1 | <?php |
2 | /** |
3 | * WordPress Theme Install Administration API |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | $themes_allowedtags = array('a' => array('href' => array(), 'title' => array(), 'target' => array()), |
10 | 'abbr' => array('title' => array()), 'acronym' => array('title' => array()), |
11 | 'code' => array(), 'pre' => array(), 'em' => array(), 'strong' => array(), |
12 | 'div' => array(), 'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array(), |
13 | 'h1' => array(), 'h2' => array(), 'h3' => array(), 'h4' => array(), 'h5' => array(), 'h6' => array(), |
14 | 'img' => array('src' => array(), 'class' => array(), 'alt' => array()) |
15 | ); |
16 | |
17 | $theme_field_defaults = array( 'description' => true, 'sections' => false, 'tested' => true, 'requires' => true, |
18 | 'rating' => true, 'downloaded' => true, 'downloadlink' => true, 'last_updated' => true, 'homepage' => true, |
19 | 'tags' => true, 'num_ratings' => true |
20 | ); |
21 | |
22 | |
23 | /** |
24 | * Retrieve theme installer pages from WordPress Themes API. |
25 | * |
26 | * It is possible for a theme to override the Themes API result with three |
27 | * filters. Assume this is for themes, which can extend on the Theme Info to |
28 | * offer more choices. This is very powerful and must be used with care, when |
29 | * overridding the filters. |
30 | * |
31 | * The first filter, 'themes_api_args', is for the args and gives the action as |
32 | * the second parameter. The hook for 'themes_api_args' must ensure that an |
33 | * object is returned. |
34 | * |
35 | * The second filter, 'themes_api', is the result that would be returned. |
36 | * |
37 | * @since 2.8.0 |
38 | * |
39 | * @param string $action |
40 | * @param array|object $args Optional. Arguments to serialize for the Theme Info API. |
41 | * @return mixed |
42 | */ |
43 | function themes_api($action, $args = null) { |
44 | |
45 | if ( is_array($args) ) |
46 | $args = (object)$args; |
47 | |
48 | if ( !isset($args->per_page) ) |
49 | $args->per_page = 24; |
50 | |
51 | $args = apply_filters('themes_api_args', $args, $action); //NOTE: Ensure that an object is returned via this filter. |
52 | $res = apply_filters('themes_api', false, $action, $args); //NOTE: Allows a theme to completely override the builtin WordPress.org API. |
53 | |
54 | if ( ! $res ) { |
55 | $request = wp_remote_post('http://api.wordpress.org/themes/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) ); |
56 | if ( is_wp_error($request) ) { |
57 | $res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() ); |
58 | } else { |
59 | $res = unserialize($request['body']); | //Possible Control Flow
|
60 | if ( ! $res ) |
61 | $res = new WP_Error('themes_api_failed', __('An unknown error occured'), $request['body']); |
62 | } |
63 | } |
64 | //var_dump(array($args, $res)); |
65 | return apply_filters('themes_api_result', $res, $action, $args); |
66 | } |
67 | |
68 | /** |
69 | * Retrieve list of WordPress theme features (aka theme tags) |
70 | * |
71 | * @since 2.8.0 |
72 | * |
73 | * @return array |
74 | */ |
75 | function install_themes_feature_list( ) { |
76 | if ( !$cache = get_transient( 'wporg_theme_feature_list' ) ) |
77 | set_transient( 'wporg_theme_feature_list', array( ), 10800); |
78 | |
79 | if ( $cache ) |
80 | return $cache; |
81 | |
82 | $feature_list = themes_api( 'feature_list', array( ) ); |
83 | if ( is_wp_error( $feature_list ) ) |
84 | return $features; |
85 | |
86 | set_transient( 'wporg_theme_feature_list', $feature_list, 10800 ); |
87 | |
88 | return $feature_list; |
89 | } |
90 | |
91 | add_action('install_themes_search', 'install_theme_search', 10, 1); |
92 | /** |
93 | * Display theme search results |
94 | * |
95 | * @since 2.8.0 |
96 | * |
97 | * @param string $page |
98 | */ |
99 | function install_theme_search($page) { |
100 | global $theme_field_defaults; |
101 | |
102 | $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : ''; |
