| [ XREF Home ] [ Index ] |
PHP Cross Reference of WordPress TrunkProvided by Yoast |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress AJAX Process Execution. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** 10 * Executing AJAX process. 11 * 12 * @since 2.1.0 13 */ 14 define('DOING_AJAX', true); 15 define('WP_ADMIN', true); 16 17 if ( ! isset( $_REQUEST['action'] ) ) 18 die('-1'); 19 20 require_once ('../wp-load.php'); 21 22 require_once ('./includes/admin.php'); 23 @header('Content-Type: text/html; charset=' . get_option('blog_charset')); 24 send_nosniff_header(); 25 26 do_action('admin_init'); 27 28 if ( ! is_user_logged_in() ) { 29 30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) { 31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; 32 33 if ( ! $id ) 34 die('-1'); 35 36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 37 $x = new WP_Ajax_Response( array( 38 'what' => 'autosave', 39 'id' => $id, 40 'data' => $message 41 ) ); 42 $x->send(); 43 } 44 45 if ( !empty( $_REQUEST['action'] ) ) 46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 47 48 die('-1'); 49 } 50 51 if ( isset( $_GET['action'] ) ) : 52 switch ( $action = $_GET['action'] ) : 53 case 'fetch-list' : 54 55 $list_class = $_GET['list_args']['class']; 56 check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' ); 57 58 $current_screen = (object) $_GET['list_args']['screen']; 59 //TODO fix this in a better way see #15336 60 $current_screen->is_network = 'false' === $current_screen->is_network ? false : true; 61 $current_screen->is_user = 'false' === $current_screen->is_user ? false : true; 62 63 define( 'WP_NETWORK_ADMIN', $current_screen->is_network ); 64 define( 'WP_USER_ADMIN', $current_screen->is_user ); 65 66 $wp_list_table = _get_list_table( $list_class ); 67 if ( ! $wp_list_table ) 68 die( '0' ); 69 70 if ( ! $wp_list_table->ajax_user_can() ) 71 die( '-1' ); 72 73 $wp_list_table->ajax_response(); 74 75 die( '0' ); 76 break; 77 case 'ajax-tag-search' : 78 if ( isset( $_GET['tax'] ) ) { 79 $taxonomy = sanitize_key( $_GET['tax'] ); 80 $tax = get_taxonomy( $taxonomy ); 81 if ( ! $tax ) 82 die( '0' ); 83 if ( ! current_user_can( $tax->cap->assign_terms ) ) 84 die( '-1' ); 85 } else { 86 die('0'); 87 } 88 89 $s = stripslashes( $_GET['q'] ); 90 91 if ( false !== strpos( $s, ',' ) ) { 92 $s = explode( ',', $s ); 93 $s = $s[count( $s ) - 1]; 94 } 95 $s = trim( $s ); 96 if ( strlen( $s ) < 2 ) 97 die; // require 2 chars for matching 98 99 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) ); 100 101 echo join( $results, "\n" ); 102 die; 103 break; 104 case 'wp-compression-test' : 105 if ( !current_user_can( 'manage_options' ) ) 106 die('-1'); 107 108 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 109 update_site_option('can_compress_scripts', 0); 110 die('0'); 111 } 112 113 if ( isset($_GET['test']) ) { 114 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 115 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 116 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 117 header( 'Pragma: no-cache' ); 118 header('Content-Type: application/x-javascript; charset=UTF-8'); 119 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 120 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 121 122 if ( 1 == $_GET['test'] ) { 123 echo $test_str; 124 die; 125 } elseif ( 2 == $_GET['test'] ) { 126 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 127 die('-1'); 128 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 129 header('Content-Encoding: deflate'); 130 $out = gzdeflate( $test_str, 1 ); 131 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { 132 header('Content-Encoding: gzip'); 133 $out = gzencode( $test_str, 1 ); 134 } else { 135 die('-1'); 136 } 137 echo $out; 138 die; 139 } elseif ( 'no' == $_GET['test'] ) { 140 update_site_option('can_compress_scripts', 0); 141 } elseif ( 'yes' == $_GET['test'] ) { 142 update_site_option('can_compress_scripts', 1); 143 } 144 } 145 146 die('0'); 147 break; 148 case 'imgedit-preview' : 149 $post_id = intval($_GET['postid']); 150 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 151 die('-1'); 152 153 check_ajax_referer( "image_editor-$post_id" ); 154 155 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 156 if ( ! stream_preview_image($post_id) ) 157 die('-1'); 158 159 die(); 160 break; 161 case 'menu-quick-search': 162 if ( ! current_user_can( 'edit_theme_options' ) ) 163 die('-1'); 164 165 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 166 167 _wp_ajax_menu_quick_search( $_REQUEST ); 168 169 exit; 170 break; 171 case 'oembed-cache' : 172 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 173 die( $return ); 174 break; 175 default : 176 do_action( 'wp_ajax_' . $_GET['action'] ); 177 die('0'); 178 break; 179 endswitch; 180 endif; 181 182 /** 183 * Sends back current comment total and new page links if they need to be updated. 184 * 185 * Contrary to normal success AJAX response ("1"), die with time() on success. 186 * 187 * @since 2.7 188 * 189 * @param int $comment_id 190 * @return die 191 */ 192 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { 193 $total = (int) @$_POST['_total']; 194 $per_page = (int) @$_POST['_per_page']; 195 $page = (int) @$_POST['_page']; 196 $url = esc_url_raw( @$_POST['_url'] ); 197 // JS didn't send us everything we need to know. Just die with success message 198 if ( !$total || !$per_page || !$page || !