WordPress.org

Make WordPress Core

Ticket #5838: 233_nonce_fix.diff

File 233_nonce_fix.diff, 9.8 KB (added by filosofo, 7 years ago)
  • wp-includes/functions.php

     
    11231123                $noun = $matches[2]; 
    11241124 
    11251125                $trans = array(); 
    1126                 $trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title'); 
     1126                $trans['update']['attachment'] = array( __( 'Your attempt to edit this attachment: "%s" has failed.' ), 'get_the_title' ); 
    11271127 
    1128                 $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false); 
    1129                 $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname'); 
    1130                 $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname'); 
     1128                $trans['add']['category']      = array( __( 'Your attempt to add this category has failed.' ), false ); 
     1129                $trans['delete']['category']   = array( __( 'Your attempt to delete this category: "%s" has failed.' ), 'get_catname' ); 
     1130                $trans['update']['category']   = array( __( 'Your attempt to edit this category: "%s" has failed.' ), 'get_catname' ); 
    11311131 
    1132                 $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id'); 
    1133                 $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id'); 
    1134                 $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id'); 
    1135                 $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id'); 
    1136                 $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false); 
    1137                 $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false); 
     1132                $trans['delete']['comment']    = array( __( 'Your attempt to delete this comment: "%s" has failed.' ), 'use_id' ); 
     1133                $trans['unapprove']['comment'] = array( __( 'Your attempt to unapprove this comment: "%s" has failed.' ), 'use_id' ); 
     1134                $trans['approve']['comment']   = array( __( 'Your attempt to approve this comment: "%s" has failed.' ), 'use_id' ); 
     1135                $trans['update']['comment']    = array( __( 'Your attempt to edit this comment: "%s" has failed.' ), 'use_id' ); 
     1136                $trans['bulk']['comments']     = array( __( 'Your attempt to bulk modify comments has failed.' ), false ); 
     1137                $trans['moderate']['comments'] = array( __( 'Your attempt to moderate comments has failed.' ), false ); 
    11381138 
    1139                 $trans['add']['bookmark'] = array(__('Are you sure you want to add this link?'), false); 
    1140                 $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this link: "%s"?'), 'use_id'); 
    1141                 $trans['update']['bookmark'] = array(__('Are you sure you want to edit this link: "%s"?'), 'use_id'); 
    1142                 $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify links?'), false); 
     1139                $trans['add']['bookmark']      = array( __( 'Your attempt to add this link has failed.' ), false ); 
     1140                $trans['delete']['bookmark']   = array( __( 'Your attempt to delete this link: "%s" has failed.' ), 'use_id' ); 
     1141                $trans['update']['bookmark']   = array( __( 'Your attempt to edit this link: "%s" has failed.' ), 'use_id' ); 
     1142                $trans['bulk']['bookmarks']    = array( __( 'Your attempt to bulk modify links has failed.' ), false ); 
    11431143 
    1144                 $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false); 
    1145                 $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title'); 
    1146                 $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title'); 
     1144                $trans['add']['page']          = array( __( 'Your attempt to add this page has failed.' ), false ); 
     1145                $trans['delete']['page']       = array( __( 'Your attempt to delete this page: "%s" has failed.' ), 'get_the_title' ); 
     1146                $trans['update']['page']       = array( __( 'Your attempt to edit this page: "%s" has failed.' ), 'get_the_title' ); 
    11471147 
    1148                 $trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id'); 
    1149                 $trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id'); 
    1150                 $trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id'); 
     1148                $trans['edit']['plugin']       = array( __( 'Your attempt to edit this plugin file: "%s" has failed.' ), 'use_id' ); 
     1149                $trans['activate']['plugin']   = array( __( 'Your attempt to activate this plugin: "%s" has failed.' ), 'use_id' ); 
     1150                $trans['deactivate']['plugin'] = array( __( 'Your attempt to deactivate this plugin: "%s" has failed.' ), 'use_id' ); 
    11511151 
    1152                 $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false); 
    1153                 $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title'); 
    1154                 $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title'); 
     1152                $trans['add']['post']          = array( __( 'Your attempt to add this post has failed.' ), false ); 
     1153                $trans['delete']['post']       = array( __( 'Your attempt to delete this post: "%s" has failed.' ), 'get_the_title' ); 
     1154                $trans['update']['post']       = array( __( 'Your attempt to edit this post: "%s" has failed.' ), 'get_the_title' ); 
    11551155 
    1156                 $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false); 
    1157                 $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false); 
    1158                 $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false); 
    1159                 $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name'); 
    1160                 $trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name'); 
     1156                $trans['add']['user']          = array( __( 'Your attempt to add this user has failed.' ), false ); 
     1157                $trans['delete']['users']      = array( __( 'Your attempt to delete users has failed.' ), false ); 
     1158                $trans['bulk']['users']        = array( __( 'Your attempt to bulk modify users has failed.' ), false ); 
     1159                $trans['update']['user']       = array( __( 'Your attempt to edit this user: "%s" has failed.' ), 'get_author_name' ); 
     1160                $trans['update']['profile']    = array( __( 'Your attempt to modify the profile for: "%s" has failed.' ), 'get_author_name' ); 
    11611161 
    1162                 $trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false); 
    1163                 $trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id'); 
    1164                 $trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id'); 
    1165                 $trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id'); 
    1166                 $trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id'); 
     1162                $trans['update']['options']    = array( __( 'Your attempt to edit your settings has failed.' ), false ); 
     1163                $trans['update']['permalink']  = array( __( 'Your attempt to change your permalink structure to: %s has failed.' ), 'use_id' ); 
     1164                $trans['edit']['file']         = array( __( 'Your attempt to edit this file: "%s" has failed.' ), 'use_id' ); 
     1165                $trans['edit']['theme']        = array( __( 'Your attempt to edit this theme file: "%s" has failed.' ), 'use_id' ); 
     1166                $trans['switch']['theme']      = array( __( 'Your attempt to switch to this theme: "%s" has failed.' ), 'use_id' ); 
    11671167 
    11681168                if ( isset($trans[$verb][$noun]) ) { 
    11691169                        if ( !empty($trans[$verb][$noun][1]) ) { 
     