103 | $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; |
104 | |
105 | $args = array(); |
106 | |
107 | switch( $type ){ |
108 | case 'tag': |
109 | $terms = explode(',', $term); |
110 | $terms = array_map('trim', $terms); |
111 | $terms = array_map('sanitize_title_with_dashes', $terms); |
112 | $args['tag'] = $terms; |
113 | break; |
114 | case 'term': |
115 | $args['search'] = $term; |
116 | break; |
117 | case 'author': |
118 | $args['author'] = $term; |
119 | break; |
120 | } |
121 | |
122 | $args['page'] = $page; |
123 | $args['fields'] = $theme_field_defaults; |
124 | |
125 | if ( !empty( $_POST['features'] ) ) { |
126 | $terms = $_POST['features']; |
127 | $terms = array_map( 'trim', $terms ); |
128 | $terms = array_map( 'sanitize_title_with_dashes', $terms ); |
129 | $args['tag'] = $terms; |
130 | $_REQUEST['s'] = implode( ',', $terms ); |
131 | $_REQUEST['type'] = 'tag'; |
132 | } |
133 | |
134 | $api = themes_api('query_themes', $args); |
135 | |
136 | if ( is_wp_error($api) ) |
137 | wp_die($api); |
138 | |
139 | add_action('install_themes_table_header', 'install_theme_search_form'); |
140 | |
141 | display_themes($api->themes, $api->info['page'], $api->info['pages']); |
142 | } |
143 | |
144 | /** |
145 | * Display search form for searching themes. |
146 | * |
147 | * @since 2.8.0 |
148 | */ |
149 | function install_theme_search_form() { |
150 | $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : ''; |
151 | $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : ''; |
152 | ?> |
153 | <p class="install-help"><?php _e('Search for themes by keyword, author, or tag.') ?></p> |
154 | |
155 | <form id="search-themes" method="post" action="<?php echo admin_url( 'theme-install.php?tab=search' ); ?>"> |
156 | <select name="type" id="typeselector"> |
157 | <option value="term" <?php selected('term', $type) ?>><?php _e('Term'); ?></option> |
158 | <option value="author" <?php selected('author', $type) ?>><?php _e('Author'); ?></option> |
159 | <option value="tag" <?php selected('tag', $type) ?>><?php _ex('Tag', 'Theme Installer'); ?></option> |
160 | </select> |
161 | <input type="text" name="s" size="30" value="<?php echo esc_attr($term) ?>" /> |
162 | <input type="submit" name="search" value="<?php esc_attr_e('Search'); ?>" class="button" /> |
163 | </form> |
164 | <?php |
165 | } |
166 | |
167 | add_action('install_themes_dashboard', 'install_themes_dashboard'); |
168 | /** |
169 | * Display tags filter for themes. |
170 | * |
171 | * @since 2.8.0 |
172 | */ |
173 | function install_themes_dashboard() { |
174 | install_theme_search_form(); |
175 | ?> |
176 | <h4><?php _e('Feature Filter') ?></h4> |
177 | <form method="post" action="<?php echo admin_url( 'theme-install.php?tab=search' ); ?>"> |
178 | <p class="install-help"><?php _e('Find a theme based on specific features') ?></p> |
179 | <?php |
180 | $feature_list = install_themes_feature_list( ); |
181 | echo '<div class="feature-filter">'; |
182 | $trans = array ('Colors' => __('Colors'), 'black' => __('Black'), 'blue' => __('Blue'), 'brown' => __('Brown'), |
183 | 'green' => __('Green'), 'orange' => __('Orange'), 'pink' => __('Pink'), 'purple' => __('Purple'), 'red' => __('Red'), |
184 | 'silver' => __('Silver'), 'tan' => __('Tan'), 'white' => __('White'), 'yellow' => __('Yellow'), 'dark' => __('Dark'), |
185 | 'light' => __('Light'), 'Columns' => __('Columns'), 'one-column' => __('One Column'), 'two-columns' => __('Two Columns'), |
186 | 'three-columns' => __('Three Columns'), 'four-columns' => __('Four Columns'), 'left-sidebar' => __('Left Sidebar'), |
187 | 'right-sidebar' => __('Right Sidebar'), 'Width' => __('Width'), 'fixed-width' => __('Fixed Width'), 'flexible-width' => __('Flexible Width'), |
188 | 'Features' => __('Features'), 'custom-colors' => __('Custom Colors'), 'custom-header' => __('Custom Header'), 'theme-options' => __('Theme Options'), |
189 | 'threaded-comments' => __('Threaded Comments'), 'sticky-post' => __('Sticky Post'), 'microformats' => __('Microformats'), |
