Changeset 14670

Timestamp:

05/15/2010 07:47:03 PM (16 years ago)

Author:

nacin

Message:

Validation and nonce improvements to custom background UI. props ocean90, see #12186.

Location:

trunk/wp-admin

Files:

• custom-background.php (modified) (11 diffs)
• js/custom-background.dev.js (modified) (4 diffs)
• js/custom-background.js (modified) (1 diff)

trunk/wp-admin/custom-background.php

@@ -86 +86 @@
             return;
 
-        check_admin_referer('custom-background');
-
         if ( isset($_POST['reset-background']) ) {
-            remove_theme_mod( 'background_image' );
+            check_admin_referer('custom-background-reset', '_wpnonce-custom-background-reset');
+            remove_theme_mod('background_image');
+            remove_theme_mod('background_image_thumb');
             return;
         }
         if ( isset($_POST['remove-background']) ) {
             // @TODO: Uploaded files are not removed here.
+            check_admin_referer('custom-background-remove', '_wpnonce-custom-background-remove');
             set_theme_mod('background_image', '');
+            set_theme_mod('background_image_thumb', '');
+            return;
         }
 
         if ( isset($_POST['background-repeat']) ) {
+            check_admin_referer('custom-background');
             if ( in_array($_POST['background-repeat'], array('repeat', 'no-repeat', 'repeat-x', 'repeat-y')) )
                 $repeat = $_POST['background-repeat'];
@@ -105 +109 @@
         }
         if ( isset($_POST['background-position']) ) {
+            check_admin_referer('custom-background');
             if ( in_array($_POST['background-position'], array('center', 'right', 'left')) )
                 $position = $_POST['background-position'];
@@ -112 +117 @@
         }
         if ( isset($_POST['background-attachment']) ) {
+            check_admin_referer('custom-background');
             if ( in_array($_POST['background-attachment'], array('fixed', 'scroll')) )
                 $attachment = $_POST['background-attachment'];
@@ -119 +125 @@
         }
         if ( isset($_POST['background-color']) ) {
+            check_admin_referer('custom-background');
             $color = preg_replace('/[^0-9a-fA-F]/', '', $_POST['background-color']);
             if ( strlen($color) == 6 || strlen($color) == 3 )
@@ -157 +164 @@
 <?php
 $background_styles = '';
-if ( get_background_color() ) {
-    $background_styles .= "background-color: #" . get_background_color() . ";";
+if ( $bgcolor = get_background_color() ) {
+    $background_styles .= "background-color: #{$bgcolor};";
 }
 
@@ -164 +171 @@
     $background_styles .= "
     background-image: url(" . get_theme_mod('background_image_thumb', '') . ");
-    background-repeat: ". get_theme_mod('background_repeat', 'no-repeat') . ";
-    background-position: top ". get_theme_mod('background_position', 'left') . ";
-    background-attachment: " . get_theme_mod('background_position', 'fixed') . ";
+    background-repeat: ". get_theme_mod('background_repeat', 'repeat') . ";
+    background-position: ". get_theme_mod('background_position', 'left') . " top;
+    background-attachment: " . get_theme_mod('background_attachment', 'fixed') . ";
     ";
 }
@@ -172 +179 @@
 <div id="custom-background-image" style="<?php echo $background_styles; ?>">
 <?php if ( get_background_image() ) { ?>
-<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" /><br />
-<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" />
+<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" alt="" /><br />
+<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" alt="" />
 <?php } ?>
 <br class="clear" />
@@ -185 +192 @@
 <td><p><?php _e('This will remove the background image. You will not be able to restore any customizations.') ?></p>
 <form method="post" action="">
-<?php wp_nonce_field('custom-background'); ?>
+<?php wp_nonce_field('custom-background-remove', '_wpnonce-custom-background-remove'); ?>
 <input type="submit" class="button" name="remove-background" value="<?php esc_attr_e('Remove Background'); ?>" />
 </form>
@@ -197 +204 @@
 <td><p><?php _e('This will restore the original background image. You will not be able to restore any customizations.') ?></p>
 <form method="post" action="">
-<?php wp_nonce_field('custom-background'); ?>
+<?php wp_nonce_field('custom-background-reset', '_wpnonce-custom-background-reset'); ?>
 <input type="submit" class="button" name="reset-background" value="<?php esc_attr_e('Restore Original Image'); ?>" />
 </form>
 </td>
 </tr>
-</form>
+
 <?php endif; ?>
 <tr valign="top">
 <th scope="row"><?php _e('Upload Image'); ?></th>
-<td><form enctype="multipart/form-data" id="uploadForm" method="post" action="">
+<td><form enctype="multipart/form-data" id="upload-form" method="post" action="">
 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
 <input type="hidden" name="action" value="save" />
-<?php wp_nonce_field('custom-background') ?>
+<?php wp_nonce_field('custom-background-upload', '_wpnonce-custom-background-upload') ?>
 <p class="submit">
 <input type="submit" value="<?php esc_attr_e('Upload'); ?>" />
@@ -300 +307 @@
             return;
 
