Navigation

← Previous Changeset
Next Changeset →

Changeset 6813

Timestamp:

02/13/08 17:39:40 (3 months ago)

Author:

ryan

Message:

Make Nonce Mismatch Fail Instead of AYS. Props filosofo. fixes #5838 for 2.5

Files:

trunk/wp-includes/functions.php (modified) (2 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/wp-includes/functions.php

r6789	r6813
1209	1209
1210	1210	$trans = array();
1211		$trans['update']['attachment'] = array( __( '~~Are you sure you want to edit this attachment: "%s"?~~' ), 'get_the_title' );
1212
1213		$trans['add']['category'] = array( __( '~~Are you sure you want to add this category?~~' ), false );
1214		$trans['delete']['category'] = array( __( '~~Are you sure you want to delete this category: "%s"?~~' ), 'get_catname' );
1215		$trans['update']['category'] = array( __( '~~Are you sure you want to edit this category: "%s"?~~' ), 'get_catname' );
1216
1217		$trans['delete']['comment'] = array( __( '~~Are you sure you want to delete this comment: "%s"?~~' ), 'use_id' );
1218		$trans['unapprove']['comment'] = array( __( '~~Are you sure you want to unapprove this comment: "%s"?~~' ), 'use_id' );
1219		$trans['approve']['comment'] = array( __( '~~Are you sure you want to approve this comment: "%s"?~~' ), 'use_id' );
1220		$trans['update']['comment'] = array( __( '~~Are you sure you want to edit this comment: "%s"?~~' ), 'use_id' );
1221		$trans['bulk']['comments'] = array( __( '~~Are you sure you want to bulk modify comments?~~' ), false );
1222		$trans['moderate']['comments'] = array( __( '~~Are you sure you want to moderate comments?~~' ), false );
1223
1224		$trans['add']['bookmark'] = array( __( '~~Are you sure you want to add this link?~~' ), false );
1225		$trans['delete']['bookmark'] = array( __( '~~Are you sure you want to delete this link: "%s"?~~' ), 'use_id' );
1226		$trans['update']['bookmark'] = array( __( '~~Are you sure you want to edit this link: "%s"?~~' ), 'use_id' );
1227		$trans['bulk']['bookmarks'] = array( __( '~~Are you sure you want to bulk modify links?~~' ), false );
1228
1229		$trans['add']['page'] = array( __( '~~Are you sure you want to add this page?~~' ), false );
1230		$trans['delete']['page'] = array( __( '~~Are you sure you want to delete this page: "%s"?~~' ), 'get_the_title' );
1231		$trans['update']['page'] = array( __( '~~Are you sure you want to edit this page: "%s"?~~' ), 'get_the_title' );
1232
1233		$trans['edit']['plugin'] = array( __( '~~Are you sure you want to edit this plugin file: "%s"?~~' ), 'use_id' );
1234		$trans['activate']['plugin'] = array( __( '~~Are you sure you want to activate this plugin: "%s"?~~' ), 'use_id' );
1235		$trans['deactivate']['plugin'] = array( __( '~~Are you sure you want to deactivate this plugin: "%s"?~~' ), 'use_id' );
1236
1237		$trans['add']['post'] = array( __( '~~Are you sure you want to add this post?~~' ), false );
1238		$trans['delete']['post'] = array( __( '~~Are you sure you want to delete this post: "%s"?~~' ), 'get_the_title' );
1239		$trans['update']['post'] = array( __( '~~Are you sure you want to edit this post: "%s"?~~' ), 'get_the_title' );
1240
1241		$trans['add']['user'] = array( __( '~~Are you sure you want to add this user?~~' ), false );
1242		$trans['delete']['users'] = array( __( '~~Are you sure you want to delete users?~~' ), false );
1243		$trans['bulk']['users'] = array( __( '~~Are you sure you want to bulk modify users?~~' ), false );
