WordPress.org

Make WordPress Core


Ignore:
File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.2/wp-admin/custom-header.php

    • Property svn:eol-style set to native
    r5007 r5477  
    1818    function js_includes() {
    1919        wp_enqueue_script('cropper');
    20         wp_enqueue_script('colorpicker');   
     20        wp_enqueue_script('colorpicker');
    2121    }
    2222
     
    2424
    2525        if ( isset( $_POST['textcolor'] ) ) {
     26            check_admin_referer('custom-header');
    2627            if ( 'blank' == $_POST['textcolor'] ) {
    2728                set_theme_mod('header_textcolor', 'blank');
     
    3233            }
    3334        }
    34         if ( isset($_POST['resetheader']) )
     35        if ( isset($_POST['resetheader']) ) {
     36            check_admin_referer('custom-header');
    3537            remove_theme_mods();
     38        }
    3639    ?>
    3740<script type="text/javascript">
     
    116119        pickColor('<?php echo HEADER_TEXTCOLOR; ?>');
    117120    }
    118    
     121
    119122    function hide_text() {
    120123        $('name').style.display = 'none';
     
    127130        Event.observe( $('hidetext'), 'click', show_text );
    128131    }
    129    
     132
    130133    function show_text() {
    131134        $('name').style.display = 'block';
     
    135138        $('textcolor').value = '<?php echo HEADER_TEXTCOLOR; ?>';
    136139        $('hidetext').value = '<?php _e('Hide Text'); ?>';
    137         Event.stopObserving( $('hidetext'), 'click', show_text );   
     140        Event.stopObserving( $('hidetext'), 'click', show_text );
    138141        Event.observe( $('hidetext'), 'click', hide_text );
    139142    }
     
    158161<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
    159162
    160 <div id="headimg" style="background: url(<?php header_image() ?>) no-repeat;">
     163<div id="headimg" style="background: url(<?php clean_url(header_image()) ?>) no-repeat;">
    161164<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
    162165<div id="desc"><?php bloginfo('description');?></div>
     
    166169<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
    167170<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
    168 <input type="hidden" name="textcolor" id="textcolor" value="#<?php header_textcolor() ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
     171<?php wp_nonce_field('custom-header') ?>
     172<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
    169173<?php } ?>
    170174
     
    178182<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
    179183<input type="hidden" name="action" value="save" />
     184<?php wp_nonce_field('custom-header') ?>
    180185<p class="submit">
    181186<input type="submit" value="<?php _e('Upload'); ?> &raquo;" />
     
    190195<p><?php _e('This will restore the original header image and color. You will not be able to retrieve any customizations.') ?></p>
    191196<form method="post" action="<?php echo attribute_escape(add_query_arg('step', 1)) ?>">
     197<?php wp_nonce_field('custom-header'); ?>
    192198<input type="submit" name="resetheader" value="<?php _e('Restore Original Header'); ?>" />
    193199</form>
     
    198204
    199205    function step_2() {
     206        check_admin_referer('custom-header');
    200207        $overrides = array('test_form' => false);
    201208        $file = wp_handle_upload($_FILES['import'], $overrides);
     
    223230
    224231        if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) {
    225             set_theme_mod('header_image', $url);
     232            set_theme_mod('header_image', clean_url($url));
    226233            $header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication
    227234            return $this->finished();
     
    257264<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
    258265<input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
     266<?php wp_nonce_field('custom-header') ?>
    259267<input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" />
    260268</p>
     
    266274
    267275    function step_3() {
     276        check_admin_referer('custom-header');
    268277        if ( $_POST['oitar'] > 1 ) {
    269278            $_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
Note: See TracChangeset for help on using the changeset viewer.