Ticket #15327: 15327.diff
File 15327.diff, 111.9 KB (added by , 13 years ago) |
---|
-
wp-admin/admin-ajax.php
14 14 define('DOING_AJAX', true); 15 15 define('WP_ADMIN', true); 16 16 17 if ( ! isset( $_REQUEST['action'] ) ) 18 die('-1'); 17 // Require an action parameter 18 if ( empty($_REQUEST['action']) ) 19 die('-1'); 19 20 21 // Load libraries 20 22 require_once('../wp-load.php'); 21 22 23 require_once('./includes/admin.php'); 24 require_once('./includes/ajax-actions.php'); 25 26 // Start the headers 23 27 @header('Content-Type: text/html; charset=' . get_option('blog_charset')); 24 28 send_nosniff_header(); 25 26 29 do_action('admin_init'); 27 30 28 if ( ! is_user_logged_in() ) { 31 // Handle non-privileged actions 32 if (!is_user_logged_in()) { 33 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 29 34 30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) { 31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; 32 33 if ( ! $id ) 34 die('-1'); 35 36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 37 $x = new WP_Ajax_Response( array( 38 'what' => 'autosave', 39 'id' => $id, 40 'data' => $message 41 ) ); 42 $x->send(); 43 } 44 45 if ( !empty( $_REQUEST['action'] ) ) 46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 47 48 die('-1'); 35 // Handle admin actions 36 } else { 37 do_action( 'wp_ajax_' . $_REQUEST['action'] ); 49 38 } 50 39 51 if ( isset( $_GET['action'] ) ) : 52 switch ( $action = $_GET['action'] ) : 53 case 'fetch-list' : 40 // Default status 41 die('-1'); 54 42 55 $list_class = $_GET['list_args']['class']; 56 check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' ); 57 58 $current_screen = (object) $_GET['list_args']['screen']; 59 //TODO fix this in a better way see #15336 60 $current_screen->is_network = 'false' === $current_screen->is_network ? false : true; 61 $current_screen->is_user = 'false' === $current_screen->is_user ? false : true; 62 63 define( 'WP_NETWORK_ADMIN', $current_screen->is_network ); 64 define( 'WP_USER_ADMIN', $current_screen->is_user ); 65 66 $wp_list_table = _get_list_table( $list_class ); 67 if ( ! $wp_list_table ) 68 die( '0' ); 69 70 if ( ! $wp_list_table->ajax_user_can() ) 71 die( '-1' ); 72 73 $wp_list_table->ajax_response(); 74 75 die( '0' ); 76 break; 77 case 'ajax-tag-search' : 78 if ( isset( $_GET['tax'] ) ) { 79 $taxonomy = sanitize_key( $_GET['tax'] ); 80 $tax = get_taxonomy( $taxonomy ); 81 if ( ! $tax ) 82 die( '0' ); 83 if ( ! current_user_can( $tax->cap->assign_terms ) ) 84 die( '-1' ); 85 } else { 86 die('0'); 87 } 88 89 $s = stripslashes( $_GET['q'] ); 90 91 if ( false !== strpos( $s, ',' ) ) { 92 $s = explode( ',', $s ); 93 $s = $s[count( $s ) - 1]; 94 } 95 $s = trim( $s ); 96 if ( strlen( $s ) < 2 ) 97 die; // require 2 chars for matching 98 99 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) ); 100 101 echo join( $results, "\n" ); 102 die; 103 break; 104 case 'wp-compression-test' : 105 if ( !current_user_can( 'manage_options' ) ) 106 die('-1'); 107 108 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 109 update_site_option('can_compress_scripts', 0); 110 die('0'); 111 } 112 113 if ( isset($_GET['test']) ) { 114 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 115 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 116 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 117 header( 'Pragma: no-cache' ); 118 header('Content-Type: application/x-javascript; charset=UTF-8'); 119 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 120 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 121 122 if ( 1 == $_GET['test'] ) { 123 echo $test_str; 124 die; 125 } elseif ( 2 == $_GET['test'] ) { 126 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 127 die('-1'); 128 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 129 header('Content-Encoding: deflate'); 130 $out = gzdeflate( $test_str, 1 ); 131 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { 132 header('Content-Encoding: gzip'); 133 $out = gzencode( $test_str, 1 ); 134 } else { 135 die('-1'); 136 } 137 echo $out; 138 die; 139 } elseif ( 'no' == $_GET['test'] ) { 140 update_site_option('can_compress_scripts', 0); 141 } elseif ( 'yes' == $_GET['test'] ) { 142 update_site_option('can_compress_scripts', 1); 143 } 144 } 145 146 die('0'); 147 break; 148 case 'imgedit-preview' : 149 $post_id = intval($_GET['postid']); 150 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 151 die('-1'); 152 153 check_ajax_referer( "image_editor-$post_id" ); 154 155 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 156 if ( ! stream_preview_image($post_id) ) 157 die('-1'); 158 159 die(); 160 break; 161 case 'menu-quick-search': 162 if ( ! current_user_can( 'edit_theme_options' ) ) 163 die('-1'); 164 165 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 166 167 _wp_ajax_menu_quick_search( $_REQUEST ); 168 169 exit; 170 break; 171 case 'oembed-cache' : 172 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 173 die( $return ); 174 break; 175 default : 176 do_action( 'wp_ajax_' . $_GET['action'] ); 177 die('0'); 178 break; 179 endswitch; 180 endif; 181 182 /** 183 * Sends back current comment total and new page links if they need to be updated. 184 * 185 * Contrary to normal success AJAX response ("1"), die with time() on success. 186 * 187 * @since 2.7 188 * 189 * @param int $comment_id 190 * @return die 191 */ 192 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { 193 $total = (int) @$_POST['_total']; 194 $per_page = (int) @$_POST['_per_page']; 195 $page = (int) @$_POST['_page']; 196 $url = esc_url_raw( @$_POST['_url'] ); 197 // JS didn't send us everything we need to know. Just die with success message 198 if ( !$total || !$per_page || !$page || !$url ) 199 die( (string) time() ); 200 201 $total += $delta; 202 if ( $total < 0 ) 203 $total = 0; 204 205 // Only do the expensive stuff on a page-break, and about 1 other time per page 206 if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) { 207 $post_id = 0; 208 $status = 'total_comments'; // What type of comment count are we looking for? 209 $parsed = parse_url( $url ); 210 if ( isset( $parsed['query'] ) ) { 211 parse_str( $parsed['query'], $query_vars ); 212 if ( !empty( $query_vars['comment_status'] ) ) 213 $status = $query_vars['comment_status']; 214 if ( !empty( $query_vars['p'] ) ) 215 $post_id = (int) $query_vars['p']; 216 } 217 218 $comment_count = wp_count_comments($post_id); 219 220 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 221 $total = $comment_count->$status; 222 // else use the decremented value from above 223 } 224 225 $time = time(); // The time since the last comment count 226 227 $x = new WP_Ajax_Response( array( 228 'what' => 'comment', 229 'id' => $comment_id, // here for completeness - not used 230 'supplemental' => array( 231 'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ), 232 'total_pages' => ceil( $total / $per_page ), 233 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ), 234 'total' => $total, 235 'time' => $time 236 ) 237 ) ); 238 $x->send(); 239 } 240 241 function _wp_ajax_add_hierarchical_term() { 242 $action = $_POST['action']; 243 $taxonomy = get_taxonomy(substr($action, 4)); 244 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 245 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 246 die('-1'); 247 $names = explode(',', $_POST['new'.$taxonomy->name]); 248 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 249 if ( 0 > $parent ) 250 $parent = 0; 251 if ( $taxonomy->name == 'category' ) 252 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 253 else 254 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 255 $checked_categories = array_map( 'absint', (array) $post_category ); 256 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 257 258 foreach ( $names as $cat_name ) { 259 $cat_name = trim($cat_name); 260 $category_nicename = sanitize_title($cat_name); 261 if ( '' === $category_nicename ) 262 continue; 263 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) { 264 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent)); 265 $cat_id = $new_term['term_id']; 266 } 267 $checked_categories[] = $cat_id; 268 if ( $parent ) // Do these all at once in a second 269 continue; 270 $category = get_term( $cat_id, $taxonomy->name ); 271 ob_start(); 272 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 273 $data = ob_get_contents(); 274 ob_end_clean(); 275 $add = array( 276 'what' => $taxonomy->name, 277 'id' => $cat_id, 278 'data' => str_replace( array("\n", "\t"), '', $data), 279 'position' => -1 280 ); 281 } 282 283 if ( $parent ) { // Foncy - replace the parent and all its children 284 $parent = get_term( $parent, $taxonomy->name ); 285 $term_id = $parent->term_id; 286 287 while ( $parent->parent ) { // get the top parent 288 $parent = &get_term( $parent->parent, $taxonomy->name ); 289 if ( is_wp_error( $parent ) ) 290 break; 291 $term_id = $parent->term_id; 292 } 293 294 ob_start(); 295 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 296 $data = ob_get_contents(); 297 ob_end_clean(); 298 $add = array( 299 'what' => $taxonomy->name, 300 'id' => $term_id, 301 'data' => str_replace( array("\n", "\t"), '', $data), 302 'position' => -1 303 ); 304 } 305 306 ob_start(); 307 wp_dropdown_categories( array( 308 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 309 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —' 310 ) ); 311 $sup = ob_get_contents(); 312 ob_end_clean(); 313 $add['supplemental'] = array( 'newcat_parent' => $sup ); 314 315 $x = new WP_Ajax_Response( $add ); 316 $x->send(); 317 } 318 319 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 320 switch ( $action = $_POST['action'] ) : 321 case 'delete-comment' : // On success, die with time() instead of 1 322 if ( !$comment = get_comment( $id ) ) 323 die( (string) time() ); 324 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 325 die('-1'); 326 327 check_ajax_referer( "delete-comment_$id" ); 328 $status = wp_get_comment_status( $comment->comment_ID ); 329 330 $delta = -1; 331 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 332 if ( 'trash' == $status ) 333 die( (string) time() ); 334 $r = wp_trash_comment( $comment->comment_ID ); 335 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 336 if ( 'trash' != $status ) 337 die( (string) time() ); 338 $r = wp_untrash_comment( $comment->comment_ID ); 339 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash 340 $delta = 1; 341 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 342 if ( 'spam' == $status ) 343 die( (string) time() ); 344 $r = wp_spam_comment( $comment->comment_ID ); 345 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 346 if ( 'spam' != $status ) 347 die( (string) time() ); 348 $r = wp_unspam_comment( $comment->comment_ID ); 349 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam 350 $delta = 1; 351 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 352 $r = wp_delete_comment( $comment->comment_ID ); 353 } else { 354 die('-1'); 355 } 356 357 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 358 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); 359 die( '0' ); 360 break; 361 case 'delete-tag' : 362 $tag_id = (int) $_POST['tag_ID']; 363 check_ajax_referer( "delete-tag_$tag_id" ); 364 365 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 366 $tax = get_taxonomy($taxonomy); 367 368 if ( !current_user_can( $tax->cap->delete_terms ) ) 369 die('-1'); 370 371 $tag = get_term( $tag_id, $taxonomy ); 372 if ( !