1244		$trans['update']['user'] = array( __( '~~Are you sure you want to edit this user: "%s"?~~' ), 'get_author_name' );
1245		$trans['update']['profile'] = array( __( '~~Are you sure you want to modify the profile for: "%s"?~~' ), 'get_author_name' );
1246
1247		$trans['update']['options'] = array( __( '~~Are you sure you want to edit your settings?~~' ), false );
1248		$trans['update']['permalink'] = array( __( '~~Are you sure you want to change your permalink structure to: %s?~~' ), 'use_id' );
1249		$trans['edit']['file'] = array( __( '~~Are you sure you want to edit this file: "%s"?~~' ), 'use_id' );
1250		$trans['edit']['theme'] = array( __( '~~Are you sure you want to edit this theme file: "%s"?~~' ), 'use_id' );
1251		$trans['switch']['theme'] = array( __( '~~Are you sure you want to switch to this theme: "%s"?~~' ), 'use_id' );
	1211	$trans['update']['attachment'] = array( __( 'Your attempt to edit this attachment: "%s" has failed.' ), 'get_the_title' );
	1212
	1213	$trans['add']['category'] = array( __( 'Your attempt to add this category has failed.' ), false );
	1214	$trans['delete']['category'] = array( __( 'Your attempt to delete this category: "%s" has failed.' ), 'get_catname' );
	1215	$trans['update']['category'] = array( __( 'Your attempt to edit this category: "%s" has failed.' ), 'get_catname' );
	1216
	1217	$trans['delete']['comment'] = array( __( 'Your attempt to delete this comment: "%s" has failed.' ), 'use_id' );
	1218	$trans['unapprove']['comment'] = array( __( 'Your attempt to unapprove this comment: "%s" has failed.' ), 'use_id' );
	1219	$trans['approve']['comment'] = array( __( 'Your attempt to approve this comment: "%s" has failed.' ), 'use_id' );
	1220	$trans['update']['comment'] = array( __( 'Your attempt to edit this comment: "%s" has failed.' ), 'use_id' );
	1221	$trans['bulk']['comments'] = array( __( 'Your attempt to bulk modify comments has failed.' ), false );
	1222	$trans['moderate']['comments'] = array( __( 'Your attempt to moderate comments has failed.' ), false );
	1223
	1224	$trans['add']['bookmark'] = array( __( 'Your attempt to add this link has failed.' ), false );
	1225	$trans['delete']['bookmark'] = array( __( 'Your attempt to delete this link: "%s" has failed.' ), 'use_id' );
	1226	$trans['update']['bookmark'] = array( __( 'Your attempt to edit this link: "%s" has failed.' ), 'use_id' );
	1227	$trans['bulk']['bookmarks'] = array( __( 'Your attempt to bulk modify links has failed.' ), false );
	1228
	1229	$trans['add']['page'] = array( __( 'Your attempt to add this page has failed.' ), false );
	1230	$trans['delete']['page'] = array( __( 'Your attempt to delete this page: "%s" has failed.' ), 'get_the_title' );
	1231	$trans['update']['page'] = array( __( 'Your attempt to edit this page: "%s" has failed.' ), 'get_the_title' );
	1232
	1233	$trans['edit']['plugin'] = array( __( 'Your attempt to edit this plugin file: "%s" has failed.' ), 'use_id' );
	1234	$trans['activate']['plugin'] = array( __( 'Your attempt to activate this plugin: "%s" has failed.' ), 'use_id' );
	1235	$trans['deactivate']['plugin'] = array( __( 'Your attempt to deactivate this plugin: "%s" has failed.' ), 'use_id' );
	1236
	1237	$trans['add']['post'] = array( __( 'Your attempt to add this post has failed.' ), false );
	1238	$trans['delete']['post'] = array( __( 'Your attempt to delete this post: "%s" has failed.' ), 'get_the_title' );
