<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[14670] trunk/wp-admin:
Validation and nonce improvements to custom background UI.</title>
</head>
<body>
<div id="msg">
<dl>
<dt>Revision</dt> <dd><a href="http://trac.wordpress.org/changeset/14670">14670</a></dd>
<dt>Author</dt> <dd>nacin</dd>
<dt>Date</dt> <dd>2010-05-15 19:47:03 +0000 (Sat, 15 May 2010)</dd>
</dl>
<h3>Log Message</h3>
<pre>Validation and nonce improvements to custom background UI. props ocean90, see <a href="http://trac.wordpress.org/ticket/12186">#12186</a>.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadmincustombackgroundphp">trunk/wp-admin/custom-background.php</a></li>
<li><a href="#trunkwpadminjscustombackgrounddevjs">trunk/wp-admin/js/custom-background.dev.js</a></li>
<li><a href="#trunkwpadminjscustombackgroundjs">trunk/wp-admin/js/custom-background.js</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadmincustombackgroundphp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/custom-background.php (14669 => 14670)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/custom-background.php 2010-05-15 19:27:02 UTC (rev 14669)
+++ trunk/wp-admin/custom-background.php 2010-05-15 19:47:03 UTC (rev 14670)
</span><span class="lines">@@ -85,18 +85,22 @@
</span><span class="cx"> if ( empty($_POST) )
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- check_admin_referer('custom-background');
-
</del><span class="cx"> if ( isset($_POST['reset-background']) ) {
</span><del>- remove_theme_mod( 'background_image' );
</del><ins>+ check_admin_referer('custom-background-reset', '_wpnonce-custom-background-reset');
+ remove_theme_mod('background_image');
+ remove_theme_mod('background_image_thumb');
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx"> if ( isset($_POST['remove-background']) ) {
</span><span class="cx"> // @TODO: Uploaded files are not removed here.
</span><ins>+ check_admin_referer('custom-background-remove', '_wpnonce-custom-background-remove');
</ins><span class="cx"> set_theme_mod('background_image', '');
</span><ins>+ set_theme_mod('background_image_thumb', '');
+ return;
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( isset($_POST['background-repeat']) ) {
</span><ins>+ check_admin_referer('custom-background');
</ins><span class="cx"> if ( in_array($_POST['background-repeat'], array('repeat', 'no-repeat', 'repeat-x', 'repeat-y')) )
</span><span class="cx"> $repeat = $_POST['background-repeat'];
</span><span class="cx"> else
</span><span class="lines">@@ -104,6 +108,7 @@
</span><span class="cx"> set_theme_mod('background_repeat', $repeat);
</span><span class="cx"> }
</span><span class="cx"> if ( isset($_POST['background-position']) ) {
</span><ins>+ check_admin_referer('custom-background');
</ins><span class="cx"> if ( in_array($_POST['background-position'], array('center', 'right', 'left')) )
</span><span class="cx"> $position = $_POST['background-position'];
</span><span class="cx"> else
</span><span class="lines">@@ -111,6 +116,7 @@
</span><span class="cx"> set_theme_mod('background_position', $position);
</span><span class="cx"> }
</span><span class="cx"> if ( isset($_POST['background-attachment']) ) {
</span><ins>+ check_admin_referer('custom-background');
</ins><span class="cx"> if ( in_array($_POST['background-attachment'], array('fixed', 'scroll')) )
</span><span class="cx"> $attachment = $_POST['background-attachment'];
</span><span class="cx"> else
</span><span class="lines">@@ -118,6 +124,7 @@
</span><span class="cx"> set_theme_mod('background_attachment', $attachment);
</span><span class="cx"> }
</span><span class="cx"> if ( isset($_POST['background-color']) ) {
</span><ins>+ check_admin_referer('custom-background');
</ins><span class="cx"> $color = preg_replace('/[^0-9a-fA-F]/', '', $_POST['background-color']);
</span><span class="cx"> if ( strlen($color) == 6 || strlen($color) == 3 )
