X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/53f4633144ed68c8b8fb5861f992b5489894a940..784f914b1e4b1c62d6657e86397c2e83bcee4295:/wp-admin/nav-menus.php

diff --git a/wp-admin/nav-menus.php b/wp-admin/nav-menus.php
index ed9d0523..ab15bede 100644
--- a/wp-admin/nav-menus.php
+++ b/wp-admin/nav-menus.php
@@ -19,8 +19,13 @@ if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets'
 	wp_die( __( 'Your theme does not support navigation menus or widgets.' ) );
 
 // Permissions Check
-if ( ! current_user_can('edit_theme_options') )
-	wp_die( __( 'Cheatin&#8217; uh?' ), 403 );
+if ( ! current_user_can( 'edit_theme_options' ) ) {
+	wp_die(
+		'<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
+		'<p>' . __( 'You are not allowed to edit theme options on this site.' ) . '</p>',
+		403
+	);
+}
 
 wp_enqueue_script( 'nav-menu' );
 
@@ -44,6 +49,30 @@ $num_locations = count( array_keys( $locations ) );
 // Allowed actions: add, update, delete
 $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'edit';
 
+/*
+ * If a JSON blob of navigation menu data is found, expand it and inject it
+ * into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134.
+ */
+if ( isset( $_POST['nav-menu-data'] ) ) {
+	$data = json_decode( stripslashes( $_POST['nav-menu-data'] ) );
+	if ( ! is_null( $data ) && $data ) {
+		foreach ( $data as $post_input_data ) {
+			// For input names that are arrays (e.g. `menu-item-db-id[3]`), derive the array pathÂ keys via regex.
+			if ( preg_match( '#(.*)\[(\w+)\]#', $post_input_data->name, $matches ) ) {
+				if ( empty( $_POST[ $matches[1] ] ) ) {
+					$_POST[ $matches[1] ] = array();
+				}
+				// Cast input elements with a numeric array index to integers.
+				if ( is_numeric( $matches[2] ) ) {
+					$matches[2] = (int) $matches[2];
+				}
+				$_POST[ $matches[1] ][ $matches[2] ] = wp_slash( $post_input_data->value );
+			} else {
+				$_POST[ $post_input_data->name ] = wp_slash( $post_input_data->value );
+			}
+		}
+	}
+}
 switch ( $action ) {
 	case 'add-menu-item':
 		check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' );
@@ -67,7 +96,7 @@ switch ( $action ) {
 				// Set up the data we need in one pass through the array of menu items.
 				$dbids_to_orders = array();
 				$orders_to_dbids = array();
-				foreach( (array) $ordered_menu_items as $ordered_menu_item_object ) {
+				foreach ( (array) $ordered_menu_items as $ordered_menu_item_object ) {
 					if ( isset( $ordered_menu_item_object->ID ) ) {
 						if ( isset( $ordered_menu_item_object->menu_order ) ) {
 							$dbids_to_orders[$ordered_menu_item_object->ID] = $ordered_menu_item_object->menu_order;
@@ -140,7 +169,7 @@ switch ( $action ) {
 				// Set up the data we need in one pass through the array of menu items.
 				$dbids_to_orders = array();
 				$orders_to_dbids = array();
-				foreach( (array) $ordered_menu_items as $ordered_menu_item_object ) {
+				foreach ( (array) $ordered_menu_items as $ordered_menu_item_object ) {
 					if ( isset( $ordered_menu_item_object->ID ) ) {
 						if ( isset( $ordered_menu_item_object->menu_order ) ) {
 							$dbids_to_orders[$ordered_menu_item_object->ID] = $ordered_menu_item_object->menu_order;
@@ -460,7 +489,7 @@ if ( ! $nav_menu_selected_title && is_nav_menu( $nav_menu_selected_id ) ) {
 }
 
 // Generate truncated menu names.
-foreach( (array) $nav_menus as $key => $_nav_menu ) {
+foreach ( (array) $nav_menus as $key => $_nav_menu ) {
 	$nav_menus[$key]->truncated_name = wp_html_excerpt( $_nav_menu->name, 40, '&hellip;' );
 }
 