$tag || is_wp_error( $tag ) ) 373 die('1'); 374 375 if ( wp_delete_term($tag_id, $taxonomy)) 376 die('1'); 377 else 378 die('0'); 379 break; 380 case 'delete-link' : 381 check_ajax_referer( "delete-bookmark_$id" ); 382 if ( !current_user_can( 'manage_links' ) ) 383 die('-1'); 384 385 $link = get_bookmark( $id ); 386 if ( !$link || is_wp_error( $link ) ) 387 die('1'); 388 389 if ( wp_delete_link( $id ) ) 390 die('1'); 391 else 392 die('0'); 393 break; 394 case 'delete-meta' : 395 check_ajax_referer( "delete-meta_$id" ); 396 if ( !$meta = get_metadata_by_mid( 'post', $id ) ) 397 die('1'); 398 399 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) 400 die('-1'); 401 if ( delete_meta( $meta->meta_id ) ) 402 die('1'); 403 die('0'); 404 break; 405 case 'delete-post' : 406 check_ajax_referer( "{$action}_$id" ); 407 if ( !current_user_can( 'delete_post', $id ) ) 408 die('-1'); 409 410 if ( !get_post( $id ) ) 411 die('1'); 412 413 if ( wp_delete_post( $id ) ) 414 die('1'); 415 else 416 die('0'); 417 break; 418 case 'trash-post' : 419 case 'untrash-post' : 420 check_ajax_referer( "{$action}_$id" ); 421 if ( !current_user_can( 'delete_post', $id ) ) 422 die('-1'); 423 424 if ( !get_post( $id ) ) 425 die('1'); 426 427 if ( 'trash-post' == $action ) 428 $done = wp_trash_post( $id ); 429 else 430 $done = wp_untrash_post( $id ); 431 432 if ( $done ) 433 die('1'); 434 435 die('0'); 436 break; 437 case 'delete-page' : 438 check_ajax_referer( "{$action}_$id" ); 439 if ( !current_user_can( 'delete_page', $id ) ) 440 die('-1'); 441 442 if ( !get_page( $id ) ) 443 die('1'); 444 445 if ( wp_delete_post( $id ) ) 446 die('1'); 447 else 448 die('0'); 449 break; 450 case 'dim-comment' : // On success, die with time() instead of 1 451 452 if ( !$comment = get_comment( $id ) ) { 453 $x = new WP_Ajax_Response( array( 454 'what' => 'comment', 455 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 456 ) ); 457 $x->send(); 458 } 459 460 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) 461 die('-1'); 462 463 $current = wp_get_comment_status( $comment->comment_ID ); 464 if ( $_POST['new'] == $current ) 465 die( (string) time() ); 466 467 check_ajax_referer( "approve-comment_$id" ); 468 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 469 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 470 else 471 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 472 473 if ( is_wp_error($result) ) { 474 $x = new WP_Ajax_Response( array( 475 'what' => 'comment', 476 'id' => $result 477 ) ); 478 $x->send(); 479 } 480 481 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 482 _wp_ajax_delete_comment_response( $comment->comment_ID ); 483 die( '0' ); 484 break; 485 case 'add-link-category' : // On the Fly 486 check_ajax_referer( $action ); 487 if ( !current_user_can( 'manage_categories' ) ) 488 die('-1'); 489 $names = explode(',', $_POST['newcat']); 490 $x = new WP_Ajax_Response(); 491 foreach ( $names as $cat_name ) { 492 $cat_name = trim($cat_name); 493 $slug = sanitize_title($cat_name); 494 if ( '' === $slug ) 495 continue; 496 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) { 497 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 498 } 499 $cat_id = $cat_id['term_id']; 500 $cat_name = esc_html(stripslashes($cat_name)); 501 $x->add( array( 502 'what' => 'link-category', 503 'id' => $cat_id, 504 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 505 'position' => -1 506 ) ); 507 } 508 $x->send(); 509 break; 510 case 'add-tag' : 511 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 512 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; 513 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 514 $tax = get_taxonomy($taxonomy); 515 516 if ( !current_user_can( $tax->cap->edit_terms ) ) 517 die('-1'); 518 519 $x = new WP_Ajax_Response(); 520 521 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 522 523 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 524 $message = __('An error has occurred. Please reload the page and try again.'); 525 if ( is_wp_error($tag) && $tag->get_error_message() ) 526 $message = $tag->get_error_message(); 527 528 $x->add( array( 529 'what' => 'taxonomy', 530 'data' => new WP_Error('error', $message ) 531 ) ); 532 $x->send(); 533 } 534 535 set_current_screen( $_POST['screen'] ); 536 537 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 538 539 $level = 0; 540 if ( is_taxonomy_hierarchical($taxonomy) ) { 541 $level = count( get_ancestors( $tag->term_id, $taxonomy ) ); 542 ob_start(); 543 $wp_list_table->single_row( $tag, $level ); 544 $noparents = ob_get_clean(); 545 } 546 547 ob_start(); 548 $wp_list_table->single_row( $tag ); 549 $parents = ob_get_clean(); 550 551 $x->add( array( 552 'what' => 'taxonomy', 553 'supplemental' => compact('parents', 'noparents') 554 ) ); 555 $x->add( array( 556 'what' => 'term', 557 'position' => $level, 558 'supplemental' => (array) $tag 559 ) ); 560 $x->send(); 561 break; 562 case 'get-tagcloud' : 563 if ( isset( $_POST['tax'] ) ) { 564 $taxonomy = sanitize_key( $_POST['tax'] ); 565 $tax = get_taxonomy( $taxonomy ); 566 if ( ! $tax ) 567 die( '0' ); 568 if ( ! current_user_can( $tax->cap->assign_terms ) ) 569 die( '-1' ); 570 } else { 571 die('0'); 572 } 573 574 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 575 576 if ( empty( $tags ) ) 577 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 578 579 if ( is_wp_error( $tags ) ) 580 die( $tags->get_error_message() ); 581 582 foreach ( $tags as $key => $tag ) { 583 $tags[ $key ]->link = '#'; 584 $tags[ $key ]->id = $tag->term_id; 585 } 586 587 // We need raw tag names here, so don't filter the output 588 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 589 590 if ( empty($return) ) 591 die('0'); 592 593 echo $return; 594 595 exit; 596 break; 597 case 'get-comments' : 598 check_ajax_referer( $action ); 599 600 set_current_screen( 'edit-comments' ); 601 602 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 603 604 if ( !current_user_can( 'edit_post', $post_id ) ) 605 die('-1'); 606 607 $wp_list_table->prepare_items(); 608 609 if ( !$wp_list_table->has_items() ) 610 die('1'); 611 612 $x = new WP_Ajax_Response(); 613 ob_start(); 614 foreach ( $wp_list_table->items as $comment ) { 615 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 616 continue; 617 get_comment( $comment ); 618 $wp_list_table->single_row( $comment ); 619 } 620 $comment_list_item = ob_get_contents(); 621 ob_end_clean(); 622 623 $x->add( array( 624 'what' => 'comments', 625 'data' => $comment_list_item 626 ) ); 627 $x->send(); 628 break; 629 case 'replyto-comment' : 630 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 631 632 set_current_screen( 'edit-comments' ); 633 634 $comment_post_ID = (int) $_POST['comment_post_ID']; 635 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 636 die('-1'); 637 638 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 639 640 if ( empty($status) ) 641 die('1'); 642 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 643 die( __('ERROR: you are replying to a comment on a draft post.') ); 644 645 $user = wp_get_current_user(); 646 if ( $user->ID ) { 647 $comment_author = $wpdb->escape($user->display_name); 648 $comment_author_email = $wpdb->escape($user->user_email); 649 $comment_author_url = $wpdb->escape($user->user_url); 650 $comment_content = trim($_POST['content']); 651 if ( current_user_can( 'unfiltered_html' ) ) { 652 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 653 kses_remove_filters(); // start with a clean slate 654 kses_init_filters(); // set up the filters 655 } 656 } 657 } else { 658 die( __('Sorry, you must be logged in to reply to a comment.') ); 659 } 660 661 if ( '' == $comment_content ) 662 die( __('ERROR: please type a comment.') ); 663 664 $comment_parent = absint($_POST['comment_ID']); 665 $comment_auto_approved = false; 666 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 667 668 $comment_id = wp_new_comment( $commentdata ); 669 $comment = get_comment($comment_id); 670 if ( ! $comment ) die('1'); 671 672 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 673 674 675 // automatically approve parent comment 676 if ( !empty($_POST['approve_parent']) ) { 677 $parent = get_comment( $comment_parent ); 678 679 if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) { 680 if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) ) 681 $comment_auto_approved = true; 682 } 683 } 684 685 ob_start(); 686 if ( 'dashboard' == $_REQUEST['mode'] ) { 687 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' ); 688 _wp_dashboard_recent_comments_row( $comment ); 689 } else { 690 if ( 'single' == $_REQUEST['mode'] ) { 691 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 692 } else { 693 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 694 } 695 $wp_list_table->single_row( $comment ); 696 } 697 $comment_list_item = ob_get_contents(); 698 ob_end_clean(); 699 700 $response = array( 701 'what' => 'comment', 702 'id' => $comment->comment_ID, 703 'data' => $comment_list_item, 704 'position' => $position 705 ); 706 707 if ( $comment_auto_approved ) 708 $response['supplemental'] = array( 'parent_approved' => $parent->comment_ID ); 709 710 $x = new WP_Ajax_Response(); 711 $x->add( $response ); 712 $x->send(); 713 break; 714 case 'edit-comment' : 715 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); 716 717 set_current_screen( 'edit-comments' ); 718 719 $comment_id = (int) $_POST['comment_ID']; 720 if ( ! current_user_can( 'edit_comment', $comment_id ) ) 721 die('-1'); 722 723 if ( '' == $_POST['content'] ) 724 die( __('ERROR: please type a comment.') ); 725 726 $_POST['comment_status'] = $_POST['status']; 727 edit_comment(); 728 729 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 730 $comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 731 732 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 733 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' ); 734 735 ob_start(); 736 $wp_list_table->single_row( get_comment( $comment_id ) ); 737 $comment_list_item = ob_get_contents(); 738 ob_end_clean(); 739 740 $x = new WP_Ajax_Response(); 741 742 $x->add( array( 743 'what' => 'edit_comment', 744 'id' => $comment->comment_ID, 745 'data' => $comment_list_item, 746 'position' => $position 747 )); 748 749 $x->send(); 750 break; 751 case 'add-menu-item' : 752 if ( ! current_user_can( 'edit_theme_options' ) ) 753 die('-1'); 754 755 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 756 757 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 758 759 // For performance reasons, we omit some object properties from the checklist. 