Wordpress 2.0.4-scripts

[autoinstalls/wordpress.git] / wp-admin / theme-editor.php

diff --git a/wp-admin/theme-editor.php b/wp-admin/theme-editor.php
index 8ed51079bb8515c0a1c00cf12383f31e59bb8b0a..b2788cf3a7490bb544cda73e854a7de3f24a9c04 100644 (file)
--- a/wp-admin/theme-editor.php
+++ b/wp-admin/theme-editor.php
@@ -47,6 +47,8 @@ switch($action) {
 
 case 'update':
 
+       check_admin_referer('edit-theme_' . $file . $theme);
+
        if ( !current_user_can('edit_themes') )
        die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
@@ -56,9 +58,9 @@ case 'update':
                $f = fopen($real_file, 'w+');
                fwrite($f, $newcontent);
                fclose($f);
-               header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
+               wp_redirect("theme-editor.php?file=$file&theme=$theme&a=te");
        } else {
-               header("Location: theme-editor.php?file=$file&theme=$theme");
+               wp_redirect("theme-editor.php?file=$file&theme=$theme");
        }
 
        exit();
@@ -129,6 +131,7 @@ if ($allowed_files) :
        if (!$error) {
        ?> 
   <form name="template" id="template" action="theme-editor.php" method="post">
+  <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
                 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
      <input type="hidden" name="file" value="<?php echo $file ?>" />