Do a cap check at the top of widgets since it won't always inherit the menu cap check.

git-svn-id: http://svn.automattic.com/wordpress/trunk@5385 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-05-04 17:52:22 +00:00
parent 48c85562b8
commit b311e786fe
3 changed files with 53 additions and 34 deletions

View File

@ -23,6 +23,7 @@ class Custom_Image_Header {
function js() { function js() {
if ( isset( $_POST['textcolor'] ) ) { if ( isset( $_POST['textcolor'] ) ) {
check_admin_referer('custom-header');
if ( 'blank' == $_POST['textcolor'] ) { if ( 'blank' == $_POST['textcolor'] ) {
set_theme_mod('header_textcolor', 'blank'); set_theme_mod('header_textcolor', 'blank');
} else { } else {
@ -31,8 +32,10 @@ class Custom_Image_Header {
set_theme_mod('header_textcolor', $color); set_theme_mod('header_textcolor', $color);
} }
} }
if ( isset($_POST['resetheader']) ) if ( isset($_POST['resetheader']) ) {
check_admin_referer('custom-header');
remove_theme_mods(); remove_theme_mods();
}
?> ?>
<script type="text/javascript"> <script type="text/javascript">
@ -157,7 +160,7 @@ Event.observe( window, 'load', hide_text );
<h2><?php _e('Your Header Image'); ?></h2> <h2><?php _e('Your Header Image'); ?></h2>
<p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p> <p><?php _e('This is your header image. You can change the text color or upload and crop a new image.'); ?></p>
<div id="headimg" style="background: url(<?php header_image() ?>) no-repeat;"> <div id="headimg" style="background: url(<?php clean_url(header_image()) ?>) no-repeat;">
<h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1> <h1><a onclick="return false;" href="<?php bloginfo('url'); ?>" title="<?php bloginfo('name'); ?>" id="name"><?php bloginfo('name'); ?></a></h1>
<div id="desc"><?php bloginfo('description');?></div> <div id="desc"><?php bloginfo('description');?></div>
</div> </div>
@ -165,7 +168,8 @@ Event.observe( window, 'load', hide_text );
<form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true"> <form method="post" action="<?php echo get_option('siteurl') ?>/wp-admin/themes.php?page=custom-header&amp;updated=true">
<input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" /> <input type="button" value="<?php _e('Hide Text'); ?>" onclick="hide_text()" id="hidetext" />
<input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" /> <input type="button" value="<?php _e('Select a Text Color'); ?>" onclick="colorSelect($('textcolor'), 'pickcolor')" id="pickcolor" /><input type="button" value="<?php _e('Use Original Color'); ?>" onclick="colorDefault()" id="defaultcolor" />
<input type="hidden" name="textcolor" id="textcolor" value="#<?php header_textcolor() ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form> <?php wp_nonce_field('custom-header') ?>
<input type="hidden" name="textcolor" id="textcolor" value="#<?php attribute_escape(header_textcolor()) ?>" /><input name="submit" type="submit" value="<?php _e('Save Changes'); ?> &raquo;" /></form>
<?php } ?> <?php } ?>
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div> <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
@ -177,6 +181,7 @@ Event.observe( window, 'load', hide_text );
<form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;"> <form enctype="multipart/form-data" id="uploadForm" method="POST" action="<?php echo attribute_escape(add_query_arg('step', 2)) ?>" style="margin: auto; width: 50%;">
<label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" /> <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
<input type="hidden" name="action" value="save" /> <input type="hidden" name="action" value="save" />
<?php wp_nonce_field('custom-header') ?>
<p class="submit"> <p class="submit">
<input type="submit" value="<?php _e('Upload'); ?> &raquo;" /> <input type="submit" value="<?php _e('Upload'); ?> &raquo;" />
</p> </p>
@ -197,6 +202,7 @@ Event.observe( window, 'load', hide_text );
} }
function step_2() { function step_2() {
check_admin_referer('custom-header');
$overrides = array('test_form' => false); $overrides = array('test_form' => false);
$file = wp_handle_upload($_FILES['import'], $overrides); $file = wp_handle_upload($_FILES['import'], $overrides);
@ -222,7 +228,7 @@ Event.observe( window, 'load', hide_text );
list($width, $height, $type, $attr) = getimagesize( $file ); list($width, $height, $type, $attr) = getimagesize( $file );
if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) { if ( $width == HEADER_IMAGE_WIDTH && $height == HEADER_IMAGE_HEIGHT ) {
set_theme_mod('header_image', $url); set_theme_mod('header_image', clean_url($url));
$header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication $header = apply_filters('wp_create_file_in_uploads', $file, $id); // For replication
return $this->finished(); return $this->finished();
} elseif ( $width > HEADER_IMAGE_WIDTH ) { } elseif ( $width > HEADER_IMAGE_WIDTH ) {
@ -256,6 +262,7 @@ Event.observe( window, 'load', hide_text );
<input type="hidden" name="height" id="height" /> <input type="hidden" name="height" id="height" />
<input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" /> <input type="hidden" name="attachment_id" id="attachment_id" value="<?php echo $id; ?>" />
<input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" /> <input type="hidden" name="oitar" id="oitar" value="<?php echo $oitar; ?>" />
<?php wp_nonce_field('custom-header') ?>
<input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" /> <input type="submit" value="<?php _e('Crop Header &raquo;'); ?>" />
</p> </p>
@ -265,6 +272,7 @@ Event.observe( window, 'load', hide_text );
} }
function step_3() { function step_3() {
check_admin_referer('custom-header');
if ( $_POST['oitar'] > 1 ) { if ( $_POST['oitar'] > 1 ) {
$_POST['x1'] = $_POST['x1'] * $_POST['oitar']; $_POST['x1'] = $_POST['x1'] * $_POST['oitar'];
$_POST['y1'] = $_POST['y1'] * $_POST['oitar']; $_POST['y1'] = $_POST['y1'] * $_POST['oitar'];