760 // The following is a hacky way to restore them when adding non-custom items. 761 762 $menu_items_data = array(); 763 foreach ( (array) $_POST['menu-item'] as $menu_item_data ) { 764 if ( 765 ! empty( $menu_item_data['menu-item-type'] ) && 766 'custom' != $menu_item_data['menu-item-type'] && 767 ! empty( $menu_item_data['menu-item-object-id'] ) 768 ) { 769 switch( $menu_item_data['menu-item-type'] ) { 770 case 'post_type' : 771 $_object = get_post( $menu_item_data['menu-item-object-id'] ); 772 break; 773 774 case 'taxonomy' : 775 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] ); 776 break; 777 } 778 779 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) ); 780 $_menu_item = array_shift( $_menu_items ); 781 782 // Restore the missing menu item properties 783 $menu_item_data['menu-item-description'] = $_menu_item->description; 784 } 785 786 $menu_items_data[] = $menu_item_data; 787 } 788 789 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); 790 if ( is_wp_error( $item_ids ) ) 791 die('-1'); 792 793 foreach ( (array) $item_ids as $menu_item_id ) { 794 $menu_obj = get_post( $menu_item_id ); 795 if ( ! empty( $menu_obj->ID ) ) { 796 $menu_obj = wp_setup_nav_menu_item( $menu_obj ); 797 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items 798 $menu_items[] = $menu_obj; 799 } 800 } 801 802 if ( ! empty( $menu_items ) ) { 803 $args = array( 804 'after' => '', 805 'before' => '', 806 'link_after' => '', 807 'link_before' => '', 808 'walker' => new Walker_Nav_Menu_Edit, 809 ); 810 echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); 811 } 812 break; 813 case 'add-meta' : 814 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 815 $c = 0; 816 $pid = (int) $_POST['post_id']; 817 $post = get_post( $pid ); 818 819 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 820 if ( !current_user_can( 'edit_post', $pid ) ) 821 die('-1'); 822 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 823 die('1'); 824 if ( $post->post_status == 'auto-draft' ) { 825 $save_POST = $_POST; // Backup $_POST 826 $_POST = array(); // Make it empty for edit_post() 827 $_POST['action'] = 'draft'; // Warning fix 828 $_POST['post_ID'] = $pid; 829 $_POST['post_type'] = $post->post_type; 830 $_POST['post_status'] = 'draft'; 831 $now = current_time('timestamp', 1); 832 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)); 833 834 if ( $pid = edit_post() ) { 835 if ( is_wp_error( $pid ) ) { 836 $x = new WP_Ajax_Response( array( 837 'what' => 'meta', 838 'data' => $pid 839 ) ); 840 $x->send(); 841 } 842 $_POST = $save_POST; // Now we can restore original $_POST again 843 if ( !$mid = add_meta( $pid ) ) 844 die(__('Please provide a custom field value.')); 845 } else { 846 die('0'); 847 } 848 } else if ( !$mid = add_meta( $pid ) ) { 849 die(__('Please provide a custom field value.')); 850 } 851 852 $meta = get_metadata_by_mid( 'post', $mid ); 853 $pid = (int) $meta->post_id; 854 $meta = get_object_vars( $meta ); 855 $x = new WP_Ajax_Response( array( 856 'what' => 'meta', 857 'id' => $mid, 858 'data' => _list_meta_row( $meta, $c ), 859 'position' => 1, 860 'supplemental' => array('postid' => $pid) 861 ) ); 862 } else { // Update? 863 $mid = (int) array_pop( array_keys($_POST['meta']) ); 864 $key = stripslashes( $_POST['meta'][$mid]['key'] ); 865 $value = stripslashes( $_POST['meta'][$mid]['value'] ); 866 if ( '' == trim($key) ) 867 die(__('Please provide a custom field name.')); 868 if ( '' == trim($value) ) 869 die(__('Please provide a custom field value.')); 870 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) 871 die('0'); // if meta doesn't exist 872 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 873 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 874 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) 875 die('-1'); 876 if ( $meta->meta_value != $value || $meta->meta_key != $key ) { 877 if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) ) 878 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 879 } 880 881 $x = new WP_Ajax_Response( array( 882 'what' => 'meta', 883 'id' => $mid, 'old_id' => $mid, 884 'data' => _list_meta_row( array( 885 'meta_key' => $key, 886 'meta_value' => $value, 887 'meta_id' => $mid 888 ), $c ), 889 'position' => 0, 890 'supplemental' => array('postid' => $meta->post_id) 891 ) ); 892 } 893 $x->send(); 894 break; 895 case 'add-user' : 896 check_ajax_referer( $action ); 897 if ( !current_user_can('create_users') ) 898 die('-1'); 899 if ( !$user_id = add_user() ) 900 die('0'); 901 elseif ( is_wp_error( $user_id ) ) { 902 $x = new WP_Ajax_Response( array( 903 'what' => 'user', 904 'id' => $user_id 905 ) ); 906 $x->send(); 907 } 908 $user_object = new WP_User( $user_id ); 909 910 $wp_list_table = _get_list_table('WP_Users_List_Table'); 911 912 $x = new WP_Ajax_Response( array( 913 'what' => 'user', 914 'id' => $user_id, 915 'data' => $wp_list_table->single_row( $user_object, '', $user_object->roles[0] ), 916 'supplemental' => array( 917 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 918 'role' => $user_object->roles[0] 919 ) 920 ) ); 921 $x->send(); 922 break; 923 case 'autosave' : // The name of this action is hardcoded in edit_post() 924 define( 'DOING_AUTOSAVE', true ); 925 926 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 927 928 $_POST['post_category'] = explode(",", $_POST['catslist']); 929 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) 930 unset($_POST['post_category']); 931 932 $do_autosave = (bool) $_POST['autosave']; 933 $do_lock = true; 934 935 $data = $alert = ''; 936 /* translators: draft saved date format, see http://php.net/date */ 937 $draft_saved_date_format = __('g:i:s a'); 938 /* translators: %s: date and time */ 939 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); 940 941 $supplemental = array(); 942 if ( isset($login_grace_period) ) 943 $alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) ); 944 945 $id = $revision_id = 0; 946 947 $post_ID = (int) $_POST['post_ID']; 948 $_POST['ID'] = $post_ID; 949 $post = get_post($post_ID); 950 if ( 'auto-draft' == $post->post_status ) 951 $_POST['post_status'] = 'draft'; 952 953 if ( $last = wp_check_post_lock( $post->ID ) ) { 954 $do_autosave = $do_lock = false; 955 956 $last_user = get_userdata( $last ); 957 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 958 $data = __( 'Autosave disabled.' ); 959 960 $supplemental['disable_autosave'] = 'disable'; 961 $alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) ); 962 } 963 964 if ( 'page' == $post->post_type ) { 965 if ( !current_user_can('edit_page', $post_ID) ) 966 die(__('You are not allowed to edit this page.')); 967 } else { 968 if ( !current_user_can('edit_post', $post_ID) ) 969 die(__('You are not allowed to edit this post.')); 970 } 971 972 if ( $do_autosave ) { 973 // Drafts and auto-drafts are just overwritten by autosave 974 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) { 975 $id = edit_post(); 976 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 977 $revision_id = wp_create_post_autosave( $post->ID ); 978 if ( is_wp_error($revision_id) ) 979 $id = $revision_id; 980 else 981 $id = $post->ID; 982 } 983 $data = $message; 984 } else { 985 if ( ! empty( $_POST['auto_draft'] ) ) 986 $id = 0; // This tells us it didn't actually save 987 else 988 $id = $post->ID; 989 } 990 991 if ( $do_lock && empty( $_POST['auto_draft'] ) && $id && is_numeric( $id ) ) { 992 $lock_result = wp_set_post_lock( $id ); 993 $supplemental['active-post-lock'] = implode( ':', $lock_result ); 994 } 995 996 if ( $nonce_age == 2 ) { 997 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 998 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 999 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 1000 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 1001 $supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' ); 1002 if ( $id ) { 1003 if ( $_POST['post_type'] == 'post' ) 1004 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 1005 elseif ( $_POST['post_type'] == 'page' ) 1006 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 1007 } 1008 } 1009 1010 if ( ! empty($alert) ) 1011 $supplemental['alert'] = $alert; 1012 1013 $x = new WP_Ajax_Response( array( 1014 'what' => 'autosave', 1015 'id' => $id, 1016 'data' => $id ? $data : '', 1017 'supplemental' => $supplemental 1018 ) ); 1019 $x->send(); 1020 break; 1021 case 'closed-postboxes' : 1022 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1023 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array(); 1024 $closed = array_filter($closed); 1025 1026 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array(); 1027 $hidden = array_filter($hidden); 1028 1029 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1030 1031 if ( $page != sanitize_key( $page ) ) 1032 die('0'); 1033 1034 if ( ! $user = wp_get_current_user() ) 1035 die('-1'); 1036 1037 if ( is_array($closed) ) 1038 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); 1039 1040 if ( is_array($hidden) ) { 1041 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1042 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1043 } 1044 1045 die('1'); 1046 break; 1047 case 'hidden-columns' : 1048 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1049 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1050 $hidden = explode( ',', $_POST['hidden'] ); 1051 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1052 1053 if ( $page != sanitize_key( $page ) ) 1054 die('0'); 1055 1056 if ( ! $user = wp_get_current_user() ) 1057 die('-1'); 1058 1059 if ( is_array($hidden) ) 1060 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true); 1061 1062 die('1'); 1063 break; 1064 case 'menu-get-metabox' : 1065 if ( ! current_user_can( 'edit_theme_options' ) ) 1066 die('-1'); 1067 1068 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1069 1070 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) { 1071 $type = 'posttype'; 1072 $callback = 'wp_nav_menu_item_post_type_meta_box'; 1073 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); 1074 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) { 1075 $type = 'taxonomy'; 1076 $callback = 'wp_nav_menu_item_taxonomy_meta_box'; 1077 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); 1078 } 1079 1080 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) { 1081 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] ); 1082 ob_start(); 1083 call_user_func_array($callback, array( 1084 null, 1085 array( 1086 'id' => 'add-' . $item->name, 1087 'title' => $item->labels->name, 1088 'callback' => $callback, 