Changeset 3936

Show
Ignore:
Timestamp:
06/27/06 22:57:49 (3 years ago)
Author:
ryan
Message:

wp_explain_nonce() and wp_nonce_ays(). Props mdawaffe. #2734

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • branches/2.0/wp-includes/functions.php

    r3920 r3936  
    23512351} 
    23522352 
     2353function wp_explain_nonce($action) { 
     2354    if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) { 
     2355        $verb = $matches[1]; 
     2356        $noun = $matches[2]; 
     2357 
     2358        $trans = array(); 
     2359        $trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title'); 
     2360 
     2361        $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false); 
     2362        $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname'); 
     2363        $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname'); 
     2364 
     2365        $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id'); 
     2366        $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id'); 
     2367        $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id'); 
     2368        $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id'); 
     2369        $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false); 
     2370        $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false); 
     2371 
     2372        $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false); 
     2373        $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id'); 
     2374        $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id'); 
     2375        $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false); 
     2376 
     2377        $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false); 
     2378        $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title'); 
     2379        $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title'); 
     2380 
     2381        $trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id'); 
     2382        $trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id'); 
     2383        $trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id'); 
     2384 
     2385        $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false); 
     2386        $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title'); 
     2387        $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title'); 
     2388 
     2389        $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false); 
     2390        $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false); 
     2391        $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false); 
     2392        $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name'); 
     2393        $trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name'); 
     2394 
     2395        $trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false); 
     2396        $trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id'); 
     2397        $trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id'); 
     2398        $trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id'); 
     2399        $trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id'); 
     2400 
     2401        if ( isset($trans[$verb][$noun]) ) { 
     2402            if ( !empty($trans[$verb][$noun][1]) ) { 
     2403                $lookup = $trans[$verb][$noun][1]; 
     2404                $object = $matches[4]; 
     2405                if ( 'use_id' != $lookup ) 
     2406                    $object = call_user_func($lookup, $object); 
     2407                return sprintf($trans[$verb][$noun][0], $object); 
     2408            } else { 
     2409                return $trans[$verb][$noun][0]; 
     2410            } 
     2411        } 
     2412    } 
     2413 
     2414    return __('Are you sure you want to do this'); 
     2415} 
     2416 
     2417function wp_nonce_ays($action) { 
     2418    global $pagenow, $menu, $submenu, $parent_file, $submenu_file; 
     2419 
     2420    $adminurl = get_settings('siteurl') . '/wp-admin'; 
     2421    if ( wp_get_referer() ) 
     2422        $adminurl = wp_get_referer(); 
     2423 
     2424    $title = __('WordPress Confirmation'); 
     2425    require_once(ABSPATH . '/wp-admin/admin-header.php'); 
     2426    // Remove extra layer of slashes. 
     2427    $_POST   = stripslashes_deep($_POST  ); 
     2428    if ( $_POST ) { 
     2429        $q = http_build_query($_POST); 
     2430        $q = explode( ini_get('arg_separator.output'), $q); 
     2431        $html .= "\t<form method='post' action='$pagenow'>\n"; 
     2432        foreach ( (array) $q as $a ) { 
     2433            $v = substr(strstr($a, '='), 1); 
     2434            $k = substr($a, 0, -(strlen($v)+1)); 
     2435            $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 
     2436        } 
     2437        $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 
     2438        $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n"; 
     2439    } else { 
     2440        $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n"; 
     2441    } 
     2442    $html .= "</body>\n</html>"; 
     2443    echo $html; 
     2444    include_once(ABSPATH . '/wp-admin/admin-footer.php'); 
     2445} 
     2446 
    23532447?> 

  • branches/2.0/wp-includes/pluggable-functions.php

    r3927 r3936  
    230230if ( !function_exists('check_admin_referer') ) : 
    231231function check_admin_referer($action = -1) { 
    232     global $pagenow; 
    233232    $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; 
    234233    $referer = strtolower(wp_get_referer()); 
    235234    if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && 
    236235        !(-1 == $action && strstr($referer, $adminurl)) ) { 
    237          
    238         $html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n"; 
    239         $html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n"; 
    240         $html .= "</head>\n<body>\n"; 
    241         // Remove extra layer of slashes. 
    242         $_POST   = stripslashes_deep($_POST  ); 
    243         if ( $_POST ) { 
    244             $q = http_build_query($_POST); 
    245             $q = explode( ini_get('arg_separator.output'), $q); 
    246             $html .= "\t<form method='post' action='$pagenow'>\n"; 
    247             foreach ( (array) $q as $a ) { 
    248                 $v = substr(strstr($a, '='), 1); 
    249                 $k = substr($a, 0, -(strlen($v)+1)); 
    250                 $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n"; 
    251             } 
    252             $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n"; 
    253             $html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n"; 
    254         } else { 
    255             $html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n"; 
    256         } 
    257         $html .= "</body>\n</html>"; 
    258  
    259         die($html); 
    260     } 
    261     do_action('check_admin_referer'); 
    262 }endif; 
     236        wp_nonce_ays($action); 
     237        die(); 
     238    } 
     239    do_action('check_admin_referer', $action); 
     240
     241endif; 
    263242 
    264243if ( !function_exists('check_ajax_referer') ) :