View File

@ -2,6 +2,9 @@
require_once 'admin.php'; require_once 'admin.php';
if ( ! current_user_can('edit_themes') )
wp_die( __( 'Cheatin&#8217; uh?' ));
wp_enqueue_script( 'scriptaculous-effects' ); wp_enqueue_script( 'scriptaculous-effects' );
wp_enqueue_script( 'scriptaculous-dragdrop' ); wp_enqueue_script( 'scriptaculous-dragdrop' );
@ -350,11 +353,7 @@ if ( isset( $_POST['action'] ) ) {
</script> </script>
<p class="submit"> <p class="submit">
<?php <?php wp_nonce_field( 'widgets-save-widget-order' ); ?>
if ( function_exists( 'wp_nonce_field' ) ) {
wp_nonce_field( 'widgets-save-widget-order' );
}
?>
<input type="hidden" name="action" id="action" value="save_widget_order" /> <input type="hidden" name="action" id="action" value="save_widget_order" />
<input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" /> <input type="submit" value="<?php _e( 'Save Changes &raquo;' ); ?>" />
</p> </p>

View File

@ -82,6 +82,7 @@ add_action('admin_menu', 'kubrick_add_theme_page');
function kubrick_add_theme_page() { function kubrick_add_theme_page() {
if ( $_GET['page'] == basename(__FILE__) ) { if ( $_GET['page'] == basename(__FILE__) ) {
if ( 'save' == $_REQUEST['action'] ) { if ( 'save' == $_REQUEST['action'] ) {
check_admin_referer('kubrick-header');
if ( isset($_REQUEST['njform']) ) { if ( isset($_REQUEST['njform']) ) {
if ( isset($_REQUEST['defaults']) ) { if ( isset($_REQUEST['defaults']) ) {
delete_option('kubrick_header_image'); delete_option('kubrick_header_image');
@ -90,9 +91,10 @@ function kubrick_add_theme_page() {
} else { } else {
if ( '' == $_REQUEST['njfontcolor'] ) if ( '' == $_REQUEST['njfontcolor'] )
delete_option('kubrick_header_color'); delete_option('kubrick_header_color');
else else {
update_option('kubrick_header_color', $_REQUEST['njfontcolor']); $fontcolor = preg_replace('/^.*(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['njfontcolor']);
update_option('kubrick_header_color', $fontcolor);
}
if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) { if ( preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njuppercolor'], $uc) && preg_match('/[0-9A-F]{6}|[0-9A-F]{3}/i', $_REQUEST['njlowercolor'], $lc) ) {
$uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0]; $uc = ( strlen($uc[0]) == 3 ) ? $uc[0]{0}.$uc[0]{0}.$uc[0]{1}.$uc[0]{1}.$uc[0]{2}.$uc[0]{2} : $uc[0];
$lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0]; $lc = ( strlen($lc[0]) == 3 ) ? $lc[0]{0}.$lc[0]{0}.$lc[0]{1}.$lc[0]{1}.$lc[0]{2}.$lc[0]{2} : $lc[0];
@ -109,20 +111,27 @@ function kubrick_add_theme_page() {
} else { } else {
if ( isset($_REQUEST['headerimage']) ) { if ( isset($_REQUEST['headerimage']) ) {
check_admin_referer('kubrick-header');
if ( '' == $_REQUEST['headerimage'] ) if ( '' == $_REQUEST['headerimage'] )
delete_option('kubrick_header_image'); delete_option('kubrick_header_image');
else else {
update_option('kubrick_header_image', $_REQUEST['headerimage']); $headerimage = preg_replace('/^.*?(header-img.php\?upper=[0-9a-fA-F]{6}&lower=[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['headerimage']);
update_option('kubrick_header_image', $headerimage);
}
} }
if ( isset($_REQUEST['fontcolor']) ) { if ( isset($_REQUEST['fontcolor']) ) {
check_admin_referer('kubrick-header');
if ( '' == $_REQUEST['fontcolor'] ) if ( '' == $_REQUEST['fontcolor'] )
delete_option('kubrick_header_color'); delete_option('kubrick_header_color');
else else {
update_option('kubrick_header_color', $_REQUEST['fontcolor']); $fontcolor = preg_replace('/^.*?(#[0-9a-fA-F]{6})?.*$/', '$1', $_REQUEST['fontcolor']);
update_option('kubrick_header_color', $fontcolor);
}
} }
if ( isset($_REQUEST['fontdisplay']) ) { if ( isset($_REQUEST['fontdisplay']) ) {
check_admin_referer('kubrick-header');
if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] ) if ( '' == $_REQUEST['fontdisplay'] || 'inline' == $_REQUEST['fontdisplay'] )
delete_option('kubrick_header_display'); delete_option('kubrick_header_display');
else else
@ -233,13 +242,13 @@ function kubrick_theme_page_head() {
document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value; document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