1089 'args' => $item, 1090 ) 1091 )); 1092 1093 $markup = ob_get_clean(); 1094 1095 echo json_encode(array( 1096 'replace-id' => $type . '-' . $item->name, 1097 'markup' => $markup, 1098 )); 1099 } 1100 1101 exit; 1102 break; 1103 case 'menu-quick-search': 1104 if ( ! current_user_can( 'edit_theme_options' ) ) 1105 die('-1'); 1106 1107 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1108 1109 _wp_ajax_menu_quick_search( $_REQUEST ); 1110 1111 exit; 1112 break; 1113 case 'wp-link-ajax': 1114 check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' ); 1115 1116 $args = array(); 1117 1118 if ( isset( $_POST['search'] ) ) 1119 $args['s'] = stripslashes( $_POST['search'] ); 1120 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; 1121 1122 require(ABSPATH . WPINC . '/class-wp-editor.php'); 1123 $results = WP_Editor::wp_link_query( $args ); 1124 1125 if ( ! isset( $results ) ) 1126 die( '0' ); 1127 1128 echo json_encode( $results ); 1129 echo "\n"; 1130 1131 exit; 1132 break; 1133 case 'menu-locations-save': 1134 if ( ! current_user_can( 'edit_theme_options' ) ) 1135 die('-1'); 1136 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1137 if ( ! isset( $_POST['menu-locations'] ) ) 1138 die('0'); 1139 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1140 die('1'); 1141 break; 1142 case 'meta-box-order': 1143 check_ajax_referer( 'meta-box-order' ); 1144 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1145 $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto'; 1146 1147 if ( $page_columns != 'auto' ) 1148 $page_columns = (int) $page_columns; 1149 1150 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1151 1152 if ( $page != sanitize_key( $page ) ) 1153 die('0'); 1154 1155 if ( ! $user = wp_get_current_user() ) 1156 die('-1'); 1157 1158 if ( $order ) 1159 update_user_option($user->ID, "meta-box-order_$page", $order, true); 1160 1161 if ( $page_columns ) 1162 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1163 1164 die('1'); 1165 break; 1166 case 'get-permalink': 1167 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1168 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1169 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1170 break; 1171 case 'sample-permalink': 1172 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1173 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1174 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1175 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null; 1176 die(get_sample_permalink_html($post_id, $title, $slug)); 1177 break; 1178 case 'inline-save': 1179 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1180 1181 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1182 exit; 1183 1184 if ( 'page' == $_POST['post_type'] ) { 1185 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1186 die( __('You are not allowed to edit this page.') ); 1187 } else { 1188 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1189 die( __('You are not allowed to edit this post.') ); 1190 } 1191 1192 set_current_screen( $_POST['screen'] ); 1193 1194 if ( $last = wp_check_post_lock( $post_ID ) ) { 1195 $last_user = get_userdata( $last ); 1196 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1197 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1198 exit; 1199 } 1200 1201 $data = &$_POST; 1202 1203 $post = get_post( $post_ID, ARRAY_A ); 1204 $post = add_magic_quotes($post); //since it is from db 1205 1206 $data['content'] = $post['post_content']; 1207 $data['excerpt'] = $post['post_excerpt']; 1208 1209 // rename 1210 $data['user_ID'] = $GLOBALS['user_ID']; 1211 1212 if ( isset($data['post_parent']) ) 1213 $data['parent_id'] = $data['post_parent']; 1214 1215 // status 1216 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1217 $data['post_status'] = 'private'; 1218 else 1219 $data['post_status'] = $data['_status']; 1220 1221 if ( empty($data['comment_status']) ) 1222 $data['comment_status'] = 'closed'; 1223 if ( empty($data['ping_status']) ) 1224 $data['ping_status'] = 'closed'; 1225 1226 // update the post 1227 edit_post(); 1228 1229 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 1230 1231 $mode = $_POST['post_view']; 1232 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); 1233 1234 exit; 1235 break; 1236 case 'inline-save-tax': 1237 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1238 1239 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1240 $tax = get_taxonomy( $taxonomy ); 1241 if ( ! $tax ) 1242 die( '0' ); 1243 1244 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1245 die( '-1' ); 1246 1247 set_current_screen( 'edit-' . $taxonomy ); 1248 1249 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 1250 1251 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1252 die(-1); 1253 1254 $tag = get_term( $id, $taxonomy ); 1255 $_POST['description'] = $tag->description; 1256 1257 $updated = wp_update_term($id, $taxonomy, $_POST); 1258 if ( $updated && !is_wp_error($updated) ) { 1259 $tag = get_term( $updated['term_id'], $taxonomy ); 1260 if ( !$tag || is_wp_error( $tag ) ) { 1261 if ( is_wp_error($tag) && $tag->get_error_message() ) 1262 die( $tag->get_error_message() ); 1263 die( __('Item not updated.') ); 1264 } 1265 1266 echo $wp_list_table->single_row( $tag ); 1267 } else { 1268 if ( is_wp_error($updated) && $updated->get_error_message() ) 1269 die( $updated->get_error_message() ); 1270 die( __('Item not updated.') ); 1271 } 1272 1273 exit; 1274 break; 1275 case 'find_posts': 1276 check_ajax_referer( 'find-posts' ); 1277 1278 if ( empty($_POST['ps']) ) 1279 exit; 1280 1281 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) ) 1282 $what = $_POST['post_type']; 1283 else 1284 $what = 'post'; 1285 1286 $s = stripslashes($_POST['ps']); 1287 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1288 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1289 1290 $searchand = $search = ''; 1291 foreach ( (array) $search_terms as $term ) { 1292 $term = esc_sql( like_escape( $term ) ); 1293 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1294 $searchand = ' AND '; 1295 } 1296 $term = esc_sql( like_escape( $s ) ); 1297 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1298 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1299 1300 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1301 1302 if ( ! $posts ) { 1303 $posttype = get_post_type_object($what); 1304 exit($posttype->labels->not_found); 1305 } 1306 1307 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1308 foreach ( $posts as $post ) { 1309 1310 switch ( $post->post_status ) { 1311 case 'publish' : 1312 case 'private' : 1313 $stat = __('Published'); 1314 break; 1315 case 'future' : 1316 $stat = __('Scheduled'); 1317 break; 1318 case 'pending' : 1319 $stat = __('Pending Review'); 1320 break; 1321 case 'draft' : 1322 $stat = __('Draft'); 1323 break; 1324 } 1325 1326 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1327 $time = ''; 1328 } else { 1329 /* translators: date format in table columns, see http://php.net/date */ 1330 $time = mysql2date(__('Y/m/d'), $post->post_date); 1331 } 1332 1333 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1334 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1335 } 1336 $html .= '</tbody></table>'; 1337 1338 $x = new WP_Ajax_Response(); 1339 $x->add( array( 1340 'what' => $what, 1341 'data' => $html 1342 )); 1343 $x->send(); 1344 1345 break; 1346 case 'widgets-order' : 1347 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1348 1349 if ( !current_user_can('edit_theme_options') ) 1350 die('-1'); 1351 1352 unset( $_POST['savewidgets'], $_POST['action'] ); 1353 1354 // save widgets order for all sidebars 1355 if ( is_array($_POST['sidebars']) ) { 1356 $sidebars = array(); 1357 foreach ( $_POST['sidebars'] as $key => $val ) { 1358 $sb = array(); 1359 if ( !empty($val) ) { 1360 $val = explode(',', $val); 1361 foreach ( $val as $k => $v ) { 1362 if ( strpos($v, 'widget-') === false ) 1363 continue; 1364 1365 $sb[$k] = substr($v, strpos($v, '_') + 1); 1366 } 1367 } 1368 $sidebars[$key] = $sb; 1369 } 1370 wp_set_sidebars_widgets($sidebars); 1371 die('1'); 1372 } 1373 1374 die('-1'); 1375 break; 1376 case 'save-widget' : 1377 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1378 1379 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 1380 die('-1'); 1381 1382 unset( $_POST['savewidgets'], $_POST['action'] ); 1383 1384 do_action('load-widgets.php'); 1385 do_action('widgets.php'); 1386 do_action('sidebar_admin_setup'); 1387 1388 $id_base = $_POST['id_base']; 1389 $widget_id = $_POST['widget-id']; 1390 $sidebar_id = $_POST['sidebar']; 1391 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1392 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1393 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>'; 1394 1395 $sidebars = wp_get_sidebars_widgets(); 1396 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1397 1398 // delete 1399 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1400 1401 if ( !isset($wp_registered_widgets[$widget_id]) ) 1402 die($error); 1403 1404 $sidebar = array_diff( $sidebar, array($widget_id) ); 1405 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1406 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1407 if ( !$multi_number ) 1408 die($error); 1409 1410 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1411 $widget_id = $id_base . '-' . $multi_number; 1412 $sidebar[] = $widget_id; 1413 } 1414 $_POST['widget-id'] = $sidebar; 1415 1416 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1417 1418 if ( $name == $id_base ) { 1419 if ( !is_callable( $control['callback'] ) ) 1420 continue; 1421 1422 ob_start(); 1423 call_user_func_array( $control['callback'], $control['params'] ); 1424 ob_end_clean(); 1425 break; 1426 } 1427 } 1428 1429 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1430 $sidebars[$sidebar_id] = $sidebar; 1431 wp_set_sidebars_widgets($sidebars); 1432 echo "deleted:$widget_id"; 1433 die(); 1434 } 1435 1436 if ( !empty($_POST['add_new']) ) 1437 die(); 1438 1439 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1440 call_user_func_array( $form['callback'], $form['params'] ); 1441 1442 die(); 1443 break; 1444 case 'image-editor': 1445 $attachment_id = intval($_POST['postid']); 1446 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1447 die('-1'); 1448 1449 check_ajax_referer( "image_editor-$attachment_id" ); 1450 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1451 1452 $msg = false; 1453 switch ( $_POST['do'] ) { 1454 case 'save' : 1455 $msg = wp_save_image($attachment_id); 1456 $msg = json_encode($msg); 1457 die($msg); 1458 break; 1459 case 'scale' : 1460 $msg = wp_save_image($attachment_id); 1461 break; 1462 case 'restore' : 1463 $msg = wp_restore_image($attachment_id); 1464 break; 1465 } 1466 1467 wp_image_editor($attachment_id, $msg); 1468 die(); 1469 break; 1470 case 'set-post-thumbnail': 