Make WordPress Core

Changeset 5407


Ignore:
Timestamp:
05/07/2007 04:14:04 PM (17 years ago)
Author:
ryan
Message:

Add nonces to default theme.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-content/themes/default/functions.php

    r5387 r5407  
    2222
    2323function kubrick_header_image() {
    24     return apply_filters('kubrick_header_image', get_settings('kubrick_header_image'));
     24    return apply_filters('kubrick_header_image', get_option('kubrick_header_image'));
    2525}
    2626
    2727function kubrick_upper_color() {
    28     if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {
     28    if (strpos($url = kubrick_header_image_url(), 'header-img.php?') !== false) {
    2929        parse_str(substr($url, strpos($url, '?') + 1), $q);
    3030        return $q['upper'];
     
    3434
    3535function kubrick_lower_color() {
    36     if ( strstr( $url = kubrick_header_image_url(), 'header-img.php?' ) ) {
     36    if (strpos($url = kubrick_header_image_url(), 'header-img.php?') !== false) {
    3737        parse_str(substr($url, strpos($url, '?') + 1), $q);
    3838        return $q['lower'];
     
    5151
    5252function kubrick_header_color() {
    53     return apply_filters('kubrick_header_color', get_settings('kubrick_header_color'));
     53    return apply_filters('kubrick_header_color', get_option('kubrick_header_color'));
    5454}
    5555
     
    6363
    6464function kubrick_header_display() {
    65     return apply_filters('kubrick_header_display', get_settings('kubrick_header_display'));
     65    return apply_filters('kubrick_header_display', get_option('kubrick_header_display'));
    6666}
    6767
     
    7676    if ( $_GET['page'] == basename(__FILE__) ) {
    7777        if ( 'save' == $_REQUEST['action'] ) {
     78            check_admin_referer('kubrick-header');
    7879            if ( isset($_REQUEST['njform']) ) {
    7980                if ( isset($_REQUEST['defaults']) ) {
     
    8485                    if ( '' == $_REQUEST['njfontcolor'] )
    8586                        delete_option('kubrick_header_color');
    86                     else
    87                         update_option('kubrick_header_color', $_REQUEST['njfontcolor']);
    88 
     87                    else {
     88                        $fontcolor = preg_replace('/^.*(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['njfontcolor']);
     89                        update_option('kubrick_header_color', $fontcolor);
     90                    }
    8991                    if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {
    9092                        $uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];
     
    9496
    9597                    if ( isset($_REQUEST['toggledisplay']) ) {
    96                         if ( false === get_settings('kubrick_header_display') )
     98                        if ( false === get_option('kubrick_header_display') )
    9799                            update_option('kubrick_header_display', 'none');
    98100                        else
     
    103105
    104106                if ( isset($_REQUEST['headerimage']) ) {
     107                    check_admin_referer('kubrick-header');
    105108                    if ( '' == $_REQUEST['headerimage'] )
    106109                        delete_option('kubrick_header_image');
    107                     else
    108                         update_option('kubrick_header_image', $_REQUEST['headerimage']);
     110                    else {
     111                        $headerimage = preg_replace('/^.*?(header-img.php\?upper=[0-9a-fA-F]{6}&lower=[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['headerimage']);
     112                        update_option('kubrick_header_image', $headerimage);
     113                    }
    109114                }
    110115
    111116                if ( isset($_REQUEST['fontcolor']) ) {
     117                    check_admin_referer('kubrick-header');
    112118                    if ( '' == $_REQUEST['fontcolor'] )
    113119                        delete_option('kubrick_header_color');
    114                     else
    115                         update_option('kubrick_header_color', $_REQUEST['fontcolor']);
     120                    else {
     121                        $fontcolor = preg_replace('/^.*?(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['fontcolor']);
     122                        update_option('kubrick_header_color', $fontcolor);
     123                    }
    116124                }
    117125
    118126                if ( isset($_REQUEST['fontdisplay']) ) {
     127                    check_admin_referer('kubrick-header');
    119128                    if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
    120129                        delete_option('kubrick_header_display');
     
    227236    }
    228237    function kRevert() {
    229         document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>';
    230         document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>';
    231         document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>';
    232         document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat';
     238        document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
     239        document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
     240        document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
     241        document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
    233242        document.getElementById('header').style.color = '';
    234         document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>';
    235         document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>';
     243        document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
     244        document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
    236245        document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
    237246    }
     
    355364        <div id="nonJsForm">
    356365            <form method="post" action="">
     366                <?php wp_nonce_field('kubrick-header'); ?>
    357367                <div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
    358                 <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
    359                 <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
    360                 <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
    361                 <input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" />
     368                <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
     369                <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
     370                <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
     371                <input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
    362372                <input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
    363373                <input type="submit" name="defaults" value="Use Defaults" />
     
    369379        <div id="jsForm">
    370380            <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
     381                <?php wp_nonce_field('kubrick-header'); ?>
    371382                <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>
    372383                <input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input>
     
    374385                <input type="button" name="revert" value="Revert" onclick="kRevert()" />
    375386                <input type="button" value="Advanced" onclick="toggleAdvanced()" />
    376                 <input type="submit" name="submitform" class="defbutton" value="Save" onclick="cp.hidePopup('prettyplease')" />
    377387                <input type="hidden" name="action" value="save" />
    378                 <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo kubrick_header_display(); ?>" />
    379                 <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo kubrick_header_color(); ?>" />
    380                 <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo kubrick_upper_color(); ?>" />
    381                 <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo kubrick_lower_color(); ?>" />
    382                 <input type="hidden" name="headerimage" id="headerimage" value="<?php echo kubrick_header_image(); ?>" />
     388                <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
     389                <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
     390                <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
     391                <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
     392                <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
     393                <p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header &raquo;'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
    383394            </form>
    384395            <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
    385396            <div id="advanced">
    386397                <form id="jsAdvanced" style="display:none;" action="">
    387                     <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br />
    388                     <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br />
    389                     <label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br />
     398                    <?php wp_nonce_field('kubrick-header'); ?>
     399                    <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
     400                    <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
     401                    <label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
    390402                    <input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br />
    391403                    <input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />
Note: See TracChangeset for help on using the changeset viewer.