} }
function kRevert() { function kRevert() {
document.getElementById('headerimage').value = '<?php echo kubrick_header_image(); ?>'; document.getElementById('headerimage').value = '<?php echo js_escape(kubrick_header_image()); ?>';
document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo kubrick_upper_color(); ?>'; document.getElementById('advuppercolor').value = document.getElementById('uppercolor').value = '#<?php echo js_escape(kubrick_upper_color()); ?>';
document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo kubrick_lower_color(); ?>'; document.getElementById('advlowercolor').value = document.getElementById('lowercolor').value = '#<?php echo js_escape(kubrick_lower_color()); ?>';
document.getElementById('header').style.background = 'url("<?php echo kubrick_header_image_url(); ?>") center no-repeat'; document.getElementById('header').style.background = 'url("<?php echo js_escape(kubrick_header_image_url()); ?>") center no-repeat';
document.getElementById('header').style.color = ''; document.getElementById('header').style.color = '';
document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo kubrick_header_color_string(); ?>'; document.getElementById('advfontcolor').value = document.getElementById('fontcolor').value = '<?php echo js_escape(kubrick_header_color_string()); ?>';
document.getElementById('fontdisplay').value = '<?php echo kubrick_header_display_string(); ?>'; document.getElementById('fontdisplay').value = '<?php echo js_escape(kubrick_header_display_string()); ?>';
document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value; document.getElementById('headerimg').style.display = document.getElementById('fontdisplay').value;
} }
function kInit() { function kInit() {
@ -361,11 +370,12 @@ function kubrick_theme_page() {
<br /> <br />
<div id="nonJsForm"> <div id="nonJsForm">
<form method="post" action=""> <form method="post" action="">
<?php wp_nonce_field('kubrick-header'); ?>
<div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div> <div class="zerosize"><input type="submit" name="defaultsubmit" value="Save" /></div>
<label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo kubrick_header_color(); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br /> <label for="njfontcolor">Font Color:</label><input type="text" name="njfontcolor" id="njfontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /> Any CSS color (<code>red</code> or <code>#FF0000</code> or <code>rgb(255, 0, 0)</code>)<br />
<label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo kubrick_upper_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br /> <label for="njuppercolor">Upper Color:</label><input type="text" name="njuppercolor" id="njuppercolor" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
<label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo kubrick_lower_color(); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br /> <label for="njlowercolor">Lower Color:</label><input type="text" name="njlowercolor" id="njlowercolor" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /> HEX only (<code>#FF0000</code> or <code>#F00</code>)<br />
<input type="hidden" name="hi" id="hi" value="<?php echo kubrick_header_image(); ?>" /> <input type="hidden" name="hi" id="hi" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
<input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" /> <input type="submit" name="toggledisplay" id="toggledisplay" value="Toggle Text" />
<input type="submit" name="defaults" value="Use Defaults" /> <input type="submit" name="defaults" value="Use Defaults" />
<input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" /> <input type="submit" class="defbutton" name="submitform" value="&nbsp;&nbsp;Save&nbsp;&nbsp;" />
@ -375,25 +385,27 @@ function kubrick_theme_page() {
</div> </div>
<div id="jsForm"> <div id="jsForm">
<form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>"> <form style="display:inline;" method="post" name="hicolor" id="hicolor" action="<?php echo $_SERVER['REQUEST_URI']; ?>">
<?php wp_nonce_field('kubrick-header'); ?>
