Changeset 3771
- Timestamp:
- 05/11/2006 11:05:45 PM (18 years ago)
- Location:
- branches/2.0
- Files:
-
- 46 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-admin/admin-functions.php
r3748 r3771 644 644 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 645 645 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td> 646 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href=' post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>646 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 647 647 </tr> 648 648 -
branches/2.0/wp-admin/admin.php
r3608 r3771 18 18 update_category_cache(); 19 19 20 get_currentuserinfo();20 wp_get_current_user(); 21 21 22 22 $posts_per_page = get_settings('posts_per_page'); -
branches/2.0/wp-admin/categories.php
r3737 r3771 26 26 case 'addcat': 27 27 28 check_admin_referer( );28 check_admin_referer('add-category'); 29 29 30 30 if ( !current_user_can('manage_categories') ) … … 37 37 38 38 case 'delete': 39 40 check_admin_referer( );39 $cat_ID = (int) $_GET['cat_ID']; 40 check_admin_referer('delete-category' . $cat_ID); 41 41 42 42 if ( !current_user_can('manage_categories') ) 43 43 die (__('Cheatin’ uh?')); 44 44 45 $cat_ID = (int) $_GET['cat_ID'];46 45 $cat_name = get_catname($cat_ID); 47 46 … … 65 64 <h2><?php _e('Edit Category') ?></h2> 66 65 <form name="editcat" action="categories.php" method="post"> 66 <?php wp_nonce_field('update-category' . $category->cat_ID); ?> 67 67 <table class="editform" width="100%" cellspacing="2" cellpadding="5"> 68 68 <tr> … … 97 97 98 98 case 'editedcat': 99 check_admin_referer(); 99 $cat_ID = (int) $_POST['cat_ID']; 100 check_admin_referer('update-category' . $cat_ID); 100 101 101 102 if ( !current_user_can('manage_categories') ) … … 151 152 <h2><?php _e('Add New Category') ?></h2> 152 153 <form name="addcat" id="addcat" action="categories.php" method="post"> 153 154 <?php wp_nonce_field('add-category'); ?> 154 155 <p><?php _e('Name:') ?><br /> 155 156 <input type="text" name="cat_name" value="" /></p> -
branches/2.0/wp-admin/edit-comments.php
r3755 r3771 40 40 <?php 41 41 if ( !empty( $_POST['delete_comments'] ) ) : 42 check_admin_referer( );42 check_admin_referer('bulk-comments'); 43 43 44 44 $i = 0; … … 99 99 if ( current_user_can('edit_post', $comment->comment_post_ID) ) { 100 100 echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>"; 101 echo " | <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Delete Comment') . "</a> — ";101 echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete Comment') . '</a> '; 102 102 } // end if any comments to show 103 103 // Get post title … … 127 127 128 128 if ($comments) { 129 echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 130 <table width="100%" cellpadding="3" cellspacing="3"> 129 echo '<form name="deletecomments" id="deletecomments" action="" method="post"> '; 130 wp_nonce_field('bulk-comments'); 131 echo '<table width="100%" cellpadding="3" cellspacing="3"> 131 132 <tr> 132 133 <th scope="col">*</th> -
branches/2.0/wp-admin/edit-form-advanced.php
r3456 r3771 23 23 $temp_ID = -1 * time(); 24 24 $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />"; 25 wp_nonce_field('add-post'); 25 26 } else { 26 27 $form_action = 'editpost'; 27 28 $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />"; 29 wp_nonce_field('update-post' . $post_ID); 28 30 } 29 31 … … 221 223 if (current_user_can('upload_files')) { 222 224 $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID); 223 $uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";225 $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading'); 224 226 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 225 227 if ( false != $uploading_iframe_src ) -
branches/2.0/wp-admin/edit-form-ajax-cat.php
r3737 r3771 3 3 require_once('admin-functions.php'); 4 4 require_once('admin-db.php'); 5 6 get_currentuserinfo();7 5 8 6 if ( !current_user_can('manage_categories') ) -
branches/2.0/wp-admin/edit-form-comment.php
r3283 r3771 7 7 8 8 <form name="post" action="post.php" method="post" id="post"> 9 <?php wp_nonce_field('update-comment' . $comment->comment_ID) ?> 9 10 <div class="wrap"> 10 11 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" /> -
branches/2.0/wp-admin/edit-link-form.php
r3257 r3771 5 5 $submit_text = __('Save Changes »'); 6 6 $form = '<form action="" method="post" name="editlink" id="editlink">'; 7 $nonce_action = 'update-bookmark' . $link_id; 7 8 } else { 8 9 $editing = false; … … 10 11 $submit_text = __('Add Link »'); 11 12 $form = '<form name="addlink" method="post" action="link-manager.php">'; 13 $nonce_action = 'add-bookmark'; 12 14 } 13 15 … … 34 36 <div class="wrap"> 35 37 <?php echo $form ?> 38 <?php wp_nonce_field($nonce_action); ?> 36 39 <h2><?php echo $heading ?></h2> 37 40 <fieldset class="options"> -
branches/2.0/wp-admin/edit-page-form.php
