Make WordPress Core

Changeset 4162


Ignore:
Timestamp:
09/02/2006 10:05:37 PM (18 years ago)
Author:
ryan
Message:

Nonce delete comment. Props mdawaffe. fixes #3103

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r4157 r4162  
    66define('DOING_AJAX', true);
    77
    8 
    98check_ajax_referer();
    109if ( !is_user_logged_in() )
     
    1817    $key_js = addslashes(wp_specialchars($key, 'double'));
    1918    $key = wp_specialchars($key, true);
    20     $r  = "<meta><id>$mid</id><postid>$pid</postid><newitem><![CDATA[<table><tbody>";
     19    $r  = "<meta><id>$mid</id><postid>$pid</postid><newitem><![CDATA[";
    2120    $r .= "<tr id='meta-$mid'><td valign='top'>";
    2221    $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);\",event);' type='text' size='20' value='$key' />";
     
    2625    $r .= sprintf(__("You are about to delete the &quot;%s&quot; custom field on this post.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), $key_js);
    2726    $r .= "' );\" class='deletemeta' tabindex='6' value='Delete' />";
    28     $r .= "</td></tr></tbody></table>]]></newitem></meta>";
     27    $r .= "</td></tr>]]></newitem></meta>";
    2928    return $r;
    3029}
     
    149148
    150149    $r  = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
    151     $r .= "<cat><id>$cat->cat_ID</id><name>$cat_full_name</name><newitem><![CDATA[<table><tbody>";
     150    $r .= "<cat><id>$cat->cat_ID</id><name>$cat_full_name</name><newitem><![CDATA[";
    152151    $r .= _cat_row( $cat, $level, $cat_full_name );
    153     $r .= "</tbody></table>]]></newitem></cat></ajaxresponse>";
     152    $r .= "]]></newitem></cat></ajaxresponse>";
    154153    header('Content-type: text/xml');
    155154    die($r);
     
    208207        die('0');
    209208    }
    210     $r  = "<?xml version='1.0' standalone='yes'?><ajaxresponse><user><id>$user_id</id><newitem><![CDATA[<table><tbody>";
     209    $r  = "<?xml version='1.0' standalone='yes'?><ajaxresponse><user><id>$user_id</id><newitem><![CDATA[";
    211210    $r .= user_row( $user_id );
    212     $r .= "</tbody></table>]]></newitem></user></ajaxresponse>";
     211    $r .= "]]></newitem></user></ajaxresponse>";
    213212    header('Content-type: text/xml');
    214213    die($r);
  • trunk/wp-admin/cat-js.php

    r4109 r4162  
    66addLoadEvent(newCatAddIn);
    77function newCatAddIn() {
    8     if ( !document.getElementById('jaxcat') ) return false;
    9     var ajaxcat = document.createElement('span');
    10     ajaxcat.id = 'ajaxcat';
    11 
    12     newcat = document.createElement('input');
    13     newcat.type = 'text';
    14     newcat.name = 'newcat';
    15     newcat.id = 'newcat';
    16     newcat.size = '16';
    17     newcat.setAttribute('autocomplete', 'off');
    18     newcat.onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','categorydiv');", e); };
    19 
    20     var newcatSub = document.createElement('input');
    21     newcatSub.type = 'button';
    22     newcatSub.name = 'Button';
    23     newcatSub.id = 'catadd';
    24     newcatSub.value = 'Add';
    25     newcatSub.onclick = function() { catList.ajaxAdder('category', 'categorydiv'); };
    26 
    27     ajaxcat.appendChild(newcat);
    28     ajaxcat.appendChild(newcatSub);
    29     document.getElementById('jaxcat').appendChild(ajaxcat);
    30 
    31     howto = document.createElement('span');
    32     howto.innerHTML = "<?php _e('Separate multiple categories with commas.'); ?>";
    33     howto.id = 'howto';
    34     ajaxcat.appendChild(howto);
     8    var jaxcat = $('jaxcat');
     9    if ( !jaxcat )
     10        return false;
     11    jaxcat.update('<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="Add"/><span id="howto"><?php _e('Separate multiple categories with commas.'); ?></span></span>');
     12    $('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
     13    $('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };
    3514}
  • trunk/wp-admin/custom-fields.js

    r3733 r4162  
    11function customFieldsOnComplete() {
    2     var pidEl = document.getElementById('post_ID');
     2    var pidEl = $('post_ID');
    33    pidEl.name = 'post_ID';
    44    pidEl.value = getNodeValue(theList.ajaxAdd.responseXML, 'postid');
    5     var aEl = document.getElementById('hiddenaction')
     5    var aEl = $('hiddenaction')
    66    if ( aEl.value == 'post' ) aEl.value = 'postajaxpost';
    77}
     
    2222    }
    2323
    24     document.getElementById('metakeyinput').onkeypress = function(e) {return killSubmit('theList.inputData+="&id="+document.getElementById("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
    25     document.getElementById('updatemetasub').onclick = function(e) {return killSubmit('theList.inputData+="&id="+document.getElementById("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
     24    $('metakeyinput').onkeypress = function(e) {return killSubmit('theList.inputData+="&id="+$("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
     25    $('updatemetasub').onclick = function(e) {return killSubmit('theList.inputData+="&id="+$("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
    2626}
  • trunk/wp-admin/edit-form-comment.php

    r4133 r4162  
    6767
    6868    <tr>
    69         <th scope="row" valign="top"><?php _e('Delete'); ?>:</th>
    70         <td><input name="deletecomment" class="button" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"return confirm('" . __("You are about to delete this comment \\n  \'Cancel\' to stop, \'OK\' to delete.") . "')\""; ?> />
     69        <th scope="row" valign="top"><?php _e('Delete'); $delete_nonce = wp_create_nonce( 'delete-comment_' . $comment->comment_ID ); ?>:</th>
     70        <td><input name="deletecomment" class="button" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . __("You are about to delete this comment \\n  \'Cancel\' to stop, \'OK\' to delete.") . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> />
    7171        <input type="hidden" name="comment" value="<?php echo $comment->comment_ID ?>" />
    7272        <input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
  • trunk/wp-includes/script-loader.php

    r4144 r4162  
    2020        $this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.5.0');
    2121        $this->add( 'autosave', '/wp-includes/js/autosave.js.php', array('prototype', 'sack'), '4107');
     22        $this->add( 'wp-ajax', '/wp-includes/js/wp-ajax-js.php', array('prototype'), rand());
     23        $this->add( 'listman', '/wp-includes/js/list-manipulation-js.php', array('wp-ajax', 'fat'), rand());
    2224        if ( is_admin() ) {
    2325            $this->add( 'dbx-admin-key', '/wp-admin/dbx-admin-key-js.php', array('dbx'), '3651' );
    24             $this->add( 'listman', '/wp-admin/list-manipulation-js.php', array('sack', 'fat'), '4042' ); // Make changeset # the correct one
     26            $this->add( 'listman-old', '/wp-admin/list-manipulation-js.php', array('sack', 'fat'), '4042' ); // Make changeset # the correct one
    2527            $this->add( 'ajaxcat', '/wp-admin/cat-js.php', array('listman'), '3684' );
    2628            $this->add( 'admin-categories', '/wp-admin/categories.js', array('listman'), '3684' );
Note: See TracChangeset for help on using the changeset viewer.