Changeset 3934
- Timestamp:
- 06/27/2006 08:06:00 AM (18 years ago)
- Location:
- trunk/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-includes/functions.php
r3919 r3934 1022 1022 } 1023 1023 1024 function wp_explain_nonce($action) { 1025 if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) { 1026 $verb = $matches[1]; 1027 $noun = $matches[2]; 1028 1029 $trans = array(); 1030 $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false); 1031 $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname'); 1032 $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname'); 1033 1034 $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id'); 1035 $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id'); 1036 $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id'); 1037 $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id'); 1038 $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false); 1039 $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false); 1040 1041 $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false); 1042 $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id'); 1043 $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id'); 1044 $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false); 1045 1046 $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false); 1047 $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title'); 1048 $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title'); 1049 1050 $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false); 1051 $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title'); 1052 $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title'); 1053 1054 $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false); 1055 $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false); 1056 $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false); 1057 $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name'); 1058 1059 if ( isset($trans[$verb][$noun]) ) { 1060 if ( !empty($trans[$verb][$noun][1]) ) { 1061 $lookup = $trans[$verb][$noun][1]; 1062 $object = $matches[4]; 1063 if ( 'use_id' != $lookup ) 1064 $object = call_user_func($lookup, $object); 1065 return sprintf($trans[$verb][$noun][0], $object); 1066 } else { 1067 return $trans[$verb][$noun][0]; 1068 } 1069 } 1070 } 1071 1072 return __('Are you sure you want to do this'); 1073 } 1074 1075 function wp_nonce_ays($action) { 1076 global $pagenow, $menu, $submenu, $parent_file, $submenu_file; 1077 1078 $admin_url = get_settings('siteurl') . '/wp-admin'; 1079 if ( wp_get_referer() ) 1080 $admin_url = wp_get_referer(); 1081 1082 $title = __('WordPress Confirmation'); 1083 require_once(ABSPATH . '/wp-admin/admin-header.php'); 1084 // Remove extra layer of slashes. 1085 $_POST = stripslashes_deep($_POST ); 1086 if ( $_POST ) { 1087 $q = http_build_query($_POST); 1088 $q = explode( ini_get('arg_separator.output'), $q); 1089 $html .= "\t<form method='post' action='$pagenow'>\n"; 1090 foreach ( (array) $q as $a ) { 1091 $v = substr(strstr($a, '='), 1); 1092 $k = substr($a, 0, -(strlen($v)+1)); 1093 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 1094 } 1095 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 1096 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 1097 } else { 1098 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 1099 } 1100 $html .= "</body>\n</html>"; 1101 echo $html; 1102 include_once(ABSPATH . '/wp-admin/admin-footer.php'); 1103 } 1104 1024 1105 ?> -
trunk/wp-includes/pluggable.php
r3928 r3934 230 230 if ( !function_exists('check_admin_referer') ) : 231 231 function check_admin_referer($action = -1) { 232 global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;233 232 $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 234 233 $referer = strtolower(wp_get_referer()); 235 234 if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && 236 235 !(-1 == $action && strstr($referer, $adminurl)) ) { 237 if ( $referer ) 238 $adminurl = $referer; 239 $title = __('WordPress Confirmation'); 240 require_once(ABSPATH . '/wp-admin/admin-header.php'); 241 // Remove extra layer of slashes. 242 $_POST = stripslashes_deep($_POST ); 243 if ( $_POST ) { 244 $q = http_build_query($_POST); 245 $q = explode( ini_get('arg_separator.output'), $q); 246 $html .= "\t<form method='post' action='$pagenow'>\n"; 247 foreach ( (array) $q as $a ) { 248 $v = substr(strstr($a, '='), 1); 249 $k = substr($a, 0, -(strlen($v)+1)); 250 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 251 } 252 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 253 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 254 } else { 255 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 256 } 257 $html .= "</body>\n</html>"; 258 echo $html; 259 include_once(ABSPATH . '/wp-admin/admin-footer.php'); 236 wp_nonce_ays($action); 260 237 die(); 261 238 }
Note: See TracChangeset
for help on using the changeset viewer.