working on action nonces
This commit is contained in:
John Bintz
parent
ba3ab55b0f
commit
1209336388
@ -129,6 +129,7 @@ class ComicPressAdmin {
|
||||
*/
|
||||
function render_admin() {
|
||||
$nonce = wp_create_nonce('comicpress');
|
||||
$action_nonce = wp_create_nonce('comicpress-comicpress-options');
|
||||
$storyline = new ComicPressStoryline();
|
||||
$storyline->normalize();
|
||||
$storyline->read_from_options();
|
||||
@ -163,6 +164,7 @@ class ComicPressAdmin {
|
||||
$ordering = $comic_post->normalize_ordering();
|
||||
|
||||
$nonce = wp_create_nonce('comicpress');
|
||||
$action_nonce = wp_create_nonce('comicpress-comic-ordering');
|
||||
$zoom_level = 40;
|
||||
$current_user = wp_get_current_user();
|
||||
if (!empty($current_user)) {
|
||||
@ -315,6 +317,12 @@ class ComicPressAdmin {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$this->comicpress->save();
|
||||
|
||||
$this->info(__("ComicPress configuration updated.", 'comicpress'));
|
||||
|
||||
$this->comicpress->init();
|
||||
}
|
||||
|
||||
// @codeCoverageIgnoreStart
|
||||
@ -400,22 +408,16 @@ class ComicPressAdmin {
|
||||
//coming from media editor
|
||||
$this->handle_update_attachments();
|
||||
} else if (isset($_REQUEST['cp']['action'])) {
|
||||
$method = 'handle_update_' . strtolower(str_replace('-', '_', $_REQUEST['cp']['action']));
|
||||
$action = $_REQUEST['cp']['action'];
|
||||
if (isset($_REQUEST['cp']['_action_nonce'])) {
|
||||
if (wp_verify_nonce($_REQUEST['cp']['_action_nonce'], "comicpress-${action}")) {
|
||||
$method = 'handle_update_' . strtolower(str_replace('-', '_', $action));
|
||||
if (method_exists($this, $method)) {
|
||||
$this->{$method}($_REQUEST['cp']);
|
||||
}
|
||||
} else {
|
||||
//coming from us
|
||||
$this->handle_update_comicpress_options($_REQUEST['cp']);
|
||||
|
||||
$this->comicpress->save();
|
||||
|
||||
$this->info(__("ComicPress configuration updated.", 'comicpress'));
|
||||
|
||||
$this->comicpress->init();
|
||||
}
|
||||
|
||||
$this->comicpress->load();
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
<div style="overflow: hidden">
|
||||
<input type="hidden" name="cp[_nonce]" value="<?php echo esc_attr($nonce) ?>" />
|
||||
<input type="hidden" name="cp[action]" value="comic-ordering" />
|
||||
<input type="hidden" name="cp[_action_nonce]" value="<?php echo esc_attr($action_nonce) ?>" />
|
||||
<div id="ordering-zoom-slider-holder">
|
||||
<div id="ordering-zoom-slider">
|
||||
<div id="ordering-zoom-handle"></div>
|
||||
@ -17,12 +18,14 @@
|
||||
(function() {
|
||||
$('ordering-refresh').observe('click', function(e) {
|
||||
Event.stop(e);
|
||||
|
||||
new Ajax.Updater('comic-ordering-holder', ComicPressAdmin.ajax_uri, {
|
||||
method: 'post',
|
||||
parameters: {
|
||||
'cp[_nonce]': ComicPressAdmin.nonce,
|
||||
'cp[_action_nonce]': '<?php echo esc_js(wp_create_nonce('comicpress-refresh-ordering')) ?>',
|
||||
'cp[action]': 'refresh-ordering',
|
||||
'cp[post_id]': <?php echo $uploading_iframe_ID ?>
|
||||
'cp[post_id]': <?php echo esc_js($uploading_iframe_ID) ?>
|
||||
},
|
||||
evalScripts: true,
|
||||
onSuccess: function() {
|
||||
|
||||
@ -1,89 +0,0 @@
|
||||
<div class="wrap">
|
||||
<h2>Edit partials</h2>
|
||||
<style type="text/css">
|
||||
#partial-list-holder {
|
||||
width: 200px;
|
||||
float: left;
|
||||
display: inline;
|
||||
}
|
||||
|
||||
#partial-list-holder a {
|
||||
font-size: 11px
|
||||
}
|
||||
|
||||
#partial-editor {
|
||||
margin-left: 210px;
|
||||
}
|
||||
|
||||
#partial-editor h3 {
|
||||
margin: 0 0 10px
|
||||
}
|
||||
</style>
|
||||
<div id="partial-list-holder">
|
||||
<?php
|
||||
|
||||
$valid_partials = array();
|
||||
foreach (glob(get_template_directory() . DIRECTORY_SEPARATOR . 'partials' . DIRECTORY_SEPARATOR . '*.inc') as $partial) {
|
||||
if (preg_match('#(partials.*)\.inc$#', $partial, $matches) > 0) {
|
||||
$valid_partials[] = $matches[1];
|
||||
}
|
||||
}
|
||||
|
||||
$selected = reset($valid_partials);
|
||||
if (isset($_REQUEST['cp']['partial'])) {
|
||||
if (in_array($_REQUEST['cp']['partial'], $valid_partials)) {
|
||||
$selected = $_REQUEST['cp']['partial'];
|
||||
}
|
||||
}
|
||||
|
||||
echo '<ul>';
|
||||
foreach ($valid_partials as $partial_name) {
|
||||
echo '<li>';
|
||||
if ($partial_name == $selected) { echo '<strong>'; }
|
||||
echo '<a href="' . add_query_arg('cp[partial]', $partial_name) . '">' . $partial_name . '</a>';
|
||||
if ($partial_name == $selected) { echo '</strong>'; }
|
||||
if (isset($this->comicpress->comicpress_options['override_partials'][$partial_name])) {
|
||||
echo "(@)";
|
||||
}
|
||||
echo '</li>';
|
||||
}
|
||||
echo '</ul>';