$url ) 199 die( (string) time() ); 200 201 $total += $delta; 202 if ( $total < 0 ) 203 $total = 0; 204 205 // Only do the expensive stuff on a page-break, and about 1 other time per page 206 if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) { 207 $post_id = 0; 208 $status = 'total_comments'; // What type of comment count are we looking for? 209 $parsed = parse_url( $url ); 210 if ( isset( $parsed['query'] ) ) { 211 parse_str( $parsed['query'], $query_vars ); 212 if ( !empty( $query_vars['comment_status'] ) ) 213 $status = $query_vars['comment_status']; 214 if ( !empty( $query_vars['p'] ) ) 215 $post_id = (int) $query_vars['p']; 216 } 217 218 $comment_count = wp_count_comments($post_id); 219 220 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 221 $total = $comment_count->$status; 222 // else use the decremented value from above 223 } 224 225 $time = time(); // The time since the last comment count 226 227 $x = new WP_Ajax_Response( array( 228 'what' => 'comment', 229 'id' => $comment_id, // here for completeness - not used 230 'supplemental' => array( 231 'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ), 232 'total_pages' => ceil( $total / $per_page ), 233 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ), 234 'total' => $total, 235 'time' => $time 236 ) 237 ) ); 238 $x->send(); 239 } 240 241 function _wp_ajax_add_hierarchical_term() { 242 $action = $_POST['action']; 243 $taxonomy = get_taxonomy(substr($action, 4)); 244 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 245 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 246 die('-1'); 247 $names = explode(',', $_POST['new'.$taxonomy->name]); 248 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 249 if ( 0 > $parent ) 250 $parent = 0; 251 if ( $taxonomy->name == 'category' ) 252 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 253 else 254 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 255 $checked_categories = array_map( 'absint', (array) $post_category ); 256 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 257 258 foreach ( $names as $cat_name ) { 259 $cat_name = trim($cat_name); 260 $category_nicename = sanitize_title($cat_name); 261 if ( '' === $category_nicename ) 262 continue; 263 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) { 264 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent)); 265 $cat_id = $new_term['term_id']; 266 } 267 $checked_categories[] = $cat_id; 268 if ( $parent ) // Do these all at once in a second 269 continue; 270 $category = get_term( $cat_id, $taxonomy->name ); 271 ob_start(); 272 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 273 $data = ob_get_contents(); 274 ob_end_clean(); 275 $add = array( 276 'what' => $taxonomy->name, 277 'id' => $cat_id, 278 'data' => str_replace( array("\n", "\t"), '', $data), 279 'position' => -1 280 ); 281 } 282 283 if ( $parent ) { // Foncy - replace the parent and all its children 284 $parent = get_term( $parent, $taxonomy->name ); 285 $term_id = $parent->term_id; 286 287 while ( $parent->parent ) { // get the top parent 288 $parent = &get_term( $parent->parent, $taxonomy->name ); 289 if ( is_wp_error( $parent ) ) 290 break; 291 $term_id = $parent->term_id; 292 } 293 294 ob_start(); 295 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 296 $data = ob_get_contents(); 297 ob_end_clean(); 298 $add = array( 299 'what' => $taxonomy->name, 300 'id' => $term_id, 301 'data' => str_replace( array("\n", "\t"), '', $data), 302 'position' => -1 303 ); 304 } 305 306 ob_start(); 307 wp_dropdown_categories( array( 308 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 309 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —' 310 ) ); 311 $sup = ob_get_contents(); 312 ob_end_clean(); 313 $add['supplemental'] = array( 'newcat_parent' => $sup ); 314 315 $x = new WP_Ajax_Response( $add ); 316 $x->send(); 317 } 318 319 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 320 switch ( $action = $_POST['action'] ) : 321 case 'delete-comment' : // On success, die with time() instead of 1 322 if ( !$comment = get_comment( $id ) ) 323 die( (string) time() ); 324 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 325 die('-1'); 326 327 check_ajax_referer( "delete-comment_$id" ); 328 $status = wp_get_comment_status( $comment->comment_ID ); 329 330 $delta = -1; 331 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 332 if ( 'trash' == $status ) 333 die( (string) time() ); 334 $r = wp_trash_comment( $comment->comment_ID ); 335 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 336 if ( 'trash' != $status ) 337 die( (string) time() ); 338 $r = wp_untrash_comment( $comment->comment_ID ); 339 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash 340 $delta = 1; 341 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 342 if ( 'spam' == $status ) 343 die( (string) time() ); 344 $r = wp_spam_comment( $comment->comment_ID ); 345 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 346 if ( 'spam' != $status ) 347 die( (string) time() ); 348 $r = wp_unspam_comment( $comment->comment_ID ); 349 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam 350 $delta = 1; 351 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 352 $r = wp_delete_comment( $comment->comment_ID ); 353 } else { 354 die('-1'); 355 } 356 357 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 358 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); 359 die( '0' ); 360 break; 361 case 'delete-tag' : 362 $tag_id = (int) $_POST['tag_ID']; 363 check_ajax_referer( "delete-tag_$tag_id" ); 364 365 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 366 $tax = get_taxonomy($taxonomy); 367 368 if ( !current_user_can( $tax->cap->delete_terms ) ) 369 die('-1'); 370 371 $tag = get_term( $tag_id, $taxonomy ); 372 if ( !$tag || is_wp_error( $tag ) ) 373 die('1'); 374 375 if ( wp_delete_term($tag_id, $taxonomy)) 376 die('1'); 377 else 378 die('0'); 379 break; 380 case 'delete-link' : 381 check_ajax_referer( "delete-bookmark_$id" ); 382 if ( !current_user_can( 'manage_links' ) ) 383 die('-1'); 384 385 $link = get_bookmark( $id ); 386 if ( !