Ticket #9593: 9593.diff
| File 9593.diff, 7.0 KB (added by DD32, 4 years ago) |
|---|
-
wp-admin/press-this.php
10 10 require_once('admin.php'); 11 11 header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); 12 12 13 if ( ! current_user_can('edit_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); 13 if ( ! current_user_can('edit_posts') ) 14 wp_die( __( 'Cheatin’ uh?' ) ); 14 15 15 16 /** 16 17 * Convert characters. … … 41 42 function press_it() { 42 43 // define some basic variables 43 44 $quick['post_status'] = 'draft'; // set as draft first 44 $quick['post_category'] = $_REQUEST['post_category'];45 $quick['tax_input'] = $_REQUEST['tax_input'];46 $quick['post_title'] = $_REQUEST['title'];45 $quick['post_category'] = isset($_REQUEST['post_category']) ? $_REQUEST['post_category'] : null; 46 $quick['tax_input'] = isset($_REQUEST['tax_input']) ? $_REQUEST['tax_input'] : ''; 47 $quick['post_title'] = isset($_REQUEST['title']) ? $_REQUEST['title'] : ''; 47 48 $quick['post_content'] = ''; 48 49 49 50 // insert the post with nothing in it, to get an ID 50 51 $post_ID = wp_insert_post($quick, true); 51 $content = $_REQUEST['content'];52 $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : ''; 52 53 53 if( $_REQUEST['photo_src'] && current_user_can('upload_files') ) 54 $upload = false; 55 if( !empty($_REQUEST['photo_src']) && current_user_can('upload_files') ) 54 56 foreach( (array) $_REQUEST['photo_src'] as $key => $image) 55 57 // see if files exist in content - we don't want to upload non-used selected files. 56 58 if( strpos($_REQUEST['content'], $image) !== false ) { 57 $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]); 59 $desc = isset($_REQUEST['photo_description'][$key]) ? $_REQUEST['photo_description'][$key] : ''; 60 $upload = media_sideload_image($image, $post_ID, $desc); 58 61 59 62 // Replace the POSTED content <img> with correct uploaded ones. Regex contains fix for Magic Quotes 60 63 if( !is_wp_error($upload) ) $content = preg_replace('/<img ([^>]*)src=\\\?(\"|\')'.preg_quote($image, '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); … … 79 82 } 80 83 81 84 // For submitted posts. 82 if ( 'post' == $_REQUEST['action'] ) {85 if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { 83 86 check_admin_referer('press-this'); 84 87 $post_ID = press_it(); 85 88 $posted = $post_ID; 89 } else { 90 $post_ID = 0; 86 91 } 87 92 88 93 // Set Variables 89 $title = wp_specialchars(aposfix(stripslashes($_GET['t'])));90 $selection = trim( aposfix( stripslashes($_GET['s']) ) );94 $title = isset($_GET['t']) ? wp_specialchars(aposfix(stripslashes($_GET['t']))) : ''; 95 $selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; 91 96 if ( ! empty($selection) ) { 92 97 $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection); 93 98 $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>'; 94 99 } 95 $url = clean_url($_GET['u']);96 $image = $_GET['i'];100 $url = isset($_GET['u']) ? clean_url($_GET['u']) : ''; 101 $image = isset($_GET['i']) ? $_GET['i'] : ''; 97 102 98 if ($_REQUEST['ajax']) {103 if ( !empty($_REQUEST['ajax']) ) { 99 104 switch ($_REQUEST['ajax']) { 100 105 case 'video': ?> 101 106 <script type="text/javascript" charset="utf-8"> … … 130 135 <h3 class="tb"><label for="this_photo_description"><?php _e('Description') ?></label></h3> 131 136 <div class="titlediv"> 132 137 <div class="titlewrap"> 133 <input id="this_photo_description" name="photo_description" class="tbtitle text" on keypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>138 <input id="this_photo_description" name="photo_description" class="tbtitle text" onKeyPress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/> 134 139 </div> 135 140 </div> 136 141 … … 155 160 <h3 class="tb"><label for="this_photo"><?php _e('URL') ?></label></h3> 156 161 <div class="titlediv"> 157 162 <div class="titlewrap"> 158 <input id="this_photo" name="this_photo" class="tbtitle text" on keypress="if(event.keyCode==13) image_selector();" />163 <input id="this_photo" name="this_photo" class="tbtitle text" onKeyPress="if(event.keyCode==13) image_selector();" /> 159 164 </div> 160 165 </div> 161 166 … … 163 168 <h3 class="tb"><label for="photo_description"><?php _e('Description') ?></label></h3> 164 169 <div id="titlediv"> 165 170 <div class="titlewrap"> 166 <input id="this_photo_description" name="photo_description" class="tbtitle text" on keypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>171 <input id="this_photo_description" name="photo_description" class="tbtitle text" onKeyPress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/> 167 172 </div> 168 173 </div> 169 174 … … 467 472 468 473 <div id="categories-all" class="ui-tabs-panel"> 469 474 <ul id="categorychecklist" class="list:category categorychecklist form-no-clear"> 470 <?php wp_category_checklist($post ->ID, false, false, $popular_ids) ?>475 <?php wp_category_checklist($post_ID, false) ?> 471 476 </ul> 472 477 </div> 473 478 … … 506 511 507 512 <div class="posting"> 508 513 <?php if ( isset($posted) && intval($posted) ) { $post_ID = intval($posted); ?> 509 <div id="message" class="updated fade"><p><strong><?php _e('Your post has been saved.'); ?></strong> <a on click="window.opener.location.replace(this.href); window.close();" href="<?php echo get_permalink( $post_ID); ?>"><?php _e('View post'); ?></a> | <a href="<?php echo get_edit_post_link( $post_ID ); ?>" onclick="window.opener.location.replace(this.href); window.close();"><?php _e('Edit post'); ?></a> | <a href="#" onclick="window.close();"><?php _e('Close Window'); ?></a></p></div>514 <div id="message" class="updated fade"><p><strong><?php _e('Your post has been saved.'); ?></strong> <a onClick="window.opener.location.replace(this.href); window.close();" href="<?php echo get_permalink( $post_ID); ?>"><?php _e('View post'); ?></a> | <a href="<?php echo get_edit_post_link( $post_ID ); ?>" onClick="window.opener.location.replace(this.href); window.close();"><?php _e('Edit post'); ?></a> | <a href="#" onClick="window.close();"><?php _e('Close Window'); ?></a></p></div> 510 515 <?php } ?> 511 516 512 517 <div id="titlediv"> … … 532 537 <li id="switcher"> 533 538 <?php wp_print_scripts( 'quicktags' ); ?> 534 539 <?php add_filter('the_editor_content', 'wp_richedit_pre'); ?> 535 <a id="edButtonHTML" on click="switchEditors.go('content', 'html');"><?php _e('HTML'); ?></a>536 <a id="edButtonPreview" class="active" on click="switchEditors.go('content', 'tinymce');"><?php _e('Visual'); ?></a>537 <div class="zerosize"><input accesskey="e" type="button" on click="switchEditors.go('content')" /></div>540 <a id="edButtonHTML" onClick="switchEditors.go('content', 'html');"><?php _e('HTML'); ?></a> 541 <a id="edButtonPreview" class="active" onClick="switchEditors.go('content', 'tinymce');"><?php _e('Visual'); ?></a> 542 <div class="zerosize"><input accesskey="e" type="button" onClick="switchEditors.go('content')" /></div> 538 543 </li> 539 544 <?php } ?> 540 545 </ul>
