X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/53f4633144ed68c8b8fb5861f992b5489894a940..refs/tags/wordpress-4.5.3:/wp-admin/nav-menus.php diff --git a/wp-admin/nav-menus.php b/wp-admin/nav-menus.php index ed9d0523..1acfde55 100644 --- a/wp-admin/nav-menus.php +++ b/wp-admin/nav-menus.php @@ -19,8 +19,13 @@ if ( ! current_theme_supports( 'menus' ) && ! current_theme_supports( 'widgets' wp_die( __( 'Your theme does not support navigation menus or widgets.' ) ); // Permissions Check -if ( ! current_user_can('edit_theme_options') ) - wp_die( __( 'Cheatin’ uh?' ), 403 ); +if ( ! current_user_can( 'edit_theme_options' ) ) { + wp_die( + '

' . __( 'Cheatin’ uh?' ) . '

' . + '

' . __( 'You are not allowed to edit theme options on this site.' ) . '

', + 403 + ); +} wp_enqueue_script( 'nav-menu' ); @@ -44,6 +49,108 @@ $num_locations = count( array_keys( $locations ) ); // Allowed actions: add, update, delete $action = isset( $_REQUEST['action'] ) ? $_REQUEST['action'] : 'edit'; +/** + * If a JSON blob of navigation menu data is in POST data, expand it and inject + * it into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134. + * + * @ignore + * @since 4.5.3 + * @access private + */ +function _wp_expand_nav_menu_post_data() { + if ( ! isset( $_POST['nav-menu-data'] ) ) { + return; + } + + $data = json_decode( stripslashes( $_POST['nav-menu-data'] ) ); + + if ( ! is_null( $data ) && $data ) { + foreach ( $data as $post_input_data ) { + // For input names that are arrays (e.g. `menu-item-db-id[3][4][5]`), + // derive the array path keys via regex and set the value in $_POST. + preg_match( '#([^\[]*)(\[(.+)\])?#', $post_input_data->name, $matches ); + + $array_bits = array( $matches[1] ); + + if ( isset( $matches[3] ) ) { + $array_bits = array_merge( $array_bits, explode( '][', $matches[3] ) ); + } + + $new_post_data = array(); + + // Build the new array value from leaf to trunk. + for ( $i = count( $array_bits ) - 1; $i >= 0; $i -- ) { + if ( $i == count( $array_bits ) - 1 ) { + $new_post_data[ $array_bits[ $i ] ] = wp_slash( $post_input_data->value ); + } else { + $new_post_data = array( $array_bits[ $i ] => $new_post_data ); + } + } + + $_POST = array_replace_recursive( $_POST, $new_post_data ); + } + } +} + +if ( ! function_exists( 'array_replace_recursive' ) ) : + /** + * PHP-agnostic version of {@link array_replace_recursive()}. + * + * The array_replace_recursive() function is a PHP 5.3 function. WordPress + * currently supports down to PHP 5.2, so this method is a workaround + * for PHP 5.2. + * + * Note: array_replace_recursive() supports infinite arguments, but for our use- + * case, we only need to support two arguments. + * + * Subject to removal once WordPress makes PHP 5.3.0 the minimum requirement. + * + * @since 4.5.3 + * + * @see http://php.net/manual/en/function.array-replace-recursive.php#109390 + * + * @param array $base Array with keys needing to be replaced. + * @param array $replacements Array with the replaced keys. + * + * @return array + */ + function array_replace_recursive( $base = array(), $replacements = array() ) { + foreach ( array_slice( func_get_args(), 1 ) as $replacements ) { + $bref_stack = array( &$base ); + $head_stack = array( $replacements ); + + do { + end( $bref_stack ); + + $bref = &$bref_stack[ key( $bref_stack ) ]; + $head = array_pop( $head_stack ); + + unset( $bref_stack[ key( $bref_stack ) ] ); + + foreach ( array_keys( $head ) as $key ) { + if ( isset( $key, $bref ) && + isset( $bref[ $key ] ) && is_array( $bref[ $key ] ) && + isset( $head[ $key ] ) && is_array( $head[ $key ] ) + ) { + $bref_stack[] = &$bref[ $key ]; + $head_stack[] = $head[ $key ]; + } else { + $bref[ $key ] = $head[ $key ]; + } + } + } while ( count( $head_stack ) ); + } + + return $base; + } +endif; + +/* + * If a JSON blob of navigation menu data is found, expand it and inject it + * into `$_POST` to avoid PHP `max_input_vars` limitations. See #14134. + */ +_wp_expand_nav_menu_post_data(); + switch ( $action ) { case 'add-menu-item': check_admin_referer( 'add-menu_item', 'menu-settings-column-nonce' ); @@ -67,7 +174,7 @@ switch ( $action ) { // Set up the data we need in one pass through the array of menu items. $dbids_to_orders = array(); $orders_to_dbids = array(); - foreach( (array) $ordered_menu_items as $ordered_menu_item_object ) { + foreach ( (array) $ordered_menu_items as $ordered_menu_item_object ) { if ( isset( $ordered_menu_item_object->ID ) ) { if ( isset( $ordered_menu_item_object->menu_order ) ) { $dbids_to_orders[$ordered_menu_item_object->ID] = $ordered_menu_item_object->menu_order; @@ -140,7 +247,7 @@ switch ( $action ) { // Set up the data we need in one pass through the array of menu items. $dbids_to_orders = array(); $orders_to_dbids = array(); - foreach( (array) $ordered_menu_items as $ordered_menu_item_object ) { + foreach ( (array) $ordered_menu_items as $ordered_menu_item_object ) { if ( isset( $ordered_menu_item_object->ID ) ) { if ( isset( $ordered_menu_item_object->menu_order ) ) { $dbids_to_orders[$ordered_menu_item_object->ID] = $ordered_menu_item_object->menu_order; @@ -460,7 +567,7 @@ if ( ! $nav_menu_selected_title && is_nav_menu( $nav_menu_selected_id ) ) { } // Generate truncated menu names. -foreach( (array) $nav_menus as $key => $_nav_menu ) { +foreach ( (array) $nav_menus as $key => $_nav_menu ) { $nav_menus[$key]->truncated_name = wp_html_excerpt( $_nav_menu->name, 40, '…' ); } @@ -579,7 +686,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' ); endif; ?> -

+

@@ -588,7 +695,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' ); ?>

@@ -642,7 +749,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' ); -

+

@@ -668,7 +775,7 @@ require_once( ABSPATH . 'wp-admin/admin-header.php' ); - +