r3456 r3771 6 6 if (0 == $post_ID) { 7 7 $form_action = 'post'; 8 $nonce_action = 'add-post'; 8 9 $temp_ID = -1 * time(); 9 10 $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />"; 10 11 } else { 11 12 $form_action = 'editpost'; 12 $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />"; 13 $nonce_action = 'update-post' . $post_ID; 14 $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />"; 13 15 } 14 16 … … 24 26 25 27 <?php 28 wp_nonce_field($nonce_action); 29 26 30 if (isset($mode) && 'bookmarklet' == $mode) { 27 31 echo '<input type="hidden" name="mode" value="bookmarklet" />'; … … 187 191 if (current_user_can('upload_files')) { 188 192 $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID); 189 $uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";193 $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading'); 190 194 $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src); 191 195 if ( false != $uploading_iframe_src ) -
branches/2.0/wp-admin/edit-pages.php
r3555 r3771 53 53 <td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td> 54 54 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td> 55 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href=' post.php?action=delete&post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>55 <td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td> 56 56 </tr> 57 57 <?php -
branches/2.0/wp-admin/edit.php
r3757 r3771 211 211 case 'control_delete': 212 212 ?> 213 <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href=' post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>213 <td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td> 214 214 <?php 215 215 break; … … 263 263 if ( current_user_can('edit_post', $post->ID) ) { 264 264 echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>"; 265 echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), wp_specialchars( $comment->comment_author, 1 )) . "')\">" . __('Delete') . "</a> "; 265 echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "');\">" . __('Delete') . '</a> '; 266 266 267 if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) { 267 268 if ('approved' == wp_get_comment_status($comment->comment_ID)) { 268 echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";269 echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> '; 269 270 } else { 270 echo " - <a href=\"post.php?action=approvecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";271 echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '">' . __('Approve') . '</a> '; 271 272 } 272 273 } -
branches/2.0/wp-admin/inline-uploading.php
r3737 r3771 2 2 3 3 require_once('admin.php'); 4 5 check_admin_referer();6 4 7 5 header('Content-Type: text/html; charset=' . get_option('blog_charset')); … … 37 35 case 'delete': 38 36 37 check_admin_referer('inlineuploading'); 38 39 39 if ( !current_user_can('edit_post', (int) $attachment) ) 40 40 die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&all=$all&action=upload\">".__('Go back').'</a>'); … … 42 42 wp_delete_attachment($attachment); 43 43 44 header("Location: " .basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");44 header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start"); 45 45 die; 46 46 47 47 case 'save': 48 49 check_admin_referer('inlineuploading'); 48 50 49 51 $overrides = array('action'=>'save'); … … 101 103 } 102 104 103 header("Location: " .basename(__FILE__)."?post=$post&all=$all&action=view&start=0");105 header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0"); 104 106 die(); 105 107 … … 140 142 141 143 if ( count($attachments) == 0 ) { 142 header("Location: " .basename(__FILE__)."?post=$post&action=upload");144 header("Location: " . basename(__FILE__) ."?post=$post&action=upload" ); 143 145 die; 144 146 } elseif ( count($attachments) > $num ) { … … 214 216 "; 215 217 $send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a> 216 <a onclick=\"return confirm('$__confirmdelete')\" href=\"" .basename(__FILE__)."?action=delete&attachment={$ID}&all=$all&start=$start&post=$post\">$__delete</a>218 <a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&attachment={$ID}&all=$all&start=$start&post=$post", inlineuploading) . "\">$__delete</a> 217 219 <a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a> 218 220 "; … … 642 644 <body> 643 645 <ul id="upload-menu"> 644 <li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) ; ?>?action=upload&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>646 <li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&post=$post&all=$all&start=$start"; ?>"><?php _e('Upload'); ?></a></li> 645 647 <?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?> 646 <li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) ; ?>?action=view&post=<?php echo $post; ?>&all=false"><?php _e('Browse'); ?></a></li>648 <li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=false"; ?