Changeset 3936
- Timestamp:
- 06/27/2006 10:57:49 PM (18 years ago)
- Location:
- branches/2.0/wp-includes
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.0/wp-includes/functions.php
r3920 r3936 2351 2351 } 2352 2352 2353 function wp_explain_nonce($action) { 2354 if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) { 2355 $verb = $matches[1]; 2356 $noun = $matches[2]; 2357 2358 $trans = array(); 2359 $trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title'); 2360 2361 $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false); 2362 $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname'); 2363 $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname'); 2364 2365 $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id'); 2366 $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id'); 2367 $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id'); 2368 $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id'); 2369 $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false); 2370 $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false); 2371 2372 $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false); 2373 $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id'); 2374 $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id'); 2375 $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false); 2376 2377 $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false); 2378 $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title'); 2379 $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title'); 2380 2381 $trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id'); 2382 $trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id'); 2383 $trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id'); 2384 2385 $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false); 2386 $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title'); 2387 $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title'); 2388 2389 $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false); 2390 $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false); 2391 $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false); 2392 $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name'); 2393 $trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name'); 2394 2395 $trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false); 2396 $trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id'); 2397 $trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id'); 2398 $trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id'); 2399 $trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id'); 2400 2401 if ( isset($trans[$verb][$noun]) ) { 2402 if ( !empty($trans[$verb][$noun][1]) ) { 2403 $lookup = $trans[$verb][$noun][1]; 2404 $object = $matches[4]; 2405 if ( 'use_id' != $lookup ) 2406 $object = call_user_func($lookup, $object); 2407 return sprintf($trans[$verb][$noun][0], $object); 2408 } else { 2409 return $trans[$verb][$noun][0]; 2410 } 2411 } 2412 } 2413 2414 return __('Are you sure you want to do this'); 2415 } 2416 2417 function wp_nonce_ays($action) { 2418 global $pagenow, $menu, $submenu, $parent_file, $submenu_file; 2419 2420 $adminurl = get_settings('siteurl') . '/wp-admin'; 2421 if ( wp_get_referer() ) 2422 $adminurl = wp_get_referer(); 2423 2424 $title = __('WordPress Confirmation'); 2425 require_once(ABSPATH . '/wp-admin/admin-header.php'); 2426 // Remove extra layer of slashes. 2427 $_POST = stripslashes_deep($_POST ); 2428 if ( $_POST ) { 2429 $q = http_build_query($_POST); 2430 $q = explode( ini_get('arg_separator.output'), $q); 2431 $html .= "\t<form method='post' action='$pagenow'>\n"; 2432 foreach ( (array) $q as $a ) { 2433 $v = substr(strstr($a, '='), 1); 2434 $k = substr($a, 0, -(strlen($v)+1)); 2435 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 2436 } 2437 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 2438 $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 2439 } else { 2440 $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 2441 } 2442 $html .= "</body>\n</html>"; 2443 echo $html; 2444 include_once(ABSPATH . '/wp-admin/admin-footer.php'); 2445 } 2446 2353 2447 ?> -
branches/2.0/wp-includes/pluggable-functions.php
r3927 r3936 230 230 if ( !function_exists('check_admin_referer') ) : 231 231 function check_admin_referer($action = -1) { 232 global $pagenow;233 232 $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 234 233 $referer = strtolower(wp_get_referer()); 235 234 if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && 236 235 !(-1 == $action && strstr($referer, $adminurl)) ) { 237 238 $html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n"; 239 $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n"; 240 $html .= "</head>\n<body>\n"; 241 // Remove extra layer of slashes. 242 $_POST = stripslashes_deep($_POST ); 243 if ( $_POST ) { 244 $q = http_build_query($_POST); 245 $q = explode( ini_get('arg_separator.output'), $q); 246 $html .= "\t<form method='post' action='$pagenow'>\n"; 247 foreach ( (array) $q as $a ) { 248 $v = substr(strstr($a, '='), 1); 249 $k = substr($a, 0, -(strlen($v)+1)); 250 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 251 } 252 $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 253 $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n"; 254 } else { 255 $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n"; 256 } 257 $html .= "</body>\n</html>"; 258 259 die($html); 260 } 261 do_action('check_admin_referer'); 262 }endif; 236 wp_nonce_ays($action); 237 die(); 238 } 239 do_action('check_admin_referer', $action); 240 } 241 endif; 263 242 264 243 if ( !function_exists('check_ajax_referer') ) :
Note: See TracChangeset
for help on using the changeset viewer.