/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
#CodeDescriptions
1<?php
2/**
3 * WordPress Theme Install Administration API
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9$themes_allowedtags = array('a' => array('href' => array(), 'title' => array(), 'target' => array()),
10 'abbr' => array('title' => array()), 'acronym' => array('title' => array()),
11 'code' => array(), 'pre' => array(), 'em' => array(), 'strong' => array(),
12 'div' => array(), 'p' => array(), 'ul' => array(), 'ol' => array(), 'li' => array(),
13 'h1' => array(), 'h2' => array(), 'h3' => array(), 'h4' => array(), 'h5' => array(), 'h6' => array(),
14 'img' => array('src' => array(), 'class' => array(), 'alt' => array())
15);
16
17$theme_field_defaults = array( 'description' => true, 'sections' => false, 'tested' => true, 'requires' => true,
18 'rating' => true, 'downloaded' => true, 'downloadlink' => true, 'last_updated' => true, 'homepage' => true,
19 'tags' => true, 'num_ratings' => true
20);
21
22
23/**
24 * Retrieve theme installer pages from WordPress Themes API.
25 *
26 * It is possible for a theme to override the Themes API result with three
27 * filters. Assume this is for themes, which can extend on the Theme Info to
28 * offer more choices. This is very powerful and must be used with care, when
29 * overridding the filters.
30 *
31 * The first filter, 'themes_api_args', is for the args and gives the action as
32 * the second parameter. The hook for 'themes_api_args' must ensure that an
33 * object is returned.
34 *
35 * The second filter, 'themes_api', is the result that would be returned.
36 *
37 * @since 2.8.0
38 *
39 * @param string $action
40 * @param array|object $args Optional. Arguments to serialize for the Theme Info API.
41 * @return mixed
42 */
43function themes_api($action, $args = null) {
44
45 if ( is_array($args) )
46 $args = (object)$args;
47
48 if ( !isset($args->per_page) )
49 $args->per_page = 24;
50
51 $args = apply_filters('themes_api_args', $args, $action); //NOTE: Ensure that an object is returned via this filter.
52 $res = apply_filters('themes_api', false, $action, $args); //NOTE: Allows a theme to completely override the builtin WordPress.org API.
53
54 if ( ! $res ) {
55 $request = wp_remote_post('http://api.wordpress.org/themes/info/1.0/', array( 'body' => array('action' => $action, 'request' => serialize($args))) );
56 if ( is_wp_error($request) ) {
57 $res = new WP_Error('themes_api_failed', __('An Unexpected HTTP Error occured during the API request.</p> <p><a href="?" onclick="document.location.reload(); return false;">Try again</a>'), $request->get_error_message() );
58 } else {
59 $res = unserialize($request['body']);//Possible Control Flow
60 if ( ! $res )
61 $res = new WP_Error('themes_api_failed', __('An unknown error occured'), $request['body']);
62 }
63 }
64 //var_dump(array($args, $res));
65 return apply_filters('themes_api_result', $res, $action, $args);
66}
67
68/**
69 * Retrieve list of WordPress theme features (aka theme tags)
70 *
71 * @since 2.8.0
72 *
73 * @return array
74 */
75function install_themes_feature_list( ) {
76 if ( !$cache = get_transient( 'wporg_theme_feature_list' ) )
77 set_transient( 'wporg_theme_feature_list', array( ), 10800);
78
79 if ( $cache )
80 return $cache;
81
82 $feature_list = themes_api( 'feature_list', array( ) );
83 if ( is_wp_error( $feature_list ) )
84 return $features;
85
86 set_transient( 'wporg_theme_feature_list', $feature_list, 10800 );
87
88 return $feature_list;
89}
90
91add_action('install_themes_search', 'install_theme_search', 10, 1);
92/**
93 * Display theme search results
94 *
95 * @since 2.8.0
96 *
97 * @param string $page
98 */
99function install_theme_search($page) {
100 global $theme_field_defaults;
101
102 $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
103 $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
104
105 $args = array();
106
107 switch( $type ){
108 case 'tag':
109 $terms = explode(',', $term);
110 $terms = array_map('trim', $terms);
111 $terms = array_map('sanitize_title_with_dashes', $terms);
112 $args['tag'] = $terms;
113 break;
114 case 'term':
115 $args['search'] = $term;
116 break;
117 case 'author':
118 $args['author'] = $term;
119 break;
120 }
121
122 $args['page'] = $page;
123 $args['fields'] = $theme_field_defaults;
124
125 if ( !empty( $_POST['features'] ) ) {
126 $terms = $_POST['features'];
127 $terms = array_map( 'trim', $terms );
128 $terms = array_map( 'sanitize_title_with_dashes', $terms );
129 $args['tag'] = $terms;
130 $_REQUEST['s'] = implode( ',', $terms );
131 $_REQUEST['type'] = 'tag';
132 }
133
134 $api = themes_api('query_themes', $args);
135
136 if ( is_wp_error($api) )
137 wp_die($api);
138
139 add_action('install_themes_table_header', 'install_theme_search_form');
140
141 display_themes($api->themes, $api->info['page'], $api->info['pages']);
142}
143
144/**
145 * Display search form for searching themes.
