/** * Redirect to previous page. * * @param int $post_id Optional. Post ID. */ function redirect_post($post_id = '') { if (isset($_POST['save']) || isset($_POST['publish'])) { $status = get_post_status($post_id); if (isset($_POST['publish'])) { switch ($status) { case 'pending': $message = 8; break; case 'future': $message = 9; break; default: $message = 6; } } else { $message = 'draft' == $status ? 10 : 1; } $location = add_query_arg('message', $message, get_edit_post_link($post_id, 'url')); } elseif (isset($_POST['addmeta']) && $_POST['addmeta']) { $location = add_query_arg('message', 2, nxt_get_referer()); $location = explode('#', $location); $location = $location[0] . '#postcustom'; } elseif (isset($_POST['deletemeta']) && $_POST['deletemeta']) { $location = add_query_arg('message', 3, nxt_get_referer()); $location = explode('#', $location); $location = $location[0] . '#postcustom'; } elseif ('post-quickpress-save-cont' == $_POST['action']) { $location = "post.php?action=edit&post={$post_id}&message=7"; } else { $location = add_query_arg('message', 4, get_edit_post_link($post_id, 'url')); } nxt_redirect(apply_filters('redirect_post_location', $location, $post_id)); exit; }
/** * When a site admin selects "Mark as Spammer/Not Spammer" from the admin menu * this action will fire and mark or unmark the user and their blogs as spam. * Must be a site admin for this function to run. * * @package BuddyPress Core * @param int $user_id Optional user ID to mark as spam * @global object $nxtdb Global NXTClass Database object */ function bp_core_action_set_spammer_status($user_id = 0) { // Use displayed user if it's not yourself if (empty($user_id)) { $user_id = bp_displayed_user_id(); } if (bp_is_current_component('admin') && in_array(bp_current_action(), array('mark-spammer', 'unmark-spammer'))) { // Check the nonce check_admin_referer('mark-unmark-spammer'); // To spam or not to spam $status = bp_is_current_action('mark-spammer') ? 'spam' : 'ham'; // The heavy lifting bp_core_process_spammer_status($user_id, $status); // Add feedback message. @todo - Error reporting if ('spam' == $status) { bp_core_add_message(__('User marked as spammer. Spam users are visible only to site admins.', 'buddypress')); } else { bp_core_add_message(__('User removed as spammer.', 'buddypress')); } // Deprecated. Use bp_core_process_spammer_status. $is_spam = 'spam' == $status; do_action('bp_core_action_set_spammer_status', bp_displayed_user_id(), $is_spam); // Redirect back to where we came from bp_core_redirect(nxt_get_referer()); } }
function friends_action_remove_friend() { if (!bp_is_friends_component() || !bp_is_current_action('remove-friend')) { return false; } if (!($potential_friend_id = (int) bp_action_variable(0))) { return false; } if ($potential_friend_id == bp_loggedin_user_id()) { return false; } $friendship_status = BP_Friends_Friendship::check_is_friend(bp_loggedin_user_id(), $potential_friend_id); if ('is_friend' == $friendship_status) { if (!check_admin_referer('friends_remove_friend')) { return false; } if (!friends_remove_friend(bp_loggedin_user_id(), $potential_friend_id)) { bp_core_add_message(__('Friendship could not be canceled.', 'buddypress'), 'error'); } else { bp_core_add_message(__('Friendship canceled', 'buddypress')); } } else { if ('is_friends' == $friendship_status) { bp_core_add_message(__('You are not yet friends with this user', 'buddypress'), 'error'); } else { bp_core_add_message(__('You have a pending friendship request with this user', 'buddypress'), 'error'); } } bp_core_redirect(nxt_get_referer()); return false; }
