Get WordPress

Plugin Directory

Changeset 784566

Timestamp:
10/08/2013 02:29:47 PM (11 years ago)
Author:
dllh
Message:

Adding a nonce to prevent CSRF.

Location:
blogger-importer/trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • blogger-importer/trunk/blogger-importer.php

    r561147 r784566  
    66Author: wordpressdotorg
    77Author URI: http://wordpress.org/
    8 Version: 0.6
     8Version: 0.
    99License: GPLv2
    1010License URI: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
     
    930930            $options = get_option('blogger_importer');
    931931
    932             delete_option('blogger_importer');
    933             $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'");
     932            if ( check_admin_referer( 'clear-blogger-importer', 'clear-blogger-importer-nonce' ) ) {
     933                delete_option('blogger_importer');
     934                $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'");
     935            }
    934936            wp_redirect('?import=blogger');
     937
    935938        }
    936939
     
    984987                    'blogger-importer');
    985988                $submit = esc_attr__('Clear account information', 'blogger-importer');
    986                 echo "<div class='wrap'><h2>$restart</h2><p>$message</p><form method='post' action='?import=blogger&amp;noheader=true'><p class='submit' style='text-align:left;'><input type='submit' class='button' value='$submit' name='restart' /></p></form></div>";
     989                echo "<div class='wrap'><h2>$restart</h2><p>$message</p><form method='post' action='?import=blogger&amp;noheader=true'>";
     990                wp_nonce_field( 'clear-blogger-importer', 'clear-blogger-importer-nonce' );
     991                echo "<p class='submit' style='text-align:left;'><input type='submit' class='button' value='$submit' name='restart' /></p></form></div>";
    987992            }
    988993        }

  • blogger-importer/trunk/readme.txt

    r558095 r784566  
    44Tags: importer, blogger
    55Requires at least: 3.0
    6 Tested up to: 3.4
    7 Stable tag: 0.5
     6Tested up to: 3.
     7Stable tag: 0.
    88License: GPLv2 or later
    99
     
    9696== Changelog ==
    9797
     98
     99
     100
    98101= 0.5 =
    99102* Merged in fix by SergeyBiryukov http://core.trac.wordpress.org/ticket/16012
Note: See TracChangeset for help on using the changeset viewer.