190 | 'Subject' => __('Subject'), 'holiday' => __('Holiday'), 'photoblogging' => __('Photoblogging'), 'seasonal' => __('Seasonal'), |
191 | ); |
192 | |
193 | foreach ( (array) $feature_list as $feature_name => $features ) { |
194 | if ( isset($trans[$feature_name]) ) |
195 | $feature_name = $trans[$feature_name]; |
196 | $feature_name = esc_html( $feature_name ); |
197 | echo '<div class="feature-name">' . $feature_name . '</div>'; |
198 | |
199 | echo '<ol style="float: left; width: 725px;" class="feature-group">'; |
200 | foreach ( $features as $feature ) { |
201 | $feature_name = $feature; |
202 | if ( isset($trans[$feature]) ) |
203 | $feature_name = $trans[$feature]; |
204 | $feature_name = esc_html( $feature_name ); |
205 | $feature = esc_attr($feature); |
206 | ?> |
207 | |
208 | <li> |
209 | <input type="checkbox" name="features[<?php echo $feature; ?>]" id="feature-id-<?php echo $feature; ?>" value="<?php echo $feature; ?>" /> | //Cross Site Scripting
|
210 | <label for="feature-id-<?php echo $feature; ?>"><?php echo $feature_name; ?></label> | //Cross Site Scripting
|
211 | </li> |
212 | |
213 | <?php } ?> |
214 | </ol> |
215 | <br class="clear" /> |
216 | <?php |
217 | } ?> |
218 | |
219 | </div> |
220 | <br class="clear" /> |
221 | <p><input type="submit" name="search" value="<?php esc_attr_e('Find Themes'); ?>" class="button" /></p> |
222 | </form> |
223 | <?php |
224 | } |
225 | |
226 | add_action('install_themes_featured', 'install_themes_featured', 10, 1); |
227 | /** |
228 | * Display featured themes. |
229 | * |
230 | * @since 2.8.0 |
231 | * |
232 | * @param string $page |
233 | */ |
234 | function install_themes_featured($page = 1) { |
235 | global $theme_field_defaults; |
236 | $args = array('browse' => 'featured', 'page' => $page, 'fields' => $theme_field_defaults); |
237 | $api = themes_api('query_themes', $args); |
238 | if ( is_wp_error($api) ) |
239 | wp_die($api); |
240 | display_themes($api->themes, $api->info['page'], $api->info['pages']); |
241 | } |
242 | |
243 | add_action('install_themes_new', 'install_themes_new', 10, 1); |
244 | /** |
245 | * Display new themes/ |
246 | * |
247 | * @since 2.8.0 |
248 | * |
249 | * @param string $page |
250 | */ |
251 | function install_themes_new($page = 1) { |
252 | global $theme_field_defaults; |
253 | $args = array('browse' => 'new', 'page' => $page, 'fields' => $theme_field_defaults); |
254 | $api = themes_api('query_themes', $args); |
255 | if ( is_wp_error($api) ) |
256 | wp_die($api); |
257 | display_themes($api->themes, $api->info['page'], $api->info['pages']); |
258 | } |
259 | |
260 | add_action('install_themes_updated', 'install_themes_updated', 10, 1); |
261 | /** |
262 | * Display recently updated themes. |
263 | * |
264 | * @since 2.8.0 |
265 | * |
266 | * @param string $page |
267 | */ |
268 | function install_themes_updated($page = 1) { |
269 | global $theme_field_defaults; |
270 | $args = array('browse' => 'updated', 'page' => $page, 'fields' => $theme_field_defaults); |
271 | $api = themes_api('query_themes', $args); |
272 | display_themes($api->themes, $api->info['page'], $api->info['pages']); |
273 | } |
274 | |
275 | add_action('install_themes_upload', 'install_themes_upload', 10, 1); |
276 | function install_themes_upload($page = 1) { |
277 | ?> |
278 | <h4><?php _e('Install a theme in .zip format') ?></h4> |
279 | <p class="install-help"><?php _e('If you have a theme in a .zip format, you may install it by uploading it here.') ?></p> |
280 | <form method="post" enctype="multipart/form-data" action="<?php echo admin_url('update.php?action=upload-theme') ?>"> |
281 | <?php wp_nonce_field( 'theme-upload') ?> |
282 | <input type="file" name="themezip" /> |
283 | <input type="submit" |
284 | class="button" value="<?php esc_attr_e('Install Now') ?>" /> |
285 | </form> |
286 | <?php |
287 | } |
288 | |
289 | function display_theme($theme, $actions = null, $show_details = true) { |