/** * This function runs when an action is set for a screen: * example.com/members/andy/profile/change-avatar/ [delete-avatar] * * The function will delete the active avatar for a user. * * @package BuddyPress Xprofile * @global object $bp Global BuddyPress settings object * @uses bp_core_delete_avatar() Deletes the active avatar for the logged in user. * @uses add_action() Runs a specific function for an action when it fires. * @uses bp_core_load_template() Looks for and loads a template file within the current member theme (folder/filename) */ function xprofile_action_delete_avatar() { global $bp; if (!bp_is_user_change_avatar() || !bp_is_action_variable('delete-avatar', 0)) { return false; } // Check the nonce check_admin_referer('bp_delete_avatar_link'); if (!bp_is_my_profile() && !is_super_admin()) { return false; } if (bp_core_delete_existing_avatar(array('item_id' => $bp->displayed_user->id))) { bp_core_add_message(__('Your avatar was deleted successfully!', 'buddypress')); } else { bp_core_add_message(__('There was a problem deleting that avatar, please try again.', 'buddypress'), 'error'); } bp_core_redirect(nxt_get_referer()); }
?> " /></h1> <form action="sites.php?action=<?php echo esc_attr($_GET['action2']); ?> " method="post"> <input type="hidden" name="action" value="<?php echo esc_attr($_GET['action2']); ?> " /> <input type="hidden" name="id" value="<?php echo esc_attr($id); ?> " /> <input type="hidden" name="_nxt_http_referer" value="<?php echo esc_attr(nxt_get_referer()); ?> " /> <?php nxt_nonce_field($_GET['action2'], '_nxtnonce', false); ?> <p><?php echo esc_html(stripslashes($_GET['msg'])); ?> </p> <?php submit_button(__('Confirm'), 'button'); ?> </form> </body> </html>
/** * Return the activity delete link. * * @since 1.1.0 * * @global object $activities_template {@link BP_Activity_Template} * @global object $bp BuddyPress global settings * @uses bp_get_root_domain() * @uses bp_get_activity_root_slug() * @uses bp_is_activity_component() * @uses bp_current_action() * @uses add_query_arg() * @uses nxt_get_referer() * @uses nxt_nonce_url() * @uses apply_filters() To call the 'bp_get_activity_delete_link' hook * * @return string $link Activity delete link. Contains $redirect_to arg if on single activity page. */ function bp_get_activity_delete_link() { global $activities_template, $bp; $url = bp_get_root_domain() . '/' . bp_get_activity_root_slug() . '/delete/' . $activities_template->activity->id; $class = 'delete-activity'; // Determine if we're on a single activity page, and customize accordingly if (bp_is_activity_component() && is_numeric(bp_current_action())) { $url = add_query_arg(array('redirect_to' => nxt_get_referer()), $url); $class = 'delete-activity-single'; } $link = '<a href="' . nxt_nonce_url($url, 'bp_activity_delete_link') . '" class="button item-button bp-secondary-action ' . $class . ' confirm" rel="nofollow">' . __('Delete', 'buddypress') . '</a>'; return apply_filters('bp_get_activity_delete_link', $link); }
} } update_user_status($val, 'spam', '1'); break; case 'notspam': $userfunction = 'all_notspam'; $blogs = get_blogs_of_user($val, true); foreach ((array) $blogs as $key => $details) { update_blog_status($details->userblog_id, 'spam', '0'); } update_user_status($val, 'spam', '0'); break; } } } nxt_safe_redirect(add_query_arg(array('updated' => 'true', 'action' => $userfunction), nxt_get_referer())); } else { $location = network_admin_url('users.php'); if (!empty($_REQUEST['paged'])) { $location = add_query_arg('paged', (int) $_REQUEST['paged'], $location); } nxt_redirect($location); } exit; break; case 'dodelete': check_admin_referer('ms-users-delete'); if (!(current_user_can('manage_network_users') && current_user_can('delete_users'))) { nxt_die(__('You do not have permission to access this page.')); } if (!empty($_POST['blog']) && is_array($_POST['blog'])) {
<?php require 'admin-action.php'; $topic_id = (int) $_GET['id']; $topic = get_topic($topic_id); if (!$topic) { bb_die(__('There is a problem with that topic, pardner.')); } if (!bb_current_user_can('close_topic', $topic_id)) { nxt_redirect(bb_get_uri(null, null, BB_URI_CONTEXT_HEADER)); exit; } bb_check_admin_referer('close-topic_' . $topic_id); if (topic_is_open($topic_id)) { bb_close_topic($topic_id); $message = 'closed'; } else { bb_open_topic($topic_id); $message = 'opened'; } if ($sendto = nxt_get_referer()) { $sendto = remove_query_arg('message', $sendto); $sendto = add_query_arg('message', $message, $sendto); } else { $sendto = get_topic_link($topic_id); } bb_safe_redirect($sendto); exit;
/** * Makes sure that a user was referred from another admin page. * * To avoid security exploits. * * @since 1.2.0 * @uses do_action() Calls 'check_admin_referer' on $action. * * @param string $action Action nonce * @param string $query_arg where to look for nonce in $_REQUEST (since 2.5) */ function check_admin_referer($action = -1, $query_arg = '_nxtnonce') { if (-1 == $action) { _doing_it_wrong(__FUNCTION__, __('You should specify a nonce action to be verified by using the first parameter.'), '3.2'); } $adminurl = strtolower(admin_url()); $referer = strtolower(nxt_get_referer()); $result = isset($_REQUEST[$query_arg]) ? nxt_verify_nonce($_REQUEST[$query_arg], $action) : false; if (!$result && !(-1 == $action && strpos($referer, $adminurl) === 0)) { nxt_nonce_ays($action); die; } do_action('check_admin_referer', $action, $result); return $result; }
$value = is_array($value) ? $value : trim($value); $value = stripslashes_deep($value); if (($option == 'nxt_siteurl' || $option == 'nxt_home') && !empty($value)) { $value = rtrim($value, " \t\n\r\v/") . '/'; } if ($value) { bb_update_option($option, $value); } else { bb_delete_option($option); } } } if ($action == 'update-users') { bb_apply_nxt_role_map_to_orphans(); } $goback = add_query_arg('updated', $action, nxt_get_referer()); bb_safe_redirect($goback); exit; } switch (@$_GET['updated']) { case 'update-users': bb_admin_notice(__('<strong>User role mapping saved.</strong>')); break; case 'update-options': bb_admin_notice(__('<strong>User integration settings saved.</strong>')); break; } $bb_role_names[''] = _c('none|no bbPress role'); $bb_role_names = array_merge($bb_role_names, array_map(create_function('$a', 'return sprintf( _c( "bbPress %s|bbPress role" ), $a );'), $nxt_roles->get_names())); $nxtRoles = array('administrator' => __('NXTClass Administrator'), 'editor' => __('NXTClass Editor'), 'author' => __('NXTClass Author'), 'contributor' => __('NXTClass Contributor'), 'subscriber' => __('NXTClass Subscriber')); $nxtRoles = apply_filters('role_map_nxt_roles', $nxtRoles);
/** * Saves option for number of rows when listing posts, pages, comments, etc. * * @since 2.8 **/ function set_screen_options() { if (isset($_POST['nxt_screen_options']) && is_array($_POST['nxt_screen_options'])) { check_admin_referer('screen-options-nonce', 'screenoptionnonce'); if (!($user = nxt_get_current_user())) { return; } $option = $_POST['nxt_screen_options']['option']; $value = $_POST['nxt_screen_options']['value']; if (!preg_match('/^[a-z_-]+$/', $option)) { return; } $option = str_replace('-', '_', $option); $map_option = $option; $type = str_replace('edit_', '', $map_option); $type = str_replace('_per_page', '', $type); if (in_array($type, get_post_types())) { $map_option = 'edit_per_page'; } if (in_array($type, get_taxonomies())) { $map_option = 'edit_tags_per_page'; } switch ($map_option) { case 'edit_per_page': case 'users_per_page': case 'edit_comments_per_page': case 'upload_per_page': case 'edit_tags_per_page': case 'plugins_per_page': // Network admin // Network admin case 'sites_network_per_page': case 'users_network_per_page': case 'site_users_network_per_page': case 'plugins_network_per_page': case 'themes_network_per_page': case 'site_themes_network_per_page': $value = (int) $value; if ($value < 1 || $value > 999) { return; } break; default: $value = apply_filters('set-screen-option', false, $option, $value); if (false === $value) { return; } break; } update_user_meta($user->ID, $option, $value); nxt_safe_redirect(remove_query_arg(array('pagenum', 'apage', 'paged'), nxt_get_referer())); exit; } }
