| [ Root ] [ Search ] [ Index ] |
PHP Cross Reference of WordPress 3.0.1Provided by Yoast |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress AJAX Process Execution. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** 10 * Executing AJAX process. 11 * 12 * @since unknown 13 */ 14 define('DOING_AJAX', true); 15 define('WP_ADMIN', true); 16 17 require_once ('../wp-load.php'); 18 19 if ( ! isset( $_REQUEST['action'] ) ) 20 die('-1'); 21 22 require_once ('./includes/admin.php'); 23 @header('Content-Type: text/html; charset=' . get_option('blog_charset')); 24 send_nosniff_header(); 25 26 do_action('admin_init'); 27 28 if ( ! is_user_logged_in() ) { 29 30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) { 31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; 32 33 if ( ! $id ) 34 die('-1'); 35 36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 37 $x = new WP_Ajax_Response( array( 38 'what' => 'autosave', 39 'id' => $id, 40 'data' => $message 41 ) ); 42 $x->send(); 43 } 44 45 if ( !empty( $_REQUEST['action'] ) ) 46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 47 48 die('-1'); 49 } 50 51 if ( isset( $_GET['action'] ) ) : 52 switch ( $action = $_GET['action'] ) : 53 case 'ajax-tag-search' : 54 if ( !current_user_can( 'edit_posts' ) ) 55 die('-1'); 56 57 $s = $_GET['q']; // is this slashed already? 58 59 if ( isset($_GET['tax']) ) 60 $taxonomy = sanitize_title($_GET['tax']); 61 else 62 die('0'); 63 64 if ( false !== strpos( $s, ',' ) ) { 65 $s = explode( ',', $s ); 66 $s = $s[count( $s ) - 1]; 67 } 68 $s = trim( $s ); 69 if ( strlen( $s ) < 2 ) 70 die; // require 2 chars for matching 71 72 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" ); 73 74 echo join( $results, "\n" ); 75 die; 76 break; 77 case 'wp-compression-test' : 78 if ( !current_user_can( 'manage_options' ) ) 79 die('-1'); 80 81 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 82 update_site_option('can_compress_scripts', 0); 83 die('0'); 84 } 85 86 if ( isset($_GET['test']) ) { 87 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 88 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 89 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 90 header( 'Pragma: no-cache' ); 91 header('Content-Type: application/x-javascript; charset=UTF-8'); 92 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 93 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 94 95 if ( 1 == $_GET['test'] ) { 96 echo $test_str; 97 die; 98 } elseif ( 2 == $_GET['test'] ) { 99 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 100 die('-1'); 101 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 102 header('Content-Encoding: deflate'); 103 $out = gzdeflate( $test_str, 1 ); 104 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { 105 header('Content-Encoding: gzip'); 106 $out = gzencode( $test_str, 1 ); 107 } else { 108 die('-1'); 109 } 110 echo $out; 111 die; 112 } elseif ( 'no' == $_GET['test'] ) { 113 update_site_option('can_compress_scripts', 0); 114 } elseif ( 'yes' == $_GET['test'] ) { 115 update_site_option('can_compress_scripts', 1); 116 } 117 } 118 119 die('0'); 120 break; 121 case 'imgedit-preview' : 122 $post_id = intval($_GET['postid']); 123 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 124 die('-1'); 125 126 check_ajax_referer( "image_editor-$post_id" ); 127 128 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 129 if ( ! stream_preview_image($post_id) ) 130 die('-1'); 131 132 die(); 133 break; 134 case 'menu-quick-search': 135 if ( ! current_user_can( 'edit_theme_options' ) ) 136 die('-1'); 137 138 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 139 140 _wp_ajax_menu_quick_search( $_REQUEST ); 141 142 exit; 143 break; 144 case 'oembed-cache' : 145 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 146 die( $return ); 147 break; 148 default : 149 do_action( 'wp_ajax_' . $_GET['action'] ); 150 die('0'); 151 break; 152 endswitch; 153 endif; 154 155 /** 156 * Sends back current comment total and new page links if they need to be updated. 157 * 158 * Contrary to normal success AJAX response ("1"), die with time() on success. 159 * 160 * @since 2.7 161 * 162 * @param int $comment_id 163 * @return die 164 */ 165 function _wp_ajax_delete_comment_response( $comment_id ) { 166 $total = (int) @$_POST['_total']; 167 $per_page = (int) @$_POST['_per_page']; 168 $page = (int) @$_POST['_page']; 169 $url = esc_url_raw( @$_POST['_url'] ); 170 // JS didn't send us everything we need to know. Just die with success message 171 if ( !$total || !$per_page || !$page || !$url ) 172 die( (string) time() ); 173 174 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one) 175 $total = 0; 176 177 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page 178 die( (string) time() ); 179 180 $post_id = 0; 181 $status = 'total_comments'; // What type of comment count are we looking for? 182 $parsed = parse_url( $url ); 183 if ( isset( $parsed['query'] ) ) { 184 parse_str( $parsed['query'], $query_vars ); 185 if ( !empty( $query_vars['comment_status'] ) ) 186 $status = $query_vars['comment_status']; 187 if ( !empty( $query_vars['p'] ) ) 188 $post_id = (int) $query_vars['p']; 189 } 190 191 $comment_count = wp_count_comments($post_id); 192 $time = time(); // The time since the last comment count 193 194 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 195 $total = $comment_count->$status; 196 // else use the decremented value from above 197 198 $page_links = paginate_links( array( 199 'base' => add_query_arg( 'apage', '%#%', $url ), 200 'format' => '', 201 'prev_text' => __('«'), 202 'next_text' => __('»'), 203 'total' => ceil($total / $per_page), 204 'current' => $page 205 ) ); 206 $x = new WP_Ajax_Response( array( 207 'what' => 'comment', 208 'id' => $comment_id, // here for completeness - not used 209 'supplemental' => array( 210 'pageLinks' => $page_links, 211 'total' => $total, 212 'time' => $time 213 ) 214 ) ); 215 $x->send(); 216 } 217 218 function _wp_ajax_add_hierarchical_term() { 219 $action = $_POST['action']; 220 $taxonomy = get_taxonomy(substr($action, 4)); 221 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 222 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 223 die('-1'); 224 $names = explode(',', $_POST['new'.