wp_get_referer() and friends from robmiller and markjaquith. fixes #2800
git-svn-id: http://svn.automattic.com/wordpress/trunk@3908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan
parent
e232ef9a32
commit
9876a3606f
|
|
@ -77,8 +77,8 @@ case 'update':
|
||||||
//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
|
//$message = sprintf(__('%d setting(s) saved... '), $any_changed);
|
||||||
}
|
}
|
||||||
|
|
||||||
$referred = remove_query_arg('updated' , $_SERVER['HTTP_REFERER']);
|
$referred = remove_query_arg('updated' , wp_get_referer());
|
||||||
$goback = add_query_arg('updated', 'true', $_SERVER['HTTP_REFERER']);
|
$goback = add_query_arg('updated', 'true', wp_get_referer());
|
||||||
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
|
$goback = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $goback);
|
||||||
wp_redirect($goback);
|
wp_redirect($goback);
|
||||||
break;
|
break;
|
||||||
|
|
|
||||||
|
|
@ -811,6 +811,34 @@ function wp_nonce_url($actionurl, $action = -1) {
|
||||||
|
|
||||||
function wp_nonce_field($action = -1) {
|
function wp_nonce_field($action = -1) {
|
||||||
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
|
echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
|
||||||
|
wp_referer_field();
|
||||||
|
}
|
||||||
|
|
||||||
|
function wp_referer_field() {
|
||||||
|
$ref = ( false === wp_get_referer() ) ? $_SERVER['REQUEST_URI'] : wp_get_referer();
|
||||||
|
$ref = wp_specialchars(stripslashes($ref));
|
||||||
|
echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
|
||||||
|
if ( wp_get_original_referer() ) {
|
||||||
|
$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
|
||||||
|
echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
function wp_original_referer_field() {
|
||||||
|
echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
|
||||||
|
}
|
||||||
|
|
||||||
|
function wp_get_referer() {
|
||||||
|
foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
|
||||||
|
if ( !empty($ref) )
|
||||||
|
return $ref;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
function wp_get_original_referer() {
|
||||||
|
if ( !empty($_REQUEST['_wp_original_http_referer']) )
|
||||||
|
return $_REQUEST['_wp_original_http_referer'];
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
function wp_mkdir_p($target) {
|
function wp_mkdir_p($target) {
|
||||||
|
|
|
||||||
|
|
@ -231,7 +231,7 @@ if ( !function_exists('check_admin_referer') ) :
|
||||||
function check_admin_referer($action = -1) {
|
function check_admin_referer($action = -1) {
|
||||||
global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
|
global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
|
||||||
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
|
$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
|
||||||
$referer = strtolower($_SERVER['HTTP_REFERER']);
|
$referer = strtolower(wp_get_referer());
|
||||||
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
|
if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
|
||||||
!(-1 == $action && strstr($referer, $adminurl)) ) {
|
!(-1 == $action && strstr($referer, $adminurl)) ) {
|
||||||
if ( $referer )
|
if ( $referer )
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue