WordPress.org

Make WordPress Core

Changeset 6818


Ignore:
Timestamp:
02/13/2008 06:17:47 PM (10 years ago)
Author:
ryan
Message:

Make Nonce Mismatch Fail Instead of AYS. Props filosofo. fixes #5838 for 2.3

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.3/wp-includes/functions.php

    r6448 r6818  
    11241124
    11251125        $trans = array();
    1126         $trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title');
    1127 
    1128         $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
    1129         $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname');
    1130         $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname');
    1131 
    1132         $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id');
    1133         $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id');
    1134         $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id');
    1135         $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id');
    1136         $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
    1137         $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
    1138 
    1139         $trans['add']['bookmark'] = array(__('Are you sure you want to add this link?'), false);
    1140         $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this link: "%s"?'), 'use_id');
    1141         $trans['update']['bookmark'] = array(__('Are you sure you want to edit this link: "%s"?'), 'use_id');
    1142         $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify links?'), false);
    1143 
    1144         $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
    1145         $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title');
    1146         $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title');
    1147 
    1148         $trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id');
    1149         $trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id');
    1150         $trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id');
    1151 
    1152         $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
    1153         $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title');
    1154         $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title');
    1155 
    1156         $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
    1157         $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
    1158         $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
    1159         $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name');
    1160         $trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name');
    1161 
    1162         $trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
    1163         $trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
    1164         $trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id');
    1165         $trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id');
    1166         $trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id');
     1126        $trans['update']['attachment'] = array( __( 'Your attempt to edit this attachment: "%s" has failed.' ), 'get_the_title' );
     1127
     1128        $trans['add']['category']      = array( __( 'Your attempt to add this category has failed.' ), false );
     1129        $trans['delete']['category']   = array( __( 'Your attempt to delete this category: "%s" has failed.' ), 'get_catname' );
     1130        $trans['update']['category']   = array( __( 'Your attempt to edit this category: "%s" has failed.' ), 'get_catname' );
     1131
     1132        $trans['delete']['comment']    = array( __( 'Your attempt to delete this comment: "%s" has failed.' ), 'use_id' );
     1133        $trans['unapprove']['comment'] = array( __( 'Your attempt to unapprove this comment: "%s" has failed.' ), 'use_id' );
     1134        $trans['approve']['comment']   = array( __( 'Your attempt to approve this comment: "%s" has failed.' ), 'use_id' );
     1135        $trans['update']['comment']    = array( __( 'Your attempt to edit this comment: "%s" has failed.' ), 'use_id' );
     1136        $trans['bulk']['comments']     = array( __( 'Your attempt to bulk modify comments has failed.' ), false );
     1137        $trans['moderate']['comments'] = array( __( 'Your attempt to moderate comments has failed.' ), false );
     1138
     1139        $trans['add']['bookmark']      = array( __( 'Your attempt to add this link has failed.' ), false );
     1140        $trans['delete']['bookmark']   = array( __( 'Your attempt to delete this link: "%s" has failed.' ), 'use_id' );
     1141        $trans['update']['bookmark']   = array( __( 'Your attempt to edit this link: "%s" has failed.' ), 'use_id' );
     1142        $trans['bulk']['bookmarks']    = array( __( 'Your attempt to bulk modify links has failed.' ), false );
     1143
     1144        $trans['add']['page']          = array( __( 'Your attempt to add this page has failed.' ), false );
     1145        $trans['delete']['page']       = array( __( 'Your attempt to delete this page: "%s" has failed.' ), 'get_the_title' );
     1146        $trans['update']['page']       = array( __( 'Your attempt to edit this page: "%s" has failed.' ), 'get_the_title' );
     1147
     1148        $trans['edit']['plugin']       = array( __( 'Your attempt to edit this plugin file: "%s" has failed.' ), 'use_id' );
     1149        $trans['activate']['plugin']   = array( __( 'Your attempt to activate this plugin: "%s" has failed.' ), 'use_id' );
     1150        $trans['deactivate']['plugin'] = array( __( 'Your attempt to deactivate this plugin: "%s" has failed.' ), 'use_id' );
     1151
     1152        $trans['add']['post']          = array( __( 'Your attempt to add this post has failed.' ), false );
     1153        $trans['delete']['post']       = array( __( 'Your attempt to delete this post: "%s" has failed.' ), 'get_the_title' );
     1154        $trans['update']['post']       = array( __( 'Your attempt to edit this post: "%s" has failed.' ), 'get_the_title' );
     1155
     1156        $trans['add']['user']          = array( __( 'Your attempt to add this user has failed.' ), false );
     1157        $trans['delete']['users']      = array( __( 'Your attempt to delete users has failed.' ), false );
     1158        $trans['bulk']['users']        = array( __( 'Your attempt to bulk modify users has failed.' ), false );
     1159        $trans['update']['user']       = array( __( 'Your attempt to edit this user: "%s" has failed.' ), 'get_author_name' );
     1160        $trans['update']['profile']    = array( __( 'Your attempt to modify the profile for: "%s" has failed.' ), 'get_author_name' );
     1161
     1162        $trans['update']['options']    = array( __( 'Your attempt to edit your settings has failed.' ), false );
     1163        $trans['update']['permalink']  = array( __( 'Your attempt to change your permalink structure to: %s has failed.' ), 'use_id' );
     1164        $trans['edit']['file']         = array( __( 'Your attempt to edit this file: "%s" has failed.' ), 'use_id' );
     1165        $trans['edit']['theme']        = array( __( 'Your attempt to edit this theme file: "%s" has failed.' ), 'use_id' );
     1166        $trans['switch']['theme']      = array( __( 'Your attempt to switch to this theme: "%s" has failed.' ), 'use_id' );
    11671167
    11681168        if ( isset($trans[$verb][$noun]) ) {
     
    11711171                $object = $matches[4];
    11721172                if ( 'use_id' != $lookup )
    1173                     $object = call_user_func($lookup, $object);
    1174                 return sprintf($trans[$verb][$noun][0], $object);
     1173                    $object = call_user_func( $lookup, $object );
     1174                return sprintf( $trans[$verb][$noun][0], wp_specialchars($object) );
    11751175            } else {
    11761176                return $trans[$verb][$noun][0];
     
    11831183
    11841184function wp_nonce_ays($action) {
    1185     global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
    1186 
    1187     $adminurl = get_option('siteurl') . '/wp-admin';
     1185    global $pagenow;
     1186    $title = __( 'WordPress Failure Notice' );
     1187    $html .= "\t<div id='message' class='updated fade'>\n\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t<p>";
    11881188    if ( wp_get_referer() )
    1189         $adminurl = clean_url(wp_get_referer());
    1190 
    1191     $title = __('WordPress Confirmation');
    1192     // Remove extra layer of slashes.
    1193     $_POST   = stripslashes_deep($_POST  );
    1194     if ( $_POST ) {
    1195         $q = http_build_query($_POST);
    1196         $q = explode( ini_get('arg_separator.output'), $q);
    1197         $html .= "\t<form method='post' action='" . attribute_escape($pagenow) . "'>\n";
    1198         foreach ( (array) $q as $a ) {
    1199             $v = substr(strstr($a, '='), 1);
    1200             $k = substr($a, 0, -(strlen($v)+1));
    1201             $html .= "\t\t<input type='hidden' name='" . attribute_escape(urldecode($k)) . "' value='" . attribute_escape(urldecode($v)) . "' />\n";
    1202         }
    1203         $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
    1204         $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
    1205     } else {
    1206         $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_specialchars(wp_explain_nonce($action)) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . clean_url(add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] )) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
    1207     }
     1189        $html .= "<a href='" . remove_query_arg( 'updated', clean_url( wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
     1190    $html .= "</p>\n\t</div>\n";
    12081191    $html .= "</body>\n</html>";
    1209     wp_die($html, $title);
     1192    wp_die( $html, $title );
    12101193}
    12111194
Note: See TracChangeset for help on using the changeset viewer.