WordPress.org
Get WordPress

Make WordPress Core

Changeset 3783


Ignore:
Timestamp:
05/18/2006 06:49:22 AM (20 years ago)
Author:
ryan
Message:

Improvements to the nonce AYS from mdawaffe. #2734

Location:
trunk
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/comment.php

    r3764 r3783  
    22require_once('admin.php');
    33
     4$parent_file = 'edit.php';
     5$submenu_file = 'edit-comments.php';
    46$wpvarstoreset = array('action');
    57
     
    2527case 'editcomment':
    2628    $title = __('Edit Comment');
    27     $parent_file = 'edit.php';
    28     $submenu_file = 'edit-comments.php';
    2929    $editing = true;
    3030    require_once ('admin-header.php');

  • trunk/wp-admin/page.php

    r3759 r3783  
    22require_once('admin.php');
    33
     4$parent_file = 'edit.php';
     5$submenu_file = 'edit-pages.php';
    46$wpvarstoreset = array('action');
    57
     
    5456case 'edit':
    5557    $title = __('Edit');
    56     $parent_file = 'edit.php';
    57     $submenu_file = 'edit-pages.php';
    5858    $editing = true;
    5959    require_once('admin-header.php');

  • trunk/wp-admin/post.php

    r3759 r3783  
    22require_once('admin.php');
    33
     4$parent_file = 'edit.php';
     5$submenu_file = 'edit.php';
    46$wpvarstoreset = array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder' );
    57
     
    2527case 'postajaxpost':
    2628case 'post':
     29    $parent_file = 'post-new.php';
     30    $submenu_file = 'post-new.php';
    2731    check_admin_referer('add-post');
    2832   
     
    5559case 'edit':
    5660    $title = __('Edit');
    57     $parent_file = 'edit.php';
    58     $submenu_file = 'edit.php';
    5961    $editing = true;
    6062    require_once('admin-header.php');

  • trunk/wp-admin/profile-update.php

    r3759 r3783  
    11<?php
    22
     3$parent_file = 'profile.php';
     4$submenu_file = 'profile.php';
    35require_once('admin.php');
    46

  • trunk/wp-admin/wp-admin.css

    r3770 r3783  
    362362}
    363363
    364 .updated {
     364.updated, .confirm {
    365365    background: #CFEBF7 url(images/notice.gif) no-repeat 1em ;
    366366    border: 1px solid #2580B2;

  • trunk/wp-includes/pluggable-functions.php

    r3774 r3783  
    230230if ( !function_exists('check_admin_referer') ) :
    231231function check_admin_referer($action = -1) {
    232     global $pagenow;
     232    global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
    233233    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
    234234    $referer = strtolower($_SERVER['HTTP_REFERER']);
    235235    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
    236236        !(-1 == $action && strstr($referer, $adminurl)) ) {
    237        
    238         $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
    239         $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
    240         $html .= "</head>\n<body>\n";
     237        if ( $referer )
     238            $adminurl = $referer;
     239        $title = __('WordPress Confirmation');
     240        require_once(ABSPATH . '/wp-admin/admin-header.php');
    241241        if ( $_POST ) {
    242242            $q = http_build_query($_POST);
     
    249249            }
    250250            $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
    251             $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
     251            $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
    252252        } else {
    253             $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
     253            $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
    254254        }
    255255        $html .= "</body>\n</html>";
    256 
    257         die($html);
     256        echo $html;
     257        include_once(ABSPATH . '/wp-admin/admin-footer.php');
     258        die();
    258259    }
    259260    do_action('check_admin_referer', $action);
Note: See TracChangeset for help on using the changeset viewer.