Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //mod jrc 270912: this file (/wp-content/themes/Rbox/panel/Rbox_functions.php) heavily modded from original to fix plugin conflicts and security exposures - see my mod marks throughout.
- //initialize
- add_action('admin_init', 'Rbox_init');
- add_action('admin_menu', 'Rbox_add_admin');
- ?>
- <?php
- //core functions
- function Rbox_add_admin() {
- //mod jrc 270812 - moved code to function Rbox_admin - where it belongs!!
- //orig: global $themename, $shortname, $options;
- //orig: etc
- global $themename;
- //end mod jrc 270812 - moved code to function Rbox_admin - where it belongs!!
- add_menu_page($themename, $themename, 'administrator', basename(__FILE__), 'Rbox_admin');
- } //end func
- function Rbox_init() {
- wp_enqueue_style("tzen", get_template_directory_uri()."/panel/css/admin.css", false, "1.0", "all");
- wp_enqueue_script("tzen", get_template_directory_uri()."/panel/js/admin.js", false, "1.0");
- }
- function Rbox_admin() {
- //mod jrc 270812 - check you should even be here!
- if (!current_user_can('edit_theme_options')) die;
- //end mod jrc 270812 - check you should even be here!
- global $themename, $shortname, $options;
- //mod jrc 270812 - use nonce key! and check!
- $scl_wp_rbox_nonce_key = 'scl_wp_rbox_admin_nonce';
- //end mod jrc 270812 - add nonce key! and check!
- //mod jrc 270812: moved from function Rbox_add_admin above - where it did not belong!!
- //mod jrc 270812 - use nonce key! and check!
- //orig: if ( isset($_GET['page'])== basename(__FILE__) ) {
- if ( !empty($_POST[$scl_wp_rbox_nonce_key]) && wp_verify_nonce( $_POST[$scl_wp_rbox_nonce_key], basename(__FILE__) ) && (isset($_GET['page'])== basename(__FILE__)) ) {
- //end mod jrc 270812 - use nonce key! and check!
- if ( 'save' == $_REQUEST['action'] ) {
- //mod jrc 270812 - remove redundant loop
- /*orig: foreach ($options as $value) {
- update_option($value['id'], $_REQUEST[ $value['id'] ] ) ;
- }*/
- //end mod jrc 270812 - remove redundant loop
- foreach ($options as $value) {
- //mod jrc 270812: fix bug - woudlnt save 0 - todo: make this smarter/better
- //orig: if( $_REQUEST[ $value['id'] ] ) {
- if( !empty($_REQUEST[ $value['id'] ]) ) {
- //mod jrc 270812: fix bug - woudlnt save 0
- update_option( $value['id'], $_REQUEST[ $value['id'] ] ) ;
- } else {
- delete_option( $value['id'] );
- }
- } //end foreach
- //mod jrc 270812:
- //orig: header("Location: admin.php?page=Rbox_functions.php&saved=true");
- //orig: die;
- $_REQUEST['saved'] = 'true';
- //end mod jrc 270812:
- } else if( 'reset' == $_REQUEST['action'] ) {
- foreach ($options as $value) {
- delete_option( $value['id'] );
- }
- //mod jrc 270812:
- //orig: header("Location: admin.php?page=Rbox_functions.php&reset=true");
- //orig: die;
- $_REQUEST['reset'] = 'true';
- //end mod jrc 270812:
- } //end if else
- } //end outer if basename
- //end mod jrc 270812: moved from function Rbox_add_admin above - where it did not belong!!