>"><?php _e('Browse'); ?></a></li> 647 649 <?php } ?> 648 650 <?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?> 649 <li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) ; ?>?action=view&post=<?php echo $post; ?>&all=true"><?php _e('Browse All'); ?></a></li>651 <li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=true"; ?>"><?php _e('Browse All'); ?></a></li> 650 652 <?php } ?> 651 653 <li> </li> 652 654 <?php if ( $action == 'view' ) { ?> 653 655 <?php if ( false !== $back ) : ?> 654 <li class="spacer"><a href="<?php echo basename(__FILE__) ; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=0" title="<?php _e('First'); ?>">|«</a></li>655 <li><a href="<?php echo basename(__FILE__) ; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $back; ?>"">« <?php _e('Back'); ?></a></li>656 <li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=0"; ?>" title="<?php _e('First'); ?>">|«</a></li> 657 <li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$back"; ?>">« <?php _e('Back'); ?></a></li> 656 658 <?php else : ?> 657 659 <li class="inactive spacer">|«</li> … … 659 661 <?php endif; ?> 660 662 <?php if ( false !== $next ) : ?> 661 <li><a href="<?php echo basename(__FILE__) ; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $next; ?>"><?php _e('Next'); ?> »</a></li>662 <li><a href="<?php echo basename(__FILE__) ; ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&last=true" title="<?php _e('Last'); ?>">»|</a></li>663 <li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$next"; ?>"><?php _e('Next »'); ?></a></li> 664 <li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&last=true"; ?>" title="<?php _e('Last'); ?>">»|</a></li> 663 665 <?php else : ?> 664 666 <li class="inactive"><?php _e('Next'); ?> »</li> … … 698 700 <input type="hidden" name="all" value="<?php echo $all; ?>" /> 699 701 <input type="hidden" name="start" value="<?php echo $start; ?>" /> 702 <?php wp_nonce_field( 'inlineuploading' ); ?> 700 703 <div id="submit"> 701 704 <input type="submit" value="<?php _e('Upload'); ?>" /> -
branches/2.0/wp-admin/link-categories.php
r3737 r3771 27 27 case 'addcat': 28 28 { 29 check_admin_referer( );29 check_admin_referer('add-link-category'); 30 30 31 31 if ( !current_user_can('manage_links') ) … … 83 83 case 'Delete': 84 84 { 85 check_admin_referer();86 87 $cat_id = (int) $_GET['cat_id']; 85 $cat_id = (int) $_GET['cat_id']; 86 check_admin_referer('delete-link-category' . $cat_id); 87 88 88 $cat_name=get_linkcatname($cat_id); 89 89 … … 117 117 118 118 <form name="editcat" method="post"> 119 <?php wp_nonce_field('update-link-category' . $row->cat_id) ?> 119 120 <input type="hidden" name="action" value="editedcat" /> 120 121 <input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" /> … … 204 205 case "editedcat": 205 206 { 206 check_admin_referer(); 207 $cat_id = (int)$_POST["cat_id"]; 208 check_admin_referer('update-link-category' . $cat_id); 207 209 208 210 if ( !current_user_can('manage_links') ) … … 211 213 $submit=$_POST["submit"]; 212 214 if (isset($submit)) { 213 214 $cat_id = (int)$_POST["cat_id"];215 215 216 216 $cat_name= wp_specialchars($_POST["cat_name"]); … … 357 357 <td><?php echo $row->list_limit ?></td> 358 358 <td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td> 359 <td><a href=" link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Delete"onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>359 <td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td> 360 360 </tr> 361 361 <?php … … 372 372 <div class="wrap"> 373 373 <form name="addcat" method="post"> 374 <?php wp_nonce_field('add-link-category'); ?> 374 375 <input type="hidden" name="action" value="addcat" /> 375 376 <h2><?php _e('Add a Link Category:') ?></h2> -
branches/2.0/wp-admin/link-import.php
r3737 r3771 25 25 <h2><?php _e('Import your blogroll from another system') ?> </h2> 26 26 <form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll"> 27 <?php wp_nonce_field('import-bookmarks') ?> 27 28 28 29 <p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?> … … 64 65 65 66 case 1: { 66 check_admin_referer( );67 check_admin_referer('import-bookmarks'); 67 68 68 69 include_once('admin-header.php'); -
branches/2.0/wp-admin/link-manager.php
