From 8ee6921b498028c4b977ed512a04e45dd1169ad4 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Thu, 18 May 2006 06:49:22 +0000
Subject: [PATCH] Improvements to the nonce AYS from mdawaffe.  #2734

git-svn-id: http://svn.automattic.com/wordpress/trunk@3783 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/comment.php                |  6 +++---
 wp-admin/page.php                   |  4 ++--
 wp-admin/post.php                   |  6 ++++--
 wp-admin/profile-update.php         |  2 ++
 wp-admin/wp-admin.css               |  2 +-
 wp-includes/pluggable-functions.php | 19 ++++++++++---------
 6 files changed, 22 insertions(+), 17 deletions(-)

diff --git a/wp-admin/comment.php b/wp-admin/comment.php
index fa4bd246c..9c34a9c00 100644
--- a/wp-admin/comment.php
+++ b/wp-admin/comment.php
@@ -1,6 +1,8 @@
 <?php
 require_once('admin.php');
 
+$parent_file = 'edit.php';
+$submenu_file = 'edit-comments.php';
 $wpvarstoreset = array('action');
 
 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@@ -24,8 +26,6 @@ if ( isset( $_POST['deletecomment'] ) )
 switch($action) {
 case 'editcomment':
 	$title = __('Edit Comment');
-	$parent_file = 'edit.php';
-	$submenu_file = 'edit-comments.php';
 	$editing = true;
 	require_once ('admin-header.php');
 
@@ -202,4 +202,4 @@ default:
 
 include('admin-footer.php');
 
-?>
\ No newline at end of file
+?>
diff --git a/wp-admin/page.php b/wp-admin/page.php
index 66c4c7eab..9d2995f4c 100644
--- a/wp-admin/page.php
+++ b/wp-admin/page.php
@@ -1,6 +1,8 @@
 <?php
 require_once('admin.php');
 
+$parent_file = 'edit.php';
+$submenu_file = 'edit-pages.php';
 $wpvarstoreset = array('action');
 
 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@@ -53,8 +55,6 @@ case 'post':
 
 case 'edit':
 	$title = __('Edit');
-	$parent_file = 'edit.php';
-	$submenu_file = 'edit-pages.php';
 	$editing = true;
 	require_once('admin-header.php');
 
diff --git a/wp-admin/post.php b/wp-admin/post.php
index 82cb8a453..f58356c56 100644
--- a/wp-admin/post.php
+++ b/wp-admin/post.php
@@ -1,6 +1,8 @@
 <?php
 require_once('admin.php');
 
+$parent_file = 'edit.php';
+$submenu_file = 'edit.php';
 $wpvarstoreset = array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder' );
 
 for ($i=0; $i<count($wpvarstoreset); $i += 1) {
@@ -24,6 +26,8 @@ if ( isset( $_POST['deletepost'] ) )
 switch($action) {
 case 'postajaxpost':
 case 'post':
+	$parent_file = 'post-new.php';
+	$submenu_file = 'post-new.php';
 	check_admin_referer('add-post');
 	
 	$post_ID = 'post' == $action ? write_post() : edit_post();
@@ -54,8 +58,6 @@ case 'post':
 
 case 'edit':
 	$title = __('Edit');
-	$parent_file = 'edit.php';
-	$submenu_file = 'edit.php';
 	$editing = true;
 	require_once('admin-header.php');
 
diff --git a/wp-admin/profile-update.php b/wp-admin/profile-update.php
index 58efdb08c..ffe88614f 100644
--- a/wp-admin/profile-update.php
+++ b/wp-admin/profile-update.php
@@ -1,5 +1,7 @@
 <?php
 
+$parent_file = 'profile.php';
+$submenu_file = 'profile.php';
 require_once('admin.php');
 
 check_admin_referer('update-profile' . $user_ID);
diff --git a/wp-admin/wp-admin.css b/wp-admin/wp-admin.css
index 7b27c63a5..b73b73ec0 100644
--- a/wp-admin/wp-admin.css
+++ b/wp-admin/wp-admin.css
@@ -361,7 +361,7 @@ form#upload #post_content {
 	display: none;
 }
 
-.updated {
+.updated, .confirm {
 	background: #CFEBF7 url(images/notice.gif) no-repeat 1em ;
 	border: 1px solid #2580B2;
 	margin: 1em 5% 10px;
diff --git a/wp-includes/pluggable-functions.php b/wp-includes/pluggable-functions.php
index d05ac9c97..5ff3dac6b 100644
--- a/wp-includes/pluggable-functions.php
+++ b/wp-includes/pluggable-functions.php
@@ -229,15 +229,15 @@ endif;
 
 if ( !function_exists('check_admin_referer') ) :
 function check_admin_referer($action = -1) {
-	global $pagenow;
+	global $pagenow, $menu, $submenu, $parent_file, $submenu_file;;
 	$adminurl = strtolower(get_settings('siteurl')).'/wp-admin';
 	$referer = strtolower($_SERVER['HTTP_REFERER']);
 	if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) &&
 		!(-1 == $action && strstr($referer, $adminurl)) ) {
-		
-		$html  = "<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Strict//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd'>\n<html xmlns='http://www.w3.org/1999/xhtml' lang='en' xml:lang='en'>\n\n";
-		$html .= "<head>\n\t<title>" . __('WordPress Confirmation') . "</title>\n";
-		$html .= "</head>\n<body>\n";
+		if ( $referer ) 
+			$adminurl = $referer;
+		$title = __('WordPress Confirmation');
+		require_once(ABSPATH . '/wp-admin/admin-header.php');
 		if ( $_POST ) {
 			$q = http_build_query($_POST);
 			$q = explode( ini_get('arg_separator.output'), $q);
@@ -248,13 +248,14 @@ function check_admin_referer($action = -1) {
 				$html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
 			}
 			$html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
-			$html .= "\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t</form>\n";
+			$html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
 		} else {
-			$html .= "\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t\t<p><a href='$adminurl'>No</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n";
+			$html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . __('Are you sure you want to do this?') . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
 		}
 		$html .= "</body>\n</html>";
-
-		die($html);
+		echo $html;
+		include_once(ABSPATH . '/wp-admin/admin-footer.php');
+		die();
 	}
 	do_action('check_admin_referer', $action);
 }endif;