$taxonomy->name]); 225 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 226 if ( 0 > $parent ) 227 $parent = 0; 228 if ( $taxonomy->name == 'category' ) 229 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 230 else 231 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 232 $checked_categories = array_map( 'absint', (array) $post_category ); 233 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 234 235 foreach ( $names as $cat_name ) { 236 $cat_name = trim($cat_name); 237 $category_nicename = sanitize_title($cat_name); 238 if ( '' === $category_nicename ) 239 continue; 240 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) { 241 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent)); 242 $cat_id = $new_term['term_id']; 243 } 244 $checked_categories[] = $cat_id; 245 if ( $parent ) // Do these all at once in a second 246 continue; 247 $category = get_term( $cat_id, $taxonomy->name ); 248 ob_start(); 249 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 250 $data = ob_get_contents(); 251 ob_end_clean(); 252 $add = array( 253 'what' => $taxonomy->name, 254 'id' => $cat_id, 255 'data' => str_replace( array("\n", "\t"), '', $data), 256 'position' => -1 257 ); 258 } 259 260 if ( $parent ) { // Foncy - replace the parent and all its children 261 $parent = get_term( $parent, $taxonomy->name ); 262 $term_id = $parent->term_id; 263 264 while ( $parent->parent ) { // get the top parent 265 $parent = &get_term( $parent->parent, $taxonomy->name ); 266 if ( is_wp_error( $parent ) ) 267 break; 268 $term_id = $parent->term_id; 269 } 270 271 ob_start(); 272 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 273 $data = ob_get_contents(); 274 ob_end_clean(); 275 $add = array( 276 'what' => $taxonomy->name, 277 'id' => $term_id, 278 'data' => str_replace( array("\n", "\t"), '', $data), 279 'position' => -1 280 ); 281 } 282 283 ob_start(); 284 wp_dropdown_categories( array( 285 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 286 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —' 287 ) ); 288 $sup = ob_get_contents(); 289 ob_end_clean(); 290 $add['supplemental'] = array( 'newcat_parent' => $sup ); 291 292 $x = new WP_Ajax_Response( $add ); 293 $x->send(); 294 } 295 296 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 297 switch ( $action = $_POST['action'] ) : 298 case 'delete-comment' : // On success, die with time() instead of 1 299 if ( !$comment = get_comment( $id ) ) 300 die( (string) time() ); 301 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 302 die('-1'); 303 304 check_ajax_referer( "delete-comment_$id" ); 305 $status = wp_get_comment_status( $comment->comment_ID ); 306 307 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 308 if ( 'trash' == $status ) 309 die( (string) time() ); 310 $r = wp_trash_comment( $comment->comment_ID ); 311 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 312 if ( 'trash' != $status ) 313 die( (string) time() ); 314 $r = wp_untrash_comment( $comment->comment_ID ); 315 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 316 if ( 'spam' == $status ) 317 die( (string) time() ); 318 $r = wp_spam_comment( $comment->comment_ID ); 319 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 320 if ( 'spam' != $status ) 321 die( (string) time() ); 322 $r = wp_unspam_comment( $comment->comment_ID ); 323 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 324 $r = wp_delete_comment( $comment->comment_ID ); 325 } else { 326 die('-1'); 327 } 328 329 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 330 _wp_ajax_delete_comment_response( $comment->comment_ID ); 331 die( '0' ); 332 break; 333 case 'delete-tag' : 334 $tag_id = (int) $_POST['tag_ID']; 335 check_ajax_referer( "delete-tag_$tag_id" ); 336 337 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 338 $tax = get_taxonomy($taxonomy); 339 340 if ( !current_user_can( $tax->cap->delete_terms ) ) 341 die('-1'); 342 343 $tag = get_term( $tag_id, $taxonomy ); 344 if ( !$tag || is_wp_error( $tag ) ) 345 die('1'); 346 347 if ( wp_delete_term($tag_id, $taxonomy)) 348 die('1'); 349 else 350 die('0'); 351 break; 352 case 'delete-link-cat' : 353 check_ajax_referer( "delete-link-category_$id" ); 354 if ( !current_user_can( 'manage_categories' ) ) 355 die('-1'); 356 357 $cat = get_term( $id, 'link_category' ); 358 if ( !$cat || is_wp_error( $cat ) ) 359 die('1'); 360 361 $cat_name = get_term_field('name', $id, 'link_category'); 362 363 $default = get_option('default_link_category'); 364 365 // Don't delete the default cats. 366 if ( $id == $default ) { 367 $x = new WP_AJAX_Response( array( 368 'what' => 'link-cat', 369 'id' => $id, 370 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) ) 371 ) ); 372 $x->send(); 373 } 374 375 $r = wp_delete_term($id, 'link_category', array('default' => $default)); 376 if ( !$r ) 377 die('0'); 378 if ( is_wp_error($r) ) { 379 $x = new WP_AJAX_Response( array( 380 'what' => 'link-cat', 381 'id' => $id, 382 'data' => $r 383 ) ); 384 $x->send(); 385 } 386 die('1'); 387 break; 388 case 'delete-link' : 389 check_ajax_referer( "delete-bookmark_$id" ); 390 if ( !current_user_can( 'manage_links' ) ) 391 die('-1'); 392 393 $link = get_bookmark( $id ); 394 if ( !