<?php require 'admin.php'; if (!bb_current_user_can('manage_tags')) { bb_die(__('You are not allowed to manage tags.')); } $old_id = (int) $_POST['id']; $tag = $_POST['tag']; bb_check_admin_referer('merge-tag_' . $old_id); if (!($tag = bb_get_tag($tag))) { bb_die(__('The destination tag you specified could not be found.')); } if (!bb_get_tag($old_id)) { bb_die(__('The original tag could not be found.')); } if ($merged = bb_merge_tags($old_id, $tag->tag_id)) { bb_die(sprintf(__("Number of topics from which the old tag was removed: %d <br />\n"), $merged['old_count']) . sprintf(__("Number of topics to which the new tag was added: %d <br />\n"), $merged['diff_count']) . sprintf(__("Number of rows deleted from tags table:%d <br />\n"), $merged['destroyed']['tags']) . sprintf(__('<a href="%s">View Results of Merge</a>'), bb_get_tag_link())); } else { bb_die(printf(__("Something odd happened when attempting to merge those tags.<br />\n<a href=\"%s\">Try Again?</a>"), nxt_get_referer())); }
/** * Display "Are You Sure" message to confirm the action being taken. * * If the action has the nonce explain message, then it will be displayed along * with the "Are you sure?" message. * * @package NXTClass * @subpackage Security * @since 2.0.4 * * @param string $action The nonce action. */ function nxt_nonce_ays($action) { $title = __('NXTClass Failure Notice'); $html = esc_html(nxt_explain_nonce($action)); if ('log-out' == $action) { $html .= "</p><p>" . sprintf(__("Do you really want to <a href='%s'>log out</a>?"), nxt_logout_url()); } elseif (nxt_get_referer()) { $html .= "</p><p><a href='" . esc_url(remove_query_arg('updated', nxt_get_referer())) . "'>" . __('Please try again.') . "</a>"; } nxt_die($html, $title, array('response' => 403)); }
* @since 3.1.0 */ /** Load NXTClass Administration Bootstrap */ require_once './admin.php'; if (!is_multisite()) { nxt_die(__('Multisite support is not enabled.')); } if (!current_user_can('manage_sites')) { nxt_die(__('You do not have sufficient permissions to edit this site.')); } $nxt_list_table = _get_list_table('nxt_Users_List_Table'); $nxt_list_table->prepare_items(); get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('The menu is for editing information specific to individual sites, particularly if the admin area of a site is unavailable.') . '</p>' . '<p>' . __('<strong>Info</strong> - The domain and path are rarely edited as this can cause the site to not work properly. The Registered date and Last Updated date are displayed. Network admins can mark a site as archived, spam, deleted and mature, to remove from public listings or disable.') . '</p>' . '<p>' . __('<strong>Users</strong> - This displays the users associated with this site. You can also change their role, reset their password, or remove them from the site. Removing the user from the site does not remove the user from the network.') . '</p>' . '<p>' . sprintf(__('<strong>Themes</strong> - This area shows themes that are not already enabled across the network. Enabling a theme in this menu makes it accessible to this site. It does not activate the theme, but allows it to show in the site’s Appearance menu. To enable a theme for the entire network, see the <a href="%s">Network Themes</a> screen.'), network_admin_url('themes.php')) . '</p>' . '<p>' . __('<strong>Settings</strong> - This page shows a list of all settings associated with this site. Some are created by NXTClass and others are created by plugins you activate. Note that some fields are grayed out and say Serialized Data. You cannot modify these values due to the way the setting is stored in the database.') . '</p>')); get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="http://codex.nxtclass.org/Network_Admin_Sites_Screens" target="_blank">Documentation on Site Management</a>') . '</p>' . '<p>' . __('<a href="http://nxtclass.