290 | global $themes_allowedtags; |
291 | |
292 | if ( empty($theme) ) |
293 | return; |
294 | |
295 | $name = wp_kses($theme->name, $themes_allowedtags); |
296 | $desc = wp_kses($theme->description, $themes_allowedtags); |
297 | //if ( strlen($desc) > 30 ) |
298 | // $desc = substr($desc, 0, 15) . '<span class="dots">...</span><span>' . substr($desc, -15) . '</span>'; |
299 | |
300 | $preview_link = $theme->preview_url . '?TB_iframe=true&width=600&height=400'; |
301 | if ( !is_array($actions) ) { |
302 | $actions = array(); |
303 | $actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&theme=' . $theme->slug . |
304 | '&TB_iframe=true&tbWidth=500&tbHeight=385') . '" class="thickbox thickbox-preview onclick" title="' . esc_attr(sprintf(__('Install “%s”'), $name)) . '">' . __('Install') . '</a>'; |
305 | $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . esc_attr(sprintf(__('Preview “%s”'), $name)) . '">' . __('Preview') . '</a>'; |
306 | $actions = apply_filters('theme_install_action_links', $actions, $theme); |
307 | } |
308 | |
309 | $actions = implode ( ' | ', $actions ); |
310 | ?> |
311 | <a class='thickbox thickbox-preview screenshot' |
312 | href='<?php echo esc_url($preview_link); ?>' |
313 | title='<?php echo esc_attr(sprintf(__('Preview “%s”'), $name)); ?>'> |
314 | <img src='<?php echo esc_url($theme->screenshot_url); ?>' width='150' /> |
315 | </a> |
316 | <h3><?php echo $name ?></h3> |
317 | <span class='action-links'><?php echo $actions ?></span> |
318 | <p><?php echo $desc ?></p> |
319 | <?php if ( $show_details ) { ?> |
320 | <a href="#theme_detail" class="theme-detail hide-if-no-js" tabindex='4'><?php _e('Details') ?></a> |
321 | <div class="themedetaildiv hide-if-js"> |
322 | <p><strong><?php _e('Version:') ?></strong> <?php echo wp_kses($theme->version, $themes_allowedtags) ?></p> |
323 | <p><strong><?php _e('Author:') ?></strong> <?php echo wp_kses($theme->author, $themes_allowedtags) ?></p> |
324 | <?php if ( ! empty($theme->last_updated) ) : ?> |
325 | <p><strong><?php _e('Last Updated:') ?></strong> <span title="<?php echo $theme->last_updated ?>"><?php printf( __('%s ago'), human_time_diff(strtotime($theme->last_updated)) ) ?></span></p> |
326 | <?php endif; if ( ! empty($theme->requires) ) : ?> |
327 | <p><strong><?php _e('Requires WordPress Version:') ?></strong> <?php printf(__('%s or higher'), $theme->requires) ?></p> |
328 | <?php endif; if ( ! empty($theme->tested) ) : ?> |
329 | <p><strong><?php _e('Compatible up to:') ?></strong> <?php echo $theme->tested ?></p> |
330 | <?php endif; if ( !empty($theme->downloaded) ) : ?> |
331 | <p><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $theme->downloaded), number_format_i18n($theme->downloaded)) ?></p> |
332 | <?php endif; ?> |
333 | <div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>"> |
334 | <div class="star star-rating" style="width: <?php echo esc_attr($theme->rating) ?>px"></div> |
335 | <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div> |
336 | <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div> |
337 | <div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div> |
338 | <div class="star star2"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('2 stars') ?>" /></div> |
339 | <div class="star star1"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('1 star') ?>" /></div> |
340 | </div> |
341 | </div> |
342 | <?php } |
343 | /* |
344 | object(stdClass)[59] |
345 | public 'name' => string 'Magazine Basic' (length=14) |
346 | public 'slug' => string 'magazine-basic' (length=14) |
347 | public 'version' => string '1.1' (length=3) |
348 | public 'author' => string 'tinkerpriest' (length=12) |
349 | public 'preview_url' => string 'http://wp-themes.com/?magazine-basic' (length=36) |
350 | public 'screenshot_url' => string 'http://wp-themes.com/wp-content/themes/magazine-basic/screenshot.png' (length=68) |
351 | public 'rating' => float 80 |