@@ -579,7 +608,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 		endif;
 		?>
 	</h1>
-	<h2 class="nav-tab-wrapper">
+	<h2 class="nav-tab-wrapper wp-clearfix">
 		<a href="<?php echo admin_url( 'nav-menus.php' ); ?>" class="nav-tab<?php if ( ! isset( $_GET['action'] ) || isset( $_GET['action'] ) && 'locations' != $_GET['action'] ) echo ' nav-tab-active'; ?>"><?php esc_html_e( 'Edit Menus' ); ?></a>
 		<?php if ( $num_locations && $menu_count ) : ?>
 			<a href="<?php echo esc_url( add_query_arg( array( 'action' => 'locations' ), admin_url( 'nav-menus.php' ) ) ); ?>" class="nav-tab<?php if ( $locations_screen ) echo ' nav-tab-active'; ?>"><?php esc_html_e( 'Manage Locations' ); ?></a>
@@ -588,7 +617,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 		?>
 	</h2>
 	<?php
-	foreach( $messages as $message ) :
+	foreach ( $messages as $message ) :
 		echo $message . "\n";
 	endforeach;
 	?>
@@ -642,7 +671,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 				<?php } // foreach ?>
 				</tbody>
 			</table>
-			<p class="button-controls"><?php submit_button( __( 'Save Changes' ), 'primary left', 'nav-menu-locations', false ); ?></p>
+			<p class="button-controls wp-clearfix"><?php submit_button( __( 'Save Changes' ), 'primary left', 'nav-menu-locations', false ); ?></p>
 			<?php wp_nonce_field( 'save-menu-locations' ); ?>
 			<input type="hidden" name="menu" id="nav-menu-meta-object-id" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" />
 		</form>
@@ -668,7 +697,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 				<?php if ( $add_new_screen ) : ?>
 					<option value="0" selected="selected"><?php _e( '&mdash; Select &mdash;' ); ?></option>
 				<?php endif; ?>
-				<?php foreach( (array) $nav_menus as $_nav_menu ) : ?>
+				<?php foreach ( (array) $nav_menus as $_nav_menu ) : ?>
 					<option value="<?php echo esc_attr( $_nav_menu->term_id ); ?>" <?php selected( $_nav_menu->term_id, $nav_menu_selected_id ); ?>>
 						<?php
 						echo esc_html( $_nav_menu->truncated_name ) ;
@@ -709,7 +738,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 		</form>
 	<?php endif; ?>
 	</div><!-- /manage-menus -->
-	<div id="nav-menus-frame">
+	<div id="nav-menus-frame" class="wp-clearfix">
 	<div id="menu-settings-column" class="metabox-holder<?php if ( isset( $_GET['menu'] ) && '0' == $_GET['menu'] ) { echo ' metabox-holder-disabled'; } ?>">
 
 		<div class="clear"></div>
@@ -726,29 +755,34 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 		<div id="menu-management">
 			<form id="update-nav-menu" method="post" enctype="multipart/form-data">
 				<div class="menu-edit <?php if ( $add_new_screen ) echo 'blank-slate'; ?>">
+					<input type="hidden" name="nav-menu-data">
 					<?php
 					wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false );
 					wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false );
 					wp_nonce_field( 'update-nav_menu', 'update-nav-menu-nonce' );
 