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'); $_SERVER['REQUEST_URI'] = remove_query_arg('update', $_SERVER['REQUEST_URI']); $referer = remove_query_arg('update', nxt_get_referer()); $id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0; if (!$id) { nxt_die(__('Invalid site ID.')); } $details = get_blog_details($id); if (!can_edit_network($details->site_id)) { nxt_die(__('You do not have permission to access this page.')); } $is_main_site = is_main_site($id); // get blog prefix $blog_prefix = $nxtdb->get_blog_prefix($id); // @todo This is a hack. Eventually, add API to nxt_Roles allowing retrieval of roles for a particular blog. if (!empty($nxt_roles->use_db)) { $editblog_roles = get_blog_option($id, "{$blog_prefix}user_roles"); } else {
?> </a></p> <?php } elseif (!$php_compat || !$mysql_compat) { if (!$mysql_compat && !$php_compat) { printf(__('You cannot update because <a href="http://codex.nxtclass.org/Version_%1$s">NXTClass %1$s</a> requires PHP version %2$s or higher and MySQL version %3$s or higher. You are running PHP version %4$s and MySQL version %5$s.'), $nxt_version, $required_php_version, $required_mysql_version, $php_version, $mysql_version); } elseif (!$php_compat) { printf(__('You cannot update because <a href="http://codex.nxtclass.org/Version_%1$s">NXTClass %1$s</a> requires PHP version %2$s or higher. You are running version %3$s.'), $nxt_version, $required_php_version, $php_version); } elseif (!$mysql_compat) { printf(__('You cannot update because <a href="http://codex.nxtclass.org/Version_%1$s">NXTClass %1$s</a> requires MySQL version %2$s or higher. You are running version %3$s.'), $nxt_version, $required_mysql_version, $mysql_version); } } else { switch ($step) { case 0: $goback = stripslashes(nxt_get_referer()); $goback = esc_url_raw($goback); $goback = urlencode($goback); ?> <h2><?php _e('Database Update Required'); ?> </h2> <p><?php _e('NXTClass has been updated! Before we send you on your way, we have to update your database to the newest version.'); ?> </p> <p><?php _e('The update process may take a little while, so please be patient.'); ?> </p>
/** * Remove activity from favorites. * * @since 1.2.0 * * @global object $bp BuddyPress global settings * @uses is_user_logged_in() * @uses bp_is_activity_component() * @uses bp_is_current_action() * @uses check_admin_referer() * @uses bp_activity_remove_user_favorite() * @uses bp_action_variable() * @uses bp_core_add_message() * @uses bp_core_redirect() * @uses nxt_get_referer() * * @return bool False on failure */ function bp_activity_action_remove_favorite() { global $bp; if (!is_user_logged_in() || bp_is_activity_component() || !bp_is_current_action('unfavorite')) { return false; } // Check the nonce check_admin_referer('unmark_favorite'); if (bp_activity_remove_user_favorite(bp_action_variable(0))) { bp_core_add_message(__('Activity removed as favorite.', 'buddypress')); } else { bp_core_add_message(__('There was an error removing that activity as a favorite, please try again.', 'buddypress'), 'error'); } bp_core_redirect(nxt_get_referer() . '#activity-' . bp_action_variable(0)); }