$link || is_wp_error( $link ) ) 387 die('1'); 388 389 if ( wp_delete_link( $id ) ) 390 die('1'); 391 else 392 die('0'); 393 break; 394 case 'delete-meta' : 395 check_ajax_referer( "delete-meta_$id" ); 396 if ( !$meta = get_post_meta_by_id( $id ) ) 397 die('1'); 398 399 if ( !current_user_can( 'edit_post', $meta->post_id ) || is_protected_meta( $meta->meta_key ) ) 400 die('-1'); 401 if ( delete_meta( $meta->meta_id ) ) 402 die('1'); 403 die('0'); 404 break; 405 case 'delete-post' : 406 check_ajax_referer( "{$action}_$id" ); 407 if ( !current_user_can( 'delete_post', $id ) ) 408 die('-1'); 409 410 if ( !get_post( $id ) ) 411 die('1'); 412 413 if ( wp_delete_post( $id ) ) 414 die('1'); 415 else 416 die('0'); 417 break; 418 case 'trash-post' : 419 case 'untrash-post' : 420 check_ajax_referer( "{$action}_$id" ); 421 if ( !current_user_can( 'delete_post', $id ) ) 422 die('-1'); 423 424 if ( !get_post( $id ) ) 425 die('1'); 426 427 if ( 'trash-post' == $action ) 428 $done = wp_trash_post( $id ); 429 else 430 $done = wp_untrash_post( $id ); 431 432 if ( $done ) 433 die('1'); 434 435 die('0'); 436 break; 437 case 'delete-page' : 438 check_ajax_referer( "{$action}_$id" ); 439 if ( !current_user_can( 'delete_page', $id ) ) 440 die('-1'); 441 442 if ( !get_page( $id ) ) 443 die('1'); 444 445 if ( wp_delete_post( $id ) ) 446 die('1'); 447 else 448 die('0'); 449 break; 450 case 'dim-comment' : // On success, die with time() instead of 1 451 452 if ( !$comment = get_comment( $id ) ) { 453 $x = new WP_Ajax_Response( array( 454 'what' => 'comment', 455 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 456 ) ); 457 $x->send(); 458 } 459 460 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) ) 461 die('-1'); 462 463 $current = wp_get_comment_status( $comment->comment_ID ); 464 if ( $_POST['new'] == $current ) 465 die( (string) time() ); 466 467 check_ajax_referer( "approve-comment_$id" ); 468 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 469 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 470 else 471 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 472 473 if ( is_wp_error($result) ) { 474 $x = new WP_Ajax_Response( array( 475 'what' => 'comment', 476 'id' => $result 477 ) ); 478 $x->send(); 479 } 480 481 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 482 _wp_ajax_delete_comment_response( $comment->comment_ID ); 483 die( '0' ); 484 break; 485 case 'add-link-category' : // On the Fly 486 check_ajax_referer( $action ); 487 if ( !current_user_can( 'manage_categories' ) ) 488 die('-1'); 489 $names = explode(',', $_POST['newcat']); 490 $x = new WP_Ajax_Response(); 491 foreach ( $names as $cat_name ) { 492 $cat_name = trim($cat_name); 493 $slug = sanitize_title($cat_name); 494 if ( '' === $slug ) 495 continue; 496 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) { 497 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 498 } 499 $cat_id = $cat_id['term_id']; 500 $cat_name = esc_html(stripslashes($cat_name)); 501 $x->add( array( 502 'what' => 'link-category', 503 'id' => $cat_id, 504 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 505 'position' => -1 506 ) ); 507 } 508 $x->send(); 509 break; 510 case 'add-tag' : 511 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 512 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; 513 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 514 $tax = get_taxonomy($taxonomy); 515 516 if ( !current_user_can( $tax->cap->edit_terms ) ) 517 die('-1'); 518 519 $x = new WP_Ajax_Response(); 520 521 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 522 523 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 524 $message = __('An error has occurred. Please reload the page and try again.'); 525 if ( is_wp_error($tag) && $tag->get_error_message() ) 526 $message = $tag->get_error_message(); 527 528 $x->add( array( 529 'what' => 'taxonomy', 530 'data' => new WP_Error('error', $message ) 531 ) ); 532 $x->send(); 533 } 534 535 set_current_screen( $_POST['screen'] ); 536 537 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 538 539 $level = 0; 540 if ( is_taxonomy_hierarchical($taxonomy) ) { 541 $level = count( get_ancestors( $tag->term_id, $taxonomy ) ); 542 ob_start(); 543 $wp_list_table->single_row( $tag, $level ); 544 $noparents = ob_get_clean(); 545 } 546 547 ob_start(); 548 $wp_list_table->single_row( $tag ); 549 $parents = ob_get_clean(); 550 551 $x->add( array( 552 'what' => 'taxonomy', 553 'supplemental' => compact('parents', 'noparents') 554 ) ); 555 $x->add( array( 556 'what' => 'term', 557 'position' => $level, 558 'supplemental' => (array) $tag 559 ) ); 560 $x->send(); 561 break; 562 case 'get-tagcloud' : 563 if ( isset( $_POST['tax'] ) ) { 564 $taxonomy = sanitize_key( $_POST['tax'] ); 565 $tax = get_taxonomy( $taxonomy ); 566 if ( ! $tax ) 567 die( '0' ); 568 if ( ! current_user_can( $tax->cap->assign_terms ) ) 569 die( '-1' ); 570 } else { 571 die('0'); 572 } 573 574 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 575 576 if ( empty( $tags ) ) 577 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 578 579 if ( is_wp_error( $tags ) ) 580 die( $tags->get_error_message() ); 581 582 foreach ( $tags as $key => $tag ) { 583 $tags[ $key ]->link = '#'; 584 $tags[ $key ]->id = $tag->term_id; 585 } 586 587 // We need raw tag names here, so don't filter the output 588 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 589 590 if ( empty($return) ) 591 die('0'); 592 593 echo $return; 594 595 exit; 596 break; 597 case 'get-comments' : 598 check_ajax_referer( $action ); 599 600 set_current_screen( 'edit-comments' ); 601 602 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 603 604 if ( !current_user_can( 'edit_post', $post_id ) ) 605 die('-1'); 606 607 $wp_list_table->prepare_items(); 608 609 if ( !