</span><span class="cx"> set_theme_mod('background_color', $color);
</span><span class="lines">@@ -156,23 +163,23 @@
</span><span class="cx"> <td>
</span><span class="cx"> <?php
</span><span class="cx"> $background_styles = '';
</span><del>-if ( get_background_color() ) {
- $background_styles .= "background-color: #" . get_background_color() . ";";
</del><ins>+if ( $bgcolor = get_background_color() ) {
+ $background_styles .= "background-color: #{$bgcolor};";
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> if ( get_background_image() ) {
</span><span class="cx"> $background_styles .= "
</span><span class="cx"> background-image: url(" . get_theme_mod('background_image_thumb', '') . ");
</span><del>- background-repeat: ". get_theme_mod('background_repeat', 'no-repeat') . ";
- background-position: top ". get_theme_mod('background_position', 'left') . ";
- background-attachment: " . get_theme_mod('background_position', 'fixed') . ";
</del><ins>+ background-repeat: ". get_theme_mod('background_repeat', 'repeat') . ";
+ background-position: ". get_theme_mod('background_position', 'left') . " top;
+ background-attachment: " . get_theme_mod('background_attachment', 'fixed') . ";
</ins><span class="cx"> ";
</span><span class="cx"> }
</span><span class="cx"> ?>
</span><span class="cx"> <div id="custom-background-image" style="<?php echo $background_styles; ?>">
</span><span class="cx"> <?php if ( get_background_image() ) { ?>
</span><del>-<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" /><br />
-<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" />
</del><ins>+<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" alt="" /><br />
+<img class="custom-background-image" src="<?php echo get_theme_mod('background_image_thumb', ''); ?>" style="visibility:hidden;" alt="" />
</ins><span class="cx"> <?php } ?>
</span><span class="cx"> <br class="clear" />
</span><span class="cx"> </div>
</span><span class="lines">@@ -184,7 +191,7 @@
</span><span class="cx"> <th scope="row"><?php _e('Remove Image'); ?></th>
</span><span class="cx"> <td><p><?php _e('This will remove the background image. You will not be able to restore any customizations.') ?></p>
</span><span class="cx"> <form method="post" action="">
</span><del>-<?php wp_nonce_field('custom-background'); ?>
</del><ins>+<?php wp_nonce_field('custom-background-remove', '_wpnonce-custom-background-remove'); ?>
</ins><span class="cx"> <input type="submit" class="button" name="remove-background" value="<?php esc_attr_e('Remove Background'); ?>" />
</span><span class="cx"> </form>
</span><span class="cx"> </td>
</span><span class="lines">@@ -196,19 +203,19 @@
</span><span class="cx"> <th scope="row"><?php _e('Restore Original Image'); ?></th>
</span><span class="cx"> <td><p><?php _e('This will restore the original background image. You will not be able to restore any customizations.') ?></p>
</span><span class="cx"> <form method="post" action="">
</span><del>-<?php wp_nonce_field('custom-background'); ?>
</del><ins>+<?php wp_nonce_field('custom-background-reset', '_wpnonce-custom-background-reset'); ?>
</ins><span class="cx"> <input type="submit" class="button" name="reset-background" value="<?php esc_attr_e('Restore Original Image'); ?>" />
</span><span class="cx"> </form>
</span><span class="cx"> </td>
</span><span class="cx"> </tr>
</span><del>-</form>
</del><ins>+
</ins><span class="cx"> <?php endif; ?>
</span><span class="cx"> <tr valign="top">
</span><span class="cx"> <th scope="row"><?php _e('Upload Image'); ?></th>
</span><del>-<td><form enctype="multipart/form-data" id="uploadForm" method="post" action="">
</del><ins>+<td><form enctype="multipart/form-data" id="upload-form" method="post" action="">
</ins><span class="cx"> <label for="upload"><?php _e('Choose an image from your computer:'); ?></label><br /><input type="file" id="upload" name="import" />
</span><span class="cx"> <input type="hidden" name="action" value="save" />