// SSL redirect if required bb_ssl_redirect(); // Don't cache this page at all nocache_headers(); /** Look for redirection ******************************************************/ // Look for 'redirect_to' if (isset($_REQUEST['redirect_to'])) { $re = $_REQUEST['redirect_to']; } // Look for 're' if (empty($re) && isset($_REQUEST['re'])) { $re = $_REQUEST['re']; } // Use referer if (empty($re)) { $re = nxt_get_referer(); } // Don't redirect to register or password reset pages if (empty($re)) { // Grab home path and URL for comparison $home_url = parse_url(bb_get_uri(null, null, BB_URI_CONTEXT_TEXT)); $home_path = $home_url['path']; if (false !== strpos($re, $home_path . 'register.php') || false !== strpos($re, $home_path . 'bb-reset-password.php')) { $re = bb_get_uri(null, null, BB_URI_CONTEXT_HEADER); } } /** * If this page was accessed using SSL, make sure the redirect is a full URL so * that we don't end up on an SSL page again (unless the whole site is under SSL) */ if (is_ssl() && 0 === strpos($re, '/')) {
/** * bp_core_login_redirect() * * When a user logs in, always redirect them back to the previous page. NOT the admin area. * * @package BuddyPress Core */ function bp_core_login_redirect($redirect_to) { global $bp, $nxtdb; // Don't mess with the redirect if this is not the root blog if (is_multisite() && $nxtdb->blogid != bp_get_root_blog_id()) { return $redirect_to; } // If the redirect doesn't contain 'nxt-admin', it's OK if (!empty($_REQUEST['redirect_to']) && false === strpos($_REQUEST['redirect_to'], 'nxt-admin')) { return $redirect_to; } if (false === strpos(nxt_get_referer(), 'nxt-login.php') && false === strpos(nxt_get_referer(), 'activate') && empty($_REQUEST['nr'])) { return nxt_get_referer(); } return bp_get_root_domain(); }
<?php require_once 'admin-action.php'; $topic_id = absint($_POST['topic_id']); $forum_id = absint($_POST['forum_id']); if (!is_numeric($topic_id) || !is_numeric($forum_id)) { bb_die(__('Invalid topic or forum.')); } if (!bb_current_user_can('move_topic', $topic_id, $forum_id)) { nxt_redirect(bb_get_uri(null, null, BB_URI_CONTEXT_HEADER)); exit; } bb_check_admin_referer('move-topic_' . $topic_id); $topic = get_topic($topic_id); $forum = bb_get_forum($forum_id); if (!$topic || !$forum) { bb_die(__('Your topic or forum caused all manner of confusion')); } bb_move_topic($topic_id, $forum_id); if (!($redirect = nxt_get_referer())) { $redirect = get_topic_link($topic_id); } bb_safe_redirect($redirect); exit;
/** * Returns the referrer URL without the http(s):// * * @package BuddyPress Core * @return The referrer URL */ function bp_core_referrer() { $referer = explode('/', nxt_get_referer()); unset($referer[0], $referer[1], $referer[2]); return implode('/', $referer); }
exit; break; case 'bulk-delete': check_admin_referer('bulk-tags'); if (!current_user_can($tax->cap->delete_terms)) { nxt_die(__('Cheatin’ uh?')); } $tags = (array) $_REQUEST['delete_tags']; foreach ($tags as $tag_ID) { nxt_delete_term($tag_ID, $taxonomy); } $location = 'edit-tags.php?taxonomy=' . $taxonomy; if ('post' != $post_type) { $location .= '&post_type=' . $post_type; } if ($referer = nxt_get_referer()) { if (false !== strpos($referer, 'edit-tags.php')) { $location = $referer; } } $location = add_query_arg('message', 6, $location); nxt_redirect($location); exit; break; case 'edit': $title = $tax->labels->edit_item; $tag_ID = (int) $_REQUEST['tag_ID']; $tag = get_term($tag_ID, $taxonomy, OBJECT, 'edit'); if (!$tag) { nxt_die(__('You attempted to edit an item that doesn’t exist. Perhaps it was deleted?')); }
function bb_nonce_ays($action) { $title = __('bbPress Failure Notice'); $html .= "\t<div id='message' class='updated fade'>\n\t<p>" . esc_html(bb_explain_nonce($action)) . "</p>\n\t<p>"; if (nxt_get_referer()) { $html .= "<a href='" . remove_query_arg('updated', esc_url(nxt_get_referer())) . "'>" . __('Please try again.') . "</a>"; } $html .= "</p>\n\t</div>\n"; $html .= "</body>\n</html>"; bb_die($html, $title); }