1471 $post_ID = intval( $_POST['post_id'] ); 1472 if ( !current_user_can( 'edit_post', $post_ID ) ) 1473 die( '-1' ); 1474 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1475 1476 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 1477 1478 if ( $thumbnail_id == '-1' ) { 1479 if ( delete_post_thumbnail( $post_ID ) ) 1480 die( _wp_post_thumbnail_html() ); 1481 else 1482 die( '0' ); 1483 } 1484 1485 if ( set_post_thumbnail( $post_ID, $thumbnail_id ) ) 1486 die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1487 die( '0' ); 1488 break; 1489 case 'date_format' : 1490 die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) ); 1491 break; 1492 case 'time_format' : 1493 die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) ); 1494 break; 1495 case 'wp-fullscreen-save-post' : 1496 if ( isset($_POST['post_ID']) ) 1497 $post_id = (int) $_POST['post_ID']; 1498 else 1499 $post_id = 0; 1500 1501 $post = null; 1502 $post_type_object = null; 1503 $post_type = null; 1504 if ( $post_id ) { 1505 $post = get_post($post_id); 1506 if ( $post ) { 1507 $post_type_object = get_post_type_object($post->post_type); 1508 if ( $post_type_object ) { 1509 $post_type = $post->post_type; 1510 $current_screen->post_type = $post->post_type; 1511 $current_screen->id = $current_screen->post_type; 1512 } 1513 } 1514 } elseif ( isset($_POST['post_type']) ) { 1515 $post_type_object = get_post_type_object($_POST['post_type']); 1516 if ( $post_type_object ) { 1517 $post_type = $post_type_object->name; 1518 $current_screen->post_type = $post_type; 1519 $current_screen->id = $current_screen->post_type; 1520 } 1521 } 1522 1523 check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce'); 1524 1525 $post_id = edit_post(); 1526 1527 if ( is_wp_error($post_id) ) { 1528 if ( $post_id->get_error_message() ) 1529 $message = $post_id->get_error_message(); 1530 else 1531 $message = __('Save failed'); 1532 1533 echo json_encode( array( 'message' => $message, 'last_edited' => '' ) ); 1534 die(); 1535 } else { 1536 $message = __('Saved.'); 1537 } 1538 1539 if ( $post ) { 1540 $last_date = mysql2date( get_option('date_format'), $post->post_modified ); 1541 $last_time = mysql2date( get_option('time_format'), $post->post_modified ); 1542 } else { 1543 $last_date = date_i18n( get_option('date_format') ); 1544 $last_time = date_i18n( get_option('time_format') ); 1545 } 1546 1547 if ( $last_id = get_post_meta($post_id, '_edit_last', true) ) { 1548 $last_user = get_userdata($last_id); 1549 $last_edited = sprintf( __('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time ); 1550 } else { 1551 $last_edited = sprintf( __('Last edited on %1$s at %2$s'), $last_date, $last_time ); 1552 } 1553 1554 echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) ); 1555 die(); 1556 break; 1557 case 'wp-remove-post-lock' : 1558 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) 1559 die( '0' ); 1560 $post_id = (int) $_POST['post_ID']; 1561 if ( ! $post = get_post( $post_id ) ) 1562 die( '0' ); 1563 1564 check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id ); 1565 1566 if ( ! current_user_can( 'edit_post', $post_id ) ) 1567 die( '-1' ); 1568 1569 $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) ); 1570 if ( $active_lock[1] != get_current_user_id() ) 1571 die( '0' ); 1572 1573 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; 1574 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); 1575 die( '1' ); 1576 1577 default : 1578 do_action( 'wp_ajax_' . $_POST['action'] ); 1579 die('0'); 1580 break; 1581 endswitch; 1582 ?> 43 ?> 44 No newline at end of file -
wp-admin/includes/ajax-actions.php
1 <?php 2 3 add_action('wp_ajax_fetch-list', 'wp_ajax_fetch_list'); 4 function wp_ajax_fetch_list() { 5 $list_class = $_GET['list_args']['class']; 6 check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' ); 7 8 $current_screen = (object) $_GET['list_args']['screen']; 9 //TODO fix this in a better way see #15336 10 $current_screen->is_network = 'false' === $current_screen->is_network ? false : true; 11 $current_screen->is_user = 'false' === $current_screen->is_user ? false : true; 12 13 define( 'WP_NETWORK_ADMIN', $current_screen->is_network ); 14 define( 'WP_USER_ADMIN', $current_screen->is_user ); 15 16 $wp_list_table = _get_list_table( $list_class ); 17 if ( ! $wp_list_table ) 18 die( '0' ); 19 20 if ( ! $wp_list_table->ajax_user_can() ) 21 die( '-1' ); 22 23 $wp_list_table->ajax_response(); 24 25 die( '0' ); 26 } 27 28 add_action('wp_ajax_ajax-tag-search', 'wp_ajax_tag_search'); 29 function wp_ajax_tag_search() { 30 global $wpdb; 31 if ( isset( $_GET['tax'] ) ) { 32 $taxonomy = sanitize_key( $_GET['tax'] ); 33 $tax = get_taxonomy( $taxonomy ); 34 if ( ! $tax ) 35 die( '0' ); 36 if ( ! current_user_can( $tax->cap->assign_terms ) ) 37 die( '-1' ); 38 } else { 39 die('0'); 40 } 41 42 $s = stripslashes( $_GET['q'] ); 43 44 if ( false !== strpos( $s, ',' ) ) { 45 $s = explode( ',', $s ); 46 $s = $s[count( $s ) - 1]; 47 } 48 $s = trim( $s ); 49 if ( strlen( $s ) < 2 ) 50 die; // require 2 chars for matching 51 52 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) ); 53 54 echo join( $results, "\n" ); 55 die; 56 } 57 58 add_action('wp_ajax-compression-test', 'wp_ajax_compression_test'); 59 function wp_ajax_compression_test() { 60 if ( !current_user_can( 'manage_options' ) ) 61 die('-1'); 62 63 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 64 update_site_option('can_compress_scripts', 0); 65 die('0'); 66 } 67 68 if ( isset($_GET['test']) ) { 69 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 70 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 71 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 72 header( 'Pragma: no-cache' ); 73 header('Content-Type: application/x-javascript; charset=UTF-8'); 74 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 75 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 76 77 if ( 1 == $_GET['test'] ) { 78 echo $test_str; 79 die; 80 } elseif ( 2 == $_GET['test'] ) { 81 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 82 die('-1'); 83 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 84 header('Content-Encoding: deflate'); 85 $out = gzdeflate( $test_str, 1 ); 86 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { 87 header('Content-Encoding: gzip'); 88 $out = gzencode( $test_str, 1 ); 89 } else { 90 die('-1'); 91 } 92 echo $out; 93 die; 94 } elseif ( 'no' == $_GET['test'] ) { 95 update_site_option('can_compress_scripts', 0); 96 } elseif ( 'yes' == $_GET['test'] ) { 97 update_site_option('can_compress_scripts', 1); 98 } 99 } 100 101 die('0'); 102 } 103 104 add_action('wp_ajax_imgedit-preview', 'wp_ajax_imgedit_preview'); 105 function wp_ajax_imgedit_preview() { 106 $post_id = intval($_GET['postid']); 107 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 108 die('-1'); 109 110 check_ajax_referer( "image_editor-$post_id" ); 111 112 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 113 if ( ! stream_preview_image($post_id) ) 114 die('-1'); 115 116 die(); 117 } 118 119 add_action('wp_ajax_menu-quick-search', 'wp_ajax_menu_quick_search'); 120 function wp_ajax_menu_quick_search() { 121 if ( ! current_user_can( 'edit_theme_options' ) ) 122 die('-1'); 123 124 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 125 126 _wp_ajax_menu_quick_search( $_REQUEST ); 127 128 exit; 129 } 130 131 add_action('wp_ajax_oembed-cache', 'wp_oembed_cache'); 132 function wp_oembed_cache() { 133 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 134 die( $return ); 135 } 136 137 /** 138 * Sends back current comment total and new page links if they need to be updated. 139 * 140 * Contrary to normal success AJAX response ("1"), die with time() on success. 141 * 142 * @since 2.7 143 * 144 * @param int $comment_id 145 * @return die 146 */ 147 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { 148 $total = (int) @$_POST['_total']; 149 $per_page = (int) @$_POST['_per_page']; 150 $page = (int) @$_POST['_page']; 151 $url = esc_url_raw( @$_POST['_url'] ); 152 // JS didn't send us everything we need to know. Just die with success message 153 if ( !$total || !$per_page || !$page || !$url ) 154 die( (string) time() ); 155 156 $total += $delta; 157 if ( $total < 0 ) 158 $total = 0; 159 160 // Only do the expensive stuff on a page-break, and about 1 other time per page 161 if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) { 162 $post_id = 0; 163 $status = 'total_comments'; // What type of comment count are we looking for? 164 $parsed = parse_url( $url ); 165 if ( isset( $parsed['query'] ) ) { 166 parse_str( $parsed['query'], $query_vars ); 167 if ( !empty( $query_vars['comment_status'] ) ) 168 $status = $query_vars['comment_status']; 169 if ( !empty( $query_vars['p'] ) ) 170 $post_id = (int) $query_vars['p']; 171 } 172 173 $comment_count = wp_count_comments($post_id); 174 175 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 176 $total = $comment_count->$status; 177 // else use the decremented value from above 178 } 179 180 $time = time(); // The time since the last comment count 181 182 $x = new WP_Ajax_Response( array( 183 'what' => 'comment', 184 'id' => $comment_id, // here for completeness - not used 185 'supplemental' => array( 186 'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ), 187 'total_pages' => ceil( $total / $per_page ), 188 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ), 189 'total' => $total, 190 'time' => $time 191 ) 192 ) ); 193 $x->send(); 194 } 195 196 function _wp_ajax_add_hierarchical_term() { 197 $action = $_POST['action']; 198 $taxonomy = get_taxonomy(substr($action, 4)); 199 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 200 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 201 die('-1'); 202 $names = explode(',', $_POST['new'.