352 | public 'num_ratings' => int 1 |
353 | public 'homepage' => string 'http://wordpress.org/extend/themes/magazine-basic' (length=49) |
354 | public 'description' => string 'A basic magazine style layout with a fully customizable layout through a backend interface. Designed by <a href="http://bavotasan.com">c.bavota</a> of <a href="http://tinkerpriestmedia.com">Tinker Priest Media</a>.' (length=214) |
355 | public 'download_link' => string 'http://wordpress.org/extend/themes/download/magazine-basic.1.1.zip' (length=66) |
356 | */ |
357 | } |
358 | |
359 | /** |
360 | * Display theme content based on theme list. |
361 | * |
362 | * @since 2.8.0 |
363 | * |
364 | * @param array $themes List of themes. |
365 | * @param string $page |
366 | * @param int $totalpages Number of pages. |
367 | */ |
368 | function display_themes($themes, $page = 1, $totalpages = 1) { |
369 | $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : ''; |
370 | $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : ''; |
371 | ?> |
372 | <div class="tablenav"> |
373 | <div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div> |
374 | <?php |
375 | $url = esc_url($_SERVER['REQUEST_URI']); |
376 | if ( ! empty($term) ) |
377 | $url = add_query_arg('s', $term, $url); |
378 | if ( ! empty($type) ) |
379 | $url = add_query_arg('type', $type, $url); |
380 | |
381 | $page_links = paginate_links( array( |
382 | 'base' => add_query_arg('paged', '%#%', $url), |
383 | 'format' => '', |
384 | 'prev_text' => __('«'), |
385 | 'next_text' => __('»'), |
386 | 'total' => $totalpages, |
387 | 'current' => $page |
388 | )); |
389 | |
390 | if ( $page_links ) |
391 | echo "\t\t<div class='tablenav-pages'>$page_links</div>"; |
392 | ?> |
393 | </div> |
394 | <br class="clear" /> |
395 | <?php |
396 | if ( empty($themes) ) { |
397 | _e('No themes found'); |
398 | return; |
399 | } |
400 | ?> |
401 | <table id="availablethemes" cellspacing="0" cellpadding="0"> |
402 | <?php |
403 | $rows = ceil(count($themes) / 3); |
404 | $table = array(); |
405 | $theme_keys = array_keys($themes); |
406 | for ( $row = 1; $row <= $rows; $row++ ) |
407 | for ( $col = 1; $col <= 3; $col++ ) |
408 | $table[$row][$col] = array_shift($theme_keys); |
409 | |
410 | foreach ( $table as $row => $cols ) { |
411 | ?> |
412 | <tr> |
413 | <?php |
414 | |
415 | foreach ( $cols as $col => $theme_index ) { |
416 | $class = array('available-theme'); |
417 | if ( $row == 1 ) $class[] = 'top'; |
418 | if ( $col == 1 ) $class[] = 'left'; |
419 | if ( $row == $rows ) $class[] = 'bottom'; |
420 | if ( $col == 3 ) $class[] = 'right'; |
421 | ?> |
422 | <td class="<?php echo join(' ', $class); ?>"><?php |
423 | if ( isset($themes[$theme_index]) ) |
424 | display_theme($themes[$theme_index]); |
425 | ?></td> |
426 | <?php } // end foreach $cols ?> |
427 | </tr> |
428 | <?php } // end foreach $table ?> |
429 | </table> |
430 | |
431 | <div class="tablenav"><?php if ( $page_links ) |
432 | echo "\t\t<div class='tablenav-pages'>$page_links</div>"; ?> <br |
433 | class="clear" /> |
434 | </div> |
435 | |
436 | <?php |
437 | } |
438 | |
439 | add_action('install_themes_pre_theme-information', 'install_theme_information'); |
440 | |
441 | /** |
442 | * Display theme information in dialog box form. |
443 | * |
444 | * @since 2.8.0 |
445 | */ |
446 | function install_theme_information() { |
447 | //TODO: This function needs a LOT of UI work :) |
448 | global $tab, $themes_allowedtags; |
449 | |
450 | $api = themes_api('theme_information', array('slug' => stripslashes( $_REQUEST['theme'] ) )); |
451 | |
452 | if ( is_wp_error($api) ) |
453 | wp_die($api); |
454 | |
455 | // Sanitize HTML |
456 | foreach ( (array)$api->sections as $section_name => $content ) |
457 | $api->sections[$section_name] = wp_kses($content, $themes_allowedtags); |
458 | |
459 | foreach ( array('version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug') as $key ) { |
460 | if ( isset($api->$key) ) |