$link || is_wp_error( $link ) ) 395 die('1'); 396 397 if ( wp_delete_link( $id ) ) 398 die('1'); 399 else 400 die('0'); 401 break; 402 case 'delete-meta' : 403 check_ajax_referer( "delete-meta_$id" ); 404 if ( !$meta = get_post_meta_by_id( $id ) ) 405 die('1'); 406 407 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 408 die('-1'); 409 if ( delete_meta( $meta->meta_id ) ) 410 die('1'); 411 die('0'); 412 break; 413 case 'delete-post' : 414 check_ajax_referer( "{$action}_$id" ); 415 if ( !current_user_can( 'delete_post', $id ) ) 416 die('-1'); 417 418 if ( !get_post( $id ) ) 419 die('1'); 420 421 if ( wp_delete_post( $id ) ) 422 die('1'); 423 else 424 die('0'); 425 break; 426 case 'trash-post' : 427 case 'untrash-post' : 428 check_ajax_referer( "{$action}_$id" ); 429 if ( !current_user_can( 'delete_post', $id ) ) 430 die('-1'); 431 432 if ( !get_post( $id ) ) 433 die('1'); 434 435 if ( 'trash-post' == $action ) 436 $done = wp_trash_post( $id ); 437 else 438 $done = wp_untrash_post( $id ); 439 440 if ( $done ) 441 die('1'); 442 443 die('0'); 444 break; 445 case 'delete-page' : 446 check_ajax_referer( "{$action}_$id" ); 447 if ( !current_user_can( 'delete_page', $id ) ) 448 die('-1'); 449 450 if ( !get_page( $id ) ) 451 die('1'); 452 453 if ( wp_delete_post( $id ) ) 454 die('1'); 455 else 456 die('0'); 457 break; 458 case 'dim-comment' : // On success, die with time() instead of 1 459 460 if ( !$comment = get_comment( $id ) ) { 461 $x = new WP_Ajax_Response( array( 462 'what' => 'comment', 463 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 464 ) ); 465 $x->send(); 466 } 467 468 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) ) 469 die('-1'); 470 471 $current = wp_get_comment_status( $comment->comment_ID ); 472 if ( $_POST['new'] == $current ) 473 die( (string) time() ); 474 475 check_ajax_referer( "approve-comment_$id" ); 476 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 477 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 478 else 479 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 480 481 if ( is_wp_error($result) ) { 482 $x = new WP_Ajax_Response( array( 483 'what' => 'comment', 484 'id' => $result 485 ) ); 486 $x->send(); 487 } 488 489 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 490 _wp_ajax_delete_comment_response( $comment->comment_ID ); 491 die( '0' ); 492 break; 493 case 'add-link-category' : // On the Fly 494 check_ajax_referer( $action ); 495 if ( !current_user_can( 'manage_categories' ) ) 496 die('-1'); 497 $names = explode(',', $_POST['newcat']); 498 $x = new WP_Ajax_Response(); 499 foreach ( $names as $cat_name ) { 500 $cat_name = trim($cat_name); 501 $slug = sanitize_title($cat_name); 502 if ( '' === $slug ) 503 continue; 504 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) { 505 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 506 } 507 $cat_id = $cat_id['term_id']; 508 $cat_name = esc_html(stripslashes($cat_name)); 509 $x->add( array( 510 'what' => 'link-category', 511 'id' => $cat_id, 512 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 513 'position' => -1 514 ) ); 515 } 516 $x->send(); 517 break; 518 case 'add-link-cat' : // From Blogroll -> Categories 519 check_ajax_referer( 'add-link-category' ); 520 if ( !current_user_can( 'manage_categories' ) ) 521 die('-1'); 522 523 if ( '' === trim($_POST['name']) ) { 524 $x = new WP_Ajax_Response( array( 525 'what' => 'link-cat', 526 'id' => new WP_Error( 'name', __('You did not enter a category name.') ) 527 ) ); 528 $x->send(); 529 } 530 531 $r = wp_insert_term($_POST['name'], 'link_category', $_POST ); 532 if ( is_wp_error( $r ) ) { 533 $x = new WP_AJAX_Response( array( 534 'what' => 'link-cat', 535 'id' => $r 536 ) ); 537 $x->send(); 538 } 539 540 extract($r, EXTR_SKIP); 541 542 if ( !$link_cat = link_cat_row( $term_id ) ) 543 die('0'); 544 545 $x = new WP_Ajax_Response( array( 546 'what' => 'link-cat', 547 'id' => $term_id, 548 'position' => -1, 549 'data' => $link_cat 550 ) ); 551 $x->send(); 552 break; 553 case 'add-tag' : // From Manage->Tags 554 check_ajax_referer( 'add-tag' ); 555 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; 556 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 557 $tax = get_taxonomy($taxonomy); 558 559 $x = new WP_Ajax_Response(); 560 561 if ( !current_user_can( $tax->cap->edit_terms ) ) 562 die('-1'); 563 564 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 565 566 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 567 $message = __('An error has occured. Please reload the page and try again.'); 568 if ( is_wp_error($tag) && $tag->get_error_message() ) 569 $message = $tag->get_error_message(); 570 571 $x->add( array( 572 'what' => 'taxonomy', 573 'data' => new WP_Error('error', $message ) 574 ) ); 575 $x->send(); 576 } 577 578 if ( isset($_POST['screen']) ) 579 set_current_screen($_POST['screen']); 580 581 $level = 0; 582 $tag_full_name = false; 583 $tag_full_name = $tag->name; 584 if ( is_taxonomy_hierarchical($taxonomy) ) { 585 $_tag = $tag; 586 while ( $_tag->parent ) { 587 $_tag = get_term( $_tag->parent, $taxonomy ); 588 $tag_full_name = $_tag->name . ' — ' . $tag_full_name; 589 $level++; 590 } 591 $noparents = _tag_row( $tag, $level, $taxonomy ); 592 } 593 $tag->name = $tag_full_name; 594 $parents = _tag_row( $tag, 0, $taxonomy); 595 596 $x->add( array( 597 'what' => 'taxonomy', 598 'supplemental' => compact('parents', 'noparents') 599 ) ); 600 $x->add( array( 601 'what' => 'term', 602 'position' => $level, 