Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Improvements to the nonce AYS from mdawaffe. #2734 

git-svn-id: http://svn.automattic.com/wordpress/trunk@3783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-05-18 06:49:22 +00:00
parent 78e403f5fc
commit 8ee6921b49
6 changed files with 22 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-admin/comment.php
View File

@ -1,6 +1,8 @@
<?php
require_once('admin.php');
$parent_file = 'edit.php';
$submenu_file = 'edit-comments.php';
$wpvarstoreset = array('action');
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@ -24,8 +26,6 @@ if ( isset( $_POST['deletecomment'] ) )
switch($action) {
case 'editcomment':
$title = __('Edit Comment');
$parent_file = 'edit.php';
$submenu_file = 'edit-comments.php';
$editing = true;
require_once ('admin-header.php');
@ -202,4 +202,4 @@ default:
include('admin-footer.php');
?>
?>

4
wp-admin/page.php
View File

@ -1,6 +1,8 @@
<?php
require_once('admin.php');
$parent_file = 'edit.php';
$submenu_file = 'edit-pages.php';
$wpvarstoreset = array('action');
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@ -53,8 +55,6 @@ case 'post':
case 'edit':
$title = __('Edit');
$parent_file = 'edit.php';
$submenu_file = 'edit-pages.php';
$editing = true;
require_once('admin-header.php');

6
wp-admin/post.php
View File

@ -1,6 +1,8 @@
<?php
require_once('admin.php');
$parent_file = 'edit.php';
$submenu_file = 'edit.php';
$wpvarstoreset = array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder' );
for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@ -24,6 +26,8 @@ if ( isset( $_POST['deletepost'] ) )
switch($action) {
case 'postajaxpost':
case 'post':
$parent_file = 'post-new.php';
$submenu_file = 'post-new.php';
check_admin_referer('add-post');
$post_ID = 'post' == $action ? write_post() : edit_post();
@ -54,8 +58,6 @@ case 'post':
case 'edit':
$title = __('Edit');
$parent_file = 'edit.php';
$submenu_file = 'edit.php';
$editing = true;
require_once('admin-header.php');

2
wp-admin/profile-update.php
View File

@ -1,5 +1,7 @@
<?php
$parent_file = 'profile.php';
$submenu_file = 'profile.php';
require_once('admin.php');
check_admin_referer('update-profile' . $user_ID);

2
wp-admin/wp-admin.css
View File

@ -361,7 +361,7 @@ form#upload #post_content {
display: none;
}
.updated {
.updated, .confirm {
background: #CFEBF7 url(images/notice.gif) no-repeat 1em ;
border: 1px solid #2580B2;
margin: 1em 5% 10px;

19
wp-includes/pluggable-functions.php
View File

@ -229,15 +229,15 @@ endif;
if ( !function_exists('check_admin_referer') ) :
function check_admin_referer($action = -1) {
global $pagenow;
global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
$referer = strtolower($_SERVER['HTTP_REFERER']);
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
!(-1 == $action && strstr($referer, $adminurl)) ) {
$html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
$html .= "</head>\n<body>\n";
if ( $referer )
$adminurl = $referer;
$title = __('WordPress Confirmation');
require_once(ABSPATH . '/wp-admin/admin-header.php');
if ( $_POST ) {
$q = http_build_query($_POST);
$q = explode( ini_get('arg_separator.output'), $q);
@ -248,13 +248,14 @@ function check_admin_referer($action = -1) {
$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
}
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
} else {
$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
}
$html .= "</body>\n</html>";
die($html);
echo $html;
include_once(ABSPATH . '/wp-admin/admin-footer.php');
die();
}
do_action('check_admin_referer', $action);
}endif;