Backport nonces and pluggable cookies.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@3771 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
e1e33b5eea
commit
7428c2fbbc
|
@ -643,7 +643,7 @@ function page_rows($parent = 0, $level = 0, $pages = 0) {
|
||||||
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
|
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
|
||||||
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
|
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
|
||||||
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$id' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
||||||
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-page' . $id) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -17,7 +17,7 @@ nocache_headers();
|
||||||
|
|
||||||
update_category_cache();
|
update_category_cache();
|
||||||
|
|
||||||
get_currentuserinfo();
|
wp_get_current_user();
|
||||||
|
|
||||||
$posts_per_page = get_settings('posts_per_page');
|
$posts_per_page = get_settings('posts_per_page');
|
||||||
$what_to_show = get_settings('what_to_show');
|
$what_to_show = get_settings('what_to_show');
|
||||||
|
|
|
@ -25,7 +25,7 @@ switch($action) {
|
||||||
|
|
||||||
case 'addcat':
|
case 'addcat':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('add-category');
|
||||||
|
|
||||||
if ( !current_user_can('manage_categories') )
|
if ( !current_user_can('manage_categories') )
|
||||||
die (__('Cheatin’ uh?'));
|
die (__('Cheatin’ uh?'));
|
||||||
|
@ -36,13 +36,12 @@ case 'addcat':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
|
$cat_ID = (int) $_GET['cat_ID'];
|
||||||
check_admin_referer();
|
check_admin_referer('delete-category' . $cat_ID);
|
||||||
|
|
||||||
if ( !current_user_can('manage_categories') )
|
if ( !current_user_can('manage_categories') )
|
||||||
die (__('Cheatin’ uh?'));
|
die (__('Cheatin’ uh?'));
|
||||||
|
|
||||||
$cat_ID = (int) $_GET['cat_ID'];
|
|
||||||
$cat_name = get_catname($cat_ID);
|
$cat_name = get_catname($cat_ID);
|
||||||
|
|
||||||
if ( 1 == $cat_ID )
|
if ( 1 == $cat_ID )
|
||||||
|
@ -64,6 +63,7 @@ case 'edit':
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Edit Category') ?></h2>
|
<h2><?php _e('Edit Category') ?></h2>
|
||||||
<form name="editcat" action="categories.php" method="post">
|
<form name="editcat" action="categories.php" method="post">
|
||||||
|
<?php wp_nonce_field('update-category' . $category->cat_ID); ?>
|
||||||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<th width="33%" scope="row"><?php _e('Category name:') ?></th>
|
<th width="33%" scope="row"><?php _e('Category name:') ?></th>
|
||||||
|
@ -96,7 +96,8 @@ case 'edit':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'editedcat':
|
case 'editedcat':
|
||||||
check_admin_referer();
|
$cat_ID = (int) $_POST['cat_ID'];
|
||||||
|
check_admin_referer('update-category' . $cat_ID);
|
||||||
|
|
||||||
if ( !current_user_can('manage_categories') )
|
if ( !current_user_can('manage_categories') )
|
||||||
die (__('Cheatin’ uh?'));
|
die (__('Cheatin’ uh?'));
|
||||||
|
@ -150,7 +151,7 @@ cat_rows();
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Add New Category') ?></h2>
|
<h2><?php _e('Add New Category') ?></h2>
|
||||||
<form name="addcat" id="addcat" action="categories.php" method="post">
|
<form name="addcat" id="addcat" action="categories.php" method="post">
|
||||||
|
<?php wp_nonce_field('add-category'); ?>
|
||||||
<p><?php _e('Name:') ?><br />
|
<p><?php _e('Name:') ?><br />
|
||||||
<input type="text" name="cat_name" value="" /></p>
|
<input type="text" name="cat_name" value="" /></p>
|
||||||
<p><?php _e('Category parent:') ?><br />
|
<p><?php _e('Category parent:') ?><br />
|
||||||
|
|
|
@ -39,7 +39,7 @@ function checkAll(form)
|
||||||
<p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
|
<p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
|
||||||
<?php
|
<?php
|
||||||
if ( !empty( $_POST['delete_comments'] ) ) :
|
if ( !empty( $_POST['delete_comments'] ) ) :
|
||||||
check_admin_referer();
|
check_admin_referer('bulk-comments');
|
||||||
|
|
||||||
$i = 0;
|
$i = 0;
|
||||||
foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
|
foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
|
||||||
|
@ -98,7 +98,7 @@ if ('view' == $mode) {
|
||||||
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
|
<p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');
|
||||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||||
echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
|
echo " | <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
|
||||||
echo " | <a href=\"post.php?action=deletecomment&p=".$comment->comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars( $comment->comment_author, 1 )) . "' );\">" . __('Delete Comment') . "</a> — ";
|
echo ' | <a href="' . wp_nonce_url('comment.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return deleteSomething( \'comment\', ' . $comment->comment_ID . ', \'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "' );\">" . __('Delete Comment') . '</a> ';
|
||||||
} // end if any comments to show
|
} // end if any comments to show
|
||||||
// Get post title
|
// Get post title
|
||||||
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
|
||||||
|
@ -126,8 +126,9 @@ if ('view' == $mode) {
|
||||||
} elseif ('edit' == $mode) {
|
} elseif ('edit' == $mode) {
|
||||||
|
|
||||||
if ($comments) {
|
if ($comments) {
|
||||||
echo '<form name="deletecomments" id="deletecomments" action="" method="post">
|
echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
|
||||||
<table width="100%" cellpadding="3" cellspacing="3">
|
wp_nonce_field('bulk-comments');
|
||||||
|
echo '<table width="100%" cellpadding="3" cellspacing="3">
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="col">*</th>
|
<th scope="col">*</th>
|
||||||
<th scope="col">' . __('Name') . '</th>
|
<th scope="col">' . __('Name') . '</th>
|
||||||
|
|
|
@ -22,9 +22,11 @@ if (0 == $post_ID) {
|
||||||
$form_action = 'post';
|
$form_action = 'post';
|
||||||
$temp_ID = -1 * time();
|
$temp_ID = -1 * time();
|
||||||
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
|
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
|
||||||
|
wp_nonce_field('add-post');
|
||||||
} else {
|
} else {
|
||||||
$form_action = 'editpost';
|
$form_action = 'editpost';
|
||||||
$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
|
$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
|
||||||
|
wp_nonce_field('update-post' . $post_ID);
|
||||||
}
|
}
|
||||||
|
|
||||||
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
|
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
|
||||||
|
@ -220,7 +222,7 @@ else
|
||||||
<?php
|
<?php
|
||||||
if (current_user_can('upload_files')) {
|
if (current_user_can('upload_files')) {
|
||||||
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
|
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
|
||||||
$uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";
|
$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
|
||||||
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
|
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
|
||||||
if ( false != $uploading_iframe_src )
|
if ( false != $uploading_iframe_src )
|
||||||
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
|
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
|
||||||
|
|
|
@ -3,8 +3,6 @@ require_once('../wp-config.php');
|
||||||
require_once('admin-functions.php');
|
require_once('admin-functions.php');
|
||||||
require_once('admin-db.php');
|
require_once('admin-db.php');
|
||||||
|
|
||||||
get_currentuserinfo();
|
|
||||||
|
|
||||||
if ( !current_user_can('manage_categories') )
|
if ( !current_user_can('manage_categories') )
|
||||||
die('-1');
|
die('-1');
|
||||||
if ( !check_ajax_referer() )
|
if ( !check_ajax_referer() )
|
||||||
|
|
|
@ -6,6 +6,7 @@ $form_extra = "' />\n<input type='hidden' name='comment_ID' value='" . $comment-
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form name="post" action="post.php" method="post" id="post">
|
<form name="post" action="post.php" method="post" id="post">
|
||||||
|
<?php wp_nonce_field('update-comment' . $comment->comment_ID) ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
|
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
|
||||||
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
|
<input type="hidden" name="action" value='<?php echo $form_action . $form_extra ?>' />
|
||||||
|
|
|
@ -4,11 +4,13 @@ if ( ! empty($link_id) ) {
|
||||||
$heading = __('Edit a link:');
|
$heading = __('Edit a link:');
|
||||||
$submit_text = __('Save Changes »');
|
$submit_text = __('Save Changes »');
|
||||||
$form = '<form action="" method="post" name="editlink" id="editlink">';
|
$form = '<form action="" method="post" name="editlink" id="editlink">';
|
||||||
|
$nonce_action = 'update-bookmark' . $link_id;
|
||||||
} else {
|
} else {
|
||||||
$editing = false;
|
$editing = false;
|
||||||
$heading = __('<strong>Add</strong> a link:');
|
$heading = __('<strong>Add</strong> a link:');
|
||||||
$submit_text = __('Add Link »');
|
$submit_text = __('Add Link »');
|
||||||
$form = '<form name="addlink" method="post" action="link-manager.php">';
|
$form = '<form name="addlink" method="post" action="link-manager.php">';
|
||||||
|
$nonce_action = 'add-bookmark';
|
||||||
}
|
}
|
||||||
|
|
||||||
function xfn_check($class, $value = '', $type = 'check') {
|
function xfn_check($class, $value = '', $type = 'check') {
|
||||||
|
@ -33,6 +35,7 @@ function xfn_check($class, $value = '', $type = 'check') {
|
||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<?php echo $form ?>
|
<?php echo $form ?>
|
||||||
|
<?php wp_nonce_field($nonce_action); ?>
|
||||||
<h2><?php echo $heading ?></h2>
|
<h2><?php echo $heading ?></h2>
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
