Changeset 1032 for trunk/bp-wire/bp-wire-templatetags.php

Timestamp:

02/09/2009 06:52:51 AM (17 years ago)

Author:

apeatling

Message:

Added nonce security checks to all BuddyPress actions. Fixes #454

File:

• trunk/bp-wire/bp-wire-templatetags.php (modified) (1 diff)

trunk/bp-wire/bp-wire-templatetags.php

@@ -304 +304 @@
     if ( ( $wire_posts_template->wire_post->user_id == $bp->loggedin_user->id ) || $bp->is_item_admin ) {
         if ( $bp->wire->slug == $bp->current_component || $bp->profile->slug == $bp->current_component ) {
-            echo apply_filters( 'bp_wire_delete_link', '<a href="' . $bp->displayed_user->domain . $bp->wire->slug . '/delete/' . $wire_posts_template->wire_post->id . '">[' . __('Delete', 'buddypress') . ']</a>' );
+            echo apply_filters( 'bp_wire_delete_link', '<a href="' . wp_nonce_url( $bp->displayed_user->domain . $bp->wire->slug . '/delete/' . $wire_posts_template->wire_post->id, 'bp_wire_delete_link' ) . '">[' . __('Delete', 'buddypress') . ']</a>' );
         } else {
-            echo apply_filters( 'bp_wire_delete_link', '<a href="' . site_url() . '/' . $bp->{$bp->current_component}->slug . '/' . $uri . '/wire/delete/' . $wire_posts_template->wire_post->id . '">[' . __('Delete', 'buddypress') . ']</a>' );
+            echo apply_filters( 'bp_wire_delete_link', '<a href="' . wp_nonce_url( site_url( $bp->{$bp->current_component}->slug . '/' . $uri . '/wire/delete/' . $wire_posts_template->wire_post->id ), 'bp_wire_delete_link' ) . '">[' . __('Delete', 'buddypress') . ']</a>' );
         }
     }