<input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input> <input type="button" onclick="tgt=document.getElementById('fontcolor');colorSelect(tgt,'pick1');return false;" name="pick1" id="pick1" value="Font Color"></input>
<input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input> <input type="button" onclick="tgt=document.getElementById('uppercolor');colorSelect(tgt,'pick2');return false;" name="pick2" id="pick2" value="Upper Color"></input>
<input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="Lower Color"></input> <input type="button" onclick="tgt=document.getElementById('lowercolor');colorSelect(tgt,'pick3');return false;" name="pick3" id="pick3" value="Lower Color"></input>
<input type="button" name="revert" value="Revert" onclick="kRevert()" /> <input type="button" name="revert" value="Revert" onclick="kRevert()" />
<input type="button" value="Advanced" onclick="toggleAdvanced()" /> <input type="button" value="Advanced" onclick="toggleAdvanced()" />
<input type="hidden" name="action" value="save" /> <input type="hidden" name="action" value="save" />
<input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo kubrick_header_display(); ?>" /> <input type="hidden" name="fontdisplay" id="fontdisplay" value="<?php echo attribute_escape(kubrick_header_display()); ?>" />
<input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo kubrick_header_color(); ?>" /> <input type="hidden" name="fontcolor" id="fontcolor" value="<?php echo attribute_escape(kubrick_header_color()); ?>" />
<input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo kubrick_upper_color(); ?>" /> <input type="hidden" name="uppercolor" id="uppercolor" value="<?php echo attribute_escape(kubrick_upper_color()); ?>" />
<input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo kubrick_lower_color(); ?>" /> <input type="hidden" name="lowercolor" id="lowercolor" value="<?php echo attribute_escape(kubrick_lower_color()); ?>" />
<input type="hidden" name="headerimage" id="headerimage" value="<?php echo kubrick_header_image(); ?>" /> <input type="hidden" name="headerimage" id="headerimage" value="<?php echo attribute_escape(kubrick_header_image()); ?>" />
<p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header &raquo;'); ?>" onclick="cp.hidePopup('prettyplease')" /></p> <p class="submit"><input type="submit" name="submitform" class="defbutton" value="<?php _e('Update Header &raquo;'); ?>" onclick="cp.hidePopup('prettyplease')" /></p>
</form> </form>
<div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div> <div id="colorPickerDiv" style="z-index: 100;background:#eee;border:1px solid #ccc;position:absolute;visibility:hidden;"> </div>
<div id="advanced"> <div id="advanced">
<form id="jsAdvanced" style="display:none;" action=""> <form id="jsAdvanced" style="display:none;" action="">
<label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo kubrick_header_color(); ?>" /><br /> <?php wp_nonce_field('kubrick-header'); ?>
<label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo kubrick_upper_color(); ?>" /><br /> <label for="advfontcolor">Font Color (CSS): </label><input type="text" id="advfontcolor" onchange="advUpdate(this.value, 'fontcolor')" value="<?php echo attribute_escape(kubrick_header_color()); ?>" /><br />
<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo kubrick_lower_color(); ?>" /><br /> <label for="advuppercolor">Upper Color (HEX): </label><input type="text" id="advuppercolor" onchange="advUpdate(this.value, 'uppercolor')" value="#<?php echo attribute_escape(kubrick_upper_color()); ?>" /><br />
<label for="advlowercolor">Lower Color (HEX): </label><input type="text" id="advlowercolor" onchange="advUpdate(this.value, 'lowercolor')" value="#<?php echo attribute_escape(kubrick_lower_color()); ?>" /><br />
<input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br /> <input type="button" name="default" value="Select Default Colors" onclick="kDefaults()" /><br />
<input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br /> <input type="button" onclick="toggleDisplay();return false;" name="pick" id="pick" value="Toggle Text Display"></input><br />
</form> </form>