603 'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name. 604 ) ); 605 $x->send(); 606 break; 607 case 'get-tagcloud' : 608 if ( !current_user_can( 'edit_posts' ) ) 609 die('-1'); 610 611 if ( isset($_POST['tax']) ) 612 $taxonomy = sanitize_title($_POST['tax']); 613 else 614 die('0'); 615 616 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 617 618 if ( empty( $tags ) ) { 619 $tax = get_taxonomy( $taxonomy ); 620 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 621 } 622 623 if ( is_wp_error($tags) ) 624 die($tags->get_error_message()); 625 626 foreach ( $tags as $key => $tag ) { 627 $tags[ $key ]->link = '#'; 628 $tags[ $key ]->id = $tag->term_id; 629 } 630 631 // We need raw tag names here, so don't filter the output 632 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 633 634 if ( empty($return) ) 635 die('0'); 636 637 echo $return; 638 639 exit; 640 break; 641 case 'add-comment' : 642 check_ajax_referer( $action ); 643 if ( !current_user_can( 'edit_posts' ) ) 644 die('-1'); 645 $search = isset($_POST['s']) ? $_POST['s'] : false; 646 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all'; 647 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28; 648 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1; 649 if ( 1 > $start ) 650 $start = 27; 651 652 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail'; 653 $p = isset($_POST['p']) ? $_POST['p'] : 0; 654 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : ''; 655 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type ); 656 657 if ( get_option('show_avatars') ) 658 add_filter( 'comment_author', 'floated_admin_avatar' ); 659 660 if ( !$comments ) 661 die('1'); 662 $x = new WP_Ajax_Response(); 663 foreach ( (array) $comments as $comment ) { 664 get_comment( $comment ); 665 ob_start(); 666 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true ); 667 $comment_list_item = ob_get_contents(); 668 ob_end_clean(); 669 $x->add( array( 670 'what' => 'comment', 671 'id' => $comment->comment_ID, 672 'data' => $comment_list_item 673 ) ); 674 } 675 $x->send(); 676 break; 677 case 'get-comments' : 678 check_ajax_referer( $action ); 679 680 $post_ID = (int) $_POST['post_ID']; 681 if ( !current_user_can( 'edit_post', $post_ID ) ) 682 die('-1'); 683 684 $start = isset($_POST['start']) ? intval($_POST['start']) : 0; 685 $num = isset($_POST['num']) ? intval($_POST['num']) : 10; 686 687 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID ); 688 689 if ( !$comments ) 690 die('1'); 691 692 $comment_list_item = ''; 693 $x = new WP_Ajax_Response(); 694 foreach ( (array) $comments as $comment ) { 695 get_comment( $comment ); 696 ob_start(); 697 _wp_comment_row( $comment->comment_ID, 'single', false, false ); 698 $comment_list_item .= ob_get_contents(); 699 ob_end_clean(); 700 } 701 $x->add( array( 702 'what' => 'comments', 703 'data' => $comment_list_item 704 ) ); 705 $x->send(); 706 break; 707 case 'replyto-comment' : 708 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 709 710 $comment_post_ID = (int) $_POST['comment_post_ID']; 711 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 712 die('-1'); 713 714 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 715 716 if ( empty($status) ) 717 die('1'); 718 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 719 die( __('Error: you are replying to a comment on a draft post.') ); 720 721 $user = wp_get_current_user(); 722 if ( $user->ID ) { 723 $comment_author = $wpdb->escape($user->display_name); 724 $comment_author_email = $wpdb->escape($user->user_email); 725 $comment_author_url = $wpdb->escape($user->user_url); 726 $comment_content = trim($_POST['content']); 727 if ( current_user_can('unfiltered_html') ) { 728 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 729 kses_remove_filters(); // start with a clean slate 730 kses_init_filters(); // set up the filters 731 } 732 } 733 } else { 734 die( __('Sorry, you must be logged in to reply to a comment.') ); 735 } 736 737 if ( '' == $comment_content ) 738 die( __('Error: please type a comment.') ); 739 740 $comment_parent = absint($_POST['comment_ID']); 741 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 742 743 $comment_id = wp_new_comment( $commentdata ); 744 $comment = get_comment($comment_id); 745 if ( ! $comment ) die('1'); 746 747 $modes = array( 'single', 'detail', 'dashboard' ); 748 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail'; 749 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 750 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 751 752 if ( get_option('show_avatars') && 'single' != $mode ) 753 add_filter( 'comment_author', 'floated_admin_avatar' ); 754 755 $x = new WP_Ajax_Response(); 756 757 ob_start(); 758 if ( 'dashboard' == $mode ) { 759 require_once ( ABSPATH . 'wp-admin/includes/dashboard.php' ); 760 _wp_dashboard_recent_comments_row( $comment, false ); 761 } else { 762 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox ); 763 } 764 $comment_list_item = ob_get_contents(); 765 ob_end_clean(); 766 767 $x->add( array( 768 'what' => 'comment', 769 'id' => $comment->comment_ID, 770 'data' => $comment_list_item, 771 'position' => $position 772 )); 773 774 $x->send(); 775 break; 776 case 'edit-comment' : 777 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); 778 779 $comment_post_ID = (int) $_POST['comment_post_ID']; 780 if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) 781 die('-1'); 782 783 if ( '' == $_POST['content'] ) 784 die( __('Error: please type a comment.') ); 785 786 $comment_id = (int) $_POST['comment_ID']; 787 $_POST['comment_status'] = $_POST['status']; 788 edit_comment(); 