+function wp_nonce_url($actionurl, $action = -1) {
+ return wp_specialchars(add_query_arg('_wpnonce', wp_create_nonce($action), $actionurl));
+}
+
+function wp_nonce_field($action = -1) {
+ echo '<input type="hidden" name="_wpnonce" value="' . wp_create_nonce($action) . '" />';
+ wp_referer_field();
+}
+
+function wp_referer_field() {
+ $ref = wp_specialchars($_SERVER['REQUEST_URI']);
+ echo '<input type="hidden" name="_wp_http_referer" value="'. $ref . '" />';
+ if ( wp_get_original_referer() ) {
+ $original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
+ echo '<input type="hidden" name="_wp_original_http_referer" value="'. $original_ref . '" />';
+ }
+}
+
+function wp_original_referer_field() {
+ echo '<input type="hidden" name="_wp_original_http_referer" value="' . wp_specialchars(stripslashes($_SERVER['REQUEST_URI'])) . '" />';
+}
+
+function wp_get_referer() {
+ foreach ( array($_REQUEST['_wp_http_referer'], $_SERVER['HTTP_REFERER']) as $ref )
+ if ( !empty($ref) )
+ return $ref;
+ return false;
+}
+
+function wp_get_original_referer() {
+ if ( !empty($_REQUEST['_wp_original_http_referer']) )
+ return $_REQUEST['_wp_original_http_referer'];
+ return false;
+}
+
+function wp_explain_nonce($action) {
+ if ( $action !== -1 && preg_match('/([a-z]+)-([a-z]+)(_(.+))?/', $action, $matches) ) {
+ $verb = $matches[1];
+ $noun = $matches[2];
+
+ $trans = array();
+ $trans['update']['attachment'] = array(__('Are you sure you want to edit this attachment: "%s"?'), 'get_the_title');
+
+ $trans['add']['category'] = array(__('Are you sure you want to add this category?'), false);
+ $trans['delete']['category'] = array(__('Are you sure you want to delete this category: "%s"?'), 'get_catname');
+ $trans['update']['category'] = array(__('Are you sure you want to edit this category: "%s"?'), 'get_catname');
+
+ $trans['delete']['comment'] = array(__('Are you sure you want to delete this comment: "%s"?'), 'use_id');
+ $trans['unapprove']['comment'] = array(__('Are you sure you want to unapprove this comment: "%s"?'), 'use_id');
+ $trans['approve']['comment'] = array(__('Are you sure you want to approve this comment: "%s"?'), 'use_id');
+ $trans['update']['comment'] = array(__('Are you sure you want to edit this comment: "%s"?'), 'use_id');
+ $trans['bulk']['comments'] = array(__('Are you sure you want to bulk modify comments?'), false);
+ $trans['moderate']['comments'] = array(__('Are you sure you want to moderate comments?'), false);
+
+ $trans['add']['bookmark'] = array(__('Are you sure you want to add this bookmark?'), false);
+ $trans['delete']['bookmark'] = array(__('Are you sure you want to delete this bookmark: "%s"?'), 'use_id');
+ $trans['update']['bookmark'] = array(__('Are you sure you want to edit this bookmark: "%s"?'), 'use_id');
+ $trans['bulk']['bookmarks'] = array(__('Are you sure you want to bulk modify bookmarks?'), false);
+
+ $trans['add']['page'] = array(__('Are you sure you want to add this page?'), false);
+ $trans['delete']['page'] = array(__('Are you sure you want to delete this page: "%s"?'), 'get_the_title');
+ $trans['update']['page'] = array(__('Are you sure you want to edit this page: "%s"?'), 'get_the_title');
+
+ $trans['edit']['plugin'] = array(__('Are you sure you want to edit this plugin file: "%s"?'), 'use_id');
+ $trans['activate']['plugin'] = array(__('Are you sure you want to activate this plugin: "%s"?'), 'use_id');