146 *
147 * @since 2.8.0
148 */
149function install_theme_search_form() {
150 $type = isset( $_REQUEST['type'] ) ? stripslashes( $_REQUEST['type'] ) : '';
151 $term = isset( $_REQUEST['s'] ) ? stripslashes( $_REQUEST['s'] ) : '';
152 ?>
153<p class="install-help"><?php _e('Search for themes by keyword, author, or tag.') ?></p>
154
155<form id="search-themes" method="post" action="<?php echo admin_url( 'theme-install.php?tab=search' ); ?>">
156 <select name="type" id="typeselector">
157 <option value="term" <?php selected('term', $type) ?>><?php _e('Term'); ?></option>
158 <option value="author" <?php selected('author', $type) ?>><?php _e('Author'); ?></option>
159 <option value="tag" <?php selected('tag', $type) ?>><?php _ex('Tag', 'Theme Installer'); ?></option>
160 </select>
161 <input type="text" name="s" size="30" value="<?php echo esc_attr($term) ?>" />
162 <input type="submit" name="search" value="<?php esc_attr_e('Search'); ?>" class="button" />
163</form>
164<?php
165}
166
167add_action('install_themes_dashboard', 'install_themes_dashboard');
168/**
169 * Display tags filter for themes.
170 *
171 * @since 2.8.0
172 */
173function install_themes_dashboard() {
174 install_theme_search_form();
175?>
176<h4><?php _e('Feature Filter') ?></h4>
177<form method="post" action="<?php echo admin_url( 'theme-install.php?tab=search' ); ?>">
178<p class="install-help"><?php _e('Find a theme based on specific features') ?></p>
179 <?php
180 $feature_list = install_themes_feature_list( );
181 echo '<div class="feature-filter">';
182 $trans = array ('Colors' => __('Colors'), 'black' => __('Black'), 'blue' => __('Blue'), 'brown' => __('Brown'),
183 'green' => __('Green'), 'orange' => __('Orange'), 'pink' => __('Pink'), 'purple' => __('Purple'), 'red' => __('Red'),
184 'silver' => __('Silver'), 'tan' => __('Tan'), 'white' => __('White'), 'yellow' => __('Yellow'), 'dark' => __('Dark'),
185 'light' => __('Light'), 'Columns' => __('Columns'), 'one-column' => __('One Column'), 'two-columns' => __('Two Columns'),
186 'three-columns' => __('Three Columns'), 'four-columns' => __('Four Columns'), 'left-sidebar' => __('Left Sidebar'),
187 'right-sidebar' => __('Right Sidebar'), 'Width' => __('Width'), 'fixed-width' => __('Fixed Width'), 'flexible-width' => __('Flexible Width'),
188 'Features' => __('Features'), 'custom-colors' => __('Custom Colors'), 'custom-header' => __('Custom Header'), 'theme-options' => __('Theme Options'),
189 'threaded-comments' => __('Threaded Comments'), 'sticky-post' => __('Sticky Post'), 'microformats' => __('Microformats'),
190 'Subject' => __('Subject'), 'holiday' => __('Holiday'), 'photoblogging' => __('Photoblogging'), 'seasonal' => __('Seasonal'),
191 );
192
193 foreach ( (array) $feature_list as $feature_name => $features ) {
194 if ( isset($trans[$feature_name]) )
195 $feature_name = $trans[$feature_name];
196 $feature_name = esc_html( $feature_name );
197 echo '<div class="feature-name">' . $feature_name . '</div>';
198
199 echo '<ol style="float: left; width: 725px;" class="feature-group">';
200 foreach ( $features as $feature ) {
201 $feature_name = $feature;
202 if ( isset($trans[$feature]) )
203 $feature_name = $trans[$feature];
204 $feature_name = esc_html( $feature_name );
205 $feature = esc_attr($feature);
206?>
207
208<li>