789 790 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail'; 791 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 792 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 793 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 794 795 if ( get_option('show_avatars') && 'single' != $mode ) 796 add_filter( 'comment_author', 'floated_admin_avatar' ); 797 798 $x = new WP_Ajax_Response(); 799 800 ob_start(); 801 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox ); 802 $comment_list_item = ob_get_contents(); 803 ob_end_clean(); 804 805 $x->add( array( 806 'what' => 'edit_comment', 807 'id' => $comment->comment_ID, 808 'data' => $comment_list_item, 809 'position' => $position 810 )); 811 812 $x->send(); 813 break; 814 case 'add-menu-item' : 815 if ( ! current_user_can( 'edit_theme_options' ) ) 816 die('-1'); 817 818 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 819 820 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 821 822 $item_ids = wp_save_nav_menu_items( 0, $_POST['menu-item'] ); 823 if ( is_wp_error( $item_ids ) ) 824 die('-1'); 825 826 foreach ( (array) $item_ids as $menu_item_id ) { 827 $menu_obj = get_post( $menu_item_id ); 828 if ( ! empty( $menu_obj->ID ) ) { 829 $menu_obj = wp_setup_nav_menu_item( $menu_obj ); 830 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items 831 $menu_items[] = $menu_obj; 832 } 833 } 834 835 if ( ! empty( $menu_items ) ) { 836 $args = array( 837 'after' => '', 838 'before' => '', 839 'link_after' => '', 840 'link_before' => '', 841 'walker' => new Walker_Nav_Menu_Edit, 842 ); 843 echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); 844 } 845 break; 846 case 'add-meta' : 847 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 848 $c = 0; 849 $pid = (int) $_POST['post_id']; 850 $post = get_post( $pid ); 851 852 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 853 if ( !current_user_can( 'edit_post', $pid ) ) 854 die('-1'); 855 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 856 die('1'); 857 if ( $post->post_status == 'auto-draft' ) { 858 $save_POST = $_POST; // Backup $_POST 859 $_POST = array(); // Make it empty for edit_post() 860 $_POST['action'] = 'draft'; // Warning fix 861 $_POST['post_ID'] = $pid; 862 $_POST['post_type'] = $post->post_type; 863 $_POST['post_status'] = 'draft'; 864 $now = current_time('timestamp', 1); 865 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)); 866 867 if ( $pid = edit_post() ) { 868 if ( is_wp_error( $pid ) ) { 869 $x = new WP_Ajax_Response( array( 870 'what' => 'meta', 871 'data' => $pid 872 ) ); 873 $x->send(); 874 } 875 $_POST = $save_POST; // Now we can restore original $_POST again 876 if ( !$mid = add_meta( $pid ) ) 877 die(__('Please provide a custom field value.')); 878 } else { 879 die('0'); 880 } 881 } else if ( !$mid = add_meta( $pid ) ) { 882 die(__('Please provide a custom field value.')); 883 } 884 885 $meta = get_post_meta_by_id( $mid ); 886 $pid = (int) $meta->post_id; 887 $meta = get_object_vars( $meta ); 888 $x = new WP_Ajax_Response( array( 889 'what' => 'meta', 890 'id' => $mid, 891 'data' => _list_meta_row( $meta, $c ), 892 'position' => 1, 893 'supplemental' => array('postid' => $pid) 894 ) ); 895 } else { // Update? 896 $mid = (int) array_pop( $var_by_ref = array_keys($_POST['meta']) ); 897 $key = $_POST['meta'][$mid]['key']; 898 $value = $_POST['meta'][$mid]['value']; 899 if ( '' == trim($key) ) 900 die(__('Please provide a custom field name.')); 901 if ( '' == trim($value) ) 902 die(__('Please provide a custom field value.')); 903 if ( !$meta = get_post_meta_by_id( $mid ) ) 904 die('0'); // if meta doesn't exist 905 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 906 die('-1'); 907 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { 908 if ( !$u = update_meta( $mid, $key, $value ) ) 909 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 910 } 911 912 $key = stripslashes($key); 913 $value = stripslashes($value); 914 $x = new WP_Ajax_Response( array( 915 'what' => 'meta', 916 'id' => $mid, 'old_id' => $mid, 917 'data' => _list_meta_row( array( 918 'meta_key' => $key, 919 'meta_value' => $value, 920 'meta_id' => $mid 921 ), $c ), 922 'position' => 0, 923 'supplemental' => array('postid' => $meta->post_id) 924 ) ); 925 } 926 $x->send(); 927 break; 928 case 'add-user' : 929 check_ajax_referer( $action ); 930 if ( !current_user_can('create_users') ) 931 die('-1'); 932 require_once(ABSPATH . WPINC . '/registration.php'); 933 if ( !$user_id = add_user() ) 934 die('0'); 935 elseif ( is_wp_error( $user_id ) ) { 936 $x = new WP_Ajax_Response( array( 937 'what' => 'user', 938 'id' => $user_id 939 ) ); 940 $x->send(); 941 } 942 $user_object = new WP_User( $user_id ); 943 944 $x = new WP_Ajax_Response( array( 945 'what' => 'user', 946 'id' => $user_id, 947 'data' => user_row( $user_object, '', $user_object->roles[0] ), 948 'supplemental' => array( 949 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 950 'role' => $user_object->roles[0] 951 ) 952 ) ); 953 $x->send(); 954 break; 955 case 'autosave' : // The name of this action is hardcoded in edit_post() 956 define( 'DOING_AUTOSAVE', true ); 957 958 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 959 960 $_POST['post_category'] = explode(",", $_POST['catslist']); 961 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) 962 unset($_POST['post_category']); 963 964 $do_autosave = (bool) $_POST['autosave']; 965 $do_lock = true; 966 967 $data = ''; 968 /* translators: draft saved date format, see http://php.net/date */ 969 $draft_saved_date_format = __('g:i:s a'); 970 /* translators: %s: date and time */ 971 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); 972 973 $supplemental = array(); 974 if ( isset($login_grace_period) ) 975 $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() ); 976 977 $id = $revision_id = 0; 978 979 $post_ID = (int) $_POST['post_ID']; 980 $_POST['ID'] = $post_ID; 981 $post = get_post($post_ID); 982 if ( 'auto-draft' == $post->post_status ) 983 $_POST['post_status'] = 'draft'; 984 985 if ( $last = wp_check_post_lock( $post->ID ) ) { 986 $do_autosave = $do_lock = false; 987 988 $last_user = get_userdata( $last ); 989 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 990 $data = new WP_Error( 'locked', sprintf( 991 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ), 992 esc_html( $last_user_name ) 993 ) ); 994 995 $supplemental['disable_autosave'] = 'disable'; 996 } 997 998 if ( 'page' == $post->post_type ) { 999 if ( !current_user_can('edit_page', $post_ID) ) 1000 die(__('You are not allowed to edit this page.')); 1001 } else { 1002 if ( !current_user_can('edit_post', $post_ID) ) 1003 die(__('You are not allowed to edit this post.')); 1004 } 1005 1006 if ( $do_autosave ) { 1007 // Drafts and auto-drafts are just overwritten by autosave 1008 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) { 1009 $id = edit_post(); 1010 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 1011 $revision_id = wp_create_post_autosave( $post->ID ); 1012 if ( is_wp_error($revision_id) ) 1013 $id = $revision_id; 1014 else 1015 $id = $post->ID; 1016 } 1017 $data = $message; 1018 } else { 1019 if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] ) 1020 $id = 0; // This tells us it didn't actually save 1021 else 1022 $id = $post->ID; 1023 } 1024 1025 if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) ) 1026 wp_set_post_lock( $id ); 1027 1028 if ( $nonce_age == 2 ) { 1029 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 1030 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 1031 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 1032 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 1033 if ( $id ) { 1034 if ( $_POST['post_type'] == 'post' ) 1035 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 1036 elseif ( $_POST['post_type'] == 'page' ) 1037 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 1038 } 1039 } 1040 1041 $x = new WP_Ajax_Response( array( 1042 'what' => 'autosave', 1043 'id' => $id, 1044 'data' => $id ? $data : '', 1045 'supplemental' => $supplemental 1046 ) ); 1047 $x->send(); 1048 break; 1049 case 'closed-postboxes' : 1050 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1051 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array(); 1052 $closed = array_filter($closed); 1053 1054 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array(); 1055 $hidden = array_filter($hidden); 1056 1057 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1058 1059 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1060 die('-1'); 1061 1062 if ( ! $user = wp_get_current_user() ) 1063 die('-1'); 1064 1065 if ( is_array($closed) ) 1066 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); 1067 1068 if ( is_array($hidden) ) { 1069 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1070 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1071 } 1072 1073 die('1'); 1074 break; 1075 case 'hidden-columns' : 1076 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1077 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1078 $hidden = explode( ',', $_POST['hidden'] ); 1079 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1080 1081 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1082 die('-1'); 1083 1084 if ( ! $user = wp_get_current_user() ) 1085 die('-1'); 1086 1087 if ( is_array($hidden) ) 1088 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true); 1089 1090 die('1'); 1091 break; 1092 case 'menu-get-metabox' : 1093 if ( ! current_user_can( 'edit_theme_options' ) ) 1094 die('-1'); 1095 1096 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1097 1098 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) { 1099 $type = 'posttype'; 1100 $callback = 'wp_nav_menu_item_post_type_meta_box'; 1101 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); 1102 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) { 1103 $type = 'taxonomy'; 1104 $callback = 'wp_nav_menu_item_taxonomy_meta_box'; 1105 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); 1106 } 1107 1108 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) { 1109 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] ); 1110 ob_start(); 1111 call_user_func_array($callback, array( 1112 null, 1113 array( 1114 'id' => 'add-' . $item->name, 1115 'title' => $item->labels->name, 1116 'callback' => $callback, 1117 'args' => $item, 1118 ) 1119 )); 1120 1121 $markup = ob_get_clean(); 1122 1123 echo json_encode(array( 1124 'replace-id' => $type . '-' . $item->name, 1125 'markup' => $markup, 1126 )); 1127 } 1128 1129 exit; 1130 break; 1131 case 'menu-quick-search': 1132 if ( ! current_user_can( 'edit_theme_options' ) ) 1133 die('-1'); 1134 1135 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1136 1137 _wp_ajax_menu_quick_search( $_REQUEST ); 1138 1139 exit; 1140 break; 1141 case 'menu-locations-save': 1142 if ( ! current_user_can( 'edit_theme_options' ) ) 1143 die('-1'); 1144 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1145 if ( ! isset( $_POST['menu-locations'] ) ) 1146 die('0'); 1147 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1148 die('1'); 1149 break; 1150 case 'meta-box-order': 1151 check_ajax_referer( 'meta-box-order' ); 1152 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1153 