Make WordPress Core

Changeset 3934


Ignore:
Timestamp:
06/27/2006 08:06:00 AM (18 years ago)
Author:
ryan
Message:

wp_explain_nonce() and wp_nonce_ays(). Props mdawaffe. #2734

Location:
trunk/wp-includes
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/functions.php

    r3919 r3934  
    10221022}
    10231023
     1024function wp_explain_nonce($action) {
     1025    if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
     1026        $verb = $matches[1];
     1027        $noun = $matches[2];
     1028
     1029        $trans = array();
     1030        $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
     1031        $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname');
     1032        $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname');
     1033
     1034        $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id');
     1035        $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id');
     1036        $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id');
     1037        $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id');
     1038        $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
     1039        $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
     1040
     1041        $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
     1042        $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id');
     1043        $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id');
     1044        $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
     1045
     1046        $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
     1047        $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title');
     1048        $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title');
     1049
     1050        $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
     1051        $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title');
     1052        $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title');
     1053
     1054        $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
     1055        $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
     1056        $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
     1057        $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name');
     1058
     1059        if ( isset($trans[$verb][$noun]) ) {
     1060            if ( !empty($trans[$verb][$noun][1]) ) {
     1061                $lookup = $trans[$verb][$noun][1];
     1062                $object = $matches[4];
     1063                if ( 'use_id' != $lookup )
     1064                    $object = call_user_func($lookup, $object);
     1065                return sprintf($trans[$verb][$noun][0], $object);
     1066            } else {
     1067                return $trans[$verb][$noun][0];
     1068            }
     1069        }
     1070    }
     1071
     1072    return __('Are you sure you want to do this');
     1073}
     1074
     1075function wp_nonce_ays($action) {
     1076    global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
     1077
     1078    $admin_url = get_settings('siteurl') . '/wp-admin';
     1079    if ( wp_get_referer() )
     1080        $admin_url = wp_get_referer();
     1081
     1082    $title = __('WordPress Confirmation');
     1083    require_once(ABSPATH . '/wp-admin/admin-header.php');
     1084    // Remove extra layer of slashes.
     1085    $_POST   = stripslashes_deep($_POST  );
     1086    if ( $_POST ) {
     1087        $q = http_build_query($_POST);
     1088        $q = explode( ini_get('arg_separator.output'), $q);
     1089        $html .= "\t<form method='post' action='$pagenow'>\n";
     1090        foreach ( (array) $q as $a ) {
     1091            $v = substr(strstr($a, '='), 1);
     1092            $k = substr($a, 0, -(strlen($v)+1));
     1093            $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
     1094        }
     1095        $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
     1096        $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
     1097    } else {
     1098        $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
     1099    }
     1100    $html .= "</body>\n</html>";
     1101    echo $html;
     1102    include_once(ABSPATH . '/wp-admin/admin-footer.php');
     1103}
     1104
    10241105?>
  • trunk/wp-includes/pluggable.php

    r3928 r3934  
    230230if ( !function_exists('check_admin_referer') ) :
    231231function check_admin_referer($action = -1) {
    232     global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
    233232    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
    234233    $referer = strtolower(wp_get_referer());
    235234    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
    236235        !(-1 == $action && strstr($referer, $adminurl)) ) {
    237         if ( $referer )
    238             $adminurl = $referer;
    239         $title = __('WordPress Confirmation');
    240         require_once(ABSPATH . '/wp-admin/admin-header.php');
    241         // Remove extra layer of slashes.
    242         $_POST   = stripslashes_deep($_POST  );
    243         if ( $_POST ) {
    244             $q = http_build_query($_POST);
    245             $q = explode( ini_get('arg_separator.output'), $q);
    246             $html .= "\t<form method='post' action='$pagenow'>\n";
    247             foreach ( (array) $q as $a ) {
    248                 $v = substr(strstr($a, '='), 1);
    249                 $k = substr($a, 0, -(strlen($v)+1));
    250                 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
    251             }
    252             $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
    253             $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
    254         } else {
    255             $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
    256         }
    257         $html .= "</body>\n</html>";
    258         echo $html;
    259         include_once(ABSPATH . '/wp-admin/admin-footer.php');
     236        wp_nonce_ays($action);
    260237        die();
    261238    }
Note: See TracChangeset for help on using the changeset viewer.