From 579547fbde22e785de1e30a1a9a0c7db0f5c1f06 Mon Sep 17 00:00:00 2001 From: ozhozh Date: Thu, 26 Aug 2010 16:38:02 +0000 Subject: [PATCH] - New functions: yourls_nonce_url, yourls_nonce_field, yourls_add_query_arg - action argument to all nonce functions is now mandatory git-svn-id: http://yourls.googlecode.com/svn/trunk@500 12232710-3e20-11de-b438-597f59cd7555 --- admin/plugins.php | 21 ++++---- includes/functions.php | 107 ++++++++++++++++++++++++++++++++++++++++- 2 files changed, 118 insertions(+), 10 deletions(-) diff --git a/admin/plugins.php b/admin/plugins.php index 4509d2f..f75793a 100644 --- a/admin/plugins.php +++ b/admin/plugins.php @@ -105,13 +105,16 @@ } $plugindir = trim( dirname( $file ), '/' ); - $action = yourls_is_active_plugin( $file ) ? - "Deactivate" : - "Activate" ; - - $class = yourls_is_active_plugin( $file ) ? - 'active' : - 'inactive' ; + + if( yourls_is_active_plugin( $file ) ) { + $class = 'active'; + $action_url = yourls_nonce_url( 'manage_plugins', yourls_add_query_arg( array('action' => 'deactivate', 'plugin' => $plugindir ) ) ); + $action_anchor = 'Deactivate'; + } else { + $class = 'inactive'; + $action_url = yourls_nonce_url( 'manage_plugins', yourls_add_query_arg( array('action' => 'activate', 'plugin' => $plugindir ) ) ); + $action_anchor = 'Activate'; + } // Other "Fields: Value" in the header? Get them too if( $plugin ) { @@ -123,8 +126,8 @@ $data['desc'] .= "
plugin file location: $file"; - printf( "%s%s%s%s%s", - $class, $data['uri'], $data['name'], $data['version'], $data['desc'], $data['author_uri'], $data['author'], $action + printf( "%s%s%s%s%s", + $class, $data['uri'], $data['name'], $data['version'], $data['desc'], $data['author_uri'], $data['author'], $action_url, $action_anchor ); } diff --git a/includes/functions.php b/includes/functions.php index 0aa13a7..58901a1 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -1400,19 +1400,124 @@ function yourls_salt( $string ) { return yourls_apply_filter( 'yourls_salt', md5 ($string . $salt), $string ); } +// Add a query var to a URL and return URL. Completely stolen from WP. +// Works with one of these parameter patterns: +// array( 'var' => 'value' ) +// array( 'var' => 'value' ), $url +// 'var', 'value' +// 'var', 'value', $url +// If $url ommited, uses $_SERVER['REQUEST_URI'] +function yourls_add_query_arg() { + $ret = ''; + if ( is_array( func_get_arg(0) ) ) { + if ( @func_num_args() < 2 || false === @func_get_arg( 1 ) ) + $uri = $_SERVER['REQUEST_URI']; + else + $uri = @func_get_arg( 1 ); + } else { + if ( @func_num_args() < 3 || false === @func_get_arg( 2 ) ) + $uri = $_SERVER['REQUEST_URI']; + else + $uri = @func_get_arg( 2 ); + } + + $uri = str_replace( '&', '&', $uri ); + + + if ( $frag = strstr( $uri, '#' ) ) + $uri = substr( $uri, 0, -strlen( $frag ) ); + else + $frag = ''; + + if ( preg_match( '|^https?://|i', $uri, $matches ) ) { + $protocol = $matches[0]; + $uri = substr( $uri, strlen( $protocol ) ); + } else { + $protocol = ''; + } + + if ( strpos( $uri, '?' ) !== false ) { + $parts = explode( '?', $uri, 2 ); + if ( 1 == count( $parts ) ) { + $base = '?'; + $query = $parts[0]; + } else { + $base = $parts[0] . '?'; + $query = $parts[1]; + } + } elseif ( !empty( $protocol ) || strpos( $uri, '=' ) === false ) { + $base = $uri . '?'; + $query = ''; + } else { + $base = ''; + $query = $uri; + } + + parse_str( $query, $qs ); + $qs = yourls_urlencode_deep( $qs ); // this re-URL-encodes things that were already in the query string + if ( is_array( func_get_arg( 0 ) ) ) { + $kayvees = func_get_arg( 0 ); + $qs = array_merge( $qs, $kayvees ); + } else { + $qs[func_get_arg( 0 )] = func_get_arg( 1 ); + } + + foreach ( (array) $qs as $k => $v ) { + if ( $v === false ) + unset( $qs[$k] ); + } + + $ret = http_build_query( $qs ); + $ret = trim( $ret, '?' ); + $ret = preg_replace( '#=(&|$)#', '$1', $ret ); + $ret = $protocol . $base . $ret . $frag; + $ret = rtrim( $ret, '?' ); + return $ret; +} + +// Navigates through an array and encodes the values to be used in a URL. Stolen from WP, used in yourls_add_query_arg() +function yourls_urlencode_deep($value) { + $value = is_array($value) ? array_map('yourls_urlencode_deep', $value) : urlencode($value); + return $value; +} + +// Remove arg from query. Opposite of yourls_add_query_arg. Stolen from WP. +function yourls_remove_query_arg( $key, $query = false ) { + if ( is_array( $key ) ) { // removing multiple keys + foreach ( $key as $k ) + $query = add_query_arg( $k, false, $query ); + return $query; + } + return add_query_arg( $key, false, $query ); +} + // Return a time-dependent string for nonce creation function yourls_tick() { return ceil( time() / YOURLS_NONCE_LIFE ); } // Create a time limited, action limited and user limited token -function yourls_create_nonce( $action = '-1', $user = false ) { +function yourls_create_nonce( $action, $user = false ) { if( false == $user ) $user = defined('YOURLS_USER') ? YOURLS_USER : '-1'; $tick = yourls_tick(); return substr( yourls_salt($tick . $action . $user), 0, 10 ); } +// Create a nonce field for inclusion into a form +function yourls_nonce_field( $action, $name = 'nonce', $user = false, $echo = true ) { + $field = ''; + if( $echo ) + echo $field."\n"; + return $field; +} + +// Add a nonce to a URL. If URL omitted, adds nonce to current URL +function yourls_nonce_url( $action, $url = false, $name = 'nonce', $user = false ) { + $nonce = yourls_create_nonce( $action, $user ); + return yourls_add_query_arg( $name, $nonce, $url ); +} + // Check validity of a nonce (ie time span, user and action match). Returns true or dies. // $nonce is the name of the GET or POST parameter function yourls_verify_nonce( $action, $nonce = 'nonce', $user = false ) { -- 2.45.0