function install_plugins_upload() {
?>
<div class="upload-plugin">
<p class="install-help"><?php _e( 'If you have a plugin in a .zip format, you may install or update it by uploading it here.' ); ?></p>
<form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo esc_url( self_admin_url( 'update.php?action=upload-plugin' ) ); ?>">
<?php wp_nonce_field( 'plugin-upload' ); ?>
<label class="screen-reader-text" for="pluginzip">
<?php
/* translators: Hidden accessibility text. */
_e( 'Plugin zip file' );
?>
</label>
<input type="file" id="pluginzip" name="pluginzip" accept=".zip" />
<?php submit_button( _x( 'Install Now', 'plugin' ), '', 'install-plugin-submit', false ); ?>
</form>
</div>
<?php
}
/**
* Retrieves or display nonce hidden field for forms.
*
* The nonce field is used to validate that the contents of the form came from
* the location on the current site and not somewhere else. The nonce does not
* offer absolute protection, but should protect against most cases. It is very
* important to use nonce field in forms.
*
* The $action and $name are optional, but if you want to have better security,
* it is strongly suggested to set those two parameters. It is easier to just
* call the function without any parameters, because validation of the nonce
* doesn't require any parameters, but since crackers know what the default is
* it won't be difficult for them to find a way around your nonce and cause
* damage.
*
* The input name will be whatever $name value you gave. The input value will be
* the nonce creation value.
*
* @since 2.0.4
*
* @param int|string $action Optional. Action name. Default -1.
* @param string $name Optional. Nonce name. Default '_wpnonce'.
* @param bool $referer Optional. Whether to set the referer field for validation. Default true.
* @param bool $display Optional. Whether to display or return hidden form field. Default true.
* @return string Nonce field HTML markup.
*/
function wp_nonce_field( $action = -1, $name = '_wpnonce', $referer = true, $display = true ) {
$name = esc_attr( $name );
$nonce_field = '<input type="hidden" id="' . $name . '" name="' . $name . '" value="' . wp_create_nonce( $action ) . '" />';
if ( $referer ) {
$nonce_field .= wp_referer_field( false );
}
if ( $display ) {
echo $nonce_field;
}
return $nonce_field;
}
if ( ! function_exists( 'wp_create_nonce' ) ) :
/**
* Creates a cryptographic token tied to a specific action, user, user session,
* and window of time.
*
* @since 2.0.3
* @since 4.0.0 Session tokens were integrated with nonce creation.
*
* @param string|int $action Scalar value to add context to the nonce.
* @return string The token.
*/
function wp_create_nonce( $action = -1 ) {
$user = wp_get_current_user();
$uid = (int) $user->ID;
if ( ! $uid ) {
/** This filter is documented in wp-includes/pluggable.php */
$uid = apply_filters( 'nonce_user_logged_out', $uid, $action );
}
$token = wp_get_session_token();
$i = wp_nonce_tick( $action );
return substr( wp_hash( $i . '|' . $action . '|' . $uid . '|' . $token, 'nonce' ), -12, 10 );
}
endif;