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0; 1154 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1155 1156 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1157 die('-1'); 1158 1159 if ( ! $user = wp_get_current_user() ) 1160 die('-1'); 1161 1162 if ( $order ) 1163 update_user_option($user->ID, "meta-box-order_$page", $order, true); 1164 1165 if ( $page_columns ) 1166 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1167 1168 die('1'); 1169 break; 1170 case 'get-permalink': 1171 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1172 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1173 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1174 break; 1175 case 'sample-permalink': 1176 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1177 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1178 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1179 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null; 1180 die(get_sample_permalink_html($post_id, $title, $slug)); 1181 break; 1182 case 'inline-save': 1183 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1184 1185 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1186 exit; 1187 1188 if ( 'page' == $_POST['post_type'] ) { 1189 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1190 die( __('You are not allowed to edit this page.') ); 1191 } else { 1192 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1193 die( __('You are not allowed to edit this post.') ); 1194 } 1195 1196 if ( isset($_POST['screen']) ) 1197 set_current_screen($_POST['screen']); 1198 1199 if ( $last = wp_check_post_lock( $post_ID ) ) { 1200 $last_user = get_userdata( $last ); 1201 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1202 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1203 exit; 1204 } 1205 1206 $data = &$_POST; 1207 1208 $post = get_post( $post_ID, ARRAY_A ); 1209 $post = add_magic_quotes($post); //since it is from db 1210 1211 $data['content'] = $post['post_content']; 1212 $data['excerpt'] = $post['post_excerpt']; 1213 1214 // rename 1215 $data['user_ID'] = $GLOBALS['user_ID']; 1216 1217 if ( isset($data['post_parent']) ) 1218 $data['parent_id'] = $data['post_parent']; 1219 1220 // status 1221 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1222 $data['post_status'] = 'private'; 1223 else 1224 $data['post_status'] = $data['_status']; 1225 1226 if ( empty($data['comment_status']) ) 1227 $data['comment_status'] = 'closed'; 1228 if ( empty($data['ping_status']) ) 1229 $data['ping_status'] = 'closed'; 1230 1231 // update the post 1232 edit_post(); 1233 1234 if ( in_array( $_POST['post_type'], get_post_types( array( 'show_ui' => true ) ) ) ) { 1235 $post = array(); 1236 $post[] = get_post($_POST['post_ID']); 1237 if ( is_post_type_hierarchical( $_POST['post_type'] ) ) { 1238 page_rows( $post ); 1239 } else { 1240 $mode = $_POST['post_view']; 1241 post_rows( $post ); 1242 } 1243 } 1244 1245 exit; 1246 break; 1247 case 'inline-save-tax': 1248 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1249 1250 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false; 1251 if ( ! $taxonomy ) 1252 die( __('Cheatin’ uh?') ); 1253 $tax = get_taxonomy($taxonomy); 1254 1255 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1256 die( __('Cheatin’ uh?') ); 1257 1258 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1259 die(-1); 1260 1261 switch ($_POST['tax_type']) { 1262 case 'link-cat' : 1263 $updated = wp_update_term($id, 'link_category', $_POST); 1264 1265 if ( $updated && !is_wp_error($updated) ) 1266 echo link_cat_row($updated['term_id']); 1267 else 1268 die( __('Category not updated.') ); 1269 1270 break; 1271 case 'tag' : 1272 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 1273 1274 $tag = get_term( $id, $taxonomy ); 1275 $_POST['description'] = $tag->description; 1276 1277 $updated = wp_update_term($id, $taxonomy, $_POST); 1278 if ( $updated && !is_wp_error($updated) ) { 1279 $tag = get_term( $updated['term_id'], $taxonomy ); 1280 if ( !$tag || is_wp_error( $tag ) ) { 1281 if ( is_wp_error($tag) && $tag->get_error_message() ) 1282 die( $tag->get_error_message() ); 1283 die( __('Item not updated.') ); 1284 } 1285 1286 set_current_screen( 'edit-' . $taxonomy ); 1287 1288 echo _tag_row($tag, 0, $taxonomy); 1289 } else { 1290 if ( is_wp_error($updated) && $updated->get_error_message() ) 1291 die( $updated->get_error_message() ); 1292 die( __('Item not updated.') ); 1293 } 1294 1295 break; 1296 } 1297 1298 exit; 1299 break; 1300 case 'find_posts': 1301 check_ajax_referer( 'find-posts' ); 1302 1303 if ( empty($_POST['ps']) ) 1304 exit; 1305 1306 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) ) 1307 $what = $_POST['post_type']; 1308 else 1309 $what = 'post'; 1310 1311 $s = stripslashes($_POST['ps']); 1312 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1313 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1314 1315 $searchand = $search = ''; 1316 foreach ( (array) $search_terms as $term ) { 1317 $term = addslashes_gpc($term); 1318 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1319 $searchand = ' AND '; 1320 } 1321 $term = $wpdb->escape($s); 1322 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1323 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1324 1325 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1326 1327 if ( ! $posts ) { 1328 $posttype = get_post_type_object($what); 1329 exit($posttype->labels->not_found); 1330 } 1331 1332 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1333 foreach ( $posts as $post ) { 1334 1335 switch ( $post->post_status ) { 1336 case 'publish' : 1337 case 'private' : 1338 $stat = __('Published'); 1339 break; 1340 case 'future' : 1341 $stat = __('Scheduled'); 1342 break; 1343 case 'pending' : 1344 $stat = __('Pending Review'); 1345 break; 1346 case 'draft' : 1347 $stat = __('Draft'); 1348 break; 1349 } 1350 1351 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1352 $time = ''; 1353 } else { 1354 /* translators: date format in table columns, see http://php.net/date */ 1355 $time = mysql2date(__('Y/m/d'), $post->post_date); 1356 } 1357 1358 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1359 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1360 } 1361 $html .