$wp_list_table->has_items() ) 610 die('1'); 611 612 $x = new WP_Ajax_Response(); 613 ob_start(); 614 foreach ( $wp_list_table->items as $comment ) { 615 get_comment( $comment ); 616 $wp_list_table->single_row( $comment ); 617 } 618 $comment_list_item = ob_get_contents(); 619 ob_end_clean(); 620 621 $x->add( array( 622 'what' => 'comments', 623 'data' => $comment_list_item 624 ) ); 625 $x->send(); 626 break; 627 case 'replyto-comment' : 628 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 629 630 set_current_screen( 'edit-comments' ); 631 632 $comment_post_ID = (int) $_POST['comment_post_ID']; 633 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 634 die('-1'); 635 636 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 637 638 if ( empty($status) ) 639 die('1'); 640 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 641 die( __('Error: you are replying to a comment on a draft post.') ); 642 643 $user = wp_get_current_user(); 644 if ( $user->ID ) { 645 $comment_author = $wpdb->escape($user->display_name); 646 $comment_author_email = $wpdb->escape($user->user_email); 647 $comment_author_url = $wpdb->escape($user->user_url); 648 $comment_content = trim($_POST['content']); 649 if ( current_user_can('unfiltered_html') ) { 650 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 651 kses_remove_filters(); // start with a clean slate 652 kses_init_filters(); // set up the filters 653 } 654 } 655 } else { 656 die( __('Sorry, you must be logged in to reply to a comment.') ); 657 } 658 659 if ( '' == $comment_content ) 660 die( __('Error: please type a comment.') ); 661 662 $comment_parent = absint($_POST['comment_ID']); 663 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 664 665 $comment_id = wp_new_comment( $commentdata ); 666 $comment = get_comment($comment_id); 667 if ( ! $comment ) die('1'); 668 669 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 670 671 ob_start(); 672 if ( 'dashboard' == $_REQUEST['mode'] ) { 673 require_once ( ABSPATH . 'wp-admin/includes/dashboard.php' ); 674 _wp_dashboard_recent_comments_row( $comment ); 675 } else { 676 if ( 'single' == $_REQUEST['mode'] ) { 677 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 678 } else { 679 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 680 } 681 $wp_list_table->single_row( $comment ); 682 } 683 $comment_list_item = ob_get_contents(); 684 ob_end_clean(); 685 686 $response = array( 687 'what' => 'comment', 688 'id' => $comment->comment_ID, 689 'data' => $comment_list_item, 690 'position' => $position 691 ); 692 693 // automatically approve parent comment 694 if ( !empty($_POST['approve_parent']) ) { 695 $parent = get_comment( $comment_parent ); 696 697 if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) { 698 if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) ) 699 $response['supplemental'] = array( 'parent_approved' => $parent->comment_ID ); 700 } 701 } 702 703 $x = new WP_Ajax_Response(); 704 $x->add( $response ); 705 $x->send(); 706 break; 707 case 'edit-comment' : 708 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); 709 710 set_current_screen( 'edit-comments' ); 711 712 $comment_post_ID = (int) $_POST['comment_post_ID']; 713 if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) 714 die('-1'); 715 716 if ( '' == $_POST['content'] ) 717 die( __('Error: please type a comment.') ); 718 719 $comment_id = (int) $_POST['comment_ID']; 720 $_POST['comment_status'] = $_POST['status']; 721 edit_comment(); 722 723 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 724 $comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 725 726 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 727 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' ); 728 729 ob_start(); 730 $wp_list_table->single_row( get_comment( $comment_id ) ); 731 $comment_list_item = ob_get_contents(); 732 ob_end_clean(); 733 734 $x = new WP_Ajax_Response(); 735 736 $x->add( array( 737 'what' => 'edit_comment', 738 'id' => $comment->comment_ID, 739 'data' => $comment_list_item, 740 'position' => $position 741 )); 742 743 $x->send(); 744 break; 745 case 'add-menu-item' : 746 if ( ! current_user_can( 'edit_theme_options' ) ) 747 die('-1'); 748 749 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 750 751 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 752 753 // For performance reasons, we omit some object properties from the checklist. 754 // The following is a hacky way to restore them when adding non-custom items. 755 756 $menu_items_data = array(); 757 foreach ( (array) $_POST['menu-item'] as $menu_item_data ) { 758 if ( 759 ! empty( $menu_item_data['menu-item-type'] ) && 760 'custom' != $menu_item_data['menu-item-type'] && 761 ! empty( $menu_item_data['menu-item-object-id'] ) 762 ) { 763 switch( $menu_item_data['menu-item-type'] ) { 764 case 'post_type' : 765 $_object = get_post( $menu_item_data['menu-item-object-id'] ); 766 break; 767 768 case 'taxonomy' : 769 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] ); 770 break; 771 } 772 773 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) ); 774 $_menu_item = array_shift( $_menu_items ); 775 776 // Restore the missing menu item properties 777 $menu_item_data['menu-item-description'] = $_menu_item->description; 778 } 779 780 $menu_items_data[] = $menu_item_data; 781 } 782 783 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); 784 if ( is_wp_error( $item_ids ) ) 785 die('-1'); 786 787 foreach ( (array) $item_ids as $menu_item_id ) { 788 $menu_obj = get_post( $menu_item_id ); 789 if ( ! empty( $menu_obj->ID ) ) { 790 $menu_obj = wp_setup_nav_menu_item( $menu_obj ); 791 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items 