|
||||
|
||||
$is_original = false;
|
||||
if ($_REQUEST['cp']['action'] == __('Delete override partial', 'comicpress')) {
|
||||
unset($_REQUEST['cp']['code']);
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['cp']['code'])) {
|
||||
$partial_code = htmlentities($_REQUEST['cp']['code']);
|
||||
} else {
|
||||
if (isset($this->comicpress->comicpress_options['override_partials'][$selected])) {
|
||||
$partial_code = htmlentities($this->comicpress->comicpress_options['override_partials'][$selected]);
|
||||
} else {
|
||||
$is_original = true;
|
||||
$partial_code = htmlentities(file_get_contents(get_template_directory() . DIRECTORY_SEPARATOR . $selected . '.inc'));
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
</div>
|
||||
<div id="partial-editor">
|
||||
<h3><?php printf(__('Editing %s', 'comicpress'), $selected) ?></h3>
|
||||
<?php if ($is_original) { ?>
|
||||
<p>(<em><?php _e('currently editing default partial', 'comicpress') ?></em>)</p>
|
||||
<?php } ?>
|
||||
<form method="post">
|
||||
<input type="hidden" name="cp[_nonce]" value="<?php echo $nonce ?>" />
|
||||
<input type="hidden" name="cp[partial]" value="<?php echo $selected ?>" />
|
||||
<textarea id="editor" name="cp[code]" rows="20" style="width: 100%"><?php echo $partial_code ?></textarea>
|
||||
<input type="submit" class="button" name="cp[action]" value="<?php _e('Update partial', 'comicpress') ?>" />
|
||||
<input type="submit" class="button" name="cp[action]" value="<?php _e('Delete override partial', 'comicpress') ?>" onclick="return confirm('<?php _e('Are you sure?', 'comicpress') ?>')" />
|
||||
</form>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
editAreaLoader.init({
|
||||
id: "editor", syntax: "php", start_highlight: true
|
||||
});
|
||||
</script>
|
||||
<br style="clear: both" />
|
||||
</div>
|
||||
@ -1,8 +0,0 @@
|
||||
<div class="wrap">
|
||||
<div id="layout-designer">
|
||||
|
||||
</div>
|
||||
</div>
|
||||
<script type="text/javascript">
|
||||
|
||||
</script>
|
||||
@ -2,6 +2,8 @@
|
||||
<h2><?php _e('ComicPress Config', 'comicpress') ?></h2>
|
||||
<form method="post" action="">
|
||||
<input type="hidden" name="cp[_nonce]" value="<?php echo esc_attr($nonce) ?>" />
|
||||
<input type="hidden" name="cp[action]" value="comicpress-options" />
|
||||
<input type="hidden" name="cp[_action_nonce]" value="<?php echo esc_attr($action_nonce) ?>" />
|
||||
<h3><?php _e('Global Options', 'comicpress') ?></h3>
|
||||
<table class="widefat fixed">
|
||||
<tr>
|
||||
@ -33,7 +35,7 @@
|
||||
</tr>
|
||||
</table>
|
||||
<div style="text-align: center; margin-top: 10px;">
|
||||
<input class="button" type="submit" value="<?php _e('Submit Updated ComicPress Options', 'comicpress') ?>" />
|
||||
<input class="button-primary" type="submit" value="<?php _e('Submit Updated ComicPress Options', 'comicpress') ?>" />
|
||||
</div>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
@ -251,45 +251,6 @@ class ComicPressAdminTest extends PHPUnit_Framework_TestCase {
|
||||
), get_usermeta(1, 'comicpress-settings'));
|
||||
}
|
||||
|
||||
function providerTestHandleUpdate() {
|
||||
return array(
|
||||
array(array()),
|
||||
array(array('cp' => true), false),
|
||||
array(array('cp' => array()), false),
|
||||
array(array('cp' => array()), true, true, true),
|
||||
array(array('cp' => array(), 'attachments' => array()), true, true, false),
|
||||
array(array('cp' => array('action' => 'test')), true, true, false),
|
||||
array(array('cp' => array('action' => 'comic_ordering')), true, true, false),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider providerTestHandleUpdate
|
||||
* @covers ComicPressAdmin::handle_update
|
||||
*/
|
||||
function testHandleUpdate($input, $add_nonce = false, $comicpress_load = false, $comicpress_save = false) {
|
||||
$this->admin->comicpress = $this->getMock('ComicPress', array('save', 'init', 'load'));
|
||||
if ($comicpress_load) {
|
||||
$this->admin->comicpress->expects($this->once())->method('load');
|
||||
}
|
||||
if ($comicpress_save) {
|
||||
$this->admin->comicpress->expects($this->once())->method('save');
|
||||
$this->admin->comicpress->expects($this->once())->method('init');
|
||||
}
|
||||
|
||||
if ($add_nonce) {
|
||||
if (isset($input['cp'])) {
|
||||
if (is_array($input['cp'])) {
|
||||
$input['cp']['_nonce'] = wp_create_nonce('comicpress');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$_POST = $_REQUEST = $input;
|
||||
|
||||
$this->admin->handle_update();
|
||||
}
|
||||
|
||||
function providerTestGetEditableAttachmentList() {
|
||||
return array(
|
||||
array(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user