Changeset 3783

Show
Ignore:
Timestamp:
05/18/06 06:49:22 (3 years ago)
Author:
ryan
Message:

Improvements to the nonce AYS from mdawaffe. #2734

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • trunk/wp-admin/comment.php

    r3764 r3783  
    22require_once('admin.php'); 
    33 
     4$parent_file = 'edit.php'; 
     5$submenu_file = 'edit-comments.php'; 
    46$wpvarstoreset = array('action'); 
    57 
     
    2527case 'editcomment': 
    2628    $title = __('Edit Comment'); 
    27     $parent_file = 'edit.php'; 
    28     $submenu_file = 'edit-comments.php'; 
    2929    $editing = true; 
    3030    require_once ('admin-header.php'); 

  • trunk/wp-admin/page.php

    r3759 r3783  
    22require_once('admin.php'); 
    33 
     4$parent_file = 'edit.php'; 
     5$submenu_file = 'edit-pages.php'; 
    46$wpvarstoreset = array('action'); 
    57 
     
    5456case 'edit': 
    5557    $title = __('Edit'); 
    56     $parent_file = 'edit.php'; 
    57     $submenu_file = 'edit-pages.php'; 
    5858    $editing = true; 
    5959    require_once('admin-header.php'); 

  • trunk/wp-admin/post.php

    r3759 r3783  
    22require_once('admin.php'); 
    33 
     4$parent_file = 'edit.php'; 
     5$submenu_file = 'edit.php'; 
    46$wpvarstoreset = array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder' ); 
    57 
     
    2527case 'postajaxpost': 
    2628case 'post': 
     29    $parent_file = 'post-new.php'; 
     30    $submenu_file = 'post-new.php'; 
    2731    check_admin_referer('add-post'); 
    2832     
     
    5559case 'edit': 
    5660    $title = __('Edit'); 
    57     $parent_file = 'edit.php'; 
    58     $submenu_file = 'edit.php'; 
    5961    $editing = true; 
    6062    require_once('admin-header.php'); 

  • trunk/wp-admin/profile-update.php

    r3759 r3783  
    11<?php 
    22 
     3$parent_file = 'profile.php'; 
     4$submenu_file = 'profile.php'; 
    35require_once('admin.php'); 
    46 

  • trunk/wp-admin/wp-admin.css

    r3770 r3783  
    362362} 
    363363 
    364 .updated
     364.updated, .confirm
    365365    background: #CFEBF7 url(images/notice.gif) no-repeat 1em ; 
    366366    border: 1px solid #2580B2; 

  • trunk/wp-includes/pluggable-functions.php

    r3774 r3783  
    230230if ( !function_exists('check_admin_referer') ) : 
    231231function check_admin_referer($action = -1) { 
    232     global $pagenow
     232    global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
    233233    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 
    234234    $referer = strtolower($_SERVER['HTTP_REFERER']); 
    235235    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && 
    236236        !(-1 == $action && strstr($referer, $adminurl)) ) { 
    237          
    238         $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n"
    239         $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n"
    240         $html .= "</head>\n<body>\n"
     237        if ( $referer )  
     238           $adminurl = $referer
     239        $title = __('WordPress Confirmation')
     240        require_once(ABSPATH . '/wp-admin/admin-header.php')
    241241        if ( $_POST ) { 
    242242            $q = http_build_query($_POST); 
     
    249249            } 
    250250            $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 
    251             $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n"; 
     251            $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 
    252252        } else { 
    253             $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n"; 
     253            $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 
    254254        } 
    255255        $html .= "</body>\n</html>"; 
    256  
    257         die($html); 
     256        echo $html; 
     257        include_once(ABSPATH . '/wp-admin/admin-footer.php'); 
     258        die(); 
    258259    } 
    259260    do_action('check_admin_referer', $action);