</span><del>-<?php wp_nonce_field('custom-background') ?>
</del><ins>+<?php wp_nonce_field('custom-background-upload', '_wpnonce-custom-background-upload') ?>
</ins><span class="cx"> <p class="submit">
</span><span class="cx"> <input type="submit" value="<?php esc_attr_e('Upload'); ?>" />
</span><span class="cx"> </p>
</span><span class="lines">@@ -299,7 +306,7 @@
</span><span class="cx"> if ( empty($_FILES) )
</span><span class="cx"> return;
</span><span class="cx">
</span><del>- check_admin_referer('custom-background');
</del><ins>+ check_admin_referer('custom-background-upload', '_wpnonce-custom-background-upload');
</ins><span class="cx"> $overrides = array('test_form' => false);
</span><span class="cx"> $file = wp_handle_upload($_FILES['import'], $overrides);
</span><span class="cx">
</span><span class="lines">@@ -329,10 +336,6 @@
</span><span class="cx">
</span><span class="cx"> $thumbnail = wp_get_attachment_image_src( $id, 'thumbnail' );
</span><span class="cx"> set_theme_mod('background_image_thumb', esc_url( $thumbnail[0] ) );
</span><del>-
- set_theme_mod('background_position', get_theme_mod('background_position', 'left') );
- set_theme_mod('background_repeat', get_theme_mod('background_repeat', 'tile') );
- set_theme_mod('background-attachment', get_theme_mod('background_position', 'fixed') );
</del><span class="cx">
</span><span class="cx"> do_action('wp_create_file_in_uploads', $file, $id); // For replication
</span><span class="cx"> $this->updated = true;
</span></span></pre></div>
<a id="trunkwpadminjscustombackgrounddevjs"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/js/custom-background.dev.js (14669 => 14670)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/js/custom-background.dev.js 2010-05-15 19:27:02 UTC (rev 14669)
+++ trunk/wp-admin/js/custom-background.dev.js 2010-05-15 19:47:03 UTC (rev 14670)
</span><span class="lines">@@ -1,8 +1,8 @@
</span><del>-var buttons = ['#pickcolor'], farbtastic;
</del><ins>+var farbtastic;
</ins><span class="cx">
</span><span class="cx"> function pickColor(color) {
</span><del>- jQuery('#background-color').val(color);
</del><span class="cx"> farbtastic.setColor(color);
</span><ins>+ jQuery('#background-color').val(color);
</ins><span class="cx"> jQuery('#custom-background-image').css('background-color', color);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -10,6 +10,7 @@
</span><span class="cx"> jQuery('#pickcolor').click(function() {
</span><span class="cx"> jQuery('#colorPickerDiv').show();
</span><span class="cx"> });
</span><ins>+
</ins><span class="cx"> jQuery('#background-color').keyup(function() {
</span><span class="cx"> var _hex = jQuery('#background-color').val();
</span><span class="cx"> var hex = _hex;
</span><span class="lines">@@ -21,32 +22,29 @@
</span><span class="cx"> if ( hex.length == 4 || hex.length == 7 )
</span><span class="cx"> pickColor( hex );
</span><span class="cx"> });
</span><ins>+
</ins><span class="cx"> jQuery('input[name="background-position"]').change(function() {
</span><del>- jQuery('#custom-background-image').css('background-position', 'top '+jQuery(this).val());
</del><ins>+ jQuery('#custom-background-image').css('background-position', 'top ' + jQuery(this).val());
</ins><span class="cx"> });
</span><ins>+
</ins><span class="cx"> jQuery('select[name="background-repeat"]').change(function() {
</span><span class="cx"> jQuery('#custom-background-image').css('background-repeat', jQuery(this).val());
</span><span class="cx"> });
</span><ins>+
+ jQuery('input[name="background-attachment"]').change(function() {
+ jQuery('#custom-background-image').css('background-attachment', jQuery(this).val());
+ });
</ins><span class="cx">
</span><span class="cx"> farbtastic = jQuery.farbtastic('#colorPickerDiv', function(color) {
</span><span class="cx"> pickColor(color);
</span><span class="cx"> });
</span><del>- pickColor(customBackgroundL10n.backgroundcolor);
