Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-28 07:07:38 +02:00
Code Issues Projects Releases Wiki Activity

wp_explain_nonce() and wp_nonce_ays(). Props mdawaffe. #2734

Browse Source 
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3936 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-06-27 22:57:49 +00:00
parent 91d8b1f827
commit 928b059aa5
2 changed files with 99 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
wp-includes/functions.php
View File

@ -2350,4 +2350,98 @@ function wp_get_original_referer() {
return false;
}
function wp_explain_nonce($action) {
if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
$verb = $matches[1];
$noun = $matches[2];
$trans = array();
$trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title');
$trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
$trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname');
$trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname');
$trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id');
$trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id');
$trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id');
$trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id');
$trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
$trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
$trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
$trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id');
$trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id');
$trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
$trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
$trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title');
$trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title');
$trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id');
$trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id');
$trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id');
$trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
$trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title');
$trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title');
$trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
$trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
$trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
$trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name');
$trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name');
$trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
$trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
$trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id');
$trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id');
$trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id');
if ( isset($trans[$verb][$noun]) ) {
if ( !empty($trans[$verb][$noun][1]) ) {
$lookup = $trans[$verb][$noun][1];
$object = $matches[4];
if ( 'use_id' != $lookup )
$object = call_user_func($lookup, $object);
return sprintf($trans[$verb][$noun][0], $object);
} else {
return $trans[$verb][$noun][0];
}
}
}
return __('Are you sure you want to do this');
}
function wp_nonce_ays($action) {
global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
$adminurl = get_settings('siteurl') . '/wp-admin';
if ( wp_get_referer() )
$adminurl = wp_get_referer();
$title = __('WordPress Confirmation');
require_once(ABSPATH . '/wp-admin/admin-header.php');
// Remove extra layer of slashes.
$_POST = stripslashes_deep($_POST );
if ( $_POST ) {
$q = http_build_query($_POST);
$q = explode( ini_get('arg_separator.output'), $q);
$html .= "\t<form method='post' action='$pagenow'>\n";
foreach ( (array) $q as $a ) {
$v = substr(strstr($a, '='), 1);
$k = substr($a, 0, -(strlen($v)+1));
$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
}
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
} else {
$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
}
$html .= "</body>\n</html>";
echo $html;
include_once(ABSPATH . '/wp-admin/admin-footer.php');
}
?>

31
wp-includes/pluggable-functions.php
View File

@ -229,37 +229,16 @@ endif;
if ( !function_exists('check_admin_referer') ) :
function check_admin_referer($action = -1) {
global $pagenow;
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
$referer = strtolower(wp_get_referer());
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
!(-1 == $action && strstr($referer, $adminurl)) ) {
$html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
$html .= "</head>\n<body>\n";
// Remove extra layer of slashes.
$_POST = stripslashes_deep($_POST );
if ( $_POST ) {
$q = http_build_query($_POST);
$q = explode( ini_get('arg_separator.output'), $q);
$html .= "\t<form method='post' action='$pagenow'>\n";
foreach ( (array) $q as $a ) {
$v = substr(strstr($a, '='), 1);
$k = substr($a, 0, -(strlen($v)+1));
$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
}
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
} else {
$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
}
$html .= "</body>\n</html>";
die($html);
wp_nonce_ays($action);
die();
}
do_action('check_admin_referer');
}endif;
do_action('check_admin_referer', $action);
}
endif;
if ( !function_exists('check_ajax_referer') ) :
function check_ajax_referer() {