<legend><?php _e('Basics') ?></legend>
|
<legend><?php _e('Basics') ?></legend>
|
||||||
|
|
|
@ -5,11 +5,13 @@
|
||||||
<?php
|
<?php
|
||||||
if (0 == $post_ID) {
|
if (0 == $post_ID) {
|
||||||
$form_action = 'post';
|
$form_action = 'post';
|
||||||
|
$nonce_action = 'add-post';
|
||||||
$temp_ID = -1 * time();
|
$temp_ID = -1 * time();
|
||||||
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
|
$form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
|
||||||
} else {
|
} else {
|
||||||
$form_action = 'editpost';
|
$form_action = 'editpost';
|
||||||
$form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
|
$nonce_action = 'update-post' . $post_ID;
|
||||||
|
$form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
|
||||||
}
|
}
|
||||||
|
|
||||||
$sendto = $_SERVER['HTTP_REFERER'];
|
$sendto = $_SERVER['HTTP_REFERER'];
|
||||||
|
@ -23,6 +25,8 @@ $sendto = wp_specialchars( $sendto );
|
||||||
<form name="post" action="post.php" method="post" id="post">
|
<form name="post" action="post.php" method="post" id="post">
|
||||||
|
|
||||||
<?php
|
<?php
|
||||||
|
wp_nonce_field($nonce_action);
|
||||||
|
|
||||||
if (isset($mode) && 'bookmarklet' == $mode) {
|
if (isset($mode) && 'bookmarklet' == $mode) {
|
||||||
echo '<input type="hidden" name="mode" value="bookmarklet" />';
|
echo '<input type="hidden" name="mode" value="bookmarklet" />';
|
||||||
}
|
}
|
||||||
|
@ -186,7 +190,7 @@ else
|
||||||
<?php
|
<?php
|
||||||
if (current_user_can('upload_files')) {
|
if (current_user_can('upload_files')) {
|
||||||
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
|
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
|
||||||
$uploading_iframe_src = "inline-uploading.php?action=view&post=$uploading_iframe_ID";
|
$uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&post=$uploading_iframe_ID", 'inlineuploading');
|
||||||
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
|
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
|
||||||
if ( false != $uploading_iframe_src )
|
if ( false != $uploading_iframe_src )
|
||||||
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
|
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
|
||||||
|
|
|
@ -52,7 +52,7 @@ foreach ( $posts as $post ) :
|
||||||
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
|
<td><?php echo mysql2date('Y-m-d g:i a', $post->post_modified); ?></td>
|
||||||
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
|
<td><a href="<?php the_permalink(); ?>" rel="permalink" class="edit"><?php _e('View'); ?></a></td>
|
||||||
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=edit&post=$post->ID' class='edit'>" . __('Edit') . "</a>"; } ?></td>
|
||||||
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='post.php?action=delete&post=$post->ID' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
<td><?php if ( current_user_can('edit_pages') ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'page', " . $id . ", '" . sprintf(__("You are about to delete the "%s" page.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('','',0), 1)) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
endforeach;
|
endforeach;
|
||||||
|
|
|
@ -210,7 +210,7 @@ foreach($posts_columns as $column_name=>$column_display_name) {
|
||||||
|
|
||||||
case 'control_delete':
|
case 'control_delete':
|
||||||
?>
|
?>
|
||||||
<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='post.php?action=delete&post=$id' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), wp_specialchars(get_the_title('', ''), 1) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
<td><?php if ( current_user_can('edit_post',$post->ID) ) { echo "<a href='" . wp_nonce_url("post.php?action=delete&post=$id", 'delete-post' . $post->ID) . "' class='delete' onclick=\"return deleteSomething( 'post', " . $id . ", '" . sprintf(__("You are about to delete this post "%s".\\n"OK" to delete, "Cancel" to stop."), addslashes(wp_specialchars(get_the_title(),'double')) ) . "' );\">" . __('Delete') . "</a>"; } ?></td>
|
||||||
<?php
|
<?php
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
@ -262,12 +262,13 @@ $comment_status = wp_get_comment_status($comment->comment_ID);
|
||||||
<?php
|
<?php
|
||||||
if ( current_user_can('edit_post', $post->ID) ) {
|
if ( current_user_can('edit_post', $post->ID) ) {
|
||||||
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
|
echo "[ <a href=\"post.php?action=editcomment&comment=".$comment->comment_ID."\">" . __('Edit') . "</a>";
|
||||||
echo " - <a href=\"post.php?action=deletecomment&p=".$post->ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'OK\' to delete, \'Cancel\' to stop."), wp_specialchars( $comment->comment_author, 1 )) . "')\">" . __('Delete') . "</a> ";
|
echo ' - <a href="' . wp_nonce_url('post.php?action=deletecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'delete-comment' . $comment->comment_ID) . '" onclick="return confirm(\'' . sprintf(__("You are about to delete this comment by "%s".\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($comment->comment_author, 1)) . "');\">" . __('Delete') . '</a> ';
|
||||||
|
|
||||||
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
if ( ('none' != $comment_status) && ( current_user_can('moderate_comments') ) ) {
|
||||||
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
|
if ('approved' == wp_get_comment_status($comment->comment_ID)) {
|
||||||
echo " - <a href=\"post.php?action=unapprovecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Unapprove') . "</a> ";
|
echo ' - <a href="' . wp_nonce_url('post.php?action=unapprovecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'unapprove-comment' . $comment->comment_ID) . '">' . __('Unapprove') . '</a> ';
|
||||||
} else {
|
} else {
|
||||||
echo " - <a href=\"post.php?action=approvecomment&p=".$post->ID."&comment=".$comment->comment_ID."\">" . __('Approve') . "</a> ";
|
echo ' - <a href="' . wp_nonce_url('post.php?action=approvecomment&p=' . $post->ID . '&comment=' . $comment->comment_ID, 'approve-comment' . $comment->comment_ID) . '">' . __('Approve') . '</a> ';
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
echo "]";
|
echo "]";
|
||||||
|
|
|
@ -2,8 +2,6 @@
|
||||||
|
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
|
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
|
||||||
|
|
||||||
if (!current_user_can('upload_files'))
|
if (!current_user_can('upload_files'))
|
||||||
|
@ -36,16 +34,20 @@ break;
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
|
|
||||||
|
check_admin_referer('inlineuploading');
|
||||||
|
|
||||||
if ( !current_user_can('edit_post', (int) $attachment) )
|
if ( !current_user_can('edit_post', (int) $attachment) )
|
||||||
die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&all=$all&action=upload\">".__('Go back').'</a>');
|
die(__('You are not allowed to delete this attachment.').' <a href="'.basename(__FILE__)."?post=$post&all=$all&action=upload\">".__('Go back').'</a>');
|
||||||
|
|
||||||
wp_delete_attachment($attachment);
|
wp_delete_attachment($attachment);
|
||||||
|
|
||||||
header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start");
|
header("Location: " . basename(__FILE__) ."?post=$post&all=$all&action=view&start=$start");
|
||||||
die;
|
die;
|
||||||
|
|
||||||
case 'save':
|
case 'save':
|
||||||
|
|
||||||
|
check_admin_referer('inlineuploading');
|
||||||
|
|
||||||
$overrides = array('action'=>'save');
|
$overrides = array('action'=>'save');
|
||||||
|
|
||||||
$file = wp_handle_upload($_FILES['image'], $overrides);
|
$file = wp_handle_upload($_FILES['image'], $overrides);
|
||||||
|
@ -100,7 +102,7 @@ if ( preg_match('!^image/!', $attachment['post_mime_type']) ) {
|
||||||
add_post_meta($id, '_wp_attachment_metadata', array());
|
add_post_meta($id, '_wp_attachment_metadata', array());
|
||||||
}
|
}
|
||||||
|
|
||||||
header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=0");
|
header("Location: " . basename(__FILE__) . "?post=$post&all=$all&action=view&start=0");
|
||||||
die();
|
die();
|
||||||
|
|
||||||
case 'upload':
|
case 'upload':
|
||||||
|
@ -139,7 +141,7 @@ if ( '' == $sort )
|
||||||
$attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
|
$attachments = $wpdb->get_results("SELECT ID, post_date, post_title, post_mime_type, guid FROM $wpdb->posts WHERE post_status = 'attachment' $and_type $and_post $and_user ORDER BY $sort LIMIT $start, $double", ARRAY_A);
|
||||||
|
|
||||||
if ( count($attachments) == 0 ) {
|
if ( count($attachments) == 0 ) {
|
||||||
header("Location: ".basename(__FILE__)."?post=$post&action=upload");
|
header("Location: " . basename(__FILE__) ."?post=$post&action=upload" );
|
||||||
die;
|
die;
|
||||||
} elseif ( count($attachments) > $num ) {
|
} elseif ( count($attachments) > $num ) {
|
||||||
$next = $start + count($attachments) - $num;
|
$next = $start + count($attachments) - $num;
|
||||||
|
@ -213,7 +215,7 @@ var icon = new Array();
|
||||||
</noscript>
|
</noscript>
|
||||||
";
|
";
|
||||||
$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
|
$send_delete_cancel = "<a onclick=\"sendToEditor({$ID});return false;\" href=\"javascript:void()\">$__send_to_editor</a>
|
||||||
<a onclick=\"return confirm('$__confirmdelete')\" href=\"".basename(__FILE__)."?action=delete&attachment={$ID}&all=$all&start=$start&post=$post\">$__delete</a>
|
<a onclick=\"return confirm('$__confirmdelete')\" href=\"" . wp_nonce_url( basename(__FILE__) . "?action=delete&attachment={$ID}&all=$all&start=$start&post=$post", inlineuploading) . "\">$__delete</a>
|
||||||
<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
|
<a onclick=\"popup.style.display='none';return false;\" href=\"javascript:void()\">$__close</a>
|
||||||
";
|
";
|
||||||
$uwidth_sum += 128;
|
$uwidth_sum += 128;
|
||||||
|
@ -641,25 +643,25 @@ th {
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<ul id="upload-menu">
|
