WordPress.org

Make WordPress Core

Changeset 6813


Ignore:
Timestamp:
02/13/2008 05:39:40 PM (12 years ago)
Author:
ryan
Message:

Make Nonce Mismatch Fail Instead of AYS. Props filosofo. fixes #5838 for 2.5

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/functions.php

    r6789 r6813  
    12091209
    12101210        $trans = array();
    1211         $trans['update']['attachment'] = array( __( 'Are you sure you want to edit this attachment: "%s"?' ), 'get_the_title' );
    1212 
    1213         $trans['add']['category']      = array( __( 'Are you sure you want to add this category?' ), false );
    1214         $trans['delete']['category']   = array( __( 'Are you sure you want to delete this category: "%s"?' ), 'get_catname' );
    1215         $trans['update']['category']   = array( __( 'Are you sure you want to edit this category: "%s"?' ), 'get_catname' );
    1216 
    1217         $trans['delete']['comment']    = array( __( 'Are you sure you want to delete this comment: "%s"?' ), 'use_id' );
    1218         $trans['unapprove']['comment'] = array( __( 'Are you sure you want to unapprove this comment: "%s"?' ), 'use_id' );
    1219         $trans['approve']['comment']   = array( __( 'Are you sure you want to approve this comment: "%s"?' ), 'use_id' );
    1220         $trans['update']['comment']    = array( __( 'Are you sure you want to edit this comment: "%s"?' ), 'use_id' );
    1221         $trans['bulk']['comments']     = array( __( 'Are you sure you want to bulk modify comments?' ), false );
    1222         $trans['moderate']['comments'] = array( __( 'Are you sure you want to moderate comments?' ), false );
    1223 
    1224         $trans['add']['bookmark']      = array( __( 'Are you sure you want to add this link?' ), false );
    1225         $trans['delete']['bookmark']   = array( __( 'Are you sure you want to delete this link: "%s"?' ), 'use_id' );
    1226         $trans['update']['bookmark']   = array( __( 'Are you sure you want to edit this link: "%s"?' ), 'use_id' );
    1227         $trans['bulk']['bookmarks']    = array( __( 'Are you sure you want to bulk modify links?' ), false );
    1228 
    1229         $trans['add']['page']          = array( __( 'Are you sure you want to add this page?' ), false );
    1230         $trans['delete']['page']       = array( __( 'Are you sure you want to delete this page: "%s"?' ), 'get_the_title' );
    1231         $trans['update']['page']       = array( __( 'Are you sure you want to edit this page: "%s"?' ), 'get_the_title' );
    1232 
    1233         $trans['edit']['plugin']       = array( __( 'Are you sure you want to edit this plugin file: "%s"?' ), 'use_id' );
    1234         $trans['activate']['plugin']   = array( __( 'Are you sure you want to activate this plugin: "%s"?' ), 'use_id' );
    1235         $trans['deactivate']['plugin'] = array( __( 'Are you sure you want to deactivate this plugin: "%s"?' ), 'use_id' );
    1236 
    1237         $trans['add']['post']          = array( __( 'Are you sure you want to add this post?' ), false );
    1238         $trans['delete']['post']       = array( __( 'Are you sure you want to delete this post: "%s"?' ), 'get_the_title' );
    1239         $trans['update']['post']       = array( __( 'Are you sure you want to edit this post: "%s"?' ), 'get_the_title' );
    1240 
    1241         $trans['add']['user']          = array( __( 'Are you sure you want to add this user?' ), false );
    1242         $trans['delete']['users']      = array( __( 'Are you sure you want to delete users?' ), false );
    1243         $trans['bulk']['users']        = array( __( 'Are you sure you want to bulk modify users?' ), false );
    1244         $trans['update']['user']       = array( __( 'Are you sure you want to edit this user: "%s"?' ), 'get_author_name' );
    1245         $trans['update']['profile']    = array( __( 'Are you sure you want to modify the profile for: "%s"?' ), 'get_author_name' );
    1246 
    1247         $trans['update']['options']    = array( __( 'Are you sure you want to edit your settings?' ), false );
    1248         $trans['update']['permalink']  = array( __( 'Are you sure you want to change your permalink structure to: %s?' ), 'use_id' );
    1249         $trans['edit']['file']         = array( __( 'Are you sure you want to edit this file: "%s"?' ), 'use_id' );
    1250         $trans['edit']['theme']        = array( __( 'Are you sure you want to edit this theme file: "%s"?' ), 'use_id' );
    1251         $trans['switch']['theme']      = array( __( 'Are you sure you want to switch to this theme: "%s"?' ), 'use_id' );
     1211        $trans['update']['attachment'] = array( __( 'Your attempt to edit this attachment: "%s" has failed.' ), 'get_the_title' );
     1212
     1213        $trans['add']['category']      = array( __( 'Your attempt to add this category has failed.' ), false );
     1214        $trans['delete']['category']   = array( __( 'Your attempt to delete this category: "%s" has failed.' ), 'get_catname' );
     1215        $trans['update']['category']   = array( __( 'Your attempt to edit this category: "%s" has failed.' ), 'get_catname' );
     1216
     1217        $trans['delete']['comment']    = array( __( 'Your attempt to delete this comment: "%s" has failed.' ), 'use_id' );
     1218        $trans['unapprove']['comment'] = array( __( 'Your attempt to unapprove this comment: "%s" has failed.' ), 'use_id' );
     1219        $trans['approve']['comment']   = array( __( 'Your attempt to approve this comment: "%s" has failed.' ), 'use_id' );
     1220        $trans['update']['comment']    = array( __( 'Your attempt to edit this comment: "%s" has failed.' ), 'use_id' );
     1221        $trans['bulk']['comments']     = array( __( 'Your attempt to bulk modify comments has failed.' ), false );
     1222        $trans['moderate']['comments'] = array( __( 'Your attempt to moderate comments has failed.' ), false );
     1223
     1224        $trans['add']['bookmark']      = array( __( 'Your attempt to add this link has failed.' ), false );
     1225        $trans['delete']['bookmark']   = array( __( 'Your attempt to delete this link: "%s" has failed.' ), 'use_id' );
     1226        $trans['update']['bookmark']   = array( __( 'Your attempt to edit this link: "%s" has failed.' ), 'use_id' );
     1227        $trans['bulk']['bookmarks']    = array( __( 'Your attempt to bulk modify links has failed.' ), false );
     1228
     1229        $trans['add']['page']          = array( __( 'Your attempt to add this page has failed.' ), false );
     1230        $trans['delete']['page']       = array( __( 'Your attempt to delete this page: "%s" has failed.' ), 'get_the_title' );
     1231        $trans['update']['page']       = array( __( 'Your attempt to edit this page: "%s" has failed.' ), 'get_the_title' );
     1232
     1233        $trans['edit']['plugin']       = array( __( 'Your attempt to edit this plugin file: "%s" has failed.' ), 'use_id' );
     1234        $trans['activate']['plugin']   = array( __( 'Your attempt to activate this plugin: "%s" has failed.' ), 'use_id' );
     1235        $trans['deactivate']['plugin'] = array( __( 'Your attempt to deactivate this plugin: "%s" has failed.' ), 'use_id' );
     1236
     1237        $trans['add']['post']          = array( __( 'Your attempt to add this post has failed.' ), false );
     1238        $trans['delete']['post']       = array( __( 'Your attempt to delete this post: "%s" has failed.' ), 'get_the_title' );
     1239        $trans['update']['post']       = array( __( 'Your attempt to edit this post: "%s" has failed.' ), 'get_the_title' );
     1240
     1241        $trans['add']['user']          = array( __( 'Your attempt to add this user has failed.' ), false );
     1242        $trans['delete']['users']      = array( __( 'Your attempt to delete users has failed.' ), false );
     1243        $trans['bulk']['users']        = array( __( 'Your attempt to bulk modify users has failed.' ), false );
     1244        $trans['update']['user']       = array( __( 'Your attempt to edit this user: "%s" has failed.' ), 'get_author_name' );
     1245        $trans['update']['profile']    = array( __( 'Your attempt to modify the profile for: "%s" has failed.' ), 'get_author_name' );
     1246
     1247        $trans['update']['options']    = array( __( 'Your attempt to edit your settings has failed.' ), false );
     1248        $trans['update']['permalink']  = array( __( 'Your attempt to change your permalink structure to: %s has failed.' ), 'use_id' );
     1249        $trans['edit']['file']         = array( __( 'Your attempt to edit this file: "%s" has failed.' ), 'use_id' );
     1250        $trans['edit']['theme']        = array( __( 'Your attempt to edit this theme file: "%s" has failed.' ), 'use_id' );
     1251        $trans['switch']['theme']      = array( __( 'Your attempt to switch to this theme: "%s" has failed.' ), 'use_id' );
    12521252
    12531253        if ( isset( $trans[$verb][$noun] ) ) {
     