r3422 r3771 40 40 case 'assign': 41 41 { 42 check_admin_referer();42 check_admin_referer('bulk-bookmarks'); 43 43 44 44 // check the current user's level first. … … 68 68 case 'visibility': 69 69 { 70 check_admin_referer();70 check_admin_referer('bulk-bookmarks'); 71 71 72 72 // check the current user's level first. … … 105 105 case 'move': 106 106 { 107 check_admin_referer();107 check_admin_referer('bulk-bookmarks'); 108 108 109 109 // check the current user's level first. … … 126 126 case 'Add': 127 127 { 128 check_admin_referer();128 check_admin_referer('add-bookmark'); 129 129 130 130 add_link(); … … 136 136 case 'editlink': 137 137 { 138 139 check_admin_referer( );138 $link_id = (int) $_POST['link_id']; 139 check_admin_referer('update-bookmark' . $link_id); 140 140 141 141 if (isset($links_show_cat_id) && ($links_show_cat_id != '')) … … 148 148 $links_show_cat_id = $cat_id; 149 149 150 $link_id = (int) $_POST['link_id'];151 150 edit_link($link_id); 152 151 … … 158 157 case 'Delete': 159 158 { 160 check_admin_referer(); 159 $link_id = (int) $_GET['link_id']; 160 check_admin_referer('delete-bookmark' . $link_id); 161 161 162 162 if ( !current_user_can('manage_links') ) 163 163 die (__("Cheatin' uh ?")); 164 165 $link_id = (int) $_GET['link_id'];166 164 167 165 wp_delete_link($link_id); … … 321 319 <div class="wrap"> 322 320 321 <?php wp_nonce_field('bulk-bookmarks') ?> 323 322 <input type="hidden" name="link_id" value="" /> 324 323 <input type="hidden" name="action" value="" /> … … 384 383 if ($show_buttons) { 385 384 echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>'; 386 echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=Delete"' . " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') .'</a></td>';385 echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>'; 387 386 echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>'; 388 387 } else { 389 388 echo "<td> </td><td> </td><td> </td>\n"; 390 389 } 390 391 391 echo "\n </tr>\n"; 392 392 } -
branches/2.0/wp-admin/list-manipulation.php
r3737 r3771 4 4 require_once('admin-db.php'); 5 5 6 get_currentuserinfo();7 6 if ( !is_user_logged_in() ) 8 7 die('-1'); -
branches/2.0/wp-admin/moderation.php
r3737 r3771 33 33 case 'update': 34 34 35 check_admin_referer( );35 check_admin_referer('moderate-comments'); 36 36 37 37 if ( ! current_user_can('moderate_comments') ) … … 133 133 <h2><?php _e('Moderation Queue') ?></h2> 134 134 <form name="approval" action="moderation.php" method="post"> 135 <?php wp_nonce_field('moderate-comments') ?> 135 136 <input type="hidden" name="action" value="update" /> 136 137 <ol id="the-list" class="commentlist"> -
branches/2.0/wp-admin/options-discussion.php
r3345 r3771 22 22 <h2><?php _e('Discussion Options') ?></h2> 23 23 <form method="post" action="options.php"> 24 <?php wp_nonce_field('update-options') ?> 24 25 <fieldset class="options"> 25 26 <legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend> -
branches/2.0/wp-admin/options-general.php
r3422 r3771 11 11 <h2><?php _e('General Options') ?></h2> 12 12 <form method="post" action="options.php"> 13 <?php wp_nonce_field('update-options') ?> 13 14 <table class="optiontable"> 14 15 <tr valign="top"> -
branches/2.0/wp-admin/options-misc.php
r3437 r3771 12 12 <h2><?php _e('Miscellaneous Options') ?></h2> 13 13 <form method="post" action="options.php"> 14 14 <?php wp_nonce_field('update-options') ?> 15 15 <fieldset class="options"> 16 16 <legend><?php _e('Uploading'); ?></legend> -
branches/2.0/wp-admin/options-permalink.php
r3737 r3771 58 58 $home_path = get_home_path(); 59 59 60 if ( isset($_POST ) ) {61 check_admin_referer( );60 if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) { 61 check_admin_referer('update-permalink'); 62 62 63 63 if ( isset($_POST['permalink_structure']) ) { … … 118 118 ?> 119 119 <form name="form" action="options-permalink.php" method="post"> 120 <?php wp_nonce_field('update-permalink') ?> 120 121 <h3><?php _e('Common options:'); ?></h3> 121 122 <p> … … 166 167 <p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p> 167 168 <form action="options-permalink.php" method="post"> 169 <?php wp_nonce_field('update-permalink') ?> 168 170 <p> 169 171 <textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?> -
branches/2.0/wp-admin/options-reading.php
r3112 r3771 10 10 <div class="wrap"> 11 11 <h2><?php _e('Reading Options') ?></h2> 12 <form name="form1" method="post" action="options.php"> 12 <form name="form1" method="post" action="options.php"> 13 <?php wp_nonce_field('update-options') ?> 14 13 15 <fieldset class="options"> 14 16 <legend><?php _e('Blog Pages') ?></legend> -
branches/2.0/wp-admin/options-writing.php
r3223 r3771 11 11 <h2><?php _e('Writing Options') ?></h2> 12 12 <form method="post" action="options.php"> 13 <?php wp_nonce_field('update-options') ?> 13 14 <table width="100%" cellspacing="2" cellpadding="5" class="editform"> 14 15 <tr valign="top"> -
branches/2.0/wp-admin/options.php
r3413 r3771 30 30 $any_changed = 0; 31 31 32 check_admin_referer( );32 check_admin_referer('update-options'); 33 33 34 34 if (!$_POST['page_options']) { … … 69 69 // If home changed, write rewrite rules to new location. 70 70 $wp_rewrite->flush_rules(); 71 // Get currently logged in user and password.72 get_currentuserinfo();73 71 // Clear cookies for old paths. 74 72 wp_clearcookie(); … … 92 90 <h2><?php _e('All options'); ?></h2> 93 91 <form name="form" action="options.php" method="post"> 92 <?php wp_nonce_field('update-options') ?> 94 93 <input type="hidden" name="action" value="update" /> 95 94 <table width="98%"> -
