change if ( !wp_verify_nonce(..... for check_admin_referer

hunk · Aug 3, 2016 · 27fe708 · 27fe708
1 parent b26965a
commit 27fe708
Show file tree

Hide file tree

Showing 9 changed files with 366 additions and 435 deletions.
diff --git a/RCCWP_CreateCustomFieldPage.php b/RCCWP_CreateCustomFieldPage.php
@@ -11,29 +11,29 @@ public static function Main()
 
     if (isset($customGroupID)) {
       $group = RCCWP_CustomGroup::Get($customGroupID);
-      
+
       ?>
-      
+
       <script type="text/javascript">
-        
+
       var mf_create_field = true;
 
       var mf_group_info = {
         'name' : '<?php echo stripslashes($group->name) ?>',
         'safe_name' : '<?php echo sanitize_title_with_dashes($group->name) ?>',
         'singular_safe_name' : '<?php echo sanitize_title_with_dashes(Inflect::singularize($group->name)) ?>'
       };
-      
+
       </script>
-      
+
       <?php
     }
-    
+
 		?>
-  	
-  	  
+
+
   		<div class="wrap">
-	  	
+
   		<h2><?php _e("Create Custom Field", $mf_domain); ?> <?php if ($group && $group->name != "__default") { _e("In Group", $mf_domain); echo " <em>".$group->name."</em>"; } ?></h2>
   		<br class="clear" />
   		<?php
@@ -46,19 +46,19 @@ public static function Main()
 				}
 		endif;
 		?>
-  			
+
   	<form action="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('continue-create-custom-field')?>" method="post" name="create_custom_field_form" id="create-custom-field-form" onsubmit="return checkEmpty();" autocomplete="off">
 
-  		<?php wp_nonce_field('continue-create-custom-field','checking'); ?>
-  		
+  		<?php wp_nonce_field('continue-create-custom-field'); ?>
+
 		<?php if(isset($_GET['custom-group-id']) && !empty($_GET['custom-group-id'])) { ?>
   			<input type="hidden" name="custom-group-id" value="<?php echo $_GET['custom-group-id']?>">
 		<?php } ?>
 		<?php if(isset($_POST['custom-group-id']) && !empty($_POST['custom-group-id'])) { ?>
   			<input type="hidden" name="custom-group-id" value="<?php echo $_POST['custom-group-id']?>">
 		<?php } ?>
-		
-		
+
+
 		<table class="form-table" width="100%" border="0" cellspacing="0" cellpadding="6">
 		<tbody>
 
@@ -74,26 +74,26 @@ public static function Main()
 		</tr>
 
 		<tr valign="top">
-			<th scope="row"><?php _e("Name", $mf_domain); ?>:</th> 
-			<td>  
+			<th scope="row"><?php _e("Name", $mf_domain); ?>:</th>
+			<td>
 				<input name="custom-field-name" id="custom-field-name" size="40" type="text" />
 				<input type="hidden" id="custom-field-name_hidden" name="custom-field-name_hidden" onchange="copyField();" />
 
 				<p>
-					<?php _e('Type a unique name for the field, the name must be unique among all fields 
-					in this panel. The name of the field is the key by which you can retrieve 
+					<?php _e('Type a unique name for the field, the name must be unique among all fields
+					in this panel. The name of the field is the key by which you can retrieve
 					the field value later.',$mf_domain);?>
-					
+
 				</p>
 			</td>
 		</tr>
-		
+
 		<tr valign="top">
 			<th scope="row"><?php _e('Help text',$mf_domain); ?>:</th>
 			<td>
 				<input name="custom-field-helptext" id="custom-field-helptext" size="40" type="text" /><br/><small><?php _e('If set, this will be displayed in a tooltip next to the field label', $mf_domain); ?></small></td>
 		</tr>
-		
+
 		<tr valign="top">
 			<th scope="row"><?php _e("Can be duplicated", $mf_domain); ?>:</th>
 			<td><input name="custom-field-duplicate" id="custom-field-duplicate" type="checkbox" value="1" /></td>
@@ -103,7 +103,7 @@ public static function Main()
 			<th scope="row"><?php _e("Order", $mf_domain); ?>:</th>
 			<td><input type="text" name="custom-field-order" id="custom-field-order" size="2" value="0" /></td>
 		</tr>
-		
+
 
