Changeset 5386
- Timestamp:
- 05/04/2007 05:52:57 PM (18 years ago)
- Location:
- branches/2.2
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/wp-admin/custom-header.php
r5364 r5386 24 24 25 25 if ( isset( $_POST['textcolor'] ) ) { 26 check_admin_referer('custom-header'); 26 27 if ( 'blank' == $_POST['textcolor'] ) { 27 28 set_theme_mod('header_textcolor', 'blank'); … … 32 33 } 33 34 } 34 if ( isset($_POST['resetheader']) ) 35 if ( isset($_POST['resetheader']) ) { 36 check_admin_referer('custom-header'); 35 37 remove_theme_mods(); 38 } 36 39 ?> 37 40 <script type="text/javascript"> … … 158 161 <p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p> 159 162 160 <div id="headimg" style="background: url(<?php header_image() ?>) no-repeat;">163 <div id="headimg" style="background: url(<?php clean_url(header_image()) ?>) no-repeat;"> 161 164 <h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1> 162 165 <div id="desc"><?php bloginfo('description');?></div> … … 166 169 <input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" /> 167 170 <input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" /> 168 <input type="hidden" name="textcolor" id="textcolor" value="#<?php header_textcolor() ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> »" /></form> 171 <?php wp_nonce_field('custom-header') ?> 172 <input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> »" /></form> 169 173 <?php } ?> 170 174 … … 178 182 <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> 179 183 <input type="hidden" name="action" value="save" /> 184 <?php wp_nonce_field('custom-header') ?> 180 185 <p class="submit"> 181 186 <input type="submit" value="<?php _e('Upload'); ?> »" /> … … 198 203 199 204 function step_2() { 205 check_admin_referer('custom-header'); 200 206 $overrides = array('test_form' => false); 201 207 $file = wp_handle_upload($_FILES['import'], $overrides); … … 223 229 224 230 if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) { 225 set_theme_mod('header_image', $url);231 set_theme_mod('header_image', clean_url($url)); 226 232 $header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication 227 233 return $this->finished(); … … 257 263 <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" /> 258 264 <input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" /> 265 <?php wp_nonce_field('custom-header') ?> 259 266 <input type="submit" value="<?php _e('Crop Header »'); ?>" /> 260 267 </p> … … 266 273 267 274 function step_3() { 275 check_admin_referer('custom-header'); 268 276 if ( $_POST['oitar'] > 1 ) { 269 277 $_POST['x1'] = $_POST['x1'] * $_POST['oitar']; -
branches/2.2/wp-admin/widgets.php
r5343 r5386 2 2 3 3 require_once 'admin.php'; 4 5 if ( ! current_user_can('edit_themes') ) 6 wp_die( __( 'Cheatin’ uh?' )); 4 7 5 8 wp_enqueue_script( 'scriptaculous-effects' ); … … 351 354 352 355 <p class="submit"> 353 <?php 354 if ( function_exists( 'wp_nonce_field' ) ) { 355 wp_nonce_field( 'widgets-save-widget-order' ); 356 } 357 ?> 356 <?php wp_nonce_field( 'widgets-save-widget-order' ); ?> 358 357 <input type="hidden" name="action" id="action" value="save_widget_order" /> 359 358 <input type="submit" value="<?php _e( 'Save Changes »' ); ?>" /> -
branches/2.2/wp-content/themes/default/functions.php
r5151 r5386 83 83 if ( $_GET['page'] == basename(__FILE__) ) { 84 84 if ( 'save' == $_REQUEST['action'] ) { 85 check_admin_referer('kubrick-header'); 85 86 if ( isset($_REQUEST['njform']) ) { 86 87 if ( isset($_REQUEST['defaults']) ) { … … 91 92 if ( '' == $_REQUEST['njfontcolor'] ) 92 93 delete_option('kubrick_header_color'); 93 else 94 update_option('kubrick_header_color', $_REQUEST['njfontcolor']); 95 94 else { 95 $fontcolor = preg_replace('/^.*(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['njfontcolor']); 96 update_option('kubrick_header_color', $fontcolor); 97 } 96 98 if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) { 97 99 $uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0]; … … 110 112 111 113 if ( isset($_REQUEST['headerimage']) ) { 114 check_admin_referer('kubrick-header'); 112 115 if ( '' == $_REQUEST['headerimage'] ) 113 116 delete_option('kubrick_header_image'); 114 else 115 update_option('kubrick_header_image', $_REQUEST['headerimage']); 117 else { 118 $headerimage = preg_replace('/^.*?(header-img.php\?upper=[0-9a-fA-F]{6}&lower=[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['headerimage']); 119 update_option('kubrick_header_image', $headerimage); 120 } 116 121 } 117 122 118 123 if ( isset($_REQUEST['fontcolor']) ) { 124 check_admin_referer('kubrick-header'); 119 125 if ( '' == $_REQUEST['fontcolor'] ) 120 126 delete_option('kubrick_header_color'); 121 else 122 update_option('kubrick_header_color', $_REQUEST['fontcolor']); 127 else { 128 $fontcolor = preg_replace('/^.*?(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['fontcolor']); 129 update_option('kubrick_header_color', $fontcolor); 130 } 123 131 } 124 132 125 133 if ( isset($_REQUEST['fontdisplay']) ) { 134 check_admin_referer('kubrick-header'); 126 135 if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] ) 127 136 delete_option('kubrick_header_display'); … … 234 243 } 235 244 function kRevert() { 236 document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>';237 document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>';238 document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>';239 document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat';245 document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>'; 246 document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>'; 247 document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>'; 248 document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat'; 240 249 document.getElementById('header').style.color = ''; 241 document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>';242 document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>';250 document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>'; 251 document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>'; 243 252 document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value; 244 253 } … … 362 371 <div id="nonJsForm"> 363 372 <form method="post" action=""> 373 <?php wp_nonce_field('kubrick-header'); ?> 364 374 <div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div> 365 <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />366 <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />367 <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />368 <input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />375 <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br /> 376 <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br /> 377 <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br /> 378 <input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" /> 369 379 <input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" /> 370 380 <input type="submit" name="defaults" value="Use Defaults" /> … … 376 386 <div id="jsForm"> 377 387 <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> 388 <?php wp_nonce_field('kubrick-header'); ?> 378 389 <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input> 379 390 <input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input> … … 382 393 <input type="button" value="Advanced" onclick="toggleAdvanced()" /> 383 394 <input type="hidden" name="action" value="save" /> 384 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo kubrick_header_display(); ?>" />385 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo kubrick_header_color(); ?>" />386 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo kubrick_upper_color(); ?>" />387 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo kubrick_lower_color(); ?>" />388 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo kubrick_header_image(); ?>" />395 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" /> 396 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> 397 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" /> 398 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" /> 399 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" /> 389 400 <p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header »'); ?>" onclick="cp.hidePopup('prettyplease')" /></p> 390 401 </form> … … 392 403 <div id="advanced"> 393 404 <form id="jsAdvanced" style="display:none;" action=""> 394 <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br /> 395 <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br /> 396 <label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br /> 405 <?php wp_nonce_field('kubrick-header'); ?> 406 <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br /> 407 <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br /> 408 <label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br /> 397 409 <input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br /> 398 410 <input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />
Note: See TracChangeset
for help on using the changeset viewer.