} } unset($_redirect); if ('post' != $post_type) { $parent_file = "edit.php?post_type={$post_type}"; $submenu_file = "edit.php?post_type={$post_type}"; $post_new_file = "post-new.php?post_type={$post_type}"; } else { $parent_file = 'edit.php'; $submenu_file = 'edit.php'; $post_new_file = 'post-new.php'; } $doaction = $nxt_list_table->current_action(); if ($doaction) { check_admin_referer('bulk-posts'); $sendback = remove_query_arg(array('trashed', 'untrashed', 'deleted', 'ids'), nxt_get_referer()); if (!$sendback) { $sendback = admin_url($parent_file); } $sendback = add_query_arg('paged', $pagenum, $sendback); if (strpos($sendback, 'post.php') !== false) { $sendback = admin_url($post_new_file); } if ('delete_all' == $doaction) { $post_status = preg_replace('/[^a-z0-9_-]+/i', '', $_REQUEST['post_status']); if (get_post_status_object($post_status)) { // Check the post status exists first $post_ids = $nxtdb->get_col($nxtdb->prepare("SELECT ID FROM {$nxtdb->posts} WHERE post_type=%s AND post_status = %s", $post_type, $post_status)); } $doaction = 'delete'; } elseif (isset($_REQUEST['media'])) {
/** * Retrieve or display original referer hidden field for forms. * * The input name is '_nxt_original_http_referer' and will be either the same * value of {@link nxt_referer_field()}, if that was posted already or it will * be the current page, if it doesn't exist. * * @package NXTClass * @subpackage Security * @since 2.0.4 * * @param bool $echo Whether to echo the original http referer * @param string $jump_back_to Optional, default is 'current'. Can be 'previous' or page you want to jump back to. * @return string Original referer field. */ function nxt_original_referer_field($echo = true, $jump_back_to = 'current') { $jump_back_to = 'previous' == $jump_back_to ? nxt_get_referer() : $_SERVER['REQUEST_URI']; $ref = nxt_get_original_referer() ? nxt_get_original_referer() : $jump_back_to; $orig_referer_field = '<input type="hidden" name="_nxt_original_http_referer" value="' . esc_attr(stripslashes($ref)) . '" />'; if ($echo) { echo $orig_referer_field; } return $orig_referer_field; }
<?php require 'admin.php'; if (!bb_current_user_can('manage_tags')) { bb_die(__('You are not allowed to manage tags.')); } $tag_id = (int) $_POST['id']; $tag = stripslashes($_POST['tag']); bb_check_admin_referer('rename-tag_' . $tag_id); if (!($old_tag = bb_get_tag($tag_id))) { bb_die(__('Tag not found.')); } if ($tag = bb_rename_tag($tag_id, $tag)) { nxt_redirect(bb_get_tag_link()); } else { bb_die(printf(__('There already exists a tag by that name or the name is invalid. <a href="%s">Try Again</a>'), nxt_get_referer())); } exit;
require_once 'admin.php'; if ('post' == strtolower($_SERVER['REQUEST_METHOD']) && $_POST['action'] == 'update') { bb_check_admin_referer('options-reading-update'); foreach ((array) $_POST as $option => $value) { if (!in_array($option, array('_nxtnonce', '_nxt_http_referer', 'action', 'submit'))) { $option = trim($option); $value = is_array($value) ? $value : trim($value); $value = stripslashes_deep($value); if ($value) { bb_update_option($option, $value); } else { bb_delete_option($option); } } } $goback = add_query_arg('updated', 'true', nxt_get_referer()); bb_safe_redirect($goback); exit; } if (!empty($_GET['updated'])) { bb_admin_notice('<strong>' . __('Settings saved.') . '</strong>'); } $reading_options = array('page_topics' => array('title' => __('Items per page'), 'class' => 'short', 'note' => __('Number of topics, posts or tags to show per page.')), 'name_link_profile' => array('title' => __('Link name to'), 'type' => 'radio', 'options' => array(0 => __('Website'), 1 => __('Profile')), 'note' => __('What should the user\'s name link to on the topic page? The user\'s title would automatically get linked to the option you don\'t choose. By default, the user\'s name is linked to his/her website.'))); $bb_admin_body_class = ' bb-admin-settings'; bb_get_admin_header(); ?> <div class="wrap"> <h2><?php _e('Reading Settings');