-});
</del><ins>+ pickColor(jQuery('#background-color').val());
</ins><span class="cx">
</span><del>-jQuery(document).mousedown(function(){
- hide_picker(); // Make the picker disappear if you click outside its div element
-});
-
-function hide_picker(what) {
- var update = false;
- jQuery('#colorPickerDiv').each(function(){
- var id = jQuery(this).attr('id');
- if ( id == what )
- return;
-
- var display = jQuery(this).css('display');
- if ( display == 'block' )
- jQuery(this).fadeOut(2);
</del><ins>+ jQuery(document).mousedown(function(){
+ jQuery('#colorPickerDiv').each(function(){
+ var display = jQuery(this).css('display');
+ if ( display == 'block' )
+ jQuery(this).fadeOut(2);
+ });
</ins><span class="cx"> });
</span><del>-}
</del><span class="cx">\ No newline at end of file
</span><ins>+});
</ins></span></pre></div>
<a id="trunkwpadminjscustombackgroundjs"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/js/custom-background.js (14669 => 14670)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/js/custom-background.js 2010-05-15 19:27:02 UTC (rev 14669)
+++ trunk/wp-admin/js/custom-background.js 2010-05-15 19:47:03 UTC (rev 14670)
</span><span class="lines">@@ -1 +1 @@
</span><del>-var buttons=["#pickcolor"],farbtastic;function pickColor(color){jQuery("#background-color").val(color);farbtastic.setColor(color);jQuery("#custom-background-image").css("background-color",color)}jQuery(document).ready(function(){jQuery("#pickcolor").click(function(){jQuery("#colorPickerDiv").show()});jQuery("#background-color").keyup(function(){var _hex=jQuery("#background-color").val();var hex=_hex;if(hex[0]!="#"){hex="#"+hex}hex=hex.replace(/[^#a-fA-F0-9]+/,"");if(hex!=_hex){jQuery("#background-color").val(hex)}if(hex.length==4||hex.length==7){pickColor(hex)}});jQuery('input[name="background-position"]').change(function(){jQuery("#custom-background-image").css("background-position","top "+jQuery(this).val())});jQuery('select[name="background-repeat"]').change(function(){jQuery("#custom-background-image").css("background-repeat",jQuery(this).val())});farbtastic=jQuery.farbtastic("#colorPickerDiv",function(color){pickColor(color)});pickColor(customBackgroundL10n.backgroundcolor)});jQuery(document).mousedown(function(){hide_picker()});function hide_picker(what){var update=false;jQuery("#colorPickerDiv").each(function(){var id=jQuery(this).attr("id");if(id==what){return}var display=jQuery(this).css("display");if(display=="block"){jQuery(this).fadeOut(2)}})};
</del><span class="cx">\ No newline at end of file
</span><ins>+var farbtastic;function pickColor(a){farbtastic.setColor(a);jQuery("#background-color").val(a);jQuery("#custom-background-image").css("background-color",a)}jQuery(document).ready(function(){jQuery("#pickcolor").click(function(){jQuery("#colorPickerDiv").show()});jQuery("#background-color").keyup(function(){var b=jQuery("#background-color").val();var a=b;if(a[0]!="#"){a="#"+a}a=a.replace(/[^#a-fA-F0-9]+/,"");if(a!=b){jQuery("#background-color").val(a)}if(a.length==4||a.length==7){pickColor(a)}});jQuery('input[name="background-position"]').change(function(){jQuery("#custom-background-image").css("background-position","top "+jQuery(this).val())});jQuery('select[name="background-repeat"]').change(function(){jQuery("#custom-background-image").css("background-repeat",jQuery(this).val())});jQuery('input[name="background-attachment"]').change(function(){jQuery("#custom-background-image").css("background-attachment",jQuery(this).val())});farbtastic=jQuery.farbtastic("#colorPickerDiv",function(a){pickColor(a)});pickColor(jQuery("#background-color").val());jQuery(document).mousedown(function(){jQuery("#colorPickerDiv").each(function(){var a=jQuery(this).css("display");if(a=="block"){jQuery(this).fadeOut(2)}})})});
</ins><span class="cx">\ No newline at end of file
</span></span></pre>
</div>
</div>
</body>
</html>