461 | $api->$key = wp_kses($api->$key, $themes_allowedtags); |
462 | } |
463 | |
464 | iframe_header( __('Theme Install') ); |
465 | |
466 | if ( empty($api->download_link) ) { |
467 | echo '<div id="message" class="error"><p>' . __('<strong>Error:</strong> This theme is currently not available. Please try again later.') . '</p></div>'; |
468 | iframe_footer(); |
469 | exit; |
470 | } |
471 | |
472 | if ( !empty($api->tested) && version_compare($GLOBALS['wp_version'], $api->tested, '>') ) |
473 | echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This theme has <strong>not been tested</strong> with your current version of WordPress.') . '</p></div>'; |
474 | else if ( !empty($api->requires) && version_compare($GLOBALS['wp_version'], $api->requires, '<') ) |
475 | echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This theme has not been marked as <strong>compatible</strong> with your version of WordPress.') . '</p></div>'; |
476 | |
477 | // Default to a "new" theme |
478 | $type = 'install'; |
479 | // Check to see if this theme is known to be installed, and has an update awaiting it. |
480 | $update_themes = get_site_transient('update_themes'); |
481 | if ( is_object($update_themes) && isset($update_themes->response) ) { |
482 | foreach ( (array)$update_themes->response as $theme_slug => $theme_info ) { |
483 | if ( $theme_slug === $api->slug ) { |
484 | $type = 'update_available'; |
485 | $update_file = $theme_slug; | //Arbitrary file disclosing
|
486 | break; |
487 | } |
488 | } |
489 | } |
490 | |
491 | $themes = get_themes(); |
492 | foreach ( $themes as $this_theme ) { |
493 | if ( is_array($this_theme) && $this_theme['Stylesheet'] == $api->slug ) { |
494 | if ( $this_theme['Version'] == $api->version ) { |
495 | $type = 'latest_installed'; |
496 | } elseif ( $this_theme['Version'] > $api->version ) { |
497 | $type = 'newer_installed'; |
498 | $newer_version = $this_theme['Version']; |
499 | } |
500 | break; |
501 | } |
502 | } |
503 | ?> |
504 | |
505 | <div class='available-theme'> |
506 | <img src='<?php echo esc_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" /> |
507 | <h3><?php echo $api->name; ?></h3> | //Cross Site Scripting
|
508 | <p><?php printf(__('by %s'), $api->author); ?></p> |
509 | <p><?php printf(__('Version: %s'), $api->version); ?></p> |
510 | |
511 | <?php |
512 | $buttons = '<a class="button" id="cancel" href="#" onclick="tb_close();return false;">' . __('Cancel') . '</a> '; |
513 | |
514 | switch ( $type ) { |
515 | default: |
516 | case 'install': |
517 | if ( current_user_can('install_themes') ) : |
518 | $buttons .= '<a class="button-primary" id="install" href="' . wp_nonce_url(admin_url('update.php?action=install-theme&theme=' . $api->slug), 'install-theme_' . $api->slug) . '" target="_parent">' . __('Install Now') . '</a>'; |
519 | endif; |
520 | break; |
521 | case 'update_available': |
522 | if ( current_user_can('update_themes') ) : |
523 | $buttons .= '<a class="button-primary" id="install" href="' . wp_nonce_url(admin_url('update.php?action=upgrade-theme&theme=' . $update_file), 'upgrade-theme_' . $update_file) . '" target="_parent">' . __('Install Update Now') . '</a>'; |
524 | endif; |
525 | break; |
526 | case 'newer_installed': |
527 | if ( current_user_can('install_themes') || current_user_can('update_themes') ) : |
528 | ?><p><?php printf(__('Newer version (%s) is installed.'), $newer_version); ?></p><?php |
529 | endif; |
530 | break; |
531 | case 'latest_installed': |
532 | if ( current_user_can('install_themes') || current_user_can('update_themes') ) : |
533 | ?><p><?php _e('This version is already installed.'); ?></p><?php |
534 | endif; |
535 | break; |
536 | } ?> |
537 | <br class="clear" /> |
538 | </div> |
539 | |
540 | <p class="action-button"> |
541 | <?php echo $buttons; ?> | //Cross Site Scripting
|
542 | <br class="clear" /> |
543 | </p> |
544 | |
545 | <?php |
546 | iframe_footer(); |
547 | exit; |
548 | } |
549 | |