<ul id="upload-menu">
|
||||||
<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__); ?>?action=upload&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $start; ?>"><?php _e('Upload'); ?></a></li>
|
<li<?php echo $current_1; ?>><a href="<?php echo basename(__FILE__) . "?action=upload&post=$post&all=$all&start=$start"; ?>"><?php _e('Upload'); ?></a></li>
|
||||||
<?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
|
<?php if ( $attachments = $wpdb->get_results("SELECT ID FROM $wpdb->posts WHERE post_parent = '$post'") ) { ?>
|
||||||
<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&post=<?php echo $post; ?>&all=false"><?php _e('Browse'); ?></a></li>
|
<li<?php echo $current_2; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=false"; ?>"><?php _e('Browse'); ?></a></li>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
|
<?php if ($wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'attachment'")) { ?>
|
||||||
<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__); ?>?action=view&post=<?php echo $post; ?>&all=true"><?php _e('Browse All'); ?></a></li>
|
<li<?php echo $current_3; ?>><a href="<?php echo basename(__FILE__) . "?action=view&post=$post&all=true"; ?>"><?php _e('Browse All'); ?></a></li>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<li> </li>
|
<li> </li>
|
||||||
<?php if ( $action == 'view' ) { ?>
|
<?php if ( $action == 'view' ) { ?>
|
||||||
<?php if ( false !== $back ) : ?>
|
<?php if ( false !== $back ) : ?>
|
||||||
<li class="spacer"><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=0" title="<?php _e('First'); ?>">|«</a></li>
|
<li class="spacer"><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=0"; ?>" title="<?php _e('First'); ?>">|«</a></li>
|
||||||
<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $back; ?>"">« <?php _e('Back'); ?></a></li>
|
<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$back"; ?>">« <?php _e('Back'); ?></a></li>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
<li class="inactive spacer">|«</li>
|
<li class="inactive spacer">|«</li>
|
||||||
<li class="inactive">« <?php _e('Back'); ?></li>
|
<li class="inactive">« <?php _e('Back'); ?></li>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
<?php if ( false !== $next ) : ?>
|
<?php if ( false !== $next ) : ?>
|
||||||
<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&start=<?php echo $next; ?>"><?php _e('Next'); ?> »</a></li>
|
<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&start=$next"; ?>"><?php _e('Next »'); ?></a></li>
|
||||||
<li><a href="<?php echo basename(__FILE__); ?>?action=<?php echo $action; ?>&post=<?php echo $post; ?>&all=<?php echo $all; ?>&last=true" title="<?php _e('Last'); ?>">»|</a></li>
|
<li><a href="<?php echo basename(__FILE__) . "?action=$action&post=$post&all=$all&last=true"; ?>" title="<?php _e('Last'); ?>">»|</a></li>
|
||||||
<?php else : ?>
|
<?php else : ?>
|
||||||
<li class="inactive"><?php _e('Next'); ?> »</li>
|
<li class="inactive"><?php _e('Next'); ?> »</li>
|
||||||
<li class="inactive">»|</li>
|
<li class="inactive">»|</li>
|
||||||
|
@ -697,6 +699,7 @@ th {
|
||||||
<input type="hidden" name="post" value="<?php echo $post; ?>" />
|
<input type="hidden" name="post" value="<?php echo $post; ?>" />
|
||||||
<input type="hidden" name="all" value="<?php echo $all; ?>" />
|
<input type="hidden" name="all" value="<?php echo $all; ?>" />
|
||||||
<input type="hidden" name="start" value="<?php echo $start; ?>" />
|
<input type="hidden" name="start" value="<?php echo $start; ?>" />
|
||||||
|
<?php wp_nonce_field( 'inlineuploading' ); ?>
|
||||||
<div id="submit">
|
<div id="submit">
|
||||||
<input type="submit" value="<?php _e('Upload'); ?>" />
|
<input type="submit" value="<?php _e('Upload'); ?>" />
|
||||||
<?php if ( !empty($all) ) : ?>
|
<?php if ( !empty($all) ) : ?>
|
||||||
|
|
|
@ -26,7 +26,7 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
case 'addcat':
|
case 'addcat':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
check_admin_referer('add-link-category');
|
||||||
|
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
@ -82,9 +82,9 @@ switch ($action) {
|
||||||
} // end addcat
|
} // end addcat
|
||||||
case 'Delete':
|
case 'Delete':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
$cat_id = (int) $_GET['cat_id'];
|
||||||
|
check_admin_referer('delete-link-category' . $cat_id);
|
||||||
|
|
||||||
$cat_id = (int) $_GET['cat_id'];
|
|
||||||
$cat_name=get_linkcatname($cat_id);
|
$cat_name=get_linkcatname($cat_id);
|
||||||
|
|
||||||
if ($cat_id=="1")
|
if ($cat_id=="1")
|
||||||
|
@ -116,6 +116,7 @@ switch ($action) {
|
||||||
<h2><?php printf(__('Edit “%s” Category'), wp_specialchars($row->cat_name)); ?></h2>
|
<h2><?php printf(__('Edit “%s” Category'), wp_specialchars($row->cat_name)); ?></h2>
|
||||||
|
|
||||||
<form name="editcat" method="post">
|
<form name="editcat" method="post">
|
||||||
|
<?php wp_nonce_field('update-link-category' . $row->cat_id) ?>
|
||||||
<input type="hidden" name="action" value="editedcat" />
|
<input type="hidden" name="action" value="editedcat" />
|
||||||
<input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
|
<input type="hidden" name="cat_id" value="<?php echo $row->cat_id ?>" />
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
|
@ -203,7 +204,8 @@ switch ($action) {
|
||||||
} // end Edit
|
} // end Edit
|
||||||
case "editedcat":
|
case "editedcat":
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
$cat_id = (int)$_POST["cat_id"];
|
||||||
|
check_admin_referer('update-link-category' . $cat_id);
|
||||||
|
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
@ -211,8 +213,6 @@ switch ($action) {
|
||||||
$submit=$_POST["submit"];
|
$submit=$_POST["submit"];
|
||||||
if (isset($submit)) {
|
if (isset($submit)) {
|
||||||
|
|
||||||
$cat_id = (int)$_POST["cat_id"];
|
|
||||||
|
|
||||||
$cat_name= wp_specialchars($_POST["cat_name"]);
|
$cat_name= wp_specialchars($_POST["cat_name"]);
|
||||||
$auto_toggle = $_POST["auto_toggle"];
|
$auto_toggle = $_POST["auto_toggle"];
|
||||||
if ($auto_toggle != 'Y') {
|
if ($auto_toggle != 'Y') {
|
||||||
|
@ -356,7 +356,7 @@ foreach ($results as $row) {
|
||||||
<td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
|
<td nowrap="nowrap"><?php echo htmlentities($row->text_after_all)?></td>
|
||||||
<td><?php echo $row->list_limit ?></td>
|
<td><?php echo $row->list_limit ?></td>
|
||||||
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td>
|
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Edit" class="edit"><?php _e('Edit') ?></a></td>
|
||||||
<td><a href="link-categories.php?cat_id=<?php echo $row->cat_id?>&action=Delete" onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
|
<td><a href="<?php echo wp_nonce_url("link-categories.php?cat_id=$row->cat_id?>&action=Delete", 'delete-link-category' . $row->cat_id) ?>" "onclick="return deleteSomething( 'link category', <?php echo $row->cat_id . ", '" . sprintf(__("You are about to delete the "%s" link category.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($row->cat_name,1)); ?>' );" class="delete"><?php _e('Delete') ?></a></td>
|
||||||
</tr>
|
</tr>
|
||||||
<?php
|
<?php
|
||||||
++$i;
|
++$i;
|
||||||
|
@ -371,6 +371,7 @@ foreach ($results as $row) {
|
||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<form name="addcat" method="post">
|
<form name="addcat" method="post">
|
||||||
|
<?php wp_nonce_field('add-link-category'); ?>
|
||||||
<input type="hidden" name="action" value="addcat" />
|
<input type="hidden" name="action" value="addcat" />
|
||||||
<h2><?php _e('Add a Link Category:') ?></h2>
|
<h2><?php _e('Add a Link Category:') ?></h2>
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
|
|
|
@ -24,6 +24,7 @@ switch ($step) {
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Import your blogroll from another system') ?> </h2>
|
<h2><?php _e('Import your blogroll from another system') ?> </h2>
|
||||||
<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
|
<form enctype="multipart/form-data" action="link-import.php" method="post" name="blogroll">
|
||||||
|
<?php wp_nonce_field('import-bookmarks') ?>
|
||||||
|
|
||||||
<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
|
<p><?php _e('If a program or website you use allows you to export your links or subscriptions as OPML you may import them here.'); ?>
|
||||||
<div style="width: 70%; margin: auto; height: 8em;">
|
<div style="width: 70%; margin: auto; height: 8em;">
|
||||||
|
@ -63,7 +64,7 @@ foreach ($categories as $category) {
|
||||||
} // end case 0
|
} // end case 0
|
||||||
|
|
||||||
case 1: {
|
case 1: {
|
||||||
check_admin_referer();
|
check_admin_referer('import-bookmarks');
|
||||||
|
|
||||||
include_once('admin-header.php');
|
include_once('admin-header.php');
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
|
|
|
@ -39,7 +39,7 @@ if ('' != $_POST['linkcheck']) $linkcheck = $_POST[linkcheck];
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
case 'assign':
|
case 'assign':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
check_admin_referer('bulk-bookmarks');
|
||||||
|
|
||||||
// check the current user's level first.
|
// check the current user's level first.
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
|
@ -67,7 +67,7 @@ switch ($action) {
|
||||||
}
|
}
|
||||||
case 'visibility':
|
case 'visibility':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
check_admin_referer('bulk-bookmarks');
|
||||||
|
|
||||||
// check the current user's level first.
|
// check the current user's level first.
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
|
@ -104,7 +104,7 @@ switch ($action) {
|
||||||
}
|
}
|
||||||
case 'move':
|
case 'move':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
check_admin_referer('bulk-bookmarks');
|
||||||
|
|
||||||
// check the current user's level first.
|
// check the current user's level first.