$taxonomy->name]); 203 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 204 if ( 0 > $parent ) 205 $parent = 0; 206 if ( $taxonomy->name == 'category' ) 207 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 208 else 209 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 210 $checked_categories = array_map( 'absint', (array) $post_category ); 211 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 212 213 foreach ( $names as $cat_name ) { 214 $cat_name = trim($cat_name); 215 $category_nicename = sanitize_title($cat_name); 216 if ( '' === $category_nicename ) 217 continue; 218 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) { 219 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent)); 220 $cat_id = $new_term['term_id']; 221 } 222 $checked_categories[] = $cat_id; 223 if ( $parent ) // Do these all at once in a second 224 continue; 225 $category = get_term( $cat_id, $taxonomy->name ); 226 ob_start(); 227 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 228 $data = ob_get_contents(); 229 ob_end_clean(); 230 $add = array( 231 'what' => $taxonomy->name, 232 'id' => $cat_id, 233 'data' => str_replace( array("\n", "\t"), '', $data), 234 'position' => -1 235 ); 236 } 237 238 if ( $parent ) { // Foncy - replace the parent and all its children 239 $parent = get_term( $parent, $taxonomy->name ); 240 $term_id = $parent->term_id; 241 242 while ( $parent->parent ) { // get the top parent 243 $parent = &get_term( $parent->parent, $taxonomy->name ); 244 if ( is_wp_error( $parent ) ) 245 break; 246 $term_id = $parent->term_id; 247 } 248 249 ob_start(); 250 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 251 $data = ob_get_contents(); 252 ob_end_clean(); 253 $add = array( 254 'what' => $taxonomy->name, 255 'id' => $term_id, 256 'data' => str_replace( array("\n", "\t"), '', $data), 257 'position' => -1 258 ); 259 } 260 261 ob_start(); 262 wp_dropdown_categories( array( 263 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 264 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —' 265 ) ); 266 $sup = ob_get_contents(); 267 ob_end_clean(); 268 $add['supplemental'] = array( 'newcat_parent' => $sup ); 269 270 $x = new WP_Ajax_Response( $add ); 271 $x->send(); 272 } 273 274 add_action('wp_ajax_image-editor', 'wp_ajax_image_editor'); 275 function wp_ajax_image_editor() { 276 $attachment_id = intval($_POST['postid']); 277 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 278 die('-1'); 279 280 check_ajax_referer( "image_editor-$attachment_id" ); 281 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 282 283 $msg = false; 284 switch ( $_POST['do'] ) { 285 case 'save' : 286 $msg = wp_save_image($attachment_id); 287 $msg = json_encode($msg); 288 die($msg); 289 break; 290 case 'scale' : 291 $msg = wp_save_image($attachment_id); 292 break; 293 case 'restore' : 294 $msg = wp_restore_image($attachment_id); 295 break; 296 } 297 298 wp_image_editor($attachment_id, $msg); 299 die(); 300 } 301 302 add_action('wp_ajax_delete-comment', 'wp_ajax_delete_comment'); 303 /* 304 * On success, die with time() instead of 1 305 */ 306 function wp_ajax_delete_comment() { 307 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 308 if ( !$comment = get_comment( $id ) ) 309 die( (string) time() ); 310 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 311 die('-1'); 312 313 check_ajax_referer( "delete-comment_$id" ); 314 $status = wp_get_comment_status( $comment->comment_ID ); 315 316 $delta = -1; 317 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 318 if ( 'trash' == $status ) 319 die( (string) time() ); 320 $r = wp_trash_comment( $comment->comment_ID ); 321 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 322 if ( 'trash' != $status ) 323 die( (string) time() ); 324 $r = wp_untrash_comment( $comment->comment_ID ); 325 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash 326 $delta = 1; 327 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 328 if ( 'spam' == $status ) 329 die( (string) time() ); 330 $r = wp_spam_comment( $comment->comment_ID ); 331 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 332 if ( 'spam' != $status ) 333 die( (string) time() ); 334 $r = wp_unspam_comment( $comment->comment_ID ); 335 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam 336 $delta = 1; 337 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 338 $r = wp_delete_comment( $comment->comment_ID ); 339 } else { 340 die('-1'); 341 } 342 343 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 344 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); 345 die( '0' ); 346 } 347 348 add_action('wp_ajax_delete-tag', 'wp_ajax_delete_tag'); 349 function wp_ajax_delete_tag() { 350 $tag_id = (int) $_POST['tag_ID']; 351 check_ajax_referer( "delete-tag_$tag_id" ); 352 353 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 354 $tax = get_taxonomy($taxonomy); 355 356 if ( !current_user_can( $tax->cap->delete_terms ) ) 357 die('-1'); 358 359 $tag = get_term( $tag_id, $taxonomy ); 360 if ( !$tag || is_wp_error( $tag ) ) 361 die('1'); 362 363 if ( wp_delete_term($tag_id, $taxonomy)) 364 die('1'); 365 else 366 die('0'); 367 } 368 369 add_action('wp_ajax_delete-link', 'wp_ajax_delete_link'); 370 function wp_ajax_delete_link() { 371 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 372 check_ajax_referer( "delete-bookmark_$id" ); 373 if ( !current_user_can( 'manage_links' ) ) 374 die('-1'); 375 376 $link = get_bookmark( $id ); 377 if ( !$link || is_wp_error( $link ) ) 378 die('1'); 379 380 if ( wp_delete_link( $id ) ) 381 die('1'); 382 else 383 die('0'); 384 } 385 386 add_action('wp_ajax_delete-meta', 'wp_ajax_delete_meta'); 387 function wp_ajax_delete_meta() { 388 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 389 check_ajax_referer( "delete-meta_$id" ); 390 if ( !$meta = get_metadata_by_mid( 'post', $id ) ) 391 die('1'); 392 393 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) 394 die('-1'); 395 if ( delete_meta( $meta->meta_id ) ) 396 die('1'); 397 die('0'); 398 } 399 400 add_action('wp_ajax_delete-post', 'wp_ajax_delete_post'); 401 function wp_ajax_delete_post() { 402 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 403 $action = $_POST['action']; 404 check_ajax_referer( "{$action}_$id" ); 405 if ( !current_user_can( 'delete_post', $id ) ) 406 die('-1'); 407 408 if ( !get_post( $id ) ) 409 die('1'); 410 411 if ( wp_delete_post( $id ) ) 412 die('1'); 413 else 414 die('0'); 415 } 416 417 add_action('wp_ajax_trash-post', 'wp_ajax_trash_post'); 418 function wp_ajax_trash_post() { 419 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 420 $action = $_POST['action']; 421 check_ajax_referer( "{$action}_$id" ); 422 if ( !current_user_can( 'delete_post', $id ) ) 423 die('-1'); 424 425 if ( !get_post( $id ) ) 426 die('1'); 427 428 $done = wp_trash_post( $id ); 429 if ( $done ) 430 die('1'); 431 432 die('0'); 433 } 434 435 add_action('wp_ajax_untrash-post', 'wp_ajax_untrash_post'); 436 function wp_ajax_untrash_post() { 437 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 438 $action = $_POST['action']; 439 check_ajax_referer( "{$action}_$id" ); 440 if ( !current_user_can( 'delete_post', $id ) ) 441 die('-1'); 442 443 if ( !get_post( $id ) ) 444 die('1'); 445 446 $done = wp_untrash_post( $id ); 447 448 if ( $done ) 449 die('1'); 450 451 die('0'); 452 } 453 454 add_action('wp_ajax_delete-page', 'wp_ajax_delete_page'); 455 function wp_ajax_delete_page() { 456 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 457 $action = $_POST['action']; 458 check_ajax_referer( "{$action}_$id" ); 459 if ( !current_user_can( 'delete_page', $id ) ) 460 die('-1'); 461 462 if ( !get_page( $id ) ) 463 die('1'); 464 465 if ( wp_delete_post( $id ) ) 466 die('1'); 467 else 468 die('0'); 469 } 470 471 add_action('wp_ajax_dim-comment', 'wp_ajax_dim_comment'); 472 function wp_ajax_dim_comment() { 473 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 474 if ( !$comment = get_comment( $id ) ) { 475 $x = new WP_Ajax_Response( array( 476 'what' => 'comment', 477 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 478 ) ); 479 $x->send(); 480 } 481 482 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) 483 die('-1'); 484 485 $current = wp_get_comment_status( $comment->comment_ID ); 486 if ( $_POST['new'] == $current ) 487 die( (string) time() ); 488 489 check_ajax_referer( "approve-comment_$id" ); 490 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 491 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 492 else 493 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 494 495 if ( is_wp_error($result) ) { 496 $x = new WP_Ajax_Response( array( 497 'what' => 'comment', 498 'id' => $result 499 ) ); 500 $x->send(); 501 } 502 503 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 504 _wp_ajax_delete_comment_response( $comment->comment_ID ); 505 die( '0' ); 506 } 507 508 add_action('wp_ajax_add-link-category', 'wp_ajax_add_link_category'); 509 function wp_ajax_add_link_category() { 510 $action = $_POST['action']; 511 check_ajax_referer( $action ); 512 if ( !current_user_can( 'manage_categories' ) ) 513 die('-1'); 514 $names = explode(',', $_POST['newcat']); 515 $x = new WP_Ajax_Response(); 516 foreach ( $names as $cat_name ) { 517 $cat_name = trim($cat_name); 518 $slug = sanitize_title($cat_name); 519 if ( '' === $slug ) 520 continue; 521 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) { 522 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 523 } 524 $cat_id = $cat_id['term_id']; 525 $cat_name = esc_html(stripslashes($cat_name)); 526 $x->add( array( 527 'what' => 'link-category', 528 'id' => $cat_id, 529 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 530 'position' => -1 531 ) ); 532 } 533 $x->send(); 534 } 535 536 add_action('wp_ajax_add-tag', 'wp_ajax_add_tag'); 537 function wp_ajax_add_tag() { 538 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 539 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; 540 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 541 $tax = get_taxonomy($taxonomy); 542 543 if ( !current_user_can( $tax->cap->edit_terms ) ) 544 die('-1'); 545 546 $x = new WP_Ajax_Response(); 547 548 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 549 550 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 551 $message = __('An error has occurred. Please reload the page and try again.'); 552 if ( is_wp_error($tag) && $tag->get_error_message() ) 553 $message = $tag->get_error_message(); 554 555 $x->add( array( 556 'what' => 'taxonomy', 557 'data' => new WP_Error('error', $message ) 558 ) ); 559 $x->send(); 560 } 561 562 set_current_screen( $_POST['screen'] ); 563 564 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 565 566 $level = 0; 567 if ( is_taxonomy_hierarchical($taxonomy) ) { 568 $level = count( get_ancestors( $tag->term_id, $taxonomy ) ); 569 ob_start(); 570 $wp_list_table->single_row( $tag, $level ); 571 $noparents = ob_get_clean(); 572 } 573 574 ob_start(); 575 $wp_list_table->single_row( $tag ); 576 $parents = ob_get_clean(); 577 578 $x->add( array( 579 'what' => 'taxonomy', 580 'supplemental' => compact('parents', 'noparents') 581 ) ); 582 $x->add( array( 583 'what' => 'term', 584 'position' => $level, 585 'supplemental' => (array) $tag 586 ) ); 587 $x->send(); 588 } 589 590 add_action('wp_ajax_get-tagcloud', 'wp_ajax_get-tagcloud'); 591 function wp_ajax_get_tagcloud() { 592 if ( isset( $_POST['tax'] ) ) { 593 $taxonomy = sanitize_key( $_POST['tax'] ); 594 $tax = get_taxonomy( $taxonomy ); 595 if ( ! $tax ) 596 die( '0' ); 597 if ( ! current_user_can( $tax->cap->assign_terms ) ) 598 die( '-1' ); 599 } else { 600 die('0'); 601 } 602 603 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 604 605 if ( empty( $tags ) ) 606 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 607 608 if ( is_wp_error( $tags ) ) 609 die( $tags->get_error_message() ); 610 611 foreach ( $tags as $key => $tag ) { 612 $tags[ $key ]->link = '#'; 613 $tags[ $key ]->id = $tag->term_id; 614 } 615 616 // We need raw tag names here, so don't filter the output 617 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 618 619 if ( empty($return) ) 620 die('0'); 621 622 echo $return; 623 624 exit; 625 } 626 627 add_action('wp_ajax_get-comments', 'wp_ajax_get_comments'); 628 function wp_ajax_get_comments() { 629 $action = $_POST['action']; 630 check_ajax_referer( $action ); 631 632 set_current_screen( 'edit-comments' ); 633 634 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 635 636 if ( !current_user_can( 'edit_post', $post_id ) ) 637 die('-1'); 638 639 $wp_list_table->prepare_items(); 640 641 if ( !