-					if ( $one_theme_location_no_menus ) { ?>
+					$menu_name_aria_desc = $add_new_screen ? ' aria-describedby="menu-name-desc"' : '';
+
+					if ( $one_theme_location_no_menus ) {
+						$menu_name_val = 'value="' . esc_attr( 'Menu 1' ) . '"';
+					?>
 						<input type="hidden" name="zero-menu-state" value="true" />
-					<?php } ?>
+					<?php } else {
+						$menu_name_val = 'value="' . esc_attr( $nav_menu_selected_title ) . '"';
+					} ?>
  					<input type="hidden" name="action" value="update" />
 					<input type="hidden" name="menu" id="menu" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" />
 					<div id="nav-menu-header">
-						<div class="major-publishing-actions">
-							<label class="menu-name-label howto open-label" for="menu-name">
-								<span><?php _e( 'Menu Name' ); ?></span>
-								<input name="menu-name" id="menu-name" type="text" class="menu-name regular-text menu-item-textbox input-with-default-title" title="<?php esc_attr_e( 'Enter menu name here' ); ?>" value="<?php if ( $one_theme_location_no_menus ) _e( 'Menu 1' ); else echo esc_attr( $nav_menu_selected_title ); ?>" />
-							</label>
+						<div class="major-publishing-actions wp-clearfix">
+							<label class="menu-name-label" for="menu-name"><?php _e( 'Menu Name' ); ?></label>
+							<input name="menu-name" id="menu-name" type="text" class="menu-name regular-text menu-item-textbox" <?php echo $menu_name_val . $menu_name_aria_desc; ?> />
 							<div class="publishing-action">
 								<?php submit_button( empty( $nav_menu_selected_id ) ? __( 'Create Menu' ) : __( 'Save Menu' ), 'button-primary menu-save', 'save_menu', false, array( 'id' => 'save_menu_header' ) ); ?>
 							</div><!-- END .publishing-action -->
 						</div><!-- END .major-publishing-actions -->
 					</div><!-- END .nav-menu-header -->
 					<div id="post-body">
-						<div id="post-body-content">
+						<div id="post-body-content" class="wp-clearfix">
 							<?php if ( ! $add_new_screen ) : ?>
 							<h3><?php _e( 'Menu Structure' ); ?></h3>
 							<?php $starter_copy = ( $one_theme_location_no_menus ) ? __( 'Edit your default menu by adding or removing items. Drag each item into the order you prefer. Click Create Menu to save your changes.' ) : __( 'Drag each item into the order you prefer. Click the arrow on the right of the item to reveal additional configuration options.' ); ?>
@@ -764,7 +798,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 							<?php } ?>
 							<?php endif; ?>
 							<?php if ( $add_new_screen ) : ?>
-								<p class="post-body-plain"><?php _e( 'Give your menu a name above, then click Create Menu.' ); ?></p>
+								<p class="post-body-plain" id="menu-name-desc"><?php _e( 'Give your menu a name, then click Create Menu.' ); ?></p>
 								<?php if ( isset( $_GET['use-location'] ) ) : ?>
 									<input type="hidden" name="use-location" value="<?php echo esc_attr( $_GET['use-location'] ); ?>" />
 								<?php endif; ?>
@@ -793,9 +827,15 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 										<dt class="howto"><?php _e( 'Theme locations' ); ?></dt>
 										<?php foreach ( $locations as $location => $description ) : ?>
 										<dd class="checkbox-input">
-											<input type="checkbox"<?php checked( isset( $menu_locations[ $location ] ) && $menu_locations[ $location ] == $nav_menu_selected_id ); ?> name="menu-locations[<?php echo esc_attr( $location ); ?>]" id="locations-<?php echo esc_attr( $location ); ?>" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" /> <label for="locations-<?php echo esc_attr( $location ); ?>"><?php echo $description; ?></label>
+											<input type="checkbox"<?php checked( isset( $menu_locations[ $location ] ) && $menu_locations[ $location ] == $nav_menu_selected_id ); ?> name="menu-locations[<?php echo esc_attr( $location ); ?>]" id="locations-<?php echo esc_attr( $location ); ?>" value="<?php echo esc_attr( $nav_menu_selected_id ); ?>" />
+											<label for="locations-<?php echo esc_attr( $location ); ?>"><?php echo $description; ?></label>
 											<?php if ( ! empty( $menu_locations[ $location ] ) && $menu_locations[ $location ] != $nav_menu_selected_id ) : ?>
-											<span class="theme-location-set"> <?php printf( __( "(Currently set to: %s)" ), wp_get_nav_menu_object( $menu_locations[ $location ] )->name ); ?> </span>
+												<span class="theme-location-set"><?php
+													/* translators: %s: menu name */
+													printf( _x( '(Currently set to: %s)', 'menu location' ),
+														wp_get_nav_menu_object( $menu_locations[ $location ] )->name
+													);
+												?></span>
 											<?php endif; ?>
 										</dd>
 										<?php endforeach; ?>
@@ -807,10 +847,10 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' );
 						</div><!-- /#post-body-content -->
 					</div><!-- /#post-body -->
 					<div id="nav-menu-footer">
-						<div class="major-publishing-actions">
+						<div class="major-publishing-actions wp-clearfix">
 							<?php if ( 0 != $menu_count && ! $add_new_screen ) : ?>
 							<span class="delete-action">
-								<a class="submitdelete deletion menu-delete" href="<?php echo esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'delete', 'menu' => $nav_menu_selected_id, admin_url() ) ), 'delete-nav_menu-' . $nav_menu_selected_id) ); ?>"><?php _e('Delete Menu'); ?></a>
+								<a class="submitdelete deletion menu-delete" href="<?php echo esc_url( wp_nonce_url( add_query_arg( array( 'action' => 'delete', 'menu' => $nav_menu_selected_id ), admin_url( 'nav-menus.php' ) ), 'delete-nav_menu-' . $nav_menu_selected_id) ); ?>"><?php _e('Delete Menu'); ?></a>
 							</span><!-- END .delete-action -->
 							<?php endif; ?>
 							<div class="publishing-action">