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
|
@ -125,7 +125,7 @@ switch ($action) {
|
||||||
|
|
||||||
case 'Add':
|
case 'Add':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
check_admin_referer('add-bookmark');
|
||||||
|
|
||||||
add_link();
|
add_link();
|
||||||
|
|
||||||
|
@ -135,8 +135,8 @@ switch ($action) {
|
||||||
|
|
||||||
case 'editlink':
|
case 'editlink':
|
||||||
{
|
{
|
||||||
|
$link_id = (int) $_POST['link_id'];
|
||||||
check_admin_referer();
|
check_admin_referer('update-bookmark' . $link_id);
|
||||||
|
|
||||||
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
|
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
|
||||||
$cat_id = $links_show_cat_id;
|
$cat_id = $links_show_cat_id;
|
||||||
|
@ -147,7 +147,6 @@ switch ($action) {
|
||||||
}
|
}
|
||||||
$links_show_cat_id = $cat_id;
|
$links_show_cat_id = $cat_id;
|
||||||
|
|
||||||
$link_id = (int) $_POST['link_id'];
|
|
||||||
edit_link($link_id);
|
edit_link($link_id);
|
||||||
|
|
||||||
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
|
setcookie('links_show_cat_id_' . COOKIEHASH, $links_show_cat_id, time()+600);
|
||||||
|
@ -157,13 +156,12 @@ switch ($action) {
|
||||||
|
|
||||||
case 'Delete':
|
case 'Delete':
|
||||||
{
|
{
|
||||||
check_admin_referer();
|
$link_id = (int) $_GET['link_id'];
|
||||||
|
check_admin_referer('delete-bookmark' . $link_id);
|
||||||
|
|
||||||
if ( !current_user_can('manage_links') )
|
if ( !current_user_can('manage_links') )
|
||||||
die (__("Cheatin' uh ?"));
|
die (__("Cheatin' uh ?"));
|
||||||
|
|
||||||
$link_id = (int) $_GET['link_id'];
|
|
||||||
|
|
||||||
wp_delete_link($link_id);
|
wp_delete_link($link_id);
|
||||||
|
|
||||||
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
|
if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
|
||||||
|
@ -320,6 +318,7 @@ function checkAll(form)
|
||||||
<form name="links" id="links" method="post" action="">
|
<form name="links" id="links" method="post" action="">
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
|
|
||||||
|
<?php wp_nonce_field('bulk-bookmarks') ?>
|
||||||
<input type="hidden" name="link_id" value="" />
|
<input type="hidden" name="link_id" value="" />
|
||||||
<input type="hidden" name="action" value="" />
|
<input type="hidden" name="action" value="" />
|
||||||
<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
|
<input type="hidden" name="order_by" value="<?php echo wp_specialchars($order_by, 1); ?>" />
|
||||||
|
@ -383,11 +382,12 @@ LINKS;
|
||||||
|
|
||||||
if ($show_buttons) {
|
if ($show_buttons) {
|
||||||
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>';
|
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=linkedit" class="edit">' . __('Edit') . '</a></td>';
|
||||||
echo '<td><a href="link-manager.php?link_id=' . $link->link_id . '&action=Delete"' . " onclick=\"return deleteSomething( 'link', $link->link_id , '" . sprintf(__("You are about to delete the "%s" link to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name,1), wp_specialchars($link->link_url)) . '\' );" class="delete">' . __('Delete') . '</a></td>';
|
echo '<td><a href="' . wp_nonce_url('link-manager.php?link_id='.$link->link_id.'&action=delete', 'delete-bookmark' . $link->link_id ) . '"'." class='delete' onclick=\"return deleteSomething( 'link', $link->link_id , '".sprintf(__("You are about to delete the "%s" bookmark to %s.\\n"Cancel" to stop, "OK" to delete."), wp_specialchars($link->link_name, 1), wp_specialchars($link->link_url)).'\' );" class="delete">'.__('Delete').'</a></td>';
|
||||||
echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
|
echo '<td><input type="checkbox" name="linkcheck[]" value="' . $link->link_id . '" /></td>';
|
||||||
} else {
|
} else {
|
||||||
echo "<td> </td><td> </td><td> </td>\n";
|
echo "<td> </td><td> </td><td> </td>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
echo "\n </tr>\n";
|
echo "\n </tr>\n";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,7 +3,6 @@ require_once('../wp-config.php');
|
||||||
require_once('admin-functions.php');
|
require_once('admin-functions.php');
|
||||||
require_once('admin-db.php');
|
require_once('admin-db.php');
|
||||||
|
|
||||||
get_currentuserinfo();
|
|
||||||
if ( !is_user_logged_in() )
|
if ( !is_user_logged_in() )
|
||||||
die('-1');
|
die('-1');
|
||||||
if ( !check_ajax_referer() )
|
if ( !check_ajax_referer() )
|
||||||
|
|
|
@ -32,7 +32,7 @@ switch($action) {
|
||||||
|
|
||||||
case 'update':
|
case 'update':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('moderate-comments');
|
||||||
|
|
||||||
if ( ! current_user_can('moderate_comments') )
|
if ( ! current_user_can('moderate_comments') )
|
||||||
die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
|
die('<p>'.__('Your level is not high enough to moderate comments.').'</p>');
|
||||||
|
@ -132,6 +132,7 @@ if ($comments) {
|
||||||
?>
|
?>
|
||||||
<h2><?php _e('Moderation Queue') ?></h2>
|
<h2><?php _e('Moderation Queue') ?></h2>
|
||||||
<form name="approval" action="moderation.php" method="post">
|
<form name="approval" action="moderation.php" method="post">
|
||||||
|
<?php wp_nonce_field('moderate-comments') ?>
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<ol id="the-list" class="commentlist">
|
<ol id="the-list" class="commentlist">
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -21,6 +21,7 @@ if ($action == 'retrospam') {
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Discussion Options') ?></h2>
|
<h2><?php _e('Discussion Options') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
|
<?php wp_nonce_field('update-options') ?>
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
<legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend>
|
<legend><?php _e('Usual settings for an article:<br /><small><em>(These settings may be overridden for individual articles.)</em></small>') ?></legend>
|
||||||
<ul>
|
<ul>
|
||||||
|
|
|
@ -10,6 +10,7 @@ include('./admin-header.php');
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('General Options') ?></h2>
|
<h2><?php _e('General Options') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
|
<?php wp_nonce_field('update-options') ?>
|
||||||
<table class="optiontable">
|
<table class="optiontable">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th scope="row"><?php _e('Weblog title:') ?></th>
|
<th scope="row"><?php _e('Weblog title:') ?></th>
|
||||||
|
|
|
@ -11,7 +11,7 @@ include('admin-header.php');
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Miscellaneous Options') ?></h2>
|
<h2><?php _e('Miscellaneous Options') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
|
<?php wp_nonce_field('update-options') ?>
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
<legend><?php _e('Uploading'); ?></legend>
|
<legend><?php _e('Uploading'); ?></legend>
|
||||||
<table class="editform optiontable">
|
<table class="editform optiontable">
|
||||||
|
|
|
@ -57,8 +57,8 @@ include('admin-header.php');
|
||||||
|
|
||||||
$home_path = get_home_path();
|
$home_path = get_home_path();
|
||||||
|
|
||||||
if ( isset($_POST) ) {
|
if ( isset($_POST['permalink_structure']) || isset($_POST['category_base']) ) {
|
||||||
check_admin_referer();
|
check_admin_referer('update-permalink');
|
||||||
|
|
||||||
if ( isset($_POST['permalink_structure']) ) {
|
if ( isset($_POST['permalink_structure']) ) {
|
||||||
$permalink_structure = $_POST['permalink_structure'];
|
$permalink_structure = $_POST['permalink_structure'];
|
||||||
|
@ -117,6 +117,7 @@ $structures = array(
|
||||||
);
|
);
|
||||||
?>
|
?>
|
||||||
<form name="form" action="options-permalink.php" method="post">
|
<form name="form" action="options-permalink.php" method="post">
|
||||||
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<h3><?php _e('Common options:'); ?></h3>
|
<h3><?php _e('Common options:'); ?></h3>
|
||||||
<p>
|
<p>
|
||||||
<label>
|
<label>
|
||||||
|
@ -165,6 +166,7 @@ checked="checked"
|
||||||
<?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
|
<?php if ( $permalink_structure && !$usingpi && !$writable ) : ?>
|
||||||
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
|
<p><?php _e('If your <code>.htaccess</code> file were <a href="http://codex.wordpress.org/Make_a_Directory_Writable">writable</a>, we could do this automatically, but it isn’t so these are the mod_rewrite rules you should have in your <code>.htaccess</code> file. Click in the field and press <kbd>CTRL + a</kbd> to select all.') ?></p>
|
||||||
<form action="options-permalink.php" method="post">
|
<form action="options-permalink.php" method="post">
|
||||||
|
<?php wp_nonce_field('update-permalink') ?>
|
||||||
<p>
|
<p>
|
||||||
<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
|
<textarea rows="5" style="width: 98%;" name="rules"><?php echo $wp_rewrite->mod_rewrite_rules(); ?>
|
||||||
</textarea>
|
</textarea>
|
||||||
|
|
|
@ -9,7 +9,9 @@ include('admin-header.php');
|
||||||
|
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Reading Options') ?></h2>
|
<h2><?php _e('Reading Options') ?></h2>
|
||||||
<form name="form1" method="post" action="options.php">
|
<form name="form1" method="post" action="options.php">
|
||||||
|
<?php wp_nonce_field('update-options') ?>
|
||||||
|
|
||||||
<fieldset class="options">
|
<fieldset class="options">
|
||||||
<legend><?php _e('Blog Pages') ?></legend>
|
<legend><?php _e('Blog Pages') ?></legend>
|
||||||
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
|
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
|
||||||
|
|
|
@ -10,6 +10,7 @@ include('admin-header.php');
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Writing Options') ?></h2>
|
<h2><?php _e('Writing Options') ?></h2>
|
||||||
<form method="post" action="options.php">
|
<form method="post" action="options.php">
|
||||||
|
<?php wp_nonce_field('update-options') ?>
|
||||||
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
|
<table width="100%" cellspacing="2" cellpadding="5" class="editform">
|
||||||
<tr valign="top">
|
<tr valign="top">
|
||||||
<th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th>
|
<th width="33%" scope="row"> <?php _e('Size of the post box:') ?></th>
|
||||||
|
|
|
@ -29,7 +29,7 @@ switch($action) {
|
||||||
case 'update':
|
case 'update':
|
||||||
$any_changed = 0;
|
$any_changed = 0;
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('update-options');
|
||||||
|
|
||||||
if (!$_POST['page_options']) {
|
if (!$_POST['page_options']) {
|
||||||
foreach ($_POST as $key => $value) {
|
foreach ($_POST as $key => $value) {
|
||||||
|
@ -68,8 +68,6 @@ case 'update':
|
||||||
if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
|
if ( get_settings('siteurl') != $old_siteurl || get_settings('home') != $old_home ) {
|
||||||
// If home changed, write rewrite rules to new location.