$wp_list_table->has_items() ) 642 die('1'); 643 644 $x = new WP_Ajax_Response(); 645 ob_start(); 646 foreach ( $wp_list_table->items as $comment ) { 647 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 648 continue; 649 get_comment( $comment ); 650 $wp_list_table->single_row( $comment ); 651 } 652 $comment_list_item = ob_get_contents(); 653 ob_end_clean(); 654 655 $x->add( array( 656 'what' => 'comments', 657 'data' => $comment_list_item 658 ) ); 659 $x->send(); 660 } 661 662 add_action('wp_ajax_replyto-comment', 'wp_ajax_replyto_comment'); 663 function wp_ajax_replyto_comment() { 664 $action = $_POST['action']; 665 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 666 667 set_current_screen( 'edit-comments' ); 668 669 $comment_post_ID = (int) $_POST['comment_post_ID']; 670 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 671 die('-1'); 672 673 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 674 675 if ( empty($status) ) 676 die('1'); 677 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 678 die( __('ERROR: you are replying to a comment on a draft post.') ); 679 680 $user = wp_get_current_user(); 681 if ( $user->ID ) { 682 $comment_author = $wpdb->escape($user->display_name); 683 $comment_author_email = $wpdb->escape($user->user_email); 684 $comment_author_url = $wpdb->escape($user->user_url); 685 $comment_content = trim($_POST['content']); 686 if ( current_user_can( 'unfiltered_html' ) ) { 687 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 688 kses_remove_filters(); // start with a clean slate 689 kses_init_filters(); // set up the filters 690 } 691 } 692 } else { 693 die( __('Sorry, you must be logged in to reply to a comment.') ); 694 } 695 696 if ( '' == $comment_content ) 697 die( __('ERROR: please type a comment.') ); 698 699 $comment_parent = absint($_POST['comment_ID']); 700 $comment_auto_approved = false; 701 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 702 703 $comment_id = wp_new_comment( $commentdata ); 704 $comment = get_comment($comment_id); 705 if ( ! $comment ) die('1'); 706 707 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 708 709 710 // automatically approve parent comment 711 if ( !empty($_POST['approve_parent']) ) { 712 $parent = get_comment( $comment_parent ); 713 714 if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) { 715 if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) ) 716 $comment_auto_approved = true; 717 } 718 } 719 720 ob_start(); 721 if ( 'dashboard' == $_REQUEST['mode'] ) { 722 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' ); 723 _wp_dashboard_recent_comments_row( $comment ); 724 } else { 725 if ( 'single' == $_REQUEST['mode'] ) { 726 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 727 } else { 728 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 729 } 730 $wp_list_table->single_row( $comment ); 731 } 732 $comment_list_item = ob_get_contents(); 733 ob_end_clean(); 734 735 $response = array( 736 'what' => 'comment', 737 'id' => $comment->comment_ID, 738 'data' => $comment_list_item, 739 'position' => $position 740 ); 741 742 if ( $comment_auto_approved ) 743 $response['supplemental'] = array( 'parent_approved' => $parent->comment_ID ); 744 745 $x = new WP_Ajax_Response(); 746 $x->add( $response ); 747 $x->send(); 748 } 749 750 add_action('wp_ajax_edit-comment', 'wp_ajax_edit_comment'); 751 function wp_ajax_edit_comment() { 752 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); 753 754 set_current_screen( 'edit-comments' ); 755 756 $comment_id = (int) $_POST['comment_ID']; 757 if ( ! current_user_can( 'edit_comment', $comment_id ) ) 758 die('-1'); 759 760 if ( '' == $_POST['content'] ) 761 die( __('ERROR: please type a comment.') ); 762 763 $_POST['comment_status'] = $_POST['status']; 764 edit_comment(); 765 766 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 767 $comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 768 769 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 770 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' ); 771 772 ob_start(); 773 $wp_list_table->single_row( get_comment( $comment_id ) ); 774 $comment_list_item = ob_get_contents(); 775 ob_end_clean(); 776 777 $x = new WP_Ajax_Response(); 778 779 $x->add( array( 780 'what' => 'edit_comment', 781 'id' => $comment->comment_ID, 782 'data' => $comment_list_item, 783 'position' => $position 784 )); 785 786 $x->send(); 787 } 788 789 add_action('wp_ajax_add-menu-item', 'wp_ajax_add_menu_item'); 790 function wp_ajax_add_menu_item() { 791 if ( ! current_user_can( 'edit_theme_options' ) ) 792 die('-1'); 793 794 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 795 796 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 797 798 // For performance reasons, we omit some object properties from the checklist. 799 // The following is a hacky way to restore them when adding non-custom items. 800 801 $menu_items_data = array(); 802 foreach ( (array) $_POST['menu-item'] as $menu_item_data ) { 803 if ( 804 ! empty( $menu_item_data['menu-item-type'] ) && 805 'custom' != $menu_item_data['menu-item-type'] && 806 ! empty( $menu_item_data['menu-item-object-id'] ) 807 ) { 808 switch( $menu_item_data['menu-item-type'] ) { 809 case 'post_type' : 810 $_object = get_post( $menu_item_data['menu-item-object-id'] ); 811 break; 812 813 case 'taxonomy' : 814 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] ); 815 break; 816 } 817 818 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) ); 819 $_menu_item = array_shift( $_menu_items ); 820 821 // Restore the missing menu item properties 822 $menu_item_data['menu-item-description'] = $_menu_item->description; 823 } 824 825 $menu_items_data[] = $menu_item_data; 826 } 827 828 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); 829 if ( is_wp_error( $item_ids ) ) 830 die('-1'); 831 832 foreach ( (array) $item_ids as $menu_item_id ) { 833 $menu_obj = get_post( $menu_item_id ); 834 if ( ! empty( $menu_obj->ID ) ) { 835 $menu_obj = wp_setup_nav_menu_item( $menu_obj ); 836 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items 837 $menu_items[] = $menu_obj; 838 } 839 } 840 841 if ( ! empty( $menu_items ) ) { 842 $args = array( 843 'after' => '', 844 'before' => '', 845 'link_after' => '', 846 'link_before' => '', 847 'walker' => new Walker_Nav_Menu_Edit, 848 ); 849 echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); 850 } 851 } 852 853 add_action('wp_ajax_add-meta', 'wp_ajax_add_meta'); 854 function wp_ajax_add_meta() { 855 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 856 $c = 0; 857 $pid = (int) $_POST['post_id']; 858 $post = get_post( $pid ); 859 860 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 861 if ( !current_user_can( 'edit_post', $pid ) ) 862 die('-1'); 863 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 864 die('1'); 865 if ( $post->post_status == 'auto-draft' ) { 866 $save_POST = $_POST; // Backup $_POST 867 $_POST = array(); // Make it empty for edit_post() 868 $_POST['action'] = 'draft'; // Warning fix 869 $_POST['post_ID'] = $pid; 870 $_POST['post_type'] = $post->post_type; 871 $_POST['post_status'] = 'draft'; 872 $now = current_time('timestamp', 1); 873 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)); 874 875 if ( $pid = edit_post() ) { 876 if ( is_wp_error( $pid ) ) { 877 $x = new WP_Ajax_Response( array( 878 'what' => 'meta', 879 'data' => $pid 880 ) ); 881 $x->send(); 882 } 883 $_POST = $save_POST; // Now we can restore original $_POST again 884 if ( !$mid = add_meta( $pid ) ) 885 die(__('Please provide a custom field value.')); 886 } else { 887 die('0'); 888 } 889 } else if ( !$mid = add_meta( $pid ) ) { 890 die(__('Please provide a custom field value.')); 891 } 892 893 $meta = get_metadata_by_mid( 'post', $mid ); 894 $pid = (int) $meta->post_id; 895 $meta = get_object_vars( $meta ); 896 $x = new WP_Ajax_Response( array( 897 'what' => 'meta', 898 'id' => $mid, 899 'data' => _list_meta_row( $meta, $c ), 900 'position' => 1, 901 'supplemental' => array('postid' => $pid) 902 ) ); 903 } else { // Update? 904 $mid = (int) array_pop( array_keys($_POST['meta']) ); 905 $key = stripslashes( $_POST['meta'][$mid]['key'] ); 906 $value = stripslashes( $_POST['meta'][$mid]['value'] ); 907 if ( '' == trim($key) ) 908 die(__('Please provide a custom field name.')); 909 if ( '' == trim($value) ) 910 die(__('Please provide a custom field value.')); 911 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) 912 die('0'); // if meta doesn't exist 913 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 914 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 915 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) 916 die('-1'); 917 if ( $meta->meta_value != $value || $meta->meta_key != $key ) { 918 if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) ) 919 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 920 } 921 922 $x = new WP_Ajax_Response( array( 923 'what' => 'meta', 924 'id' => $mid, 'old_id' => $mid, 925 'data' => _list_meta_row( array( 926 'meta_key' => $key, 927 'meta_value' => $value, 928 'meta_id' => $mid 929 ), $c ), 930 'position' => 0, 931 'supplemental' => array('postid' => $meta->post_id) 932 ) ); 933 } 934 $x->send(); 935 } 936 937 add_action('wp_ajax_add-user', 'wp_ajax_add_user'); 938 function wp_ajax_add_user() { 939 $action = $_POST['action']; 940 check_ajax_referer( $action ); 941 if ( !current_user_can('create_users') ) 942 die('-1'); 943 if ( !