branches/2.0/wp-admin/page-new.php
r2762 r3771 14 14 if ( current_user_can('edit_pages') ) { 15 15 $action = 'post'; 16 get_currentuserinfo();17 18 16 $post = get_default_post_to_edit(); 19 17 $post->post_status = 'static'; -
branches/2.0/wp-admin/plugin-editor.php
r3737 r3771 35 35 case 'update': 36 36 37 check_admin_referer( );37 check_admin_referer('edit-plugin' . $file); 38 38 39 39 if ( !current_user_can('edit_plugins') ) … … 98 98 <?php if (!$error) { ?> 99 99 <form name="template" id="template" action="plugin-editor.php" method="post"> 100 <?php wp_nonce_field('edit-plugin' . $file) ?> 100 101 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 101 102 <input type="hidden" name="action" value="update" /> -
branches/2.0/wp-admin/plugins.php
r3479 r3771 3 3 4 4 if ( isset($_GET['action']) ) { 5 check_admin_referer();6 7 5 if ('activate' == $_GET['action']) { 6 check_admin_referer('activate-plugin' . $_GET['plugin']); 8 7 $current = get_settings('active_plugins'); 9 8 if (!in_array($_GET['plugin'], $current)) { … … 16 15 header('Location: plugins.php?activate=true'); 17 16 } else if ('deactivate' == $_GET['action']) { 17 check_admin_referer('deactivate-plugin' . $_GET['plugin']); 18 18 $current = get_settings('active_plugins'); 19 19 array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu! … … 99 99 100 100 if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) { 101 $action = "<a href=' plugins.php?action=deactivate&plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";101 $action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>"; 102 102 $plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>"; 103 103 $style .= $style == 'alternate' ? ' active' : 'active'; 104 104 } else { 105 $action = "<a href=' plugins.php?action=activate&plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";105 $action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>"; 106 106 } 107 107 $plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ; -
branches/2.0/wp-admin/post.php
r3737 r3771 31 31 switch($action) { 32 32 case 'post': 33 check_admin_referer( );33 check_admin_referer('add-post'); 34 34 35 35 $post_ID = write_post(); … … 88 88 89 89 case 'editattachment': 90 check_admin_referer();91 92 90 $post_id = (int) $_POST['post_ID']; 91 92 check_admin_referer('update-attachment' . $post_id); 93 93 94 94 // Don't let these be changed … … 106 106 107 107 case 'editpost': 108 check_admin_referer(); 108 $post_ID = (int) $_POST['post_ID']; 109 check_admin_referer('update-post' . $post_ID); 109 110 110 111 $post_ID = edit_post(); … … 131 132 132 133 case 'delete': 133 check_admin_referer();134 135 134 $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); 135 check_admin_referer('delete-post' . $post_id); 136 136 137 137 $post = & get_post($post_id); … … 213 213 214 214 case 'deletecomment': 215 216 check_admin_referer(); 217 218 $comment = (int) $_GET['comment']; 215 $comment = (int) $_GET['comment']; 216 check_admin_referer('delete-comment' . $comment); 217 219 218 $p = (int) $_GET['p']; 220 219 if (isset($_GET['noredir'])) { … … 244 243 245 244 case 'unapprovecomment': 246 247 check_admin_referer(); 248 249 $comment = (int) $_GET['comment']; 245 $comment = (int) $_GET['comment']; 246 check_admin_referer('unapprove-comment' . $comment); 247 250 248 $p = (int) $_GET['p']; 251 249 if (isset($_GET['noredir'])) { … … 272 270 273 271 case 'mailapprovecomment': 274 275 $comment = (int) $_GET['comment'];272 $comment = (int) $_GET['comment']; 273 check_admin_referer('approve-comment' . $comment); 276 274 277 275 if ( ! $comment = get_comment($comment) ) … … 292 290 293 291 case 'approvecomment': 294 295 check_admin_referer(); 296 297 $comment = (int) $_GET['comment']; 292 $comment = (int) $_GET['comment']; 293 check_admin_referer('approve-comment' . $comment); 294 298 295 $p = (int) $_GET['p']; 299 296 if (isset($_GET['noredir'])) { … … 325 322 case 'editedcomment': 326 323 327 check_admin_referer( );324 check_admin_referer('update-comment'); 328 325 329 326 edit_comment(); -
branches/2.0/wp-admin/profile-update.php
r3112 r3771 3 3 require_once('admin.php'); 4 4 5 check_admin_referer( );5 check_admin_referer('update-profile' . $user_ID); 6 6 7 7 if ( !$_POST ) -
branches/2.0/wp-admin/profile.php
r3412 r3771 20 20 <h2><?php _e('Your Profile and Personal Options'); ?></h2> 21 21 <form name="profile" id="your-profile" action="profile-update.php" method="post"> 22 <?php wp_nonce_field('update-profile' . $user_ID) ?> 22 23 <p> 23 24 <input type="hidden" name="from" value="profile" /> -
branches/2.0/wp-admin/templates.php
