switch ($action) {
case 'assign':
{
- check_admin_referer();
+ check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if ( !current_user_can('manage_links') )
//userlevel of the owner of the link then we can proceed.
if (count($linkcheck) == 0) {
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
exit;
}
$all_links = join(',', $linkcheck);
$all_links = join(',', $ids_to_change);
$q = $wpdb->query("update $wpdb->links SET link_owner='$newowner' WHERE link_id IN ($all_links)");
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
+ exit;
break;
}
case 'visibility':
{
- check_admin_referer();
+ check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if ( !current_user_can('manage_links') )
//for each link id (in $linkcheck[]): toggle the visibility
if (count($linkcheck) == 0) {
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
exit;
}
$all_links = join(',', $linkcheck);
$q = $wpdb->query("update $wpdb->links SET link_visible='Y' WHERE link_id IN ($all_linkson)");
}
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
+ exit;
break;
}
case 'move':
{
- check_admin_referer();
+ check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if ( !current_user_can('manage_links') )
//for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) {
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
exit;
}
$all_links = join(',', $linkcheck);
// should now have an array of links we can change
$q = $wpdb->query("update $wpdb->links SET link_category='$category' WHERE link_id IN ($all_links)");
- header('Location: ' . $this_file);
+ wp_redirect($this_file);
+ exit();
break;
}
case 'Add':
{
- check_admin_referer();
+ check_admin_referer('add-bookmark');
add_link();
- header('Location: ' . $_SERVER['HTTP_REFERER'] . '?added=true');
+ wp_redirect(wp_get_referer() . '?added=true');
+ exit;
break;
} // end Add
case 'editlink':
{
-
- check_admin_referer();
+ $link_id = (int) $_POST['link_id'];
+ check_admin_referer('update-bookmark_' . $link_id);
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
$cat_id = $links_show_cat_id;
}
$links_show_cat_id = $cat_id;
- $link_id = (int) $_POST['link_id'];
edit_link($link_id);
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
wp_redirect($this_file);
+ exit;
break;
} // end Save
- case 'Delete':
+ case 'delete':
{
- check_admin_referer();
+ $link_id = (int) $_GET['link_id'];
+ check_admin_referer('delete-bookmark_' . $link_id);
if ( !current_user_can('manage_links') )
die (__("Cheatin' uh ?"));
- $link_id = (int) $_GET['link_id'];
-
wp_delete_link($link_id);
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
$links_show_cat_id = $cat_id;
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
wp_redirect($this_file);
+ exit;
break;
} // end Delete
<form name="links" id="links" method="post" action="">
<div class="wrap">
+ <?php wp_nonce_field('bulk-bookmarks') ?>
<input type="hidden" name="link_id" value="" />
<input type="hidden" name="action" value="" />
- <input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
+ <input type="hidden" name="order_by" value="<?php echo attribute_escape($order_by); ?>" />
<input type="hidden" name="cat_id" value="<?php echo (int) $cat_id ?>" />
<table id="the-list-x" width="100%" cellpadding="3" cellspacing="3">
<tr>
$links = $wpdb->get_results($sql);
if ($links) {
foreach ($links as $link) {
- $link->link_name = wp_specialchars($link->link_name);
+ $link->link_name = attribute_escape($link->link_name);
$link->link_category = wp_specialchars($link->link_category);
$link->link_description = wp_specialchars($link->link_description);
- $link->link_url = wp_specialchars($link->link_url);
+ $link->link_url = attribute_escape($link->link_url);
$short_url = str_replace('http://', '', $link->link_url);
$short_url = str_replace('www.', '', $short_url);
if ('/' == substr($short_url, -1))
if ($show_buttons) {
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>';
- echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=Delete"' . " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
+ echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark_' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), js_escape($link->link_name), js_escape($link->link_url)).'\' );">'.__('Delete').'</a></td>';
echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
} else {
echo "<td> </td><td> </td><td> </td>\n";
}
+
echo "\n </tr>\n";
}
}
scripts.mit.edu / autoinstalls / wordpress.git / blobdiff