+ $trans['deactivate']['plugin'] = array(__('Are you sure you want to deactivate this plugin: "%s"?'), 'use_id');
+
+ $trans['add']['post'] = array(__('Are you sure you want to add this post?'), false);
+ $trans['delete']['post'] = array(__('Are you sure you want to delete this post: "%s"?'), 'get_the_title');
+ $trans['update']['post'] = array(__('Are you sure you want to edit this post: "%s"?'), 'get_the_title');
+
+ $trans['add']['user'] = array(__('Are you sure you want to add this user?'), false);
+ $trans['delete']['users'] = array(__('Are you sure you want to delete users?'), false);
+ $trans['bulk']['users'] = array(__('Are you sure you want to bulk modify users?'), false);
+ $trans['update']['user'] = array(__('Are you sure you want to edit this user: "%s"?'), 'get_author_name');
+ $trans['update']['profile'] = array(__('Are you sure you want to modify the profile for: "%s"?'), 'get_author_name');
+
+ $trans['update']['options'] = array(__('Are you sure you want to edit your settings?'), false);
+ $trans['update']['permalink'] = array(__('Are you sure you want to change your permalink structure to: %s?'), 'use_id');
+ $trans['edit']['file'] = array(__('Are you sure you want to edit this file: "%s"?'), 'use_id');
+ $trans['edit']['theme'] = array(__('Are you sure you want to edit this theme file: "%s"?'), 'use_id');
+ $trans['switch']['theme'] = array(__('Are you sure you want to switch to this theme: "%s"?'), 'use_id');
+
+ if ( isset($trans[$verb][$noun]) ) {
+ if ( !empty($trans[$verb][$noun][1]) ) {
+ $lookup = $trans[$verb][$noun][1];
+ $object = $matches[4];
+ if ( 'use_id' != $lookup )
+ $object = call_user_func($lookup, $object);
+ return sprintf($trans[$verb][$noun][0], $object);
+ } else {
+ return $trans[$verb][$noun][0];
+ }
+ }
+ }
+
+ return __('Are you sure you want to do this');
+}
+
+function wp_nonce_ays($action) {
+ global $pagenow, $menu, $submenu, $parent_file, $submenu_file;
+
+ $adminurl = get_settings('siteurl') . '/wp-admin';
+ if ( wp_get_referer() )
+ $adminurl = wp_get_referer();
+
+ $title = __('WordPress Confirmation');
+ // Remove extra layer of slashes.
+ $_POST = stripslashes_deep($_POST );
+ if ( $_POST ) {
+ $q = http_build_query($_POST);
+ $q = explode( ini_get('arg_separator.output'), $q);
+ $html .= "\t<form method='post' action='$pagenow'>\n";
+ foreach ( (array) $q as $a ) {
+ $v = substr(strstr($a, '='), 1);
+ $k = substr($a, 0, -(strlen($v)+1));
+ $html .= "\t\t<input type='hidden' name='" . wp_specialchars( urldecode($k), 1 ) . "' value='" . wp_specialchars( urldecode($v), 1 ) . "' />\n";
+ }
+ $html .= "\t\t<input type='hidden' name='_wpnonce' value='" . wp_create_nonce($action) . "' />\n";
+ $html .= "\t\t<div id='message' class='confirm fade'>\n\t\t<p>" . wp_explain_nonce($action) . "</p>\n\t\t<p><a href='$adminurl'>" . __('No') . "</a> <input type='submit' value='" . __('Yes') . "' /></p>\n\t\t</div>\n\t</form>\n";
+ } else {
+ $html .= "\t<div id='message' class='confirm fade'>\n\t<p>" . wp_explain_nonce($action) . "</p>\n\t<p><a href='$adminurl'>" . __('No') . "</a> <a href='" . add_query_arg( '_wpnonce', wp_create_nonce($action), $_SERVER['REQUEST_URI'] ) . "'>" . __('Yes') . "</a></p>\n\t</div>\n";
+ }
+ $html .= "</body>\n</html>";
+ wp_die($html, $title);
+}
+
+function wp_die($message, $title = '') {
+ header('Content-Type: text/html; charset=utf-8');
+
+ if ( empty($title) )
+ $title = __('WordPress › Error');