 		<tr valign="top">
 			<th scope="row"><?php _e("Required", $mf_domain); ?>:</th>
@@ -114,7 +114,7 @@ public static function Main()
 				</select>
 			</td>
 		</tr>
-				
+
 		<tr valign="top">
 			<th scope="row"><?php _e("Type", $mf_domain); ?>:</th>
 			<td>
@@ -139,11 +139,11 @@ function fun(name)
 					function checkEmpty()
 					{
 						if (submitForm && (document.getElementById('custom-field-name').value == "" || document.getElementById('custom-field-description').value == "")){
-							alert("<?php _e('Please fill in the name and the label of the field',$mf_domain); ?>");	
+							alert("<?php _e('Please fill in the name and the label of the field',$mf_domain); ?>");
 							return false;
 						}
 						return true;
-						
+
 					}
 				</script>
 				<!-- END :: Javascript for Image/Photo' Css Class -->
@@ -172,20 +172,20 @@ function checkEmpty()
 		<!-- END :: For Image/Photo' Css -->
 		</tbody>
 		</table>
-		
-		
+
+
 	  	<p class="submit" >
   			<a style="color:black" href="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('cancel-create-custom-field')."&custom-group-id=$customGroupID"?>" class="button"><?php _e('Cancel',$mf_domain); ?></a>
   			<input type="submit" id="continue-create-custom-field" value='<?php _e("Continue",$mf_domain); ?>'  onclick="submitForm=true;"/>
   		</p>
-	  	
+
   		</form>
-	  	
+
   		</div>
-	  	
-  		<?php	
+
+  		<?php
 	}
-	
+
 	public static function SetOptions()
 	{
 		global $mf_domain;
@@ -202,16 +202,16 @@ public static function SetOptions()
 		  'custom-field-helptext' => '',
 		);
 		$values = array_merge($default,$_POST);
-		
+
 		?>
-		
+
 		<div class="wrap">
-		
+
 		<h2><?php _e("Create Custom Field", $mf_domain);?></h2>
-		
+
 		<form action="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('finish-create-custom-field')?>" method="post" id="continue-create-new-field-form">
-		
-		<?php wp_nonce_field('finish-create-custom-field','checking'); ?> 
+
+		<?php wp_nonce_field('finish-create-custom-field'); ?>
 
 		<input type="hidden" name="custom-group-id" 	value="<?php echo $values['custom-group-id']?>" />
 		<input type="hidden" name="custom-field-name" 		value="<?php echo htmlspecialchars($values['custom-field-name'])?>" />
@@ -224,20 +224,20 @@ public static function SetOptions()
 
 		<!-- Hidden value for Image/Photo' Css Class-->
 		<input type="hidden" name="custom-field-css" value="<?php echo $_POST['custom-field-css']?>" />
-    
-    
-    
+
+
+
 		<h3><?php echo $current_field->name?></h3>
-		
+
 		<table class="form-table" width="100%" border="0" cellspacing="0" cellpadding="6">
 		<tbody>
-		
+
 		<?php
 		if ($current_field->has_properties == "true") :
 		?>
-		
-		<?php 
-		if (in_array($current_field->name, array('Textbox', 'Listbox'))) : 
+
+		<?php
+		if (in_array($current_field->name, array('Textbox', 'Listbox'))) :
 			if ($current_field->name == 'Textbox')
 				$size = 25;
 			else if ($current_field->name == 'Listbox')
@@ -254,16 +254,16 @@ public static function SetOptions()
 		</tr>
 		<?php } ?>
 		<?php endif; ?>
-		
-		<?php 
-		if (in_array($current_field->name, array('Multiline Textbox'))) : 
+
+		<?php
+		if (in_array($current_field->name, array('Multiline Textbox'))) :
 			$height = 3;
 			$width = 23;
 		?>
 		<tr valign="top">
 			<th scope="row"><?php _e('Height', $mf_domain); ?>:</th>
 			<td><input type="text" name="custom-field-height" id="custom-field-height" size="2" value="<?php echo $height?>" /></td>
-		</tr>	
+		</tr>
 		<tr valign="top">
 			<th scope="row"><?php _e('Width', $mf_domain); ?>:</th>
 			<td><input type="text" name="custom-field-width" id="custom-field-width" size="2" value="<?php echo $width?>" /></td>
@@ -277,9 +277,9 @@ public static function SetOptions()
 			<td><input name="strict-max-length" id="strict-max-length" value="1" type="checkbox" ><br/><small><?php _e('If set, Hide Visual Editor for this field',$mf_domain); ?></small></td>
 		</tr>
 		<?php endif; ?>
-		
-		<?php 
-		if (in_array($current_field->name, array('Slider'))) : 
+
+		<?php
+		if (in_array($current_field->name, array('Slider'))) :
 			$min_val = 0;
 			$max_val = 10;
 			$step = 1;
@@ -291,13 +291,13 @@ public static function SetOptions()
 		<tr valign="top">
 			<th scope="row"><?php _e('Value max', $mf_domain);?>:</th>
 			<td><input type="text" name="custom-field-slider-max" id="custom-field-slider-max" size="2" value="<?php echo $max_val?>" /></td>
-		</tr>		
+		</tr>
 		<tr valign="top">
 			<th scope="row"><?php _e('Stepping', $mf_domain);?>:</th>
 			<td><input type="text" name="custom-field-slider-step" id="custom-field-slider-step" size="2" value="<?php echo $step?>" /></td>
 		</tr>
 		<?php endif; ?>
-		
+
 		<?php
 		//eeble
 		if (in_array($current_field->name, array('Related Type'))) :
@@ -320,21 +320,21 @@ public static function SetOptions()
 		</tr>
 		<?php endif; ?>
 