|
// If home changed, write rewrite rules to new location.
|
||||||
$wp_rewrite->flush_rules();
|
$wp_rewrite->flush_rules();
|
||||||
// Get currently logged in user and password.
|
|
||||||
get_currentuserinfo();
|
|
||||||
// Clear cookies for old paths.
|
// Clear cookies for old paths.
|
||||||
wp_clearcookie();
|
wp_clearcookie();
|
||||||
// Set cookies for new paths.
|
// Set cookies for new paths.
|
||||||
|
@ -91,6 +89,7 @@ default:
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('All options'); ?></h2>
|
<h2><?php _e('All options'); ?></h2>
|
||||||
<form name="form" action="options.php" method="post">
|
<form name="form" action="options.php" method="post">
|
||||||
|
<?php wp_nonce_field('update-options') ?>
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<table width="98%">
|
<table width="98%">
|
||||||
<?php
|
<?php
|
||||||
|
|
|
@ -13,8 +13,6 @@ require_once('admin-header.php');
|
||||||
<?php
|
<?php
|
||||||
if ( current_user_can('edit_pages') ) {
|
if ( current_user_can('edit_pages') ) {
|
||||||
$action = 'post';
|
$action = 'post';
|
||||||
get_currentuserinfo();
|
|
||||||
|
|
||||||
$post = get_default_post_to_edit();
|
$post = get_default_post_to_edit();
|
||||||
$post->post_status = 'static';
|
$post->post_status = 'static';
|
||||||
|
|
||||||
|
|
|
@ -34,7 +34,7 @@ switch($action) {
|
||||||
|
|
||||||
case 'update':
|
case 'update':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('edit-plugin' . $file);
|
||||||
|
|
||||||
if ( !current_user_can('edit_plugins') )
|
if ( !current_user_can('edit_plugins') )
|
||||||
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
||||||
|
@ -97,6 +97,7 @@ if ($plugin_files) :
|
||||||
</div>
|
</div>
|
||||||
<?php if (!$error) { ?>
|
<?php if (!$error) { ?>
|
||||||
<form name="template" id="template" action="plugin-editor.php" method="post">
|
<form name="template" id="template" action="plugin-editor.php" method="post">
|
||||||
|
<?php wp_nonce_field('edit-plugin' . $file) ?>
|
||||||
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
|
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
||||||
|
|
|
@ -2,9 +2,8 @@
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
if ( isset($_GET['action']) ) {
|
if ( isset($_GET['action']) ) {
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
if ('activate' == $_GET['action']) {
|
if ('activate' == $_GET['action']) {
|
||||||
|
check_admin_referer('activate-plugin' . $_GET['plugin']);
|
||||||
$current = get_settings('active_plugins');
|
$current = get_settings('active_plugins');
|
||||||
if (!in_array($_GET['plugin'], $current)) {
|
if (!in_array($_GET['plugin'], $current)) {
|
||||||
$current[] = trim( $_GET['plugin'] );
|
$current[] = trim( $_GET['plugin'] );
|
||||||
|
@ -15,6 +14,7 @@ if ( isset($_GET['action']) ) {
|
||||||
}
|
}
|
||||||
header('Location: plugins.php?activate=true');
|
header('Location: plugins.php?activate=true');
|
||||||
} else if ('deactivate' == $_GET['action']) {
|
} else if ('deactivate' == $_GET['action']) {
|
||||||
|
check_admin_referer('deactivate-plugin' . $_GET['plugin']);
|
||||||
$current = get_settings('active_plugins');
|
$current = get_settings('active_plugins');
|
||||||
array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
|
array_splice($current, array_search( $_GET['plugin'], $current), 1 ); // Array-fu!
|
||||||
update_option('active_plugins', $current);
|
update_option('active_plugins', $current);
|
||||||
|
@ -98,11 +98,11 @@ if (empty($plugins)) {
|
||||||
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
|
$style = ('class="alternate"' == $style|| 'class="alternate active"' == $style) ? '' : 'alternate';
|
||||||
|
|
||||||
if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
|
if (!empty($current_plugins) && in_array($plugin_file, $current_plugins)) {
|
||||||
$action = "<a href='plugins.php?action=deactivate&plugin=$plugin_file' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
|
$action = "<a href='" . wp_nonce_url("plugins.php?action=deactivate&plugin=$plugin_file", 'deactivate-plugin' . $plugin_file) . "' title='".__('Deactivate this plugin')."' class='delete'>".__('Deactivate')."</a>";
|
||||||
$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
|
$plugin_data['Title'] = "<strong>{$plugin_data['Title']}</strong>";
|
||||||
$style .= $style == 'alternate' ? ' active' : 'active';
|
$style .= $style == 'alternate' ? ' active' : 'active';
|
||||||
} else {
|
} else {
|
||||||
$action = "<a href='plugins.php?action=activate&plugin=$plugin_file' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
|
$action = "<a href='" . wp_nonce_url("plugins.php?action=activate&plugin=$plugin_file", 'activate-plugin' . $plugin_file) . "' title='".__('Activate this plugin')."' class='edit'>".__('Activate')."</a>";
|
||||||
}
|
}
|
||||||
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
|
$plugin_data['Description'] = wp_kses($plugin_data['Description'], array('a' => array('href' => array(),'title' => array()),'abbr' => array('title' => array()),'acronym' => array('title' => array()),'code' => array(),'em' => array(),'strong' => array()) ); ;
|
||||||
if ($style != '') $style = 'class="' . $style . '"';
|
if ($style != '') $style = 'class="' . $style . '"';
|
||||||
|
|
|
@ -30,7 +30,7 @@ $editing = true;
|
||||||
|
|
||||||
switch($action) {
|
switch($action) {
|
||||||
case 'post':
|
case 'post':
|
||||||
check_admin_referer();
|
check_admin_referer('add-post');
|
||||||
|
|
||||||
$post_ID = write_post();
|
$post_ID = write_post();
|
||||||
|
|
||||||
|
@ -87,10 +87,10 @@ case 'edit':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'editattachment':
|
case 'editattachment':
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
$post_id = (int) $_POST['post_ID'];
|
$post_id = (int) $_POST['post_ID'];
|
||||||
|
|
||||||
|
check_admin_referer('update-attachment' . $post_id);
|
||||||
|
|
||||||
// Don't let these be changed
|
// Don't let these be changed
|
||||||
unset($_POST['guid']);
|
unset($_POST['guid']);
|
||||||
$_POST['post_status'] = 'attachment';
|
$_POST['post_status'] = 'attachment';
|
||||||
|
@ -105,7 +105,8 @@ case 'editattachment':
|
||||||
add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
|
add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);
|
||||||
|
|
||||||
case 'editpost':
|
case 'editpost':
|
||||||
check_admin_referer();
|
$post_ID = (int) $_POST['post_ID'];
|
||||||
|
check_admin_referer('update-post' . $post_ID);
|
||||||
|
|
||||||
$post_ID = edit_post();
|
$post_ID = edit_post();
|
||||||
|
|
||||||
|
@ -130,9 +131,8 @@ case 'editpost':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
|
$post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']);
|
||||||
|
check_admin_referer('delete-post' . $post_id);
|
||||||
|
|
||||||
$post = & get_post($post_id);
|
$post = & get_post($post_id);
|
||||||
|
|
||||||
|
@ -212,10 +212,9 @@ case 'confirmdeletecomment':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'deletecomment':
|
case 'deletecomment':
|
||||||
|
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
$comment = (int) $_GET['comment'];
|
$comment = (int) $_GET['comment'];
|
||||||
|
check_admin_referer('delete-comment' . $comment);
|
||||||
|
|
||||||
$p = (int) $_GET['p'];
|
$p = (int) $_GET['p'];
|
||||||
if (isset($_GET['noredir'])) {
|
if (isset($_GET['noredir'])) {
|
||||||
$noredir = true;
|
$noredir = true;
|
||||||
|
@ -243,10 +242,9 @@ case 'deletecomment':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'unapprovecomment':
|
case 'unapprovecomment':
|
||||||
|
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
$comment = (int) $_GET['comment'];
|
$comment = (int) $_GET['comment'];
|
||||||
|
check_admin_referer('unapprove-comment' . $comment);
|
||||||
|
|
||||||
$p = (int) $_GET['p'];
|
$p = (int) $_GET['p'];
|
||||||
if (isset($_GET['noredir'])) {
|
if (isset($_GET['noredir'])) {
|
||||||
$noredir = true;
|
$noredir = true;
|
||||||
|
@ -271,8 +269,8 @@ case 'unapprovecomment':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'mailapprovecomment':
|
case 'mailapprovecomment':
|
||||||
|
|
||||||
$comment = (int) $_GET['comment'];
|
$comment = (int) $_GET['comment'];
|
||||||
|
check_admin_referer('approve-comment' . $comment);
|
||||||
|
|
||||||
if ( ! $comment = get_comment($comment) )
|
if ( ! $comment = get_comment($comment) )
|
||||||
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
|
||||||
|
@ -291,10 +289,9 @@ case 'mailapprovecomment':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'approvecomment':
|
case 'approvecomment':
|
||||||
|
|
||||||
check_admin_referer();
|
|
||||||
|
|
||||||
$comment = (int) $_GET['comment'];
|
$comment = (int) $_GET['comment'];
|
||||||
|
check_admin_referer('approve-comment' . $comment);
|
||||||
|
|
||||||
$p = (int) $_GET['p'];
|
$p = (int) $_GET['p'];
|
||||||
if (isset($_GET['noredir'])) {
|
if (isset($_GET['noredir'])) {
|
||||||
$noredir = true;
|
$noredir = true;
|
||||||
|
@ -324,7 +321,7 @@ case 'approvecomment':
|
||||||
|
|
||||||
case 'editedcomment':
|
case 'editedcomment':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('update-comment');
|
||||||
|
|
||||||
edit_comment();
|
edit_comment();
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('update-profile' . $user_ID);
|
||||||
|
|
||||||
if ( !$_POST )
|
if ( !$_POST )
|
||||||
die( __('No post?') );
|
die( __('No post?') );
|
||||||
|
|
|
@ -19,6 +19,7 @@ $bookmarklet_height= 440;
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Your Profile and Personal Options'); ?></h2>
|
<h2><?php _e('Your Profile and Personal Options'); ?></h2>
|
||||||
<form name="profile" id="your-profile" action="profile-update.php" method="post">
|
<form name="profile" id="your-profile" action="profile-update.php" method="post">
|
||||||
|
<?php wp_nonce_field('update-profile' . $user_ID) ?>
|
||||||
<p>
|
<p>
|
||||||
<input type="hidden" name="from" value="profile" />