    12701270function wp_nonce_ays( $action ) {
    12711271    global $pagenow;
    1272 
    1273     $adminurl = get_option( 'siteurl' ) . '/wp-admin';
     1272    $title = __( 'WordPress Failure Notice' );
     1273    $html .= "\t<div id='message' class='updated fade'>\n\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t<p>";
    12741274    if ( wp_get_referer() )
    1275         $adminurl = clean_url( wp_get_referer() );
    1276 
    1277     $title = __( 'WordPress Confirmation' );
    1278     // Remove extra layer of slashes.
    1279     $_POST   = stripslashes_deep( $_POST );
    1280     if ( $_POST ) {
    1281         $q = http_build_query( $_POST );
    1282         $q = explode( ini_get( 'arg_separator.output' ), $q);
    1283         $html .= "\t<form method='post' action='" . attribute_escape( $pagenow ) . "'>\n";
    1284         foreach ( (array) $q as $a ) {
    1285             $v = substr( strstr( $a, '=' ), 1 );
    1286             $k = substr( $a, 0, -( strlen( $v ) + 1 ) );
    1287             $html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode( $k ) ) . "' value='" . attribute_escape( urldecode( $v ) ) . "' />\n";
    1288         }
    1289         $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce( $action ) . "' />\n";
    1290         $html .= "\t\t<div id='message' class='updated fade'>\n\t\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t\t<p><a href='$adminurl'>" . __( 'No' ) . "</a> <input type='submit' value='" . __( 'Yes' ) . "' /></p>\n\t\t</div>\n\t</form>\n";
    1291     } else {
    1292         $html .= "\t<div id='message' class='updated fade'>\n\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t<p><a href='$adminurl'>" . __( 'No' ) . "</a> <a href='" . clean_url( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $_SERVER['REQUEST_URI'] ) ) . "'>" . __( 'Yes' ) . "</a></p>\n\t</div>\n";
    1293     }
     1275        $html .= "<a href='" . remove_query_arg( 'updated', clean_url( wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
     1276    $html .= "</p>\n\t</div>\n";
    12941277    $html .= "</body>\n</html>";
    12951278    wp_die( $html, $title );
Note: See TracChangeset for help on using the changeset viewer.