209 <input type="checkbox" name="features[<?php echo $feature; ?>]" id="feature-id-<?php echo $feature; ?>" value="<?php echo $feature; ?>" />//Cross Site Scripting
210 <label for="feature-id-<?php echo $feature; ?>"><?php echo $feature_name; ?></label>//Cross Site Scripting
211</li>
212
213<?php } ?>
214</ol>
215<br class="clear" />
216<?php
217 } ?>
218
219</div>
220<br class="clear" />
221<p><input type="submit" name="search" value="<?php esc_attr_e('Find Themes'); ?>" class="button" /></p>
222</form>
223<?php
224}
225
226add_action('install_themes_featured', 'install_themes_featured', 10, 1);
227/**
228 * Display featured themes.
229 *
230 * @since 2.8.0
231 *
232 * @param string $page
233 */
234function install_themes_featured($page = 1) {
235 global $theme_field_defaults;
236 $args = array('browse' => 'featured', 'page' => $page, 'fields' => $theme_field_defaults);
237 $api = themes_api('query_themes', $args);
238 if ( is_wp_error($api) )
239 wp_die($api);
240 display_themes($api->themes, $api->info['page'], $api->info['pages']);
241}
242
243add_action('install_themes_new', 'install_themes_new', 10, 1);
244/**
245 * Display new themes/
246 *
247 * @since 2.8.0
248 *
249 * @param string $page
250 */
251function install_themes_new($page = 1) {
252 global $theme_field_defaults;
253 $args = array('browse' => 'new', 'page' => $page, 'fields' => $theme_field_defaults);
254 $api = themes_api('query_themes', $args);
255 if ( is_wp_error($api) )
256 wp_die($api);
257 display_themes($api->themes, $api->info['page'], $api->info['pages']);
258}
259
260add_action('install_themes_updated', 'install_themes_updated', 10, 1);
261/**
262 * Display recently updated themes.
263 *
264 * @since 2.8.0
265 *
266 * @param string $page
267 */
268function install_themes_updated($page = 1) {
269 global $theme_field_defaults;
270 $args = array('browse' => 'updated', 'page' => $page, 'fields' => $theme_field_defaults);
271 $api = themes_api('query_themes', $args);
272 display_themes($api->themes, $api->info['page'], $api->info['pages']);
273}
274
275add_action('install_themes_upload', 'install_themes_upload', 10, 1);
276function install_themes_upload($page = 1) {
277?>
278<h4><?php _e('Install a theme in .zip format') ?></h4>
279<p class="install-help"><?php _e('If you have a theme in a .zip format, you may install it by uploading it here.') ?></p>
280<form method="post" enctype="multipart/form-data" action="<?php echo admin_url('update.php?action=upload-theme') ?>">
281 <?php wp_nonce_field( 'theme-upload') ?>
282 <input type="file" name="themezip" />
283 <input type="submit"
284 class="button" value="<?php esc_attr_e('Install Now') ?>" />
285</form>
286 <?php
287}
288
289function display_theme($theme, $actions = null, $show_details = true) {
290 global $themes_allowedtags;
291
292 if ( empty($theme) )
293 return;
294
295 $name = wp_kses($theme->name, $themes_allowedtags);
296 $desc = wp_kses($theme->description, $themes_allowedtags);
297 //if ( strlen($desc) > 30 )
298 // $desc = substr($desc, 0, 15) . '<span class="dots">...</span><span>' . substr($desc, -15) . '</span>';
299
300 $preview_link = $theme->preview_url . '?TB_iframe=true&width=600&height=400';
301 if ( !is_array($actions) ) {
302 $actions = array();
303 $actions[] = '<a href="' . admin_url('theme-install.php?tab=theme-information&theme=' . $theme->slug .
