case 'Delete':
{
- $cat_id = (int) $_GET['cat_id'];
+ $cat_id = (int) $_GET['cat_id'];
+ check_admin_referer('delete-link-category_' . $cat_id);
+
$cat_name=get_linkcatname($cat_id);
if ($cat_id=="1")
$wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$cat_id'");
$wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$cat_id'");
- header('Location: link-categories.php');
+ wp_redirect('link-categories.php');
break;
} // end delete
case 'Edit':
<h2><?php printf(__('Edit “%s” Category'), wp_specialchars($row->cat_name)); ?></h2>
<form name="editcat" method="post">
+ <?php wp_nonce_field('update-link-category_' . $row->cat_id) ?>
<input type="hidden" name="action" value="editedcat" />
<input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
<fieldset class="options">
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Name:') ?></th>
- <td width="67%"><input name="cat_name" type="text" value="<?php echo wp_specialchars($row->cat_name)?>" size="30" /></td>
+ <td width="67%"><input name="cat_name" type="text" value="<?php echo attribute_escape($row->cat_name)?>" size="30" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Show:') ?></th>
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th width="33%" scope="row"><?php _e('Before Link:') ?></th>
- <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link)?>" /></td>
+ <td width="67%"><input type="text" name="text_before_link" size="45" value="<?php echo wp_specialchars($row->text_before_link,'double')?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('Between Link and Description:') ?></th>
-<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link)?>" /></td>
+<td><input type="text" name="text_after_link" size="45" value="<?php echo wp_specialchars($row->text_after_link,'double')?>" /></td>
</tr>
<tr>
<th scope="row"><?php _e('After Link:') ?></th>
-<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all)?>"/></td>
+<td><input type="text" name="text_after_all" size="45" value="<?php echo wp_specialchars($row->text_after_all,'double')?>"/></td>
</tr>
</table>
</fieldset>
} // end Edit
case "editedcat":
{
+ $cat_id = (int)$_POST["cat_id"];
+ check_admin_referer('update-link-category_' . $cat_id);
+
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
$submit=$_POST["submit"];
if (isset($submit)) {
- $cat_id = (int)$_POST["cat_id"];
-
$cat_name= wp_specialchars($_POST["cat_name"]);
$auto_toggle = $_POST["auto_toggle"];
if ($auto_toggle != 'Y') {
} // end if save
- header("Location: link-categories.php");
+ wp_redirect("link-categories.php");
break;
} // end editcat
default:
. " show_rating, show_updated, sort_order, sort_desc, text_before_link, text_after_link, "
. " text_after_all, list_limit FROM $wpdb->linkcategories ORDER BY cat_id");
$i = 1;
-foreach ($results as $row) {
+foreach ( (array) $results as $row) {
if ($row->list_limit == -1) {
$row->list_limit = __('none');
}
<td><?php echo $row->show_updated == 'Y' ? __('Yes') : __('No') ?></td>
<td><?php echo $row->sort_order ?></td>
<td><?php echo $row->sort_desc == 'Y' ? __('Yes') : __('No') ?></td>
- <td nowrap="nowrap"><?php echo htmlentities($row->text_before_link)?> </td>
- <td nowrap="nowrap"><?php echo htmlentities($row->text_after_link)?> </td>
- <td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
+ <td nowrap="nowrap"><?php echo wp_specialchars($row->text_before_link)?> </td>
+ <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_link)?> </td>
+ <td nowrap="nowrap"><?php echo wp_specialchars($row->text_after_all)?></td>
<td><?php echo $row->list_limit ?></td>
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td>
- <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Delete" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
- </tr>
+ <td>
+ <?php if (1 == $row->cat_id ) {
+ _e('Default');
+ } else { ?>
+ <a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category_' . $row->cat_id) ?>" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), js_escape($row->cat_name)); ?>' );" class="delete"><?php _e('Delete') ?></a>
+ <?php } ?>
+ </td>
+ </tr>
<?php
++$i;
}
</div>
<div class="wrap">
- <form name="addcat" method="post">
+ <form name="addcat" method="post" action="">
+ <?php wp_nonce_field('add-link-category'); ?>
<input type="hidden" name="action" value="addcat" />
<h2><?php _e('Add a Link Category:') ?></h2>
<fieldset class="options">