|
<input type="hidden" name="from" value="profile" />
|
||||||
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
|
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
|
||||||
|
|
|
@ -36,7 +36,7 @@ switch($action) {
|
||||||
|
|
||||||
case 'update':
|
case 'update':
|
||||||
|
|
||||||
check_adimn_referer();
|
check_admin_referer('edit-file' . $file);
|
||||||
|
|
||||||
if ( ! current_user_can('edit_files') )
|
if ( ! current_user_can('edit_files') )
|
||||||
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
||||||
|
@ -128,6 +128,7 @@ endif;
|
||||||
</div>
|
</div>
|
||||||
<?php if (!$error) { ?>
|
<?php if (!$error) { ?>
|
||||||
<form name="template" id="template" action="templates.php" method="post">
|
<form name="template" id="template" action="templates.php" method="post">
|
||||||
|
<?php wp_nonce_field('edit-file' . $file) ?>
|
||||||
<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
|
<div><textarea cols="70" rows="25" name="newcontent" id='newcontent' tabindex="1"><?php echo $content ?></textarea>
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
||||||
|
|
|
@ -47,7 +47,7 @@ switch($action) {
|
||||||
|
|
||||||
case 'update':
|
case 'update':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('edit-theme' . $file . $theme);
|
||||||
|
|
||||||
if ( !current_user_can('edit_themes') )
|
if ( !current_user_can('edit_themes') )
|
||||||
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
die('<p>'.__('You have do not have sufficient permissions to edit templates for this blog.').'</p>');
|
||||||
|
@ -131,6 +131,7 @@ if ($allowed_files) :
|
||||||
if (!$error) {
|
if (!$error) {
|
||||||
?>
|
?>
|
||||||
<form name="template" id="template" action="theme-editor.php" method="post">
|
<form name="template" id="template" action="theme-editor.php" method="post">
|
||||||
|
<?php wp_nonce_field('edit-theme' . $file . $theme) ?>
|
||||||
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
|
<div><textarea cols="70" rows="25" name="newcontent" id="newcontent" tabindex="1"><?php echo $content ?></textarea>
|
||||||
<input type="hidden" name="action" value="update" />
|
<input type="hidden" name="action" value="update" />
|
||||||
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
<input type="hidden" name="file" value="<?php echo $file ?>" />
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
if ( isset($_GET['action']) ) {
|
if ( isset($_GET['action']) ) {
|
||||||
check_admin_referer();
|
check_admin_referer('switch-theme' . $_GET['template']);
|
||||||
|
|
||||||
if ('activate' == $_GET['action']) {
|
if ('activate' == $_GET['action']) {
|
||||||
if ( isset($_GET['template']) )
|
if ( isset($_GET['template']) )
|
||||||
|
@ -69,7 +69,7 @@ foreach ($theme_names as $theme_name) {
|
||||||
$author = $themes[$theme_name]['Author'];
|
$author = $themes[$theme_name]['Author'];
|
||||||
$screenshot = $themes[$theme_name]['Screenshot'];
|
$screenshot = $themes[$theme_name]['Screenshot'];
|
||||||
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
|
$stylesheet_dir = $themes[$theme_name]['Stylesheet Dir'];
|
||||||
$activate_link = "themes.php?action=activate&template=$template&stylesheet=$stylesheet";
|
$activate_link = wp_nonce_url("themes.php?action=activate&template=$template&stylesheet=$stylesheet", 'switch-theme' . $template);
|
||||||
?>
|
?>
|
||||||
<div class="available-theme">
|
<div class="available-theme">
|
||||||
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
|
<h3><a href="<?php echo $activate_link; ?>"><?php echo "$title $version"; ?></a></h3>
|
||||||
|
|
|
@ -32,7 +32,7 @@ break;
|
||||||
|
|
||||||
case 'update':
|
case 'update':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('update-user' . $user_id);
|
||||||
|
|
||||||
$errors = array();
|
$errors = array();
|
||||||
|
|
||||||
|
@ -73,6 +73,7 @@ if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permi
|
||||||
<h2><?php _e('Edit User'); ?></h2>
|
<h2><?php _e('Edit User'); ?></h2>
|
||||||
|
|
||||||
<form name="profile" id="your-profile" action="user-edit.php" method="post">
|
<form name="profile" id="your-profile" action="user-edit.php" method="post">
|
||||||
|
<?php wp_nonce_field('update-user' . $user_ID) ?>
|
||||||
<p>
|
<p>
|
||||||
<input type="hidden" name="from" value="profile" />
|
<input type="hidden" name="from" value="profile" />
|
||||||
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
|
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
|
||||||
|
|
|
@ -11,7 +11,7 @@ $update = '';
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
|
|
||||||
case 'promote':
|
case 'promote':
|
||||||
check_admin_referer();
|
check_admin_referer('bulk-users');
|
||||||
|
|
||||||
if (empty($_POST['users'])) {
|
if (empty($_POST['users'])) {
|
||||||
header('Location: users.php');
|
header('Location: users.php');
|
||||||
|
@ -39,7 +39,7 @@ break;
|
||||||
|
|
||||||
case 'dodelete':
|
case 'dodelete':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('delete-users');
|
||||||
|
|
||||||
if ( empty($_POST['users']) ) {
|
if ( empty($_POST['users']) ) {
|
||||||
header('Location: users.php');
|
header('Location: users.php');
|
||||||
|
@ -72,7 +72,7 @@ break;
|
||||||
|
|
||||||
case 'delete':
|
case 'delete':
|
||||||
|
|
||||||
check_admin_referer();
|
check_admin_referer('bulk-users');
|
||||||
|
|
||||||
if (empty($_POST['users'])) {
|
if (empty($_POST['users'])) {
|
||||||
header('Location: users.php');
|
header('Location: users.php');
|
||||||
|
@ -86,6 +86,7 @@ case 'delete':
|
||||||
include ('admin-header.php');
|
include ('admin-header.php');
|
||||||
?>
|
?>
|
||||||
<form action="" method="post" name="updateusers" id="updateusers">
|
<form action="" method="post" name="updateusers" id="updateusers">
|
||||||
|
<?php wp_nonce_field('delete-users') ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('Delete Users'); ?></h2>
|
<h2><?php _e('Delete Users'); ?></h2>
|
||||||
<p><?php _e('You have specified these users for deletion:'); ?></p>
|
<p><?php _e('You have specified these users for deletion:'); ?></p>
|
||||||
|
@ -131,7 +132,7 @@ case 'delete':
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'adduser':
|
case 'adduser':
|
||||||
check_admin_referer();
|
check_admin_referer('add-user');
|
||||||
|
|
||||||
$errors = add_user();
|
$errors = add_user();
|
||||||
|
|
||||||
|
@ -200,6 +201,7 @@ default:
|
||||||
?>
|
?>
|
||||||
|
|
||||||
<form action="" method="post" name="updateusers" id="updateusers">
|
<form action="" method="post" name="updateusers" id="updateusers">
|
||||||
|
<?php wp_nonce_field('bulk-users') ?>
|
||||||
<div class="wrap">
|
<div class="wrap">
|
||||||
<h2><?php _e('User List by Role'); ?></h2>
|
<h2><?php _e('User List by Role'); ?></h2>
|
||||||
<table cellpadding="3" cellspacing="3" width="100%">
|
<table cellpadding="3" cellspacing="3" width="100%">
|
||||||
|
@ -280,6 +282,7 @@ $role_select .= '</select>';
|
||||||
<h2><?php _e('Add New User') ?></h2>
|
<h2><?php _e('Add New User') ?></h2>
|
||||||
<?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
|
<?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
|
||||||
<form action="" method="post" name="adduser" id="adduser">
|
<form action="" method="post" name="adduser" id="adduser">
|
||||||
|
<?php wp_nonce_field('add-user') ?>
|
||||||
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
|
||||||
<tr>
|
<tr>
|
||||||
<th scope="row" width="33%"><?php _e('Nickname') ?>
|
<th scope="row" width="33%"><?php _e('Nickname') ?>
|
||||||
|
|
|
@ -24,11 +24,11 @@ $comment_author_url = trim($_POST['url']);
|
||||||
$comment_content = trim($_POST['comment']);
|
$comment_content = trim($_POST['comment']);
|
||||||
|
|
||||||
// If the user is logged in
|
// If the user is logged in
|
||||||
get_currentuserinfo();
|
$user = wp_get_current_user();
|
||||||
if ( $user_ID ) :
|
if ( $user->ID ) :
|
||||||
$comment_author = $wpdb->escape($user_identity);
|
$comment_author = $wpdb->escape($user->display_name);
|
||||||
$comment_author_email = $wpdb->escape($user_email);
|
$comment_author_email = $wpdb->escape($user->user_email);
|
||||||
$comment_author_url = $wpdb->escape($user_url);
|
$comment_author_url = $wpdb->escape($user->user_url);
|
||||||
else :
|
else :
|
||||||
if ( get_option('comment_registration') )
|
if ( get_option('comment_registration') )
|
||||||
die( __('Sorry, you must be logged in to post a comment.') );
|
die( __('Sorry, you must be logged in to post a comment.') );
|
||||||
|
@ -36,7 +36,7 @@ endif;
|
||||||
|
|
||||||
$comment_type = '';
|
$comment_type = '';
|
||||||
|
|
||||||
if ( get_settings('require_name_email') && !$user_ID ) {
|
if ( get_settings('require_name_email') && !$user->ID ) {
|
||||||
if ( 6 > strlen($comment_author_email) || '' == $comment_author )
|
if ( 6 > strlen($comment_author_email) || '' == $comment_author )
|
||||||
die( __('Error: please fill the required fields (name, email).') );
|
die( __('Error: please fill the required fields (name, email).') );
|
||||||
elseif ( !is_email($comment_author_email))
|
elseif ( !is_email($comment_author_email))
|
||||||
|
@ -50,7 +50,7 @@ $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_emai
|
||||||
|
|
||||||
$comment_id = wp_new_comment( $commentdata );
|
$comment_id = wp_new_comment( $commentdata );
|
||||||
|
|
||||||
if ( !$user_ID ) :
|
if ( !$user->ID ) :
|
||||||
$comment = get_comment($comment_id);
|
$comment = get_comment($comment_id);
|
||||||
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie('comment_author_' . COOKIEHASH, $comment->comment_author, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
|
setcookie('comment_author_email_' . COOKIEHASH, $comment->comment_author_email, time() + 30000000, COOKIEPATH, COOKIE_DOMAIN);
|
||||||
|
|
|
@ -309,7 +309,7 @@ function map_meta_cap($cap, $user_id) {
|
||||||
|
|
||||||
// Capability checking wrapper around the global $current_user object.