304 '&TB_iframe=true&tbWidth=500&tbHeight=385') . '" class="thickbox thickbox-preview onclick" title="' . esc_attr(sprintf(__('Install “%s”'), $name)) . '">' . __('Install') . '</a>';
305 $actions[] = '<a href="' . $preview_link . '" class="thickbox thickbox-preview onclick previewlink" title="' . esc_attr(sprintf(__('Preview “%s”'), $name)) . '">' . __('Preview') . '</a>';
306 $actions = apply_filters('theme_install_action_links', $actions, $theme);
307 }
308
309 $actions = implode ( ' | ', $actions );
310 ?>
311<a class='thickbox thickbox-preview screenshot'
312 href='<?php echo esc_url($preview_link); ?>'
313 title='<?php echo esc_attr(sprintf(__('Preview “%s”'), $name)); ?>'>
314<img src='<?php echo esc_url($theme->screenshot_url); ?>' width='150' />
315</a>
316<h3><?php echo $name ?></h3>
317<span class='action-links'><?php echo $actions ?></span>
318<p><?php echo $desc ?></p>
319<?php if ( $show_details ) { ?>
320<a href="#theme_detail" class="theme-detail hide-if-no-js" tabindex='4'><?php _e('Details') ?></a>
321<div class="themedetaildiv hide-if-js">
322<p><strong><?php _e('Version:') ?></strong> <?php echo wp_kses($theme->version, $themes_allowedtags) ?></p>
323<p><strong><?php _e('Author:') ?></strong> <?php echo wp_kses($theme->author, $themes_allowedtags) ?></p>
324<?php if ( ! empty($theme->last_updated) ) : ?>
325<p><strong><?php _e('Last Updated:') ?></strong> <span title="<?php echo $theme->last_updated ?>"><?php printf( __('%s ago'), human_time_diff(strtotime($theme->last_updated)) ) ?></span></p>
326<?php endif; if ( ! empty($theme->requires) ) : ?>
327<p><strong><?php _e('Requires WordPress Version:') ?></strong> <?php printf(__('%s or higher'), $theme->requires) ?></p>
328<?php endif; if ( ! empty($theme->tested) ) : ?>
329<p><strong><?php _e('Compatible up to:') ?></strong> <?php echo $theme->tested ?></p>
330<?php endif; if ( !empty($theme->downloaded) ) : ?>
331<p><strong><?php _e('Downloaded:') ?></strong> <?php printf(_n('%s time', '%s times', $theme->downloaded), number_format_i18n($theme->downloaded)) ?></p>
332<?php endif; ?>
333<div class="star-holder" title="<?php printf(_n('(based on %s rating)', '(based on %s ratings)', $theme->num_ratings), number_format_i18n($theme->num_ratings)) ?>">
334 <div class="star star-rating" style="width: <?php echo esc_attr($theme->rating) ?>px"></div>
335 <div class="star star5"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('5 stars') ?>" /></div>
336 <div class="star star4"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('4 stars') ?>" /></div>
337 <div class="star star3"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('3 stars') ?>" /></div>
338 <div class="star star2"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('2 stars') ?>" /></div>
339 <div class="star star1"><img src="<?php echo admin_url('images/star.gif'); ?>" alt="<?php _e('1 star') ?>" /></div>
340</div>
341</div>
342<?php }
343 /*
344 object(stdClass)[59]
345 public 'name' => string 'Magazine Basic' (length=14)
346 public 'slug' => string 'magazine-basic' (length=14)
347 public 'version' => string '1.1' (length=3)
348 public 'author' => string 'tinkerpriest' (length=12)
349 public 'preview_url' => string 'http://wp-themes.com/?magazine-basic' (length=36)
350 public 'screenshot_url' => string 'http://wp-themes.com/wp-content/themes/magazine-basic/screenshot.png' (length=68)
351 public 'rating' => float 80
352 public 'num_ratings' => int 1
353 public 'homepage' => string 'http://wordpress.org/extend/themes/magazine-basic' (length=49)
354 public 'description' => string 'A basic magazine style layout with a fully customizable layout through a backend interface. Designed by <a href="http://bavotasan.com">c.bavota</a> of <a href="http://tinkerpriestmedia.com">Tinker Priest Media</a>.' (length=214)
355 public 'download_link' => string 'http://wordpress.org/extend/themes/download/magazine-basic.1.1.zip' (length=66)
356 */
357}
358
359/**
360 * Display theme content based on theme list.
361 *
362 * @since 2.8.0
363 *
364 * @param array $themes List of themes.
365 * @param string $page
366 * @param int $totalpages Number of pages.
367 */
368function display_themes($themes, $page = 1, $totalpages = 1) {
369 $type = isset($_REQUEST['type']) ? stripslashes( $_REQUEST['type'] ) : '';
370 $term = isset($_REQUEST['s']) ? stripslashes( $_REQUEST['s'] ) : '';
371 ?>
372<div class="tablenav">
373<div class="alignleft actions"><?php do_action('install_themes_table_header'); ?></div>
374 <?php
375 $url = esc_url($_SERVER['REQUEST_URI']);
376 if ( ! empty($term) )
377 $url = add_query_arg('s', $term, $url);
378 if ( ! empty($type) )
379 $url = add_query_arg('type', $type, $url);
380
381 $page_links = paginate_links( array(
382 'base' => add_query_arg('paged', '%#%', $url),
383 'format' => '',
384 'prev_text' => __('«'),
385 'next_text' => __('»'),
386 'total' => $totalpages,
387 'current' => $page
388 ));
389
390 if ( $page_links )
391 echo "\t\t<div class='tablenav-pages'>$page_links</div>";
392 ?>
393</div>
394<br class="clear" />
395<?php
396 if ( empty($themes) ) {
397 _e('No themes found');
398 return;
399 }
400?>
401<table id="availablethemes" cellspacing="0" cellpadding="0">
402<?php
403 $rows = ceil(count($themes) / 3);
404 $table = array();
405 $theme_keys = array_keys($themes);
406 for ( $row = 1; $row <= $rows; $row++ )
407 for ( $col = 1; $col <= 3; $col++ )
408 $table[$row][$col] = array_shift($theme_keys);
409
410 foreach ( $table as $row => $cols ) {
411 ?>
412 <tr>
413 <?php
414
415 foreach ( $cols as $col => $theme_index ) {
416 $class = array('available-theme');
417 if ( $row == 1 ) $class[] = 'top';
418 if ( $col == 1 ) $class[] = 'left';
419 if ( $row == $rows ) $class[] = 'bottom';
420 if ( $col == 3 ) $class[] = 'right';
421 ?>
422 <td class="<?php echo join(' ', $class); ?>"><?php
423 if ( isset($themes[$theme_index]) )
424 display_theme($themes[$theme_index]);
425 ?></td>
426 <?php } // end foreach $cols ?>
427 </tr>
428 <?php } // end foreach $table ?>
429</table>
430
431<div class="tablenav"><?php if ( $page_links )
432echo "\t\t<div class='tablenav-pages'>$page_links</div>"; ?> <br
433 class="clear" />
434</div>
435
436<?php
437}
438
439add_action('install_themes_pre_theme-information', 'install_theme_information');
440
441/**
442 * Display theme information in dialog box form.
443 *
444 * @since 2.8.0
445 */
446function install_theme_information() {
447 //TODO: This function needs a LOT of UI work :)
448 global $tab, $themes_allowedtags;
449
450 $api = themes_api('theme_information', array('slug' => stripslashes( $_REQUEST['theme'] ) ));
451
452 if ( is_wp_error($api) )
453 wp_die($api);
454
455 // Sanitize HTML
456 foreach ( (array)$api->sections as $section_name => $content )
457 $api->sections[$section_name] = wp_kses($content, $themes_allowedtags);
458
459 foreach ( array('version', 'author', 'requires', 'tested', 'homepage', 'downloaded', 'slug') as $key ) {
460 if ( isset($api->$key) )
461 $api->$key = wp_kses($api->$key, $themes_allowedtags);
462 }
463
464 iframe_header( __('Theme Install') );
465
466 if ( empty($api->download_link) ) {
467 echo '<div id="message" class="error"><p>' . __('<strong>Error:</strong> This theme is currently not available. Please try again later.') . '</p></div>';
468 iframe_footer();
469 exit;
470 }
471
472 if ( !empty($api->tested) && version_compare($GLOBALS['wp_version'], $api->tested, '>') )
473 echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This theme has <strong>not been tested</strong> with your current version of WordPress.') . '</p></div>';
474 else if ( !empty($api->requires) && version_compare($GLOBALS['wp_version'], $api->requires, '<') )
475 echo '<div class="updated"><p>' . __('<strong>Warning:</strong> This theme has not been marked as <strong>compatible</strong> with your version of WordPress.') . '</p></div>';
476
477 // Default to a "new" theme
478 $type = 'install';
479 // Check to see if this theme is known to be installed, and has an update awaiting it.
480 $update_themes = get_site_transient('update_themes');
481 if ( is_object($update_themes) && isset($update_themes->response) ) {
482 foreach ( (array)$update_themes->response as $theme_slug => $theme_info ) {
483 if ( $theme_slug === $api->slug ) {
484 $type = 'update_available';
485 $update_file = $theme_slug;//Arbitrary file disclosing
486 break;
487 }
488 }
489 }
490
491 $themes = get_themes();
492 foreach ( $themes as $this_theme ) {
493 if ( is_array($this_theme) && $this_theme['Stylesheet'] == $api->slug ) {
494 if ( $this_theme['Version'] == $api->version ) {
495 $type = 'latest_installed';
496 } elseif ( $this_theme['Version'] > $api->version ) {
497 $type = 'newer_installed';
498 $newer_version = $this_theme['Version'];
499 }
500 break;
501 }
502 }
503?>
504
505<div class='available-theme'>
506<img src='<?php echo esc_url($api->screenshot_url) ?>' width='300' class="theme-preview-img" />
507<h3><?php echo $api->name; ?></h3>//Cross Site Scripting
508<p><?php printf(__('by %s'), $api->author); ?></p>
509<p><?php printf(__('Version: %s'), $api->version); ?></p>
510
511<?php
512$buttons = '<a class="button" id="cancel" href="#" onclick="tb_close();return false;">' . __('Cancel') . '</a> ';
513
514switch ( $type ) {
515default:
516case 'install':
517 if ( current_user_can('install_themes') ) :
518 $buttons .= '<a class="button-primary" id="install" href="' . wp_nonce_url(admin_url('update.php?action=install-theme&theme=' . $api->slug), 'install-theme_' . $api->slug) . '" target="_parent">' . __('Install Now') . '</a>';
519 endif;
520 break;
521case 'update_available':
522 if ( current_user_can('update_themes') ) :
523 $buttons .= '<a class="button-primary" id="install" href="' . wp_nonce_url(admin_url('update.php?action=upgrade-theme&theme=' . $update_file), 'upgrade-theme_' . $update_file) . '" target="_parent">' . __('Install Update Now') . '</a>';
524 endif;
525 break;
526case 'newer_installed':
527 if ( current_user_can('install_themes') || current_user_can('update_themes') ) :
528 ?><p><?php printf(__('Newer version (%s) is installed.'), $newer_version); ?></p><?php
529 endif;
530 break;
531case 'latest_installed':
532 if ( current_user_can('install_themes') || current_user_can('update_themes') ) :
533 ?><p><?php _e('This version is already installed.'); ?></p><?php
534 endif;
535 break;
536} ?>
537<br class="clear" />
538</div>
539
540<p class="action-button">
541<?php echo $buttons; ?>//Cross Site Scripting
542<br class="clear" />
543</p>
544
545<?php
546 iframe_footer();
547 exit;
548}
549
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
/var/www/wordpress/wp-admin/user-edit.php
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php