792 $menu_items[] = $menu_obj; 793 } 794 } 795 796 if ( ! empty( $menu_items ) ) { 797 $args = array( 798 'after' => '', 799 'before' => '', 800 'link_after' => '', 801 'link_before' => '', 802 'walker' => new Walker_Nav_Menu_Edit, 803 ); 804 echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); 805 } 806 break; 807 case 'add-meta' : 808 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 809 $c = 0; 810 $pid = (int) $_POST['post_id']; 811 $post = get_post( $pid ); 812 813 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 814 if ( !current_user_can( 'edit_post', $pid ) ) 815 die('-1'); 816 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 817 die('1'); 818 if ( $post->post_status == 'auto-draft' ) { 819 $save_POST = $_POST; // Backup $_POST 820 $_POST = array(); // Make it empty for edit_post() 821 $_POST['action'] = 'draft'; // Warning fix 822 $_POST['post_ID'] = $pid; 823 $_POST['post_type'] = $post->post_type; 824 $_POST['post_status'] = 'draft'; 825 $now = current_time('timestamp', 1); 826 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)); 827 828 if ( $pid = edit_post() ) { 829 if ( is_wp_error( $pid ) ) { 830 $x = new WP_Ajax_Response( array( 831 'what' => 'meta', 832 'data' => $pid 833 ) ); 834 $x->send(); 835 } 836 $_POST = $save_POST; // Now we can restore original $_POST again 837 if ( !$mid = add_meta( $pid ) ) 838 die(__('Please provide a custom field value.')); 839 } else { 840 die('0'); 841 } 842 } else if ( !$mid = add_meta( $pid ) ) { 843 die(__('Please provide a custom field value.')); 844 } 845 846 $meta = get_post_meta_by_id( $mid ); 847 $pid = (int) $meta->post_id; 848 $meta = get_object_vars( $meta ); 849 $x = new WP_Ajax_Response( array( 850 'what' => 'meta', 851 'id' => $mid, 852 'data' => _list_meta_row( $meta, $c ), 853 'position' => 1, 854 'supplemental' => array('postid' => $pid) 855 ) ); 856 } else { // Update? 857 $mid = (int) array_pop( $var_by_ref = array_keys($_POST['meta']) ); 858 $key = $_POST['meta'][$mid]['key']; 859 $value = $_POST['meta'][$mid]['value']; 860 if ( '' == trim($key) ) 861 die(__('Please provide a custom field name.')); 862 if ( '' == trim($value) ) 863 die(__('Please provide a custom field value.')); 864 if ( !$meta = get_post_meta_by_id( $mid ) ) 865 die('0'); // if meta doesn't exist 866 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 867 die('-1'); 868 if ( is_protected_meta( $meta->meta_key ) ) 869 die('-1'); 870 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { 871 if ( !$u = update_meta( $mid, $key, $value ) ) 872 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 873 } 874 875 $key = stripslashes($key); 876 $value = stripslashes($value); 877 $x = new WP_Ajax_Response( array( 878 'what' => 'meta', 879 'id' => $mid, 'old_id' => $mid, 880 'data' => _list_meta_row( array( 881 'meta_key' => $key, 882 'meta_value' => $value, 883 'meta_id' => $mid 884 ), $c ), 885 'position' => 0, 886 'supplemental' => array('postid' => $meta->post_id) 887 ) ); 888 } 889 $x->send(); 890 break; 891 case 'add-user' : 892 check_ajax_referer( $action ); 893 if ( !current_user_can('create_users') ) 894 die('-1'); 895 if ( !$user_id = add_user() ) 896 die('0'); 897 elseif ( is_wp_error( $user_id ) ) { 898 $x = new WP_Ajax_Response( array( 899 'what' => 'user', 900 'id' => $user_id 901 ) ); 902 $x->send(); 903 } 904 $user_object = new WP_User( $user_id ); 905 906 $wp_list_table = _get_list_table('WP_Users_List_Table'); 907 908 $x = new WP_Ajax_Response( array( 909 'what' => 'user', 910 'id' => $user_id, 911 'data' => $wp_list_table->single_row( $user_object, '', $user_object->roles[0] ), 912 'supplemental' => array( 913 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 914 'role' => $user_object->roles[0] 915 ) 916 ) ); 917 $x->send(); 918 break; 919 case 'autosave' : // The name of this action is hardcoded in edit_post() 920 define( 'DOING_AUTOSAVE', true ); 921 922 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 923 924 $_POST['post_category'] = explode(",", $_POST['catslist']); 925 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) 926 unset($_POST['post_category']); 927 928 $do_autosave = (bool) $_POST['autosave']; 929 $do_lock = true; 930 931 $data = $alert = ''; 932 /* translators: draft saved date format, see http://php.net/date */ 933 $draft_saved_date_format = __('g:i:s a'); 934 /* translators: %s: date and time */ 935 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); 936 937 $supplemental = array(); 938 if ( isset($login_grace_period) ) 939 $alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) ); 940 941 $id = $revision_id = 0; 942 943 $post_ID = (int) $_POST['post_ID']; 944 $_POST['ID'] = $post_ID; 945 $post = get_post($post_ID); 946 if ( 'auto-draft' == $post->post_status ) 947 $_POST['post_status'] = 'draft'; 948 949 if ( $last = wp_check_post_lock( $post->ID ) ) { 950 $do_autosave = $do_lock = false; 951 952 $last_user = get_userdata( $last ); 953 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 954 $data = __( 'Autosave disabled.' ); 955 956 $supplemental['disable_autosave'] = 'disable'; 957 $alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) ); 958 } 959 960 if ( 'page' == $post->post_type ) { 961 if ( !current_user_can('edit_page', $post_ID) ) 962 die(__('You are not allowed to edit this page.')); 963 } else { 964 if ( !current_user_can('edit_post', $post_ID) ) 965 die(__('You are not allowed to edit this post.')); 966 } 967 968 if ( $do_autosave ) { 969 // Drafts and auto-drafts are just overwritten by autosave 970 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) { 971 $id = edit_post(); 972 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 973 $revision_id = wp_create_post_autosave( $post->ID ); 974 if ( is_wp_error($revision_id) ) 975 $id = $revision_id; 976 else 977 $id = $post->ID; 978 } 979 $data = $message; 980 } else { 981 if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] ) 982 $id = 0; // This tells us it didn't actually save 983 else 984 $id = $post->ID; 985 } 986 987 if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) ) 988 wp_set_post_lock( $id ); 989 990 if ( $nonce_age == 2 ) { 991 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 992 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 993 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 994 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 995 if ( $id ) { 996 if ( $_POST['post_type'] == 'post' ) 997 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 998 elseif ( $_POST['post_type'] == 'page' ) 999 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 1000 } 1001 } 1002 1003 if ( ! empty($alert) ) 1004 $supplemental['alert'] = $alert; 1005 1006 $x = new WP_Ajax_Response( array( 1007 'what' => 'autosave', 1008 'id' => $id, 1009 'data' => $id ? $data : '', 1010 'supplemental' => $supplemental 1011 ) ); 1012 $x->send(); 1013 break; 1014 case 'closed-postboxes' : 1015 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1016 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array(); 1017 $closed = array_filter($closed); 1018 1019 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array(); 1020 $hidden = array_filter($hidden); 1021 1022 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1023 1024 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1025 die('-1'); 1026 1027 if ( ! $user = wp_get_current_user() ) 1028 die('-1'); 1029 1030 if ( is_array($closed) ) 1031 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); 1032 1033 if ( is_array($hidden) ) { 1034 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1035 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1036 } 1037 1038 die('1'); 1039 break; 1040 case 'hidden-columns' : 1041 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1042 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1043 $hidden = explode( ',', $_POST['hidden'] ); 1044 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1045 1046 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1047 die('-1'); 1048 1049 if ( ! $user = wp_get_current_user() ) 1050 die('-1'); 1051 1052 if ( is_array($hidden) ) 1053 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true); 1054 1055 die('1'); 1056 break; 1057 case 'menu-get-metabox' : 1058 if ( ! current_user_can( 'edit_theme_options' ) ) 1059 die('-1'); 1060 1061 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1062 1063 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) { 1064 $type = 'posttype'; 1065 $callback = 'wp_nav_menu_item_post_type_meta_box'; 1066 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); 1067 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) { 1068 $type = 'taxonomy'; 1069 $callback = 'wp_nav_menu_item_taxonomy_meta_box'; 1070 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); 1071 } 1072 1073 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) { 1074 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] ); 1075 ob_start(); 1076 call_user_func_array($callback, array( 1077 null, 1078 array( 1079 'id' => 'add-' . $item->name, 1080 'title' => $item->labels->name, 1081 'callback' => $callback, 1082 'args' => $item, 1083 ) 1084 )); 1085 1086 $markup = ob_get_clean(); 1087 1088 echo json_encode(array( 1089 'replace-id' => $type . '-' . $item->name, 1090 'markup' => $markup, 1091 )); 1092 } 1093 1094 exit; 1095 break; 1096 case 'menu-quick-search': 1097 if ( ! current_user_can( 'edit_theme_options' ) ) 1098 die('-1'); 1099 1100 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1101 1102 _wp_ajax_menu_quick_search( $_REQUEST ); 1103 1104 exit; 1105 break; 1106 case 'wp-link-ajax': 1107 require_once ABSPATH . 'wp-admin/includes/internal-linking.php'; 1108 1109 check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' ); 1110 1111 $args = array(); 1112 1113 if ( isset( $_POST['search'] ) ) 1114 $args['s'] = stripslashes( $_POST['search'] ); 1115 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; 1116 1117 $results = wp_link_query( $args ); 1118 1119 if ( ! isset( $results ) ) 1120 die( '0' ); 1121 1122 echo json_encode( $results ); 1123 echo "\n"; 1124 1125 exit; 1126 break; 1127 case 'menu-locations-save': 1128 if ( ! current_user_can( 'edit_theme_options' ) ) 1129 die('-1'); 1130 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1131 if ( ! isset( $_POST['menu-locations'] ) ) 1132 die('0'); 1133 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1134 die('1'); 1135 break; 1136 case 'meta-box-order': 1137 check_ajax_referer( 'meta-box-order' ); 1138 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1139 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0; 1140 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1141 1142 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1143 die('-1'); 1144 1145 if ( ! $user = wp_get_current_user() ) 1146 die('-1'); 1147 1148 if ( $order ) 1149 update_user_option($user->ID, "meta-box-order_$page", $order, true); 1150 1151 if ( $page_columns ) 1152 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1153 1154 die('1'); 1155 break; 1156 case 'get-permalink': 1157 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1158 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1159 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1160 break; 1161 case 'sample-permalink': 1162 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1163 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1164 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1165 