|
// Capability checking wrapper around the global $current_user object.
|
||||||
function current_user_can($capability) {
|
function current_user_can($capability) {
|
||||||
global $current_user;
|
$current_user = wp_get_current_user();
|
||||||
|
|
||||||
$args = array_slice(func_get_args(), 1);
|
$args = array_slice(func_get_args(), 1);
|
||||||
$args = array_merge(array($capability), $args);
|
$args = array_merge(array($capability), $args);
|
||||||
|
|
|
@ -1604,7 +1604,6 @@ class WP {
|
||||||
}
|
}
|
||||||
|
|
||||||
function send_headers() {
|
function send_headers() {
|
||||||
global $current_user;
|
|
||||||
@header('X-Pingback: '. get_bloginfo('pingback_url'));
|
@header('X-Pingback: '. get_bloginfo('pingback_url'));
|
||||||
if ( is_user_logged_in() )
|
if ( is_user_logged_in() )
|
||||||
nocache_headers();
|
nocache_headers();
|
||||||
|
@ -1681,7 +1680,7 @@ class WP {
|
||||||
}
|
}
|
||||||
|
|
||||||
function init() {
|
function init() {
|
||||||
get_currentuserinfo();
|
wp_get_current_user();
|
||||||
}
|
}
|
||||||
|
|
||||||
function query_posts() {
|
function query_posts() {
|
||||||
|
|
|
@ -34,8 +34,6 @@ function comments_template( $file = '/comments.php' ) {
|
||||||
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
|
$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_post_ID = '$post->ID' AND ( comment_approved = '1' OR ( comment_author = '$author_db' AND comment_author_email = '$email_db' AND comment_approved = '0' ) ) ORDER BY comment_date");
|
||||||
}
|
}
|
||||||
|
|
||||||
get_currentuserinfo();
|
|
||||||
|
|
||||||
define('COMMENTS_TEMPLATE', true);
|
define('COMMENTS_TEMPLATE', true);
|
||||||
$include = apply_filters('comments_template', TEMPLATEPATH . $file );
|
$include = apply_filters('comments_template', TEMPLATEPATH . $file );
|
||||||
if ( file_exists( $include ) )
|
if ( file_exists( $include ) )
|
||||||
|
|
|
@ -97,4 +97,17 @@ if (!function_exists('array_change_key_case')) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// From php.net
|
||||||
|
if(!function_exists('http_build_query')) {
|
||||||
|
function http_build_query( $formdata, $numeric_prefix = null, $key = null ) {
|
||||||
|
$res = array();
|
||||||
|
foreach ((array)$formdata as $k=>$v) {
|
||||||
|
$tmp_key = urlencode(is_int($k) ? $numeric_prefix.$k : $k);
|
||||||
|
if ($key) $tmp_key = $key.'['.$tmp_key.']';
|
||||||
|
$res[] = ( ( is_array($v) || is_object($v) ) ? http_build_query($v, null, $tmp_key) : $tmp_key."=".urlencode($v) );
|
||||||
|
}
|
||||||
|
$separator = ini_get('arg_separator.output');
|
||||||
|
return implode($separator, $res);
|
||||||
|
}
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -305,10 +305,10 @@ function get_option($option) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function get_user_option( $option, $user = 0 ) {
|
function get_user_option( $option, $user = 0 ) {
|
||||||
global $wpdb, $current_user;
|
global $wpdb;
|
||||||
|
|
||||||
if ( empty($user) )
|
if ( empty($user) )
|
||||||
$user = $current_user;
|
$user = wp_get_current_user();
|
||||||
else
|
else
|
||||||
$user = get_userdata($user);
|
$user = get_userdata($user);
|
||||||
|
|
||||||
|
@ -1147,6 +1147,28 @@ function setup_postdata($post) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Setup global user vars. Used by set_current_user() for back compat.
|
||||||
|
function setup_userdata($user_id = '') {
|
||||||
|
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity;
|
||||||
|
|
||||||
|
if ( '' == $user_id )
|
||||||
|
$user = wp_get_current_user();
|
||||||
|
else
|
||||||
|
$user = new WP_User($user_id);
|
||||||
|
|
||||||
|
if ( 0 == $user->ID )
|
||||||
|
return;
|
||||||
|
|
||||||
|
$userdata = $user->data;
|
||||||
|
$user_login = $user->user_login;
|
||||||
|
$user_level = $user->user_level;
|
||||||
|
$user_ID = $user->ID;
|
||||||
|
$user_email = $user->user_email;
|
||||||
|
$user_url = $user->user_url;
|
||||||
|
$user_pass_md5 = md5($user->user_pass);
|
||||||
|
$user_identity = $user->display_name;
|
||||||
|
}
|
||||||
|
|
||||||
function is_new_day() {
|
function is_new_day() {
|
||||||
global $day, $previousday;
|
global $day, $previousday;
|
||||||
if ( $day != $previousday ) {
|
if ( $day != $previousday ) {
|
||||||
|
@ -2288,4 +2310,12 @@ function get_num_queries() {
|
||||||
return $wpdb->num_queries;
|
return $wpdb->num_queries;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function wp_nonce_url($actionurl, $action = -1) {
|
||||||
|
return add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl);
|
||||||
|
}
|
||||||
|
|
||||||
|
function wp_nonce_field($action = -1) {
|
||||||
|
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
|
||||||
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -528,16 +528,11 @@ function kses_init_filters() {
|
||||||
}
|
}
|
||||||
|
|
||||||
function kses_init() {
|
function kses_init() {
|
||||||
global $current_user;
|
|
||||||
|
|
||||||
remove_filter('pre_comment_author', 'wp_filter_kses');
|
remove_filter('pre_comment_author', 'wp_filter_kses');
|
||||||
remove_filter('pre_comment_content', 'wp_filter_kses');
|
remove_filter('pre_comment_content', 'wp_filter_kses');
|
||||||
remove_filter('content_save_pre', 'wp_filter_post_kses');
|
remove_filter('content_save_pre', 'wp_filter_post_kses');
|
||||||
remove_filter('title_save_pre', 'wp_filter_kses');
|
remove_filter('title_save_pre', 'wp_filter_kses');
|
||||||
|
|
||||||
if (! defined('XMLRPC_REQUEST') )
|
|
||||||
get_currentuserinfo();
|
|
||||||
|
|
||||||
if (current_user_can('unfiltered_html') == false)
|
if (current_user_can('unfiltered_html') == false)
|
||||||
kses_init_filters();
|
kses_init_filters();
|
||||||
}
|
}
|
||||||
|
|
|
@ -5,21 +5,20 @@
|
||||||
|
|
||||||
if ( !function_exists('set_current_user') ) :
|
if ( !function_exists('set_current_user') ) :
|
||||||
function set_current_user($id, $name = '') {
|
function set_current_user($id, $name = '') {
|
||||||
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
return wp_set_current_user($id, $name);
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
$current_user = '';
|
if ( !function_exists('wp_set_current_user') ) :
|
||||||
|
function wp_set_current_user($id, $name = '') {
|
||||||
|
global $current_user;
|
||||||
|
|
||||||
$current_user = new WP_User($id, $name);
|
if ( isset($current_user) && ($id == $current_user->ID) )
|
||||||
|
return $current_user;
|
||||||
|
|
||||||
$userdata = get_userdatabylogin($user_login);
|
$current_user = new WP_User($id, $name);
|
||||||
|
|
||||||
$user_login = $userdata->user_login;
|
setup_userdata($current_user->ID);
|
||||||
$user_level = $userdata->user_level;
|
|
||||||
$user_ID = $userdata->ID;
|
|
||||||
$user_email = $userdata->user_email;
|
|
||||||
$user_url = $userdata->user_url;
|
|
||||||
$user_pass_md5 = md5($userdata->user_pass);
|
|
||||||
$user_identity = $userdata->display_name;
|
|
||||||
|
|
||||||
do_action('set_current_user');
|
do_action('set_current_user');
|
||||||
|
|
||||||
|
@ -27,30 +26,34 @@ function set_current_user($id, $name = '') {
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('current_user') ) :
|
||||||
|
function wp_get_current_user() {
|
||||||
|
global $current_user;
|
||||||
|
|
||||||
|
get_currentuserinfo();
|
||||||
|
|
||||||
|
return $current_user;
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
if ( !function_exists('get_currentuserinfo') ) :
|
if ( !function_exists('get_currentuserinfo') ) :
|
||||||
function get_currentuserinfo() {
|
function get_currentuserinfo() {
|
||||||
global $user_login, $userdata, $user_level, $user_ID, $user_email, $user_url, $user_pass_md5, $user_identity, $current_user;
|
global $current_user;
|
||||||
|
|
||||||
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
if ( defined('XMLRPC_REQUEST') && XMLRPC_REQUEST )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
|
if ( ! empty($current_user) )
|
||||||
|
return;
|
||||||
|
|
||||||
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
|
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) ||
|
||||||
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
|
!wp_login($_COOKIE[USER_COOKIE], $_COOKIE[PASS_COOKIE], true) ) {
|
||||||
$current_user = new WP_User(0);
|
wp_set_current_user(0);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$user_login = $_COOKIE[USER_COOKIE];
|
|
||||||