-        check_admin_referer('custom-background');
+        check_admin_referer('custom-background-upload', '_wpnonce-custom-background-upload');
         $overrides = array('test_form' => false);
         $file = wp_handle_upload($_FILES['import'], $overrides);
@@ -330 +337 @@
         $thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
         set_theme_mod('background_image_thumb', esc_url( $thumbnail[0] ) );
-        
-        set_theme_mod('background_position', get_theme_mod('background_position', 'left') );
-        set_theme_mod('background_repeat', get_theme_mod('background_repeat', 'tile') );
-        set_theme_mod('background-attachment',  get_theme_mod('background_position', 'fixed') );
 
         do_action('wp_create_file_in_uploads', $file, $id); // For replication

trunk/wp-admin/js/custom-background.dev.js

@@ -1 @@
-var buttons = ['#pickcolor'], farbtastic;
+var farbtastic;
 
 function pickColor(color) {
+    farbtastic.setColor(color);
     jQuery('#background-color').val(color);
-    farbtastic.setColor(color);
     jQuery('#custom-background-image').css('background-color', color);
 }
@@ -11 +11 @@
         jQuery('#colorPickerDiv').show();
     });
+
     jQuery('#background-color').keyup(function() {
         var _hex = jQuery('#background-color').val();
@@ -22 +23 @@
             pickColor( hex );
     });
+
     jQuery('input[name="background-position"]').change(function() {
-        jQuery('#custom-background-image').css('background-position', 'top '+jQuery(this).val());
+        jQuery('#custom-background-image').css('background-position', 'top ' + jQuery(this).val());
     });
+
     jQuery('select[name="background-repeat"]').change(function() {
         jQuery('#custom-background-image').css('background-repeat', jQuery(this).val());
+    });
+    
+    jQuery('input[name="background-attachment"]').change(function() {
+        jQuery('#custom-background-image').css('background-attachment', jQuery(this).val());
     });
 
@@ -32 +39 @@
         pickColor(color);
     });
-    pickColor(customBackgroundL10n.backgroundcolor);
+    pickColor(jQuery('#background-color').val());
+
+    jQuery(document).mousedown(function(){
+        jQuery('#colorPickerDiv').each(function(){
+            var display = jQuery(this).css('display');
+            if ( display == 'block' )
+                jQuery(this).fadeOut(2);
+        });
+    });
 });
-
-jQuery(document).mousedown(function(){
-    hide_picker(); // Make the picker disappear if you click outside its div element
-});
-
-function hide_picker(what) {
-    var update = false;
-    jQuery('#colorPickerDiv').each(function(){
-        var id = jQuery(this).attr('id');
-        if ( id == what )
-            return;
-
-        var display = jQuery(this).css('display');
-        if ( display == 'block' )
-            jQuery(this).fadeOut(2);
-    });
-}

trunk/wp-admin/js/custom-background.js

@@ -1 @@
-var buttons=["#pickcolor"],farbtastic;function pickColor(color){jQuery("#background-color").val(color);farbtastic.setColor(color);jQuery("#custom-background-image").css("background-color",color)}jQuery(document).ready(function(){jQuery("#pickcolor").click(function(){jQuery("#colorPickerDiv").show()});jQuery("#background-color").keyup(function(){var _hex=jQuery("#background-color").val();var hex=_hex;if(hex[0]!="#"){hex="#"+hex}hex=hex.replace(/[^#a-fA-F0-9]+/,"");if(hex!=_hex){jQuery("#background-color").val(hex)}if(hex.length==4||hex.length==7){pickColor(hex)}});jQuery('input[name="background-position"]').change(function(){jQuery("#custom-background-image").css("background-position","top "+jQuery(this).val())});jQuery('select[name="background-repeat"]').change(function(){jQuery("#custom-background-image").css("background-repeat",jQuery(this).val())});farbtastic=jQuery.farbtastic("#colorPickerDiv",function(color){pickColor(color)});pickColor(customBackgroundL10n.backgroundcolor)});jQuery(document).mousedown(function(){hide_picker()});function hide_picker(what){var update=false;jQuery("#colorPickerDiv").each(function(){var id=jQuery(this).attr("id");if(id==what){return}var display=jQuery(this).css("display");if(display=="block"){jQuery(this).fadeOut(2)}})};
+var farbtastic;function pickColor(a){farbtastic.setColor(a);jQuery("#background-color").val(a);jQuery("#custom-background-image").css("background-color",a)}jQuery(document).ready(function(){jQuery("#pickcolor").click(function(){jQuery("#colorPickerDiv").show()});jQuery("#background-color").keyup(function(){var b=jQuery("#background-color").val();var a=b;if(a[0]!="#"){a="#"+a}a=a.replace(/[^#a-fA-F0-9]+/,"");if(a!=b){jQuery("#background-color").val(a)}if(a.length==4||a.length==7){pickColor(a)}});jQuery('input[name="background-position"]').change(function(){jQuery("#custom-background-image").css("background-position","top "+jQuery(this).val())});jQuery('select[name="background-repeat"]').change(function(){jQuery("#custom-background-image").css("background-repeat",jQuery(this).val())});jQuery('input[name="background-attachment"]').change(function(){jQuery("#custom-background-image").css("background-attachment",jQuery(this).val())});farbtastic=jQuery.farbtastic("#colorPickerDiv",function(a){pickColor(a)});pickColor(jQuery("#background-color").val());jQuery(document).mousedown(function(){jQuery("#colorPickerDiv").each(function(){var a=jQuery(this).css("display");if(a=="block"){jQuery(this).fadeOut(2)}})})});