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null; 1166 die(get_sample_permalink_html($post_id, $title, $slug)); 1167 break; 1168 case 'inline-save': 1169 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1170 1171 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1172 exit; 1173 1174 if ( 'page' == $_POST['post_type'] ) { 1175 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1176 die( __('You are not allowed to edit this page.') ); 1177 } else { 1178 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1179 die( __('You are not allowed to edit this post.') ); 1180 } 1181 1182 set_current_screen( $_POST['screen'] ); 1183 1184 if ( $last = wp_check_post_lock( $post_ID ) ) { 1185 $last_user = get_userdata( $last ); 1186 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1187 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1188 exit; 1189 } 1190 1191 $data = &$_POST; 1192 1193 $post = get_post( $post_ID, ARRAY_A ); 1194 $post = add_magic_quotes($post); //since it is from db 1195 1196 $data['content'] = $post['post_content']; 1197 $data['excerpt'] = $post['post_excerpt']; 1198 1199 // rename 1200 $data['user_ID'] = $GLOBALS['user_ID']; 1201 1202 if ( isset($data['post_parent']) ) 1203 $data['parent_id'] = $data['post_parent']; 1204 1205 // status 1206 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1207 $data['post_status'] = 'private'; 1208 else 1209 $data['post_status'] = $data['_status']; 1210 1211 if ( empty($data['comment_status']) ) 1212 $data['comment_status'] = 'closed'; 1213 if ( empty($data['ping_status']) ) 1214 $data['ping_status'] = 'closed'; 1215 1216 // update the post 1217 edit_post(); 1218 1219 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 1220 1221 $mode = $_POST['post_view']; 1222 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); 1223 1224 exit; 1225 break; 1226 case 'inline-save-tax': 1227 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1228 1229 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1230 $tax = get_taxonomy( $taxonomy ); 1231 if ( ! $tax ) 1232 die( '0' ); 1233 1234 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1235 die( '-1' ); 1236 1237 set_current_screen( 'edit-' . $taxonomy ); 1238 1239 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 1240 1241 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1242 die(-1); 1243 1244 $tag = get_term( $id, $taxonomy ); 1245 $_POST['description'] = $tag->description; 1246 1247 $updated = wp_update_term($id, $taxonomy, $_POST); 1248 if ( $updated && !is_wp_error($updated) ) { 1249 $tag = get_term( $updated['term_id'], $taxonomy ); 1250 if ( !$tag || is_wp_error( $tag ) ) { 1251 if ( is_wp_error($tag) && $tag->get_error_message() ) 1252 die( $tag->get_error_message() ); 1253 die( __('Item not updated.') ); 1254 } 1255 1256 echo $wp_list_table->single_row( $tag ); 1257 } else { 1258 if ( is_wp_error($updated) && $updated->get_error_message() ) 1259 die( $updated->get_error_message() ); 1260 die( __('Item not updated.') ); 1261 } 1262 1263 exit; 1264 break; 1265 case 'find_posts': 1266 check_ajax_referer( 'find-posts' ); 1267 1268 if ( empty($_POST['ps']) ) 1269 exit; 1270 1271 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) ) 1272 $what = $_POST['post_type']; 1273 else 1274 $what = 'post'; 1275 1276 $s = stripslashes($_POST['ps']); 1277 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1278 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1279 1280 $searchand = $search = ''; 1281 foreach ( (array) $search_terms as $term ) { 1282 $term = esc_sql( like_escape( $term ) ); 1283 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1284 $searchand = ' AND '; 1285 } 1286 $term = esc_sql( like_escape( $s ) ); 1287 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1288 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1289 1290 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1291 1292 if ( ! $posts ) { 1293 $posttype = get_post_type_object($what); 1294 exit($posttype->labels->not_found); 1295 } 1296 1297 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1298 foreach ( $posts as $post ) { 1299 1300 switch ( $post->post_status ) { 1301 case 'publish' : 1302 case 'private' : 1303 $stat = __('Published'); 1304 break; 1305 case 'future' : 1306 $stat = __('Scheduled'); 1307 break; 1308 case 'pending' : 1309 $stat = __('Pending Review'); 1310 break; 1311 case 'draft' : 1312 $stat = __('Draft'); 1313 break; 1314 } 1315 1316 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1317 $time = ''; 1318 } else { 1319 /* translators: date format in table columns, see http://php.net/date */ 1320 $time = mysql2date(__('Y/m/d'), $post->post_date); 1321 } 1322 1323 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1324 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1325 } 1326 $html .= '</tbody></table>'; 1327 1328 $x = new WP_Ajax_Response(); 1329 $x->add( array( 1330 'what' => $what, 1331 'data' => $html 1332 )); 1333 $x->send(); 1334 1335 break; 1336 case 'widgets-order' : 1337 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1338 1339 if ( !current_user_can('edit_theme_options') ) 1340 die('-1'); 1341 1342 unset( $_POST['savewidgets'], $_POST['action'] ); 1343 1344 // save widgets order for all sidebars 1345 if ( is_array($_POST['sidebars']) ) { 1346 $sidebars = array(); 1347 foreach ( $_POST['sidebars'] as $key => $val ) { 1348 $sb = array(); 1349 if ( !empty($val) ) { 1350 $val = explode(',', $val); 1351 foreach ( $val as $k => $v ) { 1352 if ( strpos($v, 'widget-') === false ) 1353 continue; 1354 1355 $sb[$k] = substr($v, strpos($v, '_') + 1); 1356 } 1357 } 1358 $sidebars[$key] = $sb; 1359 } 1360 wp_set_sidebars_widgets($sidebars); 1361 die('1'); 1362 } 1363 1364 die('-1'); 1365 break; 1366 case 'save-widget' : 1367 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1368 1369 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 1370 die('-1'); 1371 1372 unset( $_POST['savewidgets'], $_POST['action'] ); 1373 1374 do_action('load-widgets.php'); 1375 do_action('widgets.php'); 1376 do_action('sidebar_admin_setup'); 1377 1378 $id_base = $_POST['id_base']; 1379 $widget_id = $_POST['widget-id']; 1380 $sidebar_id = $_POST['sidebar']; 1381 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1382 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1383 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>'; 1384 1385 $sidebars = wp_get_sidebars_widgets(); 1386 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1387 1388 // delete 1389 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1390 1391 if ( !isset($wp_registered_widgets[$widget_id]) ) 1392 die($error); 1393 1394 $sidebar = array_diff( $sidebar, array($widget_id) ); 1395 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1396 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1397 if ( !$multi_number ) 1398 die($error); 1399 1400 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1401 $widget_id = $id_base . '-' . $multi_number; 1402 $sidebar[] = $widget_id; 1403 } 1404 $_POST['widget-id'] = $sidebar; 1405 1406 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1407 1408 if ( $name == $id_base ) { 1409 if ( !is_callable( $control['callback'] ) ) 1410 continue; 1411 1412 ob_start(); 1413 call_user_func_array( $control['callback'], $control['params'] ); 1414 ob_end_clean(); 1415 break; 1416 } 1417 } 1418 1419 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1420 $sidebars[$sidebar_id] = $sidebar; 1421 wp_set_sidebars_widgets($sidebars); 1422 echo "deleted:$widget_id"; 1423 die(); 1424 } 1425 1426 if ( !empty($_POST['add_new']) ) 1427 die(); 1428 1429 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1430 call_user_func_array( $form['callback'], $form['params'] ); 1431 1432 die(); 1433 break; 1434 case 'image-editor': 1435 $attachment_id = intval($_POST['postid']); 1436 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1437 die('-1'); 1438 1439 check_ajax_referer( "image_editor-$attachment_id" ); 1440 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1441 1442 $msg = false; 1443 switch ( $_POST['do'] ) { 1444 case 'save' : 1445 $msg = wp_save_image($attachment_id); 1446 $msg = json_encode($msg); 1447 die($msg); 1448 break; 1449 case 'scale' : 1450 $msg = wp_save_image($attachment_id); 1451 break; 1452 case 'restore' : 1453 $msg = wp_restore_image($attachment_id); 1454 break; 1455 } 1456 1457 wp_image_editor($attachment_id, $msg); 1458 die(); 1459 break; 1460 case 'set-post-thumbnail': 1461 $post_ID = intval( $_POST['post_id'] ); 1462 if ( !current_user_can( 'edit_post', $post_ID ) ) 1463 die( '-1' ); 1464 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1465 1466 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 1467 1468 if ( $thumbnail_id == '-1' ) { 1469 delete_post_meta( $post_ID, '_thumbnail_id' ); 1470 die( _wp_post_thumbnail_html() ); 1471 } 1472 1473 if ( set_post_thumbnail( $post_ID, $thumbnail_id ) ) 1474 die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1475 die( '0' ); 1476 break; 1477 case 'date_format' : 1478 die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) ); 1479 break; 1480 case 'time_format' : 1481 die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) ); 1482 break; 1483 case 'wp-fullscreen-save-post' : 1484 if ( isset($_POST['post_ID']) ) 1485 $post_id = (int) $_POST['post_ID']; 1486 else 1487 $post_id = 0; 1488 1489 $post = null; 1490 $post_type_object = null; 1491 $post_type = null; 1492 if ( $post_id ) { 1493 $post = get_post($post_id); 1494 if ( $post ) { 1495 $post_type_object = get_post_type_object($post->post_type); 1496 if ( $post_type_object ) { 1497 $post_type = $post->post_type; 1498 $current_screen->post_type = $post->post_type; 1499 $current_screen->id = $current_screen->post_type; 1500 } 1501 } 1502 } elseif ( isset($_POST['post_type']) ) { 1503 $post_type_object = get_post_type_object($_POST['post_type']); 1504 if ( $post_type_object ) { 1505 $post_type = $post_type_object->name; 1506 $current_screen->post_type = $post_type; 1507 $current_screen->id = $current_screen->post_type; 1508 } 1509 } 1510 1511 check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce'); 1512 1513 $post_id = edit_post(); 1514 1515 if ( is_wp_error($post_id) ) { 1516 if ( $post_id->get_error_message() ) 1517 $message = $post_id->get_error_message(); 1518 else 1519 $message = __('Save failed'); 1520 1521 echo json_encode( array( 'message' => $message, 'last_edited' => '' ) ); 1522 die(); 1523 } else { 1524 $message = __('Saved.'); 1525 } 1526 1527 if ( $post ) { 1528 $last_date = mysql2date( get_option('date_format'), $post->post_modified ); 1529 $last_time = mysql2date( get_option('time_format'), $post->post_modified ); 1530 } else { 1531 $last_date = date_i18n( get_option('date_format') ); 1532 $last_time = date_i18n( get_option('time_format') ); 1533 } 1534 1535 if ( $last_id = get_post_meta($post_id, '_edit_last', true) ) { 1536 $last_user = get_userdata($last_id); 1537 $last_edited = sprintf( __('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time ); 1538 } else { 1539 $last_edited = sprintf( __('Last edited on %1$s at %2$s'), $last_date, $last_time ); 1540 } 1541 1542 echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) ); 1543 die(); 1544 break; 1545 default : 1546 do_action( 'wp_ajax_' . $_POST['action'] ); 1547 die('0'); 1548 break; 1549 endswitch; 1550 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Jun 1 08:30:02 2011 |
Cross-referenced by PHPXref 0.7 Provided by Yoast and awesome WordPress Hosting |