-				
+
 		<?php
 		endif; // has_properties
 		?>
-		
+
 		<?php
 		if ($current_field->has_options == "true") :
-		?>		
+		?>
 		<tr valign="top">
 			<th scope="row"><?php _e('Options', $mf_domain);?>:</th>
 			<td>
 				<textarea name="custom-field-options" id="custom-field-options" rows="2" cols="38"></textarea><br />
 				<em><?php _e('Separate each option with a newline.', $mf_domain);?></em>
 			</td>
-		</tr>	
+		</tr>
 		<tr valign="top">
 			<th scope="row"><?php _e('Default Value', $mf_domain);?>:</th>
 			<td>
@@ -345,7 +345,7 @@ public static function SetOptions()
 				<em><?php _e('Separate each value with a newline.', $mf_domain);?></em>
 				<?php
 				else :
-				?>				
+				?>
 				<input type="text" name="custom-field-default-value" id="custom-field-default-value" size="25" />
 				<?php
 				endif;
@@ -387,14 +387,14 @@ public static function SetOptions()
 		<!-- Date Custom Field -->
 		</tbody>
 		</table>
-		
+
 		<p class="submit" >
-			<a style="color:black" href="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('cancel-create-custom-field')."&custom-group-id=$customGroupID"?>" class="button"><?php _e('Cancel', $mf_domain); ?></a> 
+			<a style="color:black" href="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('cancel-create-custom-field')."&custom-group-id=$customGroupID"?>" class="button"><?php _e('Cancel', $mf_domain); ?></a>
 			<input type="submit" id="finish-create-custom-field" value="<?php _e('Finish', $mf_domain); ?>" />
 		</p>
 		</form>
 		</div>
-		
+
 		<?php
 	}
 } //end class
diff --git a/RCCWP_CreateCustomGroupPage.php b/RCCWP_CreateCustomGroupPage.php
@@ -12,16 +12,16 @@ public static function Main()
 		<div class="wrap">
 
 		<h2><?php _e('Create Custom Group', $mf_domain); ?></h2>
-		
+
 		<form action="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('finish-create-custom-group')?>" method="post" id="create-new-group-form">
-		<?php wp_nonce_field('finish-create-custom-group','checking'); ?> 
+		<?php wp_nonce_field('finish-create-custom-group'); ?> 
 		<?php RCCWP_CustomGroupPage::Content(); ?>
-		
+
 		<p class="submit" >
-			<a style="color:black" href="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('cancel-create-custom-group')?>" class="button"><?php _e('Cancel', $mf_domain); ?></a> 
+			<a style="color:black" href="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('cancel-create-custom-group')?>" class="button"><?php _e('Cancel', $mf_domain); ?></a>
 			<input type="submit" id="finish-create-custom-group" value="<?php _e('Finish', $mf_domain); ?>" />
 		</p>
-		
+
 		</form>
 
 		</div>

diff --git a/RCCWP_CreateCustomWritePanelPage.php b/RCCWP_CreateCustomWritePanelPage.php
@@ -12,16 +12,16 @@ public static function Main()
 		<div class="wrap">
 
 		<h2><?php _e('Create Custom Write Panel',$mf_domain); ?></h2>
-		
+
 		<form action="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('finish-create-custom-write-panel')?>" method="post" id="create-new-write-panel-form">
-		<?php wp_nonce_field('finish-create-custom-write-panel','checking'); ?> 		
+		<?php wp_nonce_field('finish-create-custom-write-panel'); ?> 		
 		<?php RCCWP_CustomWritePanelPage::Content(); ?>
-		
+
 		<p class="submit" >
 			<a style="color:black" href="<?php echo RCCWP_ManagementPage::GetCustomWritePanelGenericUrl('cancel-create-custom-write-panel')?>" class="button"><?php _e('Cancel'); ?></a>
 			<input type="submit" id="finish-create-custom-write-panel" value="<?php _e('Finish'); ?>" />
 		</p>
-		
+
 		</form>
 
 		</div>