<?php require_once 'admin.php'; if (!bb_current_user_can('manage_forums')) { bb_die(__("You don't have the authority to mess with the forums.")); } if (!isset($_POST['action'])) { nxt_redirect(bb_get_uri('bb-admin/forums.php', null, BB_URI_CONTEXT_HEADER + BB_URI_CONTEXT_BB_ADMIN)); exit; } $sent_from = nxt_get_referer(); switch ($_POST['action']) { case 'add': if (!isset($_POST['forum_name']) || '' === $_POST['forum_name']) { bb_die(__('Bad forum name. Go back and try again.')); } bb_check_admin_referer('add-forum'); if (false !== bb_new_forum($_POST)) { bb_safe_redirect($sent_from); exit; } else { bb_die(__('The forum was not added')); } break; case 'update': bb_check_admin_referer('update-forum'); if (!($forums = bb_get_forums())) { bb_die(__('No forums to update!')); } if ((int) $_POST['forum_id'] && isset($_POST['forum_name']) && '' !== $_POST['forum_name']) { bb_update_forum($_POST);
function bb_ksd_configuration_page_process() { if ('post' == strtolower($_SERVER['REQUEST_METHOD']) && $_POST['action'] == 'update-akismet-settings') { bb_check_admin_referer('options-akismet-update'); $goback = remove_query_arg(array('invalid-akismet', 'updated-akismet'), nxt_get_referer()); if (!isset($_POST['akismet_stats'])) { $_POST['akismet_stats'] = false; } if (true === (bool) $_POST['akismet_stats']) { bb_update_option('akismet_stats', 1); } else { bb_delete_option('akismet_stats'); } if ($_POST['akismet_key']) { $value = stripslashes_deep(trim($_POST['akismet_key'])); if ($value) { if (bb_akismet_verify_key($value)) { bb_update_option('akismet_key', $value); } else { $goback = add_query_arg('invalid-akismet', 'true', $goback); bb_safe_redirect($goback); exit; } } else { bb_delete_option('akismet_key'); } } else { bb_delete_option('akismet_key'); } $goback = add_query_arg('updated-akismet', 'true', $goback); bb_safe_redirect($goback); exit; } if (!empty($_GET['updated-akismet'])) { bb_admin_notice(__('<strong>Settings saved.</strong>')); } if (!empty($_GET['invalid-akismet'])) { bb_admin_notice(__('<strong>The key you attempted to enter is invalid. Reverting to previous setting.</strong>'), 'error'); } global $bb_admin_body_class; $bb_admin_body_class = ' bb-admin-settings'; }
?> " /> <input type="hidden" id="post_author" name="post_author" value="<?php echo esc_attr($post->post_author); ?> " /> <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr($post_type); ?> " /> <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr($post->post_status); ?> " /> <input type="hidden" id="referredby" name="referredby" value="<?php echo esc_url(stripslashes(nxt_get_referer())); ?> " /> <?php if (!empty($active_post_lock)) { ?> <input type="hidden" id="active_post_lock" value="<?php echo esc_attr(implode(':', $active_post_lock)); ?> " /> <?php } if ('draft' != $post->post_status) { nxt_original_referer_field(true, 'previous'); } echo $form_extra;
<input type="hidden" name="verify-delete" value="1" /> <input type="hidden" name="action" value="delete-selected" /> <?php foreach ((array) $plugins as $plugin) { echo '<input type="hidden" name="checked[]" value="' . esc_attr($plugin) . '" />'; } ?> <?php nxt_nonce_field('bulk-plugins'); ?> <?php submit_button($data_to_delete ? __('Yes, Delete these files and data') : __('Yes, Delete these files'), 'button', 'submit', false); ?> </form> <form method="post" action="<?php echo esc_url(nxt_get_referer()); ?> " style="display:inline;"> <?php submit_button(__('No, Return me to the plugin list'), 'button', 'submit', false); ?> </form> <p><a href="#" onclick="jQuery('#files-list').toggle(); return false;"><?php _e('Click to view entire list of files which will be deleted'); ?> </a></p> <div id="files-list" style="display:none;"> <ul class="code"> <?php foreach ((array) $files_to_delete as $file) {