From e316dab0c265a098e0ce97dd1290c4a71df628f7 Mon Sep 17 00:00:00 2001 From: ryan Date: Tue, 27 Jun 2006 08:06:00 +0000 Subject: [PATCH] wp_explain_nonce() and wp_nonce_ays(). Props mdawaffe. #2734 git-svn-id: http://svn.automattic.com/wordpress/trunk@3934 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/functions.php | 81 +++++++++++++++++++++++++++++++++++++++ wp-includes/pluggable.php | 25 +----------- 2 files changed, 82 insertions(+), 24 deletions(-) diff --git a/wp-includes/functions.php b/wp-includes/functions.php index a522e4def..1477d248a 100644 --- a/wp-includes/functions.php +++ b/wp-includes/functions.php @@ -1021,4 +1021,85 @@ function wp_proxy_check($ipnum) { return false; } +function wp_explain_nonce($action) { + if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) { + $verb = $matches[1]; + $noun = $matches[2]; + + $trans = array(); + $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false); + $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname'); + $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname'); + + $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id'); + $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id'); + $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id'); + $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id'); + $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false); + $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false); + + $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false); + $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id'); + $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id'); + $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false); + + $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false); + $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title'); + $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title'); + + $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false); + $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title'); + $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title'); + + $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false); + $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false); + $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false); + $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name'); + + if ( isset($trans[$verb][$noun]) ) { + if ( !empty($trans[$verb][$noun][1]) ) { + $lookup = $trans[$verb][$noun][1]; + $object = $matches[4]; + if ( 'use_id' != $lookup ) + $object = call_user_func($lookup, $object); + return sprintf($trans[$verb][$noun][0], $object); + } else { + return $trans[$verb][$noun][0]; + } + } + } + + return __('Are you sure you want to do this'); +} + +function wp_nonce_ays($action) { + global $pagenow, $menu, $submenu, $parent_file, $submenu_file; + + $admin_url = get_settings('siteurl') . '/wp-admin'; + if ( wp_get_referer() ) + $admin_url = wp_get_referer(); + + $title = __('WordPress Confirmation'); + require_once(ABSPATH . '/wp-admin/admin-header.php'); + // Remove extra layer of slashes. + $_POST = stripslashes_deep($_POST ); + if ( $_POST ) { + $q = http_build_query($_POST); + $q = explode( ini_get('arg_separator.output'), $q); + $html .= "\t
\n"; + foreach ( (array) $q as $a ) { + $v = substr(strstr($a, '='), 1); + $k = substr($a, 0, -(strlen($v)+1)); + $html .= "\t\t\n"; + } + $html .= "\t\t\n"; + $html .= "\t\t
\n\t\t

" . wp_explain_nonce($action) . "

\n\t\t

" . __('No') . "

\n\t\t
\n\t
\n"; + } else { + $html .= "\t
\n\t

" . wp_explain_nonce($action) . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; + } + $html .= "\n"; + echo $html; + include_once(ABSPATH . '/wp-admin/admin-footer.php'); +} + ?> diff --git a/wp-includes/pluggable.php b/wp-includes/pluggable.php index 46d26cf1b..084f24a95 100644 --- a/wp-includes/pluggable.php +++ b/wp-includes/pluggable.php @@ -229,34 +229,11 @@ endif; if ( !function_exists('check_admin_referer') ) : function check_admin_referer($action = -1) { - global $pagenow, $menu, $submenu, $parent_file, $submenu_file;; $adminurl = strtolower(get_settings('siteurl')).'/wp-admin'; $referer = strtolower(wp_get_referer()); if ( !wp_verify_nonce($_REQUEST['_wpnonce'], $action) && !(-1 == $action && strstr($referer, $adminurl)) ) { - if ( $referer ) - $adminurl = $referer; - $title = __('WordPress Confirmation'); - require_once(ABSPATH . '/wp-admin/admin-header.php'); - // Remove extra layer of slashes. - $_POST = stripslashes_deep($_POST ); - if ( $_POST ) { - $q = http_build_query($_POST); - $q = explode( ini_get('arg_separator.output'), $q); - $html .= "\t
\n"; - foreach ( (array) $q as $a ) { - $v = substr(strstr($a, '='), 1); - $k = substr($a, 0, -(strlen($v)+1)); - $html .= "\t\t\n"; - } - $html .= "\t\t\n"; - $html .= "\t\t
\n\t\t

" . __('Are you sure you want to do this?') . "

\n\t\t

" . __('No') . "

\n\t\t
\n\t
\n"; - } else { - $html .= "\t
\n\t

" . __('Are you sure you want to do this?') . "

\n\t

" . __('No') . " " . __('Yes') . "

\n\t
\n"; - } - $html .= "\n"; - echo $html; - include_once(ABSPATH . '/wp-admin/admin-footer.php'); + wp_nonce_ays($action); die(); } do_action('check_admin_referer', $action);