r3737 r3771 37 37 case 'update': 38 38 39 check_ad imn_referer();39 check_admin_referer('edit-file' . $file); 40 40 41 41 if ( ! current_user_can('edit_files') ) … … 129 129 <?php if (!$error) { ?> 130 130 <form name="template" id="template" action="templates.php" method="post"> 131 <?php wp_nonce_field('edit-file' . $file) ?> 131 132 <div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea> 132 133 <input type="hidden" name="action" value="update" /> -
branches/2.0/wp-admin/theme-editor.php
r3737 r3771 48 48 case 'update': 49 49 50 check_admin_referer( );50 check_admin_referer('edit-theme' . $file . $theme); 51 51 52 52 if ( !current_user_can('edit_themes') ) … … 132 132 ?> 133 133 <form name="template" id="template" action="theme-editor.php" method="post"> 134 <?php wp_nonce_field('edit-theme' . $file . $theme) ?> 134 135 <div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea> 135 136 <input type="hidden" name="action" value="update" /> -
branches/2.0/wp-admin/themes.php
r3476 r3771 3 3 4 4 if ( isset($_GET['action']) ) { 5 check_admin_referer( );5 check_admin_referer('switch-theme' . $_GET['template']); 6 6 7 7 if ('activate' == $_GET['action']) { … … 70 70 $screenshot = $themes[$theme_name]['Screenshot']; 71 71 $stylesheet_dir = $themes[$theme_name]['Stylesheet Dir']; 72 $activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet";72 $activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme' . $template); 73 73 ?> 74 74 <div class="available-theme"> -
branches/2.0/wp-admin/user-edit.php
r3616 r3771 33 33 case 'update': 34 34 35 check_admin_referer( );35 check_admin_referer('update-user' . $user_id); 36 36 37 37 $errors = array(); … … 74 74 75 75 <form name="profile" id="your-profile" action="user-edit.php" method="post"> 76 <?php wp_nonce_field('update-user' . $user_ID) ?> 76 77 <p> 77 78 <input type="hidden" name="from" value="profile" /> -
branches/2.0/wp-admin/users.php
r3483 r3771 12 12 13 13 case 'promote': 14 check_admin_referer( );14 check_admin_referer('bulk-users'); 15 15 16 16 if (empty($_POST['users'])) { … … 40 40 case 'dodelete': 41 41 42 check_admin_referer( );42 check_admin_referer('delete-users'); 43 43 44 44 if ( empty($_POST['users']) ) { … … 73 73 case 'delete': 74 74 75 check_admin_referer( );75 check_admin_referer('bulk-users'); 76 76 77 77 if (empty($_POST['users'])) { … … 87 87 ?> 88 88 <form action="" method="post" name="updateusers" id="updateusers"> 89 <?php wp_nonce_field('delete-users') ?> 89 90 <div class="wrap"> 90 91 <h2><?php _e('Delete Users'); ?></h2> … … 132 133 133 134 case 'adduser': 134 check_admin_referer( );135 check_admin_referer('add-user'); 135 136 136 137 $errors = add_user(); … … 201 202 202 203 <form action="" method="post" name="updateusers" id="updateusers"> 204 <?php wp_nonce_field('bulk-users') ?> 203 205 <div class="wrap"> 204 206 <h2><?php _e('User List by Role'); ?></h2> … … 281 283 <?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?> 282 284 <form action="" method="post" name="adduser" id="adduser"> 285 <?php wp_nonce_field('add-user') ?> 283 286 <table class="editform" width="100%" cellspacing="2" cellpadding="5"> 284 287 <tr> -
branches/2.0/wp-comments-post.php
r3584 r3771 25 25 26 26 // If the user is logged in 27 get_currentuserinfo();28 if ( $user _ID ) :29 $comment_author = $wpdb->escape($user _identity);30 $comment_author_email = $wpdb->escape($user _email);31 $comment_author_url = $wpdb->escape($user _url);27 $user = wp_get_current_user(); 28 if ( $user->ID ) : 29 $comment_author = $wpdb->escape($user->display_name); 30 $comment_author_email = $wpdb->escape($user->user_email); 31 $comment_author_url = $wpdb->escape($user->user_url); 32 32 else : 33 33 if ( get_option('comment_registration') ) … … 37 37 $comment_type = ''; 38 38 39 if ( get_settings('require_name_email') && !$user _ID ) {39 if ( get_settings('require_name_email') && !$user->ID ) { 40 40 if ( 6 > strlen($comment_author_email) || '' == $comment_author ) 41 41 die( __('Error: please fill the required fields (name, email).') ); … … 51 51 $comment_id = wp_new_comment( $commentdata ); 52 52 53 if ( !$user _ID ) :53 if ( !$user->ID ) : 54 54 $comment = get_comment($comment_id); 55 55 setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN); -
branches/2.0/wp-includes/capabilities.php
r3482 r3771 310 310 // Capability checking wrapper around the global $current_user object. 311 311 function current_user_can($capability) { 312 global $current_user;312 $current_user = wp_get_current_user(); 313 313 314 314 $args = array_slice(func_get_args(), 1); -
branches/2.0/wp-includes/classes.php
r3752 r3771 1605 1605 1606 1606 function send_headers() { 1607 global $current_user;1608 1607 @header('X-Pingback: '. get_bloginfo('pingback_url')); 1609 1608 if ( is_user_logged_in() ) … … 1682 1681 1683 1682 function init() { 1684 get_currentuserinfo();1683 wp_get_current_user(); 1685 1684 } 1686 1685 -
branches/2.0/wp-includes/comment-functions.php