	1239	$trans['update']['post'] = array( __( 'Your attempt to edit this post: "%s" has failed.' ), 'get_the_title' );
	1240
	1241	$trans['add']['user'] = array( __( 'Your attempt to add this user has failed.' ), false );
	1242	$trans['delete']['users'] = array( __( 'Your attempt to delete users has failed.' ), false );
	1243	$trans['bulk']['users'] = array( __( 'Your attempt to bulk modify users has failed.' ), false );
	1244	$trans['update']['user'] = array( __( 'Your attempt to edit this user: "%s" has failed.' ), 'get_author_name' );
	1245	$trans['update']['profile'] = array( __( 'Your attempt to modify the profile for: "%s" has failed.' ), 'get_author_name' );
	1246
	1247	$trans['update']['options'] = array( __( 'Your attempt to edit your settings has failed.' ), false );
	1248	$trans['update']['permalink'] = array( __( 'Your attempt to change your permalink structure to: %s has failed.' ), 'use_id' );
	1249	$trans['edit']['file'] = array( __( 'Your attempt to edit this file: "%s" has failed.' ), 'use_id' );
	1250	$trans['edit']['theme'] = array( __( 'Your attempt to edit this theme file: "%s" has failed.' ), 'use_id' );
	1251	$trans['switch']['theme'] = array( __( 'Your attempt to switch to this theme: "%s" has failed.' ), 'use_id' );
1252	1252
1253	1253	if ( isset( $trans[$verb][$noun] ) ) {
…	…
1270	1270	function wp_nonce_ays( $action ) {
1271	1271	global $pagenow;
1272
1273		$~~adminurl = get_option( 'siteurl' ) . '/wp-admin'~~;
	1272	$title = __( 'WordPress Failure Notice' );
	1273	$html .= "\t<div id='message' class='updated fade'>\n\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t<p>";
1274	1274	if ( wp_get_referer() )
1275		$adminurl = clean_url( wp_get_referer() );
1276
1277		$title = __( 'WordPress Confirmation' );
1278		// Remove extra layer of slashes.
1279		$_POST = stripslashes_deep( $_POST );
1280		if ( $_POST ) {
1281		$q = http_build_query( $_POST );
1282		$q = explode( ini_get( 'arg_separator.output' ), $q);
1283		$html .= "\t<form method='post' action='" . attribute_escape( $pagenow ) . "'>\n";
1284		foreach ( (array) $q as $a ) {
1285		$v = substr( strstr( $a, '=' ), 1 );
1286		$k = substr( $a, 0, -( strlen( $v ) + 1 ) );
1287		$html .= "\t\t<input type='hidden' name='" . attribute_escape( urldecode( $k ) ) . "' value='" . attribute_escape( urldecode( $v ) ) . "' />\n";
1288		}
1289		$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce( $action ) . "' />\n";
1290		$html .= "\t\t<div id='message' class='updated fade'>\n\t\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t\t<p><a href='$adminurl'>" . __( 'No' ) . "</a> <input type='submit' value='" . __( 'Yes' ) . "' /></p>\n\t\t</div>\n\t</form>\n";
1291		} else {
1292		$html .= "\t<div id='message' class='updated fade'>\n\t<p>" . wp_specialchars( wp_explain_nonce( $action ) ) . "</p>\n\t<p><a href='$adminurl'>" . __( 'No' ) . "</a> <a href='" . clean_url( add_query_arg( '_wpnonce', wp_create_nonce( $action ), $_SERVER['REQUEST_URI'] ) ) . "'>" . __( 'Yes' ) . "</a></p>\n\t</div>\n";
1293		}
	1275	$html .= "<a href='" . remove_query_arg( 'updated', clean_url( wp_get_referer() ) ) . "'>" . __( 'Please try again.' ) . "</a>";
	1276	$html .= "</p>\n\t</div>\n";
1294	1277	$html .= "</body>\n</html>";
1295	1278	wp_die( $html, $title );

Navigation

Changeset 6813

Legend:

trunk/wp-includes/functions.php

Download in other formats: