Nonce delete comment. Props mdawaffe. fixes #3103
git-svn-id: http://svn.automattic.com/wordpress/trunk@4162 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
3017bb3bc8
commit
30dcdb6b49
|
@ -5,7 +5,6 @@ require_once('admin-db.php');
|
||||||
|
|
||||||
define('DOING_AJAX', true);
|
define('DOING_AJAX', true);
|
||||||
|
|
||||||
|
|
||||||
check_ajax_referer();
|
check_ajax_referer();
|
||||||
if ( !is_user_logged_in() )
|
if ( !is_user_logged_in() )
|
||||||
die('-1');
|
die('-1');
|
||||||
|
@ -17,7 +16,7 @@ function wp_ajax_echo_meta( $pid, $mid, $key, $value ) {
|
||||||
$value = wp_specialchars($value, true);
|
$value = wp_specialchars($value, true);
|
||||||
$key_js = addslashes(wp_specialchars($key, 'double'));
|
$key_js = addslashes(wp_specialchars($key, 'double'));
|
||||||
$key = wp_specialchars($key, true);
|
$key = wp_specialchars($key, true);
|
||||||
$r = "<meta><id>$mid</id><postid>$pid</postid><newitem><![CDATA[<table><tbody>";
|
$r = "<meta><id>$mid</id><postid>$pid</postid><newitem><![CDATA[";
|
||||||
$r .= "<tr id='meta-$mid'><td valign='top'>";
|
$r .= "<tr id='meta-$mid'><td valign='top'>";
|
||||||
$r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />";
|
$r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />";
|
||||||
$r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
|
$r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
|
||||||
|
@ -25,7 +24,7 @@ function wp_ajax_echo_meta( $pid, $mid, $key, $value ) {
|
||||||
$r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";
|
$r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";
|
||||||
$r .= sprintf(__("You are about to delete the "%s" custom field on this post.\\n"OK" to delete, "Cancel" to stop."), $key_js);
|
$r .= sprintf(__("You are about to delete the "%s" custom field on this post.\\n"OK" to delete, "Cancel" to stop."), $key_js);
|
||||||
$r .= "' );\" class='deletemeta' tabindex='6' value='Delete' />";
|
$r .= "' );\" class='deletemeta' tabindex='6' value='Delete' />";
|
||||||
$r .= "</td></tr></tbody></table>]]></newitem></meta>";
|
$r .= "</td></tr>]]></newitem></meta>";
|
||||||
return $r;
|
return $r;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -148,9 +147,9 @@ case 'add-cat' : // From Manage->Categories
|
||||||
$cat_full_name = wp_specialchars( $cat_full_name, 1 );
|
$cat_full_name = wp_specialchars( $cat_full_name, 1 );
|
||||||
|
|
||||||
$r = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
|
$r = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
|
||||||
$r .= "<cat><id>$cat->cat_ID</id><name>$cat_full_name</name><newitem><![CDATA[<table><tbody>";
|
$r .= "<cat><id>$cat->cat_ID</id><name>$cat_full_name</name><newitem><![CDATA[";
|
||||||
$r .= _cat_row( $cat, $level, $cat_full_name );
|
$r .= _cat_row( $cat, $level, $cat_full_name );
|
||||||
$r .= "</tbody></table>]]></newitem></cat></ajaxresponse>";
|
$r .= "]]></newitem></cat></ajaxresponse>";
|
||||||
header('Content-type: text/xml');
|
header('Content-type: text/xml');
|
||||||
die($r);
|
die($r);
|
||||||
break;
|
break;
|
||||||
|
@ -207,9 +206,9 @@ case 'add-user' :
|
||||||
} elseif ( !$user_id ) {
|
} elseif ( !$user_id ) {
|
||||||
die('0');
|
die('0');
|
||||||
}
|
}
|
||||||
$r = "<?xml version='1.0' standalone='yes'?><ajaxresponse><user><id>$user_id</id><newitem><![CDATA[<table><tbody>";
|
$r = "<?xml version='1.0' standalone='yes'?><ajaxresponse><user><id>$user_id</id><newitem><![CDATA[";
|
||||||
$r .= user_row( $user_id );
|
$r .= user_row( $user_id );
|
||||||
$r .= "</tbody></table>]]></newitem></user></ajaxresponse>";
|
$r .= "]]></newitem></user></ajaxresponse>";
|
||||||
header('Content-type: text/xml');
|
header('Content-type: text/xml');
|
||||||
die($r);
|
die($r);
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -5,31 +5,10 @@ cache_javascript_headers();
|
||||||
addLoadEvent(function(){catList=new listMan('categorychecklist');catList.ajaxRespEl='jaxcat';catList.topAdder=1;catList.alt=0;catList.showLink=0;});
|
addLoadEvent(function(){catList=new listMan('categorychecklist');catList.ajaxRespEl='jaxcat';catList.topAdder=1;catList.alt=0;catList.showLink=0;});
|
||||||
addLoadEvent(newCatAddIn);
|
addLoadEvent(newCatAddIn);
|
||||||
function newCatAddIn() {
|
function newCatAddIn() {
|
||||||
if ( !document.getElementById('jaxcat') ) return false;
|
var jaxcat = $('jaxcat');
|
||||||
var ajaxcat = document.createElement('span');
|
if ( !jaxcat )
|
||||||
ajaxcat.id = 'ajaxcat';
|
return false;
|
||||||
|
jaxcat.update('<span id="ajaxcat"><input type="text" name="newcat" id="newcat" size="16" autocomplete="off"/><input type="button" name="Button" id="catadd" value="Add"/><span id="howto"><?php _e('Separate multiple categories with commas.'); ?></span></span>');
|
||||||
newcat = document.createElement('input');
|
$('newcat').onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','jaxcat');", e); };
|
||||||
newcat.type = 'text';
|
$('catadd').onclick = function() { catList.ajaxAdder('category', 'jaxcat'); };
|
||||||
newcat.name = 'newcat';
|
|
||||||
newcat.id = 'newcat';
|
|
||||||
newcat.size = '16';
|
|
||||||
newcat.setAttribute('autocomplete', 'off');
|
|
||||||
newcat.onkeypress = function(e) { return killSubmit("catList.ajaxAdder('category','categorydiv');", e); };
|
|
||||||
|
|
||||||
var newcatSub = document.createElement('input');
|
|
||||||
newcatSub.type = 'button';
|
|
||||||
newcatSub.name = 'Button';
|
|
||||||
newcatSub.id = 'catadd';
|
|
||||||
newcatSub.value = 'Add';
|
|
||||||
newcatSub.onclick = function() { catList.ajaxAdder('category', 'categorydiv'); };
|
|
||||||
|
|
||||||
ajaxcat.appendChild(newcat);
|
|
||||||
ajaxcat.appendChild(newcatSub);
|
|
||||||
document.getElementById('jaxcat').appendChild(ajaxcat);
|
|
||||||
|
|
||||||
howto = document.createElement('span');
|
|
||||||
howto.innerHTML = "<?php _e('Separate multiple categories with commas.'); ?>";
|
|
||||||
howto.id = 'howto';
|
|
||||||
ajaxcat.appendChild(howto);
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
function customFieldsOnComplete() {
|
function customFieldsOnComplete() {
|
||||||
var pidEl = document.getElementById('post_ID');
|
var pidEl = $('post_ID');
|
||||||
pidEl.name = 'post_ID';
|
pidEl.name = 'post_ID';
|
||||||
pidEl.value = getNodeValue(theList.ajaxAdd.responseXML, 'postid');
|
pidEl.value = getNodeValue(theList.ajaxAdd.responseXML, 'postid');
|
||||||
var aEl = document.getElementById('hiddenaction')
|
var aEl = $('hiddenaction')
|
||||||
if ( aEl.value == 'post' ) aEl.value = 'postajaxpost';
|
if ( aEl.value == 'post' ) aEl.value = 'postajaxpost';
|
||||||
}
|
}
|
||||||
addLoadEvent(customFieldsAddIn);
|
addLoadEvent(customFieldsAddIn);
|
||||||
|
@ -21,6 +21,6 @@ function customFieldsAddIn() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
document.getElementById('metakeyinput').onkeypress = function(e) {return killSubmit('theList.inputData+="&id="+document.getElementById("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
|
$('metakeyinput').onkeypress = function(e) {return killSubmit('theList.inputData+="&id="+$("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
|
||||||
document.getElementById('updatemetasub').onclick = function(e) {return killSubmit('theList.inputData+="&id="+document.getElementById("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
|
$('updatemetasub').onclick = function(e) {return killSubmit('theList.inputData+="&id="+$("post_ID").value;theList.ajaxAdder("meta", "newmeta");', e); };
|
||||||
}
|
}
|
||||||
|
|
|
@ -66,8 +66,8 @@ addLoadEvent(focusit);
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row" valign="top"><?php _e('Delete'); ?>:</th>
|
<th scope="row" valign="top"><?php _e('Delete'); $delete_nonce = wp_create_nonce( 'delete-comment_' . $comment->comment_ID ); ?>:</th>
|
||||||
<td><input name="deletecomment" class="button" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"return confirm('" . __("You are about to delete this comment \\n \'Cancel\' to stop, \'OK\' to delete.") . "')\""; ?> />
|
<td><input name="deletecomment" class="button" type="submit" id="deletecomment" tabindex="10" value="<?php _e('Delete this comment') ?>" <?php echo "onclick=\"if ( confirm('" . __("You are about to delete this comment \\n \'Cancel\' to stop, \'OK\' to delete.") . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true; } return false;\""; ?> />
|
||||||
<input type="hidden" name="comment" value="<?php echo $comment->comment_ID ?>" />
|
<input type="hidden" name="comment" value="<?php echo $comment->comment_ID ?>" />
|
||||||
<input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
|
<input type="hidden" name="p" value="<?php echo $comment->comment_post_ID ?>" />
|
||||||
<input type="hidden" name="noredir" value="1" />
|
<input type="hidden" name="noredir" value="1" />
|
||||||
|
|
|
@ -19,9 +19,11 @@ class WP_Scripts {
|
||||||
$this->add( 'wp_tiny_mce', '/wp-includes/js/tinymce/tiny_mce_config.php', array('tiny_mce'), '04162006' );
|
$this->add( 'wp_tiny_mce', '/wp-includes/js/tinymce/tiny_mce_config.php', array('tiny_mce'), '04162006' );
|
||||||
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.5.0');
|
$this->add( 'prototype', '/wp-includes/js/prototype.js', false, '1.5.0');
|
||||||
$this->add( 'autosave', '/wp-includes/js/autosave.js.php', array('prototype', 'sack'), '4107');
|
$this->add( 'autosave', '/wp-includes/js/autosave.js.php', array('prototype', 'sack'), '4107');
|
||||||
|
$this->add( 'wp-ajax', '/wp-includes/js/wp-ajax-js.php', array('prototype'), rand());
|
||||||
|
$this->add( 'listman', '/wp-includes/js/list-manipulation-js.php', array('wp-ajax', 'fat'), rand());
|
||||||
if ( is_admin() ) {
|
if ( is_admin() ) {
|
||||||
$this->add( 'dbx-admin-key', '/wp-admin/dbx-admin-key-js.php', array('dbx'), '3651' );
|
$this->add( 'dbx-admin-key', '/wp-admin/dbx-admin-key-js.php', array('dbx'), '3651' );
|
||||||
$this->add( 'listman', '/wp-admin/list-manipulation-js.php', array('sack', 'fat'), '4042' ); // Make changeset # the correct one
|
$this->add( 'listman-old', '/wp-admin/list-manipulation-js.php', array('sack', 'fat'), '4042' ); // Make changeset # the correct one
|
||||||
$this->add( 'ajaxcat', '/wp-admin/cat-js.php', array('listman'), '3684' );
|
$this->add( 'ajaxcat', '/wp-admin/cat-js.php', array('listman'), '3684' );
|
||||||
$this->add( 'admin-categories', '/wp-admin/categories.js', array('listman'), '3684' );
|
$this->add( 'admin-categories', '/wp-admin/categories.js', array('listman'), '3684' );
|
||||||
$this->add( 'admin-custom-fields', '/wp-admin/custom-fields.js', array('listman'), '3733' );
|
$this->add( 'admin-custom-fields', '/wp-admin/custom-fields.js', array('listman'), '3733' );
|
||||||
|
|
Loading…
Reference in New Issue