r3762 r3771 34 34 $comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date"); 35 35 } 36 37 get_currentuserinfo();38 36 39 37 define('COMMENTS_TEMPLATE', true); -
branches/2.0/wp-includes/functions-compat.php
r3471 r3771 98 98 } 99 99 100 // From php.net 101 if(!function_exists('http_build_query')) { 102 function http_build_query( $formdata, $numeric_prefix = null, $key = null ) { 103 $res = array(); 104 foreach ((array)$formdata as $k=>$v) { 105 $tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k); 106 if ($key) $tmp_key = $key.'['.$tmp_key.']'; 107 $res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) ); 108 } 109 $separator = ini_get('arg_separator.output'); 110 return implode($separator, $res); 111 } 112 } 100 113 ?> -
branches/2.0/wp-includes/functions.php
r3745 r3771 306 306 307 307 function get_user_option( $option, $user = 0 ) { 308 global $wpdb , $current_user;308 global $wpdb; 309 309 310 310 if ( empty($user) ) 311 $user = $current_user;311 $user = wp_get_current_user(); 312 312 else 313 313 $user = get_userdata($user); … … 1148 1148 } 1149 1149 1150 // Setup global user vars. Used by set_current_user() for back compat. 1151 function setup_userdata($user_id = '') { 1152 global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity; 1153 1154 if ( '' == $user_id ) 1155 $user = wp_get_current_user(); 1156 else 1157 $user = new WP_User($user_id); 1158 1159 if ( 0 == $user->ID ) 1160 return; 1161 1162 $userdata = $user->data; 1163 $user_login = $user->user_login; 1164 $user_level = $user->user_level; 1165 $user_ID = $user->ID; 1166 $user_email = $user->user_email; 1167 $user_url = $user->user_url; 1168 $user_pass_md5 = md5($user->user_pass); 1169 $user_identity = $user->display_name; 1170 } 1171 1150 1172 function is_new_day() { 1151 1173 global $day, $previousday; … … 2289 2311 } 2290 2312 2313 function wp_nonce_url($actionurl, $action = -1) { 2314 return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl); 2315 } 2316 2317 function wp_nonce_field($action = -1) { 2318 echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />'; 2319 } 2320 2291 2321 ?> -
branches/2.0/wp-includes/kses.php
r3430 r3771 529 529 530 530 function kses_init() { 531 global $current_user;532 533 531 remove_filter('pre_comment_author', 'wp_filter_kses'); 534 532 remove_filter('pre_comment_content', 'wp_filter_kses'); 535 533 remove_filter('content_save_pre', 'wp_filter_post_kses'); 536 534 remove_filter('title_save_pre', 'wp_filter_kses'); 537 538 if (! defined('XMLRPC_REQUEST') )539 get_currentuserinfo();540 535 541 536 if (current_user_can('unfiltered_html') == false) -
branches/2.0/wp-includes/pluggable-functions.php
r3739 r3771 6 6 if ( !function_exists('set_current_user') ) : 7 7 function set_current_user($id, $name = '') { 8 global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user; 9 10 $current_user = ''; 11 12 $current_user = new WP_User($id, $name); 13 14 $userdata = get_userdatabylogin($user_login); 15 16 $user_login = $userdata->user_login; 17 $user_level = $userdata->user_level; 18 $user_ID = $userdata->ID; 19 $user_email = $userdata->user_email; 20 $user_url = $userdata->user_url; 21 $user_pass_md5 = md5($userdata->user_pass); 22 $user_identity = $userdata->display_name; 8 return wp_set_current_user($id, $name); 9 } 10 endif; 11 12 if ( !function_exists('wp_set_current_user') ) : 13 function wp_set_current_user($id, $name = '') { 14 global $current_user; 15 16 if ( isset($current_user) && ($id == $current_user->ID) ) 17 return $current_user; 18 19 $current_user = new WP_User($id, $name); 20 21 setup_userdata($current_user->ID); 23 22 24 23 do_action('set_current_user'); … … 28 27 endif; 29 28 29 if ( !function_exists('current_user') ) : 30 function wp_get_current_user() { 31 global $current_user; 32 33 get_currentuserinfo(); 34 35 return $current_user; 36 } 37 endif; 30 38 31 39 if ( !function_exists('get_currentuserinfo') ) : 32 40 function get_currentuserinfo() { 33 global $ user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;41 global $current_user; 34 42 35 43 if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST ) 36 44 return false; 45 46 if ( ! empty($current_user) ) 47 return; 37 48 38 49 if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) || 39 50 !wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) { 40 $current_user = new WP_User(0); 41 return false; 42 } 43 $user_login = $_COOKIE[USER_COOKIE]; 44 $userdata = get_userdatabylogin($user_login); 45 $user_level = $userdata->user_level; 46 $user_ID = $userdata->ID; 47 $user_email = $userdata->user_email; 48 $user_url = $userdata->user_url; 49 $user_pass_md5 = md5($userdata->user_pass); 50 $user_identity = $userdata->display_name; 51 52 if ( empty($current_user) ) 53 $current_user = new WP_User($user_ID); 51 wp_set_current_user(0); 52 return false; 53 } 54 55 $user_login = $_COOKIE[USER_COOKIE]; 56 wp_set_current_user(0, $user_login); 54 57 } 55 58 endif; … … 202 205 if ( !function_exists('is_user_logged_in') ) : 203 206 function is_user_logged_in() { 204 global $current_user; 205 206 if ( $current_user->id == 0 ) 207 return false; 207 $user = wp_get_current_user(); 208 209 if ( $user->id == 0 ) 210 return false; 211 208 212 return true; 209 213 } … … 225 229 226 230 if ( !function_exists('check_admin_referer') ) : 227 function check_admin_referer() { 231 function check_admin_referer($action = -1) { 232 global $pagenow; 228 233 $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 229 234 $referer = strtolower($_SERVER['HTTP_REFERER']); 230 if (!strstr($referer, $adminurl)) 231 die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.')); 235 if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) { 236 $html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n"; 237 $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n"; 238 $html .= "</head>\n<body>\n"; 239 if ( $_POST ) { 240 $q = http_build_query($_POST); 241 $q = explode( ini_get('arg_separator.output'), $q); 242 $html .= "\t<form method='post' action='$pagenow'>\n"; 243 foreach ( (array) $q as $a ) { 244 $v = substr(strstr($a, '='), 1); 245 $k = substr($a, 0, -(strlen($v)+1)); 246 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 247 } 248 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 249 $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n"; 250 } else { 251 $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n"; 252 } 253 $html .= "</body>\n</html>"; 254 255 die($html); 256 } 232 257 do_action('check_admin_referer'); 233 } 234 endif; 258 }endif; 235 259 236 260 if ( !function_exists('check_ajax_referer') ) : … … 262 286 header("Location: $location"); 263 287 } 288 endif; 289 290 if ( !function_exists('wp_get_cookie_login') ): 291 function wp_get_cookie_login() { 292 if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ) 293 return false; 294 295 return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]); 296 } 297 264 298 endif; 265 299 … … 445 479 endif; 446 480 481 if ( !function_exists('wp_verify_nonce') ) : 482 function wp_verify_nonce($nonce, $action = -1) { 483 $user = wp_get_current_user(); 484 $uid = $user->id; 485 486 $i = ceil(time() / 43200); 487 488 //Allow for expanding range, but only do one check if we can 489 if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce ) 490 return true; 491 return false; 492 } 493 endif; 494 495 if ( !function_exists('wp_create_nonce') ) : 496 function wp_create_nonce($action = -1) { 497 $user = wp_get_current_user(); 498 $uid = $user->id; 499 500 $i = ceil(time() / 43200); 501 502 return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10); 503 } 504 endif; 505 447 506 ?> -
branches/2.0/wp-includes/registration-functions.php
r3481 r3771 94 94 95 95 function wp_update_user($userdata) { 96 global $wpdb , $current_user;96 global $wpdb; 97 97 98 98 $ID = (int) $userdata['ID']; … … 115 115 116 116 // Update the cookies if the password changed. 117 $current_user = wp_get_current_user(); 117 118 if( $current_user->id == $ID ) { 118 119 if ( isset($plaintext_pass) ) { -
branches/2.0/wp-includes/template-functions-general.php
r3762 r3771 28 28 29 29 function wp_loginout() { 30 global $user_ID; 31 get_currentuserinfo(); 32 33 if ('' == $user_ID) 30 if ( ! is_user_logged_in() ) 34 31 $link = '<a href="' . get_settings('siteurl') . '/wp-login.php">' . __('Login') . '</a>'; 35 32 else … … 41 38 42 39 function wp_register( $before = '<li>', $after = '</li>' ) { 43 global $user_ID; 44 45 get_currentuserinfo(); 46 47 if ( '' == $user_ID && get_settings('users_can_register') ) 48 $link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after; 49 elseif ( '' == $user_ID && !get_settings('users_can_register') ) 50 $link = ''; 51 else 40 41 if ( ! is_user_logged_in() ) { 42 if ( get_settings('users_can_register') ) 43 $link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after; 44 else 45 $link = ''; 46 } else { 52 47 $link = $before . '<a href="' . get_settings('siteurl') . '/wp-admin/">' . __('Site Admin') . '</a>' . $after; 48 } 53 49 54 50 echo apply_filters('register', $link); -
branches/2.0/wp-login.php
r3391 r3771 178 178 $user_pass = $_POST['pwd']; 179 179 $rememberme = $_POST['rememberme']; 180 } elseif ( !empty($_COOKIE) ) { 181 if ( !empty($_COOKIE[USER_COOKIE]) ) 182 $user_login = $_COOKIE[USER_COOKIE]; 183 if ( !empty($_COOKIE[PASS_COOKIE]) ) { 184 $user_pass = $_COOKIE[PASS_COOKIE]; 180 } else { 181 $cookie_login = wp_get_cookie_login(); 182 if ( ! empty($cookie_login) ) { 185 183 $using_cookie = true; 184 $user_login = $cookie_login['login']; 185 $user_pass = $cookie_login['password']; 186 186 } 187 187 }
Note: See TracChangeset
for help on using the changeset viewer.