= '</tbody></table>'; 1362 1363 $x = new WP_Ajax_Response(); 1364 $x->add( array( 1365 'what' => $what, 1366 'data' => $html 1367 )); 1368 $x->send(); 1369 1370 break; 1371 case 'lj-importer' : 1372 check_ajax_referer( 'lj-api-import' ); 1373 if ( !current_user_can( 'publish_posts' ) ) 1374 die('-1'); 1375 if ( empty( $_POST['step'] ) ) 1376 die( '-1' ); 1377 define('WP_IMPORTING', true); 1378 include( ABSPATH . 'wp-admin/import/livejournal.php' ); 1379 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }(); 1380 if ( is_wp_error( $result ) ) 1381 echo $result->get_error_message(); 1382 die; 1383 break; 1384 case 'widgets-order' : 1385 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1386 1387 if ( !current_user_can('edit_theme_options') ) 1388 die('-1'); 1389 1390 unset( $_POST['savewidgets'], $_POST['action'] ); 1391 1392 // save widgets order for all sidebars 1393 if ( is_array($_POST['sidebars']) ) { 1394 $sidebars = array(); 1395 foreach ( $_POST['sidebars'] as $key => $val ) { 1396 $sb = array(); 1397 if ( !empty($val) ) { 1398 $val = explode(',', $val); 1399 foreach ( $val as $k => $v ) { 1400 if ( strpos($v, 'widget-') === false ) 1401 continue; 1402 1403 $sb[$k] = substr($v, strpos($v, '_') + 1); 1404 } 1405 } 1406 $sidebars[$key] = $sb; 1407 } 1408 wp_set_sidebars_widgets($sidebars); 1409 die('1'); 1410 } 1411 1412 die('-1'); 1413 break; 1414 case 'save-widget' : 1415 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1416 1417 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 1418 die('-1'); 1419 1420 unset( $_POST['savewidgets'], $_POST['action'] ); 1421 1422 do_action('load-widgets.php'); 1423 do_action('widgets.php'); 1424 do_action('sidebar_admin_setup'); 1425 1426 $id_base = $_POST['id_base']; 1427 $widget_id = $_POST['widget-id']; 1428 $sidebar_id = $_POST['sidebar']; 1429 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1430 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1431 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>'; 1432 1433 $sidebars = wp_get_sidebars_widgets(); 1434 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1435 1436 // delete 1437 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1438 1439 if ( !isset($wp_registered_widgets[$widget_id]) ) 1440 die($error); 1441 1442 $sidebar = array_diff( $sidebar, array($widget_id) ); 1443 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1444 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1445 if ( !$multi_number ) 1446 die($error); 1447 1448 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1449 $widget_id = $id_base . '-' . $multi_number; 1450 $sidebar[] = $widget_id; 1451 } 1452 $_POST['widget-id'] = $sidebar; 1453 1454 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1455 1456 if ( $name == $id_base ) { 1457 if ( !is_callable( $control['callback'] ) ) 1458 continue; 1459 1460 ob_start(); 1461 call_user_func_array( $control['callback'], $control['params'] ); 1462 ob_end_clean(); 1463 break; 1464 } 1465 } 1466 1467 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1468 $sidebars[$sidebar_id] = $sidebar; 1469 wp_set_sidebars_widgets($sidebars); 1470 echo "deleted:$widget_id"; 1471 die(); 1472 } 1473 1474 if ( !empty($_POST['add_new']) ) 1475 die(); 1476 1477 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1478 call_user_func_array( $form['callback'], $form['params'] ); 1479 1480 die(); 1481 break; 1482 case 'image-editor': 1483 $attachment_id = intval($_POST['postid']); 1484 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1485 die('-1'); 1486 1487 check_ajax_referer( "image_editor-$attachment_id" ); 1488 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1489 1490 $msg = false; 1491 switch ( $_POST['do'] ) { 1492 case 'save' : 1493 $msg = wp_save_image($attachment_id); 1494 $msg = json_encode($msg); 1495 die($msg); 1496 break; 1497 case 'scale' : 1498 $msg = wp_save_image($attachment_id); 1499 break; 1500 case 'restore' : 1501 $msg = wp_restore_image($attachment_id); 1502 break; 1503 } 1504 1505 wp_image_editor($attachment_id, $msg); 1506 die(); 1507 break; 1508 case 'set-post-thumbnail': 1509 $post_ID = intval( $_POST['post_id'] ); 1510 if ( !current_user_can( 'edit_post', $post_ID ) ) 1511 die( '-1' ); 1512 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1513 1514 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 1515 1516 if ( $thumbnail_id == '-1' ) { 1517 delete_post_meta( $post_ID, '_thumbnail_id' ); 1518 die( _wp_post_thumbnail_html() ); 1519 } 1520 1521 if ( $thumbnail_id && get_post( $thumbnail_id ) ) { 1522 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ); 1523 if ( !empty( $thumbnail_html ) ) { 1524 update_post_meta( $post_ID, '_thumbnail_id', $thumbnail_id ); 1525 die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1526 } 1527 } 1528 die( '0' ); 1529 break; 1530 default : 1531 do_action( 'wp_ajax_' . $_POST['action'] ); 1532 die('0'); 1533 break; 1534 endswitch; 1535 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Oct 14 05:12:05 2010 | Cross-referenced by PHPXref 0.7 |