- $i=0;
- if ( isset( $_REQUEST['saved'] )) echo '<div id="message" class="updated fade"><p><strong>'.$themename.' settings saved.</strong></p></div>';
- if ( isset($_REQUEST['reset'] )) echo '<div id="message" class="updated fade"><p><strong>'.$themename.' settings reset.</strong></p></div>';
- ?>
- <!-- mod jrc 270812 - orig: div class="option_wrapper" -->
- <div class="option_wrapper">
- <div class="logo_tz"><a href="http://www.themeszen.com">logo</a></div>
- <div id="go_pro"><h2>Thanks for purchasing the Rbox theme.</h2>In case of any problem, post in the <a href="http://www.themeszen.com/forums-support">Forum here</a></div>
- <div class="tz_opts">
- <form method="post">
- <?php /*mod jrc 270812 - add nonce key! and check!*/
- wp_nonce_field( basename(__FILE__), $scl_wp_rbox_nonce_key );
- /*end mod jrc 270812 - add nonce key! and check!*/
- ?>
- <?php foreach ($options as $value) {
- switch ( $value['type'] ) {
- case "open":
- ?>
- <?php break;
- case "close":
- ?>
- </div>
- </div>
- <br />
- <?php break;
- case "title":
- ?>
- <h2><?php echo $themename; ?> Options Panel</h2>
- <?php break;
- case 'text':
- ?>
- <div class="tz_base tz_input">
- <label for="<?php echo $value['id']; ?>"><?php echo $value['name']; ?></label>
- <input name="<?php echo $value['id']; ?>" id="<?php echo $value['id']; ?>" type="<?php echo $value['type']; ?>" value="<?php if ( get_option( $value['id'] ) != "") { echo stripslashes(get_option( $value['id']) ); } else { echo $value['std']; } ?>" />
- <small><?php echo $value['desc']; ?></small><div class="clearfix"></div>
- </div>
- <?php
- break;
- case 'savebutton':
- ?>
- <div class="tz_base submit">
- <input type="hidden" name="action" value="save" />
- <input name="save<?php echo $i; ?>" type="submit" value="Save changes" />
- </div>
- <?php
- break;
- case 'textarea':
- ?>
- <div class="tz_base tz_input">
- <label for="<?php echo $value['id']; ?>"><?php echo $value['name']; ?></label>
- <textarea name="<?php echo $value['id']; ?>" type="<?php echo $value['type']; ?>" cols="" rows=""><?php if ( get_option( $value['id'] ) != "") { echo stripslashes(get_option( $value['id']) ); } else { echo $value['std']; } ?></textarea>
- <small><?php echo $value['desc']; ?></small><div class="clearfix"></div>
- </div>
- <?php
- break;
- case 'select':
- ?>
- <div class="tz_base tz_select">
- <label for="<?php echo $value['id']; ?>"><?php echo $value['name']; ?></label>
- <select name="<?php echo $value['id']; ?>" id="<?php echo $value['id']; ?>">
- <?php foreach ($value['options'] as $option) { ?>
- <option <?php if (get_option( $value['id'] ) == $option) { echo 'selected="selected"'; } ?>><?php echo $option; ?></option><?php } ?>
- </select>
- <small><?php echo $value['desc']; ?></small><div class="clearfix"></div>
- </div>
- <?php break;
- case "multicheckbox":
- ?>
- <div class="tz_base">
- <label for="<?php echo $value['id']; ?>"><?php echo $value['name']; ?></label>
- <div class="box-option">
- <?php foreach ($value['options'] as $keys =>$values) {
- $checked = "";
- if (get_option( $value['id'])) {
- if (@in_array($keys, get_option($value['id'] ))) $checked = "checked=\"checked\"";
- }
- else {
- }
- ?>
- <label class="button">
- <input type="checkbox" name="<?php echo $value['id']; ?>[]" id="<?php echo $keys; ?>" value="<?php echo $keys; ?>" <?php echo $checked; ?> />
- <?php echo $values; ?>
- </label>
- <?php } ?>
- </div>
- <small><?php echo $value['desc']; ?></small><div class="clearfix"></div>
- </div>
- <?php
- break;
- case "checkbox":
- ?>
- <div class="tz_base tz_checkbox">
- <label for="<?php echo $value['id']; ?>"><?php echo $value['name']; ?></label>
- <?php if(get_option($value['id'])){ $checked = "checked=\"checked\""; }else{ $checked = "";} ?>
- <input type="checkbox" name="<?php echo $value['id']; ?>" id="<?php echo $value['id']; ?>" value="true" <?php echo $checked; ?> />
- <small><?php echo $value['desc']; ?></small><div class="clearfix"></div>
- </div>
- <?php break;
- case "radio":
- ?>
- <div class="tz_base">
- <label for="<?php echo $value['id']; ?>"><?php echo $value['name']; ?></label>
- <div class="box-option">
- <?php
- foreach ($value['options'] as $key=>$option) {
- if(get_option($value['id'])){
- if ($key == get_option($value['id']) ) {
- $checked = " checked=\"checked\"";
- } else {
- $checked = "";
- }
- } else {
- if($key == $value['std']) {
- $checked = " checked=\"checked\"";
- } else {
- $checked = "";
- }
- } ?>
- <label class="button"><input type="radio" name="<?php echo $value['id']; ?>" value="<?php echo $key; ?>"<?php echo $checked; ?> /><?php echo ' '.$option; ?></label>
- <?php } ?>
- </div>
- <small><?php echo $value['desc']; ?></small><div class="clearfix"></div>
- </div>
- <?php break;
- case "section":
- $i++;
- ?>
- <div class="tz_section">
- <div class="tz_title"><h3><img src="<?php echo get_template_directory_uri(); ?>/panel/images/trans.png" class="inactive" alt="" /><?php echo $value['name']; ?></h3><div class="clearfix"></div></div>
- <div class="tz_options">
- <?php break;
- }
- }
- ?>
- <span class="submit"><input name="save<?php echo $i; ?>" type="submit" value="Save all changes" />
- </span>
- <input type="hidden" name="action" value="save" />
- </form>
- <form method="post">
- <p class="submit">
- <input name="reset" type="submit" value="Reset" />
- <input type="hidden" name="action" value="reset" />
- </p>
- </form>
- </div>
- <?php
- }
- ?>
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement