1 | <?php |
2 | /** |
3 | * WordPress Administration Template Header |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | @header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); |
10 | if ( ! defined( 'WP_ADMIN' ) ) |
11 | require_once( './admin.php' ); |
12 | |
13 | get_admin_page_title(); |
14 | $title = esc_html( strip_tags( $title ) ); |
15 | wp_user_settings(); |
16 | wp_menu_unfold(); |
17 | ?> |
18 | <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
19 | <html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>> |
20 | <head> |
21 | <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" /> |
22 | <title><?php echo $title; ?> ‹ <?php bloginfo('name') ?> — WordPress</title> | //Cross Site Scripting
|
23 | <?php |
24 | |
25 | wp_admin_css( 'css/global' ); |
26 | wp_admin_css(); |
27 | wp_admin_css( 'css/colors' ); |
28 | wp_admin_css( 'css/ie' ); |
29 | if ( is_multisite() ) |
30 | wp_admin_css( 'css/ms' ); |
31 | wp_enqueue_script('utils'); |
32 | |
33 | $admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix); |
34 | ?> |
35 | <script type="text/javascript"> |
36 | //<![CDATA[ |
37 | addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}}; |
38 | var userSettings = { |
39 | 'url': '<?php echo SITECOOKIEPATH; ?>', |
40 | 'uid': '<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>', | //Cross Site Scripting
|
41 | 'time':'<?php echo time() ?>' |
42 | }, |
43 | ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', |
44 | pagenow = '<?php echo $current_screen->id; ?>', | //Cross Site Scripting
|
45 | typenow = '<?php if ( isset($current_screen->post_type) ) echo $current_screen->post_type; ?>', | //Cross Site Scripting
|
46 | adminpage = '<?php echo $admin_body_class; ?>', | //Cross Site Scripting
|
47 | thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>', |
48 | decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>', |
49 | isRtl = <?php echo (int) is_rtl(); ?>; |
50 | //]]> |
51 | </script> |
52 | <?php |
53 | |
54 | if ( in_array( $pagenow, array('post.php', 'post-new.php') ) ) { |
55 | add_action( 'admin_print_footer_scripts', 'wp_tiny_mce', 25 ); |
56 | wp_enqueue_script('quicktags'); |
57 | } |
58 | |
59 | do_action('admin_enqueue_scripts', $hook_suffix); |
60 | do_action("admin_print_styles-$hook_suffix"); |
61 | do_action('admin_print_styles'); |
62 | do_action("admin_print_scripts-$hook_suffix"); |
63 | do_action('admin_print_scripts'); |
64 | do_action("admin_head-$hook_suffix"); |
65 | do_action('admin_head'); |
66 | |
67 | if ( get_user_setting('mfold') == 'f' ) |
68 | $admin_body_class .= ' folded'; |
69 | |
70 | if ( $is_iphone ) { ?> |
71 | <style type="text/css">.row-actions{visibility:visible;}</style> |
72 | <?php } ?> |
73 | </head> |
74 | <body class="wp-admin no-js <?php echo apply_filters( 'admin_body_class', '' ) . " $admin_body_class"; ?>"> |
75 | <script type="text/javascript"> |
76 | //<![CDATA[ |
77 | (function(){ |
78 | var c = document.body.className; |
79 | c = c.replace(/no-js/, 'js'); |
80 | document.body.className = c; |
81 | })(); |
82 | //]]> |
83 | </script> |
84 | |
85 | <div id="wpwrap"> |
86 | <div id="wpcontent"> |
87 | <div id="wphead"> |
88 | <?php |
89 | $blog_name = get_bloginfo('name', 'display'); |
90 | if ( '' == $blog_name ) { |
91 | $blog_name = ' '; |
92 | } else { |
93 | $blog_name_excerpt = wp_html_excerpt($blog_name, 40); |
94 | if ( $blog_name != $blog_name_excerpt ) |
95 | $blog_name_excerpt = trim($blog_name_excerpt) . '…'; |
96 | $blog_name = $blog_name_excerpt; |
97 | unset($blog_name_excerpt); |
98 | } |
99 | $title_class = ''; |
100 | if ( function_exists('mb_strlen') ) { |
101 | if ( mb_strlen($blog_name, 'UTF-8') > 30 ) |
102 | $title_class = 'class="long-title"'; |
103 | } else { |
104 | if ( strlen($blog_name) > 30 ) |
105 | $title_class = 'class="long-title"'; |
106 | } |
107 | ?> |
108 | |
109 | <img id="header-logo" src="<?php echo esc_url( includes_url( 'images/blank.gif' ) ); ?>" alt="" width="32" height="32" /> |
110 | <h1 id="site-heading" <?php echo $title_class ?>> |
111 | <a href="<?php echo trailingslashit( get_bloginfo( 'url' ) ); ?>" title="<?php esc_attr_e('Visit Site') ?>"> |
112 | <span id="site-title"><?php echo $blog_name ?></span> |
113 | </a> |
114 | <?php if ( current_user_can('manage_options') && '1' != get_option('blog_public') ): ?> |
115 | <a id="privacy-on-link" href="options-privacy.php" title="<?php echo esc_attr( apply_filters('privacy_on_link_title', __('Your site is asking search engines not to index its content') ) ); ?>"><?php echo apply_filters('privacy_on_link_text', __('Search Engines Blocked') ); ?></a> |
116 | <?php endif; ?> |
117 | </h1> |
118 | |
119 | <?php do_action('in_admin_header'); ?> |
120 | |
121 | <div id="wphead-info"> |
122 | <div id="user_info"> |
123 | <p><?php |
124 | $links = array(); |
125 | $links[5] = sprintf(__('Howdy, <a href="%1$s" title="Edit your profile">%2$s</a>'), 'profile.php', $user_identity); | //Arbitrary file disclosing
|
126 | $links[15] = '| <a href="' . wp_logout_url() . '" title="' . __('Log Out') . '">' . __('Log Out') . '</a>'; |
127 | |
128 | $links = apply_filters('admin_user_info_links', $links, $current_user); |
129 | ksort($links); |
130 | |
131 | echo implode(' ', $links); |
132 | ?></p> |
133 | </div> |
134 | |
135 | <?php favorite_actions($current_screen); ?> |
136 | </div> |
137 | </div> |
138 | |
139 | <div id="wpbody"> |
140 | <?php |
141 | unset($title_class, $blog_name); |
142 | |
143 | require(ABSPATH . 'wp-admin/menu-header.php'); |
144 | |
145 | $current_screen->parent_file = $parent_file; | //Arbitrary file disclosing
|
146 | $current_screen->parent_base = preg_replace('/\?.*$/', '', $parent_file); |
147 | $current_screen->parent_base = str_replace('.php', '', $current_screen->parent_base); |
148 | ?> |
149 | |
150 | <div id="wpbody-content"> |
151 | <?php |
152 | screen_meta($current_screen); |
153 | |
154 | do_action('admin_notices'); |
155 | |
156 | if ( $parent_file == 'options-general.php' ) |
157 | require(ABSPATH . 'wp-admin/options-head.php'); |
158 | |