$userdata = get_userdatabylogin($user_login);
|
|
||||||
$user_level = $userdata->user_level;
|
|
||||||
$user_ID = $userdata->ID;
|
|
||||||
$user_email = $userdata->user_email;
|
|
||||||
$user_url = $userdata->user_url;
|
|
||||||
$user_pass_md5 = md5($userdata->user_pass);
|
|
||||||
$user_identity = $userdata->display_name;
|
|
||||||
|
|
||||||
if ( empty($current_user) )
|
$user_login = $_COOKIE[USER_COOKIE];
|
||||||
$current_user = new WP_User($user_ID);
|
wp_set_current_user(0, $user_login);
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
@ -201,10 +204,11 @@ endif;
|
||||||
|
|
||||||
if ( !function_exists('is_user_logged_in') ) :
|
if ( !function_exists('is_user_logged_in') ) :
|
||||||
function is_user_logged_in() {
|
function is_user_logged_in() {
|
||||||
global $current_user;
|
$user = wp_get_current_user();
|
||||||
|
|
||||||
if ( $current_user->id == 0 )
|
if ( $user->id == 0 )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
@ -224,14 +228,34 @@ function auth_redirect() {
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
if ( !function_exists('check_admin_referer') ) :
|
if ( !function_exists('check_admin_referer') ) :
|
||||||
function check_admin_referer() {
|
function check_admin_referer($action = -1) {
|
||||||
|
global $pagenow;
|
||||||
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
|
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
|
||||||
$referer = strtolower($_SERVER['HTTP_REFERER']);
|
$referer = strtolower($_SERVER['HTTP_REFERER']);
|
||||||
if (!strstr($referer, $adminurl))
|
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) ) {
|
||||||
die(__('Sorry, you need to <a href="http://codex.wordpress.org/Enable_Sending_Referrers">enable sending referrers</a> for this feature to work.'));
|
$html = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
|
||||||
|
$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
|
||||||
|
$html .= "</head>\n<body>\n";
|
||||||
|
if ( $_POST ) {
|
||||||
|
$q = http_build_query($_POST);
|
||||||
|
$q = explode( ini_get('arg_separator.output'), $q);
|
||||||
|
$html .= "\t<form method='post' action='$pagenow'>\n";
|
||||||
|
foreach ( (array) $q as $a ) {
|
||||||
|
$v = substr(strstr($a, '='), 1);
|
||||||
|
$k = substr($a, 0, -(strlen($v)+1));
|
||||||
|
$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
|
||||||
|
}
|
||||||
|
$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
|
||||||
|
$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
|
||||||
|
} else {
|
||||||
|
$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
|
||||||
|
}
|
||||||
|
$html .= "</body>\n</html>";
|
||||||
|
|
||||||
|
die($html);
|
||||||
|
}
|
||||||
do_action('check_admin_referer');
|
do_action('check_admin_referer');
|
||||||
}
|
}endif;
|
||||||
endif;
|
|
||||||
|
|
||||||
if ( !function_exists('check_ajax_referer') ) :
|
if ( !function_exists('check_ajax_referer') ) :
|
||||||
function check_ajax_referer() {
|
function check_ajax_referer() {
|
||||||
|
@ -263,6 +287,16 @@ function wp_redirect($location) {
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('wp_get_cookie_login') ):
|
||||||
|
function wp_get_cookie_login() {
|
||||||
|
if ( empty($_COOKIE[USER_COOKIE]) || empty($_COOKIE[PASS_COOKIE]) )
|
||||||
|
return false;
|
||||||
|
|
||||||
|
return array('login' => $_COOKIE[USER_COOKIE], 'password' => $_COOKIE[PASS_COOKIE]);
|
||||||
|
}
|
||||||
|
|
||||||
|
endif;
|
||||||
|
|
||||||
if ( !function_exists('wp_setcookie') ) :
|
if ( !function_exists('wp_setcookie') ) :
|
||||||
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
|
function wp_setcookie($username, $password, $already_md5 = false, $home = '', $siteurl = '', $remember = false) {
|
||||||
if ( !$already_md5 )
|
if ( !$already_md5 )
|
||||||
|
@ -444,4 +478,29 @@ function wp_new_user_notification($user_id, $plaintext_pass = '') {
|
||||||
}
|
}
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('wp_verify_nonce') ) :
|
||||||
|
function wp_verify_nonce($nonce, $action = -1) {
|
||||||
|
$user = wp_get_current_user();
|
||||||
|
$uid = $user->id;
|
||||||
|
|
||||||
|
$i = ceil(time() / 43200);
|
||||||
|
|
||||||
|
//Allow for expanding range, but only do one check if we can
|
||||||
|
if( substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10) == $nonce || substr(md5(($i - 1) . DB_PASSWORD . $action . $uid), -12, 10) == $nonce )
|
||||||
|
return true;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
|
if ( !function_exists('wp_create_nonce') ) :
|
||||||
|
function wp_create_nonce($action = -1) {
|
||||||
|
$user = wp_get_current_user();
|
||||||
|
$uid = $user->id;
|
||||||
|
|
||||||
|
$i = ceil(time() / 43200);
|
||||||
|
|
||||||
|
return substr(md5($i . DB_PASSWORD . $action . $uid), -12, 10);
|
||||||
|
}
|
||||||
|
endif;
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -93,7 +93,7 @@ function wp_insert_user($userdata) {
|
||||||
}
|
}
|
||||||
|
|
||||||
function wp_update_user($userdata) {
|
function wp_update_user($userdata) {
|
||||||
global $wpdb, $current_user;
|
global $wpdb;
|
||||||
|
|
||||||
$ID = (int) $userdata['ID'];
|
$ID = (int) $userdata['ID'];
|
||||||
|
|
||||||
|
@ -114,6 +114,7 @@ function wp_update_user($userdata) {
|
||||||
$user_id = wp_insert_user($userdata);
|
$user_id = wp_insert_user($userdata);
|
||||||
|
|
||||||
// Update the cookies if the password changed.
|
// Update the cookies if the password changed.
|
||||||
|
$current_user = wp_get_current_user();
|
||||||
if( $current_user->id == $ID ) {
|
if( $current_user->id == $ID ) {
|
||||||
if ( isset($plaintext_pass) ) {
|
if ( isset($plaintext_pass) ) {
|
||||||
wp_clearcookie();
|
wp_clearcookie();
|
||||||
|
|
|
@ -27,10 +27,7 @@ function get_sidebar() {
|
||||||
|
|
||||||
|
|
||||||
function wp_loginout() {
|
function wp_loginout() {
|
||||||
global $user_ID;
|
if ( ! is_user_logged_in() )
|
||||||
get_currentuserinfo();
|
|
||||||
|
|
||||||
if ('' == $user_ID)
|
|
||||||
$link = '<a href="' . get_settings('siteurl') . '/wp-login.php">' . __('Login') . '</a>';
|
$link = '<a href="' . get_settings('siteurl') . '/wp-login.php">' . __('Login') . '</a>';
|
||||||
else
|
else
|
||||||
$link = '<a href="' . get_settings('siteurl') . '/wp-login.php?action=logout">' . __('Logout') . '</a>';
|
$link = '<a href="' . get_settings('siteurl') . '/wp-login.php?action=logout">' . __('Logout') . '</a>';
|
||||||
|
@ -40,16 +37,15 @@ function wp_loginout() {
|
||||||
|
|
||||||
|
|
||||||
function wp_register( $before = '<li>', $after = '</li>' ) {
|
function wp_register( $before = '<li>', $after = '</li>' ) {
|
||||||
global $user_ID;
|
|
||||||
|
|
||||||
get_currentuserinfo();
|
if ( ! is_user_logged_in() ) {
|
||||||
|
if ( get_settings('users_can_register') )
|
||||||
if ( '' == $user_ID && get_settings('users_can_register') )
|
$link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
|
||||||
$link = $before . '<a href="' . get_settings('siteurl') . '/wp-register.php">' . __('Register') . '</a>' . $after;
|
else
|
||||||
elseif ( '' == $user_ID && !get_settings('users_can_register') )
|
$link = '';
|
||||||
$link = '';
|
} else {
|
||||||
else
|
|
||||||
$link = $before . '<a href="' . get_settings('siteurl') . '/wp-admin/">' . __('Site Admin') . '</a>' . $after;
|
$link = $before . '<a href="' . get_settings('siteurl') . '/wp-admin/">' . __('Site Admin') . '</a>' . $after;
|
||||||
|
}
|
||||||
|
|
||||||
echo apply_filters('register', $link);
|
echo apply_filters('register', $link);
|
||||||
}
|
}
|
||||||
|
|
10
wp-login.php
10
wp-login.php
|
@ -177,12 +177,12 @@ default:
|
||||||
$user_login = sanitize_user( $user_login );
|
$user_login = sanitize_user( $user_login );
|
||||||
$user_pass = $_POST['pwd'];
|
$user_pass = $_POST['pwd'];
|
||||||
$rememberme = $_POST['rememberme'];
|
$rememberme = $_POST['rememberme'];
|
||||||
} elseif ( !empty($_COOKIE) ) {
|
} else {
|
||||||
if ( !empty($_COOKIE[USER_COOKIE]) )
|
$cookie_login = wp_get_cookie_login();
|
||||||
$user_login = $_COOKIE[USER_COOKIE];
|
if ( ! empty($cookie_login) ) {
|
||||||
if ( !empty($_COOKIE[PASS_COOKIE]) ) {
|
|
||||||
$user_pass = $_COOKIE[PASS_COOKIE];
|
|
||||||
$using_cookie = true;
|
$using_cookie = true;
|
||||||
|
$user_login = $cookie_login['login'];
|
||||||
|
$user_pass = $cookie_login['password'];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue