Changes in trunk/wp-admin/theme-editor.php [4349:3295]

File:

• trunk/wp-admin/theme-editor.php (modified) (8 diffs)

trunk/wp-admin/theme-editor.php

@@ -5 +5 @@
 $parent_file = 'themes.php';
 
-wp_reset_vars(array('action', 'redirect', 'profile', 'error', 'warning', 'a', 'file', 'theme'));
+$wpvarstoreset = array('action','redirect','profile','error','warning','a','file', 'theme');
+for ($i=0; $i<count($wpvarstoreset); $i += 1) {
+    $wpvar = $wpvarstoreset[$i];
+    if (!isset($$wpvar)) {
+        if (empty($_POST["$wpvar"])) {
+            if (empty($_GET["$wpvar"])) {
+                $$wpvar = '';
+            } else {
+                $$wpvar = $_GET["$wpvar"];
+            }
+        } else {
+            $$wpvar = $_POST["$wpvar"];
+        }
+    }
+}
 
 $themes = get_themes();
@@ -17 +31 @@
 
 if ( ! isset($themes[$theme]) )
-    wp_die(__('The requested theme does not exist.'));
+    die(__('The requested theme does not exist.'));
 
 $allowed_files = array_merge($themes[$theme]['Stylesheet Files'], $themes[$theme]['Template Files']);
@@ -34 +48 @@
 case 'update':
 
-    check_admin_referer('edit-theme_' . $file . $theme);
-
     if ( !current_user_can('edit_themes') )
-        wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');
+    die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
 
     $newcontent = stripslashes($_POST['newcontent']);
@@ -45 +57 @@
         fwrite($f, $newcontent);
         fclose($f);
-        $location = "theme-editor.php?file=$file&theme=$theme&a=te";
+        header("Location: theme-editor.php?file=$file&theme=$theme&a=te");
     } else {
-        $location = "theme-editor.php?file=$file&theme=$theme";
+        header("Location: theme-editor.php?file=$file&theme=$theme");
     }
 
-    $location = wp_kses_no_null($location);
-    $strip = array('%0d', '%0a');
-    $location = str_replace($strip, '', $location);
-    header("Location: $location");
     exit();
 
@@ -59 +67 @@
 
 default:
-
+    
+    require_once('admin-header.php');
     if ( !current_user_can('edit_themes') )
-        wp_die('<p>'.__('You do not have sufficient permissions to edit themes for this blog.').'</p>');
-
-    require_once('admin-header.php');
+    die('<p>'.__('You have do not have sufficient permissions to edit themes for this blog.').'</p>');
 
     update_recently_edited($file);
-
+    
     if (!is_file($real_file))
         $error = 1;
-
+    
     if (!$error && filesize($real_file) > 0) {
         $f = fopen($real_file, 'r');
@@ -94 +101 @@
 ?>
  </select>
- <input type="submit" name="Submit" value="<?php _e('Select &raquo;') ?>" class="button" />
+ <input type="submit" name="Submit" value="<?php _e('Select') ?> &raquo;" />
  </form>
  </div>
@@ -123 +130 @@
     ?> 
   <form name="template" id="template" action="theme-editor.php" method="post">
-  <?php wp_nonce_field('edit-theme_' . $file . $theme) ?>
          <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 
      <input type="hidden" name="action" value="update" /> 
@@ -132 +138 @@
      <p class="submit">
 <?php
-    echo "<input type='submit' name='submit' value='    " . __('Update File &raquo;') . "' tabindex='2' />";
+    echo "<input type='submit' name='submit' value='    " . __('Update File') . " &raquo;' tabindex='2' />";
 ?>
 </p>