    11821182} 
    11831183 
    11841184function wp_nonce_ays($action) { 
    1185         global $pagenow, $menu, $submenu, $parent_file, $submenu_file; 
    1186  
    1187         $adminurl = get_option('siteurl') . '/wp-admin'; 
     1185        global $pagenow; 
     1186        $title = __( 'WordPress Failure Notice' ); 
     1187        $html .= "\t<div id='message' class='updated fade'>\n\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t<p>"; 
    11881188        if ( wp_get_referer() ) 
    1189                 $adminurl = clean_url(wp_get_referer()); 
    1190  
    1191         $title = __('WordPress Confirmation'); 
    1192         // Remove extra layer of slashes. 
    1193         $_POST   = stripslashes_deep($_POST  ); 
    1194         if ( $_POST ) { 
    1195                 $q = http_build_query($_POST); 
    1196                 $q = explode( ini_get('arg_separator.output'), $q); 
    1197                 $html .= "\t<form method='post' action='" . attribute_escape($pagenow) . "'>\n"; 
    1198                 foreach ( (array) $q as $a ) { 
    1199                         $v = substr(strstr($a, '='), 1); 
    1200                         $k = substr($a, 0, -(strlen($v)+1)); 
    1201                         $html .= "\t\t<input type='hidden' name='" . attribute_escape(urldecode($k)) . "' value='" . attribute_escape(urldecode($v)) . "' />\n"; 
    1202                 } 
    1203                 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 
    1204                 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 
    1205         } else { 
    1206                 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 
    1207         } 
     1189                $html .= "<a href='" . remove_query_arg( 'updated', clean_url( wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>"; 
     1190        $html .= "</p>\n\t</div>\n"; 
    12081191        $html .= "</body>\n</html>"; 
    1209         wp_die($html, $title); 
     1192        wp_die( $html, $title ); 
    12101193} 
    12111194 
    12121195function wp_die( $message, $title = '' ) {