$user_id = add_user() ) 944 die('0'); 945 elseif ( is_wp_error( $user_id ) ) { 946 $x = new WP_Ajax_Response( array( 947 'what' => 'user', 948 'id' => $user_id 949 ) ); 950 $x->send(); 951 } 952 $user_object = new WP_User( $user_id ); 953 954 $wp_list_table = _get_list_table('WP_Users_List_Table'); 955 956 $x = new WP_Ajax_Response( array( 957 'what' => 'user', 958 'id' => $user_id, 959 'data' => $wp_list_table->single_row( $user_object, '', $user_object->roles[0] ), 960 'supplemental' => array( 961 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 962 'role' => $user_object->roles[0] 963 ) 964 ) ); 965 $x->send(); 966 } 967 968 add_action('wp_ajax_nopriv_autosave', 'wp_ajax_nopriv_autosave'); 969 function wp_ajax_nopriv_autosave() { 970 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; 971 972 if ( ! $id ) 973 die('-1'); 974 975 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 976 $x = new WP_Ajax_Response( array( 977 'what' => 'autosave', 978 'id' => $id, 979 'data' => $message 980 ) ); 981 $x->send(); 982 } 983 984 add_action('wp_ajax_autosave', 'wp_ajax_autosave'); 985 /** 986 * The name of this action is hardcoded in edit_post() 987 */ 988 function wp_ajax_autosave() { 989 define( 'DOING_AUTOSAVE', true ); 990 991 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 992 993 $_POST['post_category'] = explode(",", $_POST['catslist']); 994 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) 995 unset($_POST['post_category']); 996 997 $do_autosave = (bool) $_POST['autosave']; 998 $do_lock = true; 999 1000 $data = $alert = ''; 1001 /* translators: draft saved date format, see http://php.net/date */ 1002 $draft_saved_date_format = __('g:i:s a'); 1003 /* translators: %s: date and time */ 1004 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); 1005 1006 $supplemental = array(); 1007 if ( isset($login_grace_period) ) 1008 $alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) ); 1009 1010 $id = $revision_id = 0; 1011 1012 $post_ID = (int) $_POST['post_ID']; 1013 $_POST['ID'] = $post_ID; 1014 $post = get_post($post_ID); 1015 if ( 'auto-draft' == $post->post_status ) 1016 $_POST['post_status'] = 'draft'; 1017 1018 if ( $last = wp_check_post_lock( $post->ID ) ) { 1019 $do_autosave = $do_lock = false; 1020 1021 $last_user = get_userdata( $last ); 1022 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1023 $data = __( 'Autosave disabled.' ); 1024 1025 $supplemental['disable_autosave'] = 'disable'; 1026 $alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) ); 1027 } 1028 1029 if ( 'page' == $post->post_type ) { 1030 if ( !current_user_can('edit_page', $post_ID) ) 1031 die(__('You are not allowed to edit this page.')); 1032 } else { 1033 if ( !current_user_can('edit_post', $post_ID) ) 1034 die(__('You are not allowed to edit this post.')); 1035 } 1036 1037 if ( $do_autosave ) { 1038 // Drafts and auto-drafts are just overwritten by autosave 1039 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) { 1040 $id = edit_post(); 1041 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 1042 $revision_id = wp_create_post_autosave( $post->ID ); 1043 if ( is_wp_error($revision_id) ) 1044 $id = $revision_id; 1045 else 1046 $id = $post->ID; 1047 } 1048 $data = $message; 1049 } else { 1050 if ( ! empty( $_POST['auto_draft'] ) ) 1051 $id = 0; // This tells us it didn't actually save 1052 else 1053 $id = $post->ID; 1054 } 1055 1056 if ( $do_lock && empty( $_POST['auto_draft'] ) && $id && is_numeric( $id ) ) { 1057 $lock_result = wp_set_post_lock( $id ); 1058 $supplemental['active-post-lock'] = implode( ':', $lock_result ); 1059 } 1060 1061 if ( $nonce_age == 2 ) { 1062 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 1063 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 1064 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 1065 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 1066 $supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' ); 1067 if ( $id ) { 1068 if ( $_POST['post_type'] == 'post' ) 1069 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 1070 elseif ( $_POST['post_type'] == 'page' ) 1071 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 1072 } 1073 } 1074 1075 if ( ! empty($alert) ) 1076 $supplemental['alert'] = $alert; 1077 1078 $x = new WP_Ajax_Response( array( 1079 'what' => 'autosave', 1080 'id' => $id, 1081 'data' => $id ? $data : '', 1082 'supplemental' => $supplemental 1083 ) ); 1084 $x->send(); 1085 } 1086 1087 add_action('wp_ajax_closed-postboxes', 'wp_ajax_closed_postboxes'); 1088 function wp_ajax_closed_postboxes() { 1089 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1090 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array(); 1091 $closed = array_filter($closed); 1092 1093 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array(); 1094 $hidden = array_filter($hidden); 1095 1096 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1097 1098 if ( $page != sanitize_key( $page ) ) 1099 die('0'); 1100 1101 if ( ! $user = wp_get_current_user() ) 1102 die('-1'); 1103 1104 if ( is_array($closed) ) 1105 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); 1106 1107 if ( is_array($hidden) ) { 1108 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1109 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1110 } 1111 1112 die('1'); 1113 } 1114 1115 add_action('wp_ajax_hidden-columns', 'wp_ajax_hidden_columns'); 1116 function wp_ajax_hidden_columns() { 1117 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1118 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1119 $hidden = explode( ',', $_POST['hidden'] ); 1120 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1121 1122 if ( $page != sanitize_key( $page ) ) 1123 die('0'); 1124 1125 if ( ! $user = wp_get_current_user() ) 1126 die('-1'); 1127 1128 if ( is_array($hidden) ) 1129 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true); 1130 1131 die('1'); 1132 } 1133 1134 add_action('wp_ajax_menu-get-metabox', 'wp_ajax_menu_get_metabox'); 1135 function wp_ajax_menu_get_metabox() { 1136 if ( ! current_user_can( 'edit_theme_options' ) ) 1137 die('-1'); 1138 1139 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1140 1141 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) { 1142 $type = 'posttype'; 1143 $callback = 'wp_nav_menu_item_post_type_meta_box'; 1144 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); 1145 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) { 1146 $type = 'taxonomy'; 1147 $callback = 'wp_nav_menu_item_taxonomy_meta_box'; 1148 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); 1149 } 1150 1151 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) { 1152 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] ); 1153 ob_start(); 1154 call_user_func_array($callback, array( 1155 null, 1156 array( 1157 'id' => 'add-' . $item->name, 1158 'title' => $item->labels->name, 1159 'callback' => $callback, 1160 'args' => $item, 1161 ) 1162 )); 1163 1164 $markup = ob_get_clean(); 1165 1166 echo json_encode(array( 1167 'replace-id' => $type . '-' . $item->name, 1168 'markup' => $markup, 1169 )); 1170 } 1171 1172 exit; 1173 } 1174 1175 add_action('wp_ajax-wp-link-ajax', 'wp_ajax_wp_link_ajax'); 1176 function wp_ajax_wp_link_ajax() { 1177 check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' ); 1178 1179 $args = array(); 1180 1181 if ( isset( $_POST['search'] ) ) 1182 $args['s'] = stripslashes( $_POST['search'] ); 1183 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; 1184 1185 require(ABSPATH . WPINC . '/class-wp-editor.php'); 1186 $results = WP_Editor::wp_link_query( $args ); 1187 1188 if ( ! isset( $results ) ) 1189 die( '0' ); 1190 1191 echo json_encode( $results ); 1192 echo "\n"; 1193 1194 exit; 1195 } 1196 1197 add_action('wp_ajax_menu-locations-save', 'wp_ajax_menu_locations_save'); 1198 function wp_ajax_menu_locations_save() { 1199 if ( ! current_user_can( 'edit_theme_options' ) ) 1200 die('-1'); 1201 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1202 if ( ! isset( $_POST['menu-locations'] ) ) 1203 die('0'); 1204 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1205 die('1'); 1206 } 1207 1208 add_action('wp_ajax_meta-box-order', 'wp_ajax_meta_box_order'); 1209 function wp_ajax_meta_box_order() { 1210 check_ajax_referer( 'meta-box-order' ); 1211 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1212 $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto'; 1213 1214 if ( $page_columns != 'auto' ) 1215 $page_columns = (int) $page_columns; 1216 1217 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1218 1219 if ( $page != sanitize_key( $page ) ) 1220 die('0'); 1221 1222 if ( ! $user = wp_get_current_user() ) 1223 die('-1'); 1224 1225 if ( $order ) 1226 update_user_option($user->ID, "meta-box-order_$page", $order, true); 1227 1228 if ( $page_columns ) 1229 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1230 1231 die('1'); 1232 } 1233 1234 add_action('wp_ajax_get-permalink', 'wp_ajax_get_permalink'); 1235 function wp_ajax_get_permalink() { 1236 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1237 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1238 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1239 } 1240 1241 add_action('wp_ajax_sample-permalink', 'wp_ajax_sample_permalink'); 1242 function wp_ajax_sample_permalink() { 1243 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1244 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1245 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1246 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null; 1247 die(get_sample_permalink_html($post_id, $title, $slug)); 1248 } 1249 1250 add_action('wp_ajax_inline-save', 'wp_ajax_inline_save'); 1251 function wp_ajax_inline_save() { 1252 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1253 1254 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1255 exit; 1256 1257 if ( 'page' == $_POST['post_type'] ) { 1258 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1259 die( __('You are not allowed to edit this page.') ); 1260 } else { 1261 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1262 die( __('You are not allowed to edit this post.') ); 1263 } 1264 1265 set_current_screen( $_POST['screen'] ); 1266 1267 if ( $last = wp_check_post_lock( $post_ID ) ) { 1268 $last_user = get_userdata( $last ); 1269 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1270 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1271 exit; 1272 } 1273 1274 $data = &$_POST; 1275 1276 $post = get_post( $post_ID, ARRAY_A ); 1277 $post = add_magic_quotes($post); //since it is from db 1278 1279 $data['content'] = $post['post_content']; 1280 $data['excerpt'] = $post['post_excerpt']; 1281 1282 // rename 1283 $data['user_ID'] = $GLOBALS['user_ID']; 1284 1285 if ( isset($data['post_parent']) ) 1286 $data['parent_id'] = $data['post_parent']; 1287 1288 // status 1289 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1290 $data['post_status'] = 'private'; 1291 else 1292 $data['post_status'] = $data['_status']; 1293 1294 if ( empty($data['comment_status']) ) 1295 $data['comment_status'] = 'closed'; 1296 if ( empty($data['ping_status']) ) 1297 $data['ping_status'] = 'closed'; 1298 1299 // update the post 1300 edit_post(); 1301 1302 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 1303 1304 $mode = $_POST['post_view']; 1305 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); 1306 1307 exit; 1308 } 1309 1310 add_action('wp_ajax_inline-save-tax', 'wp_ajax_inline_save_tax'); 1311 function wp_ajax_inline_save_tax() { 1312 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1313 1314 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1315 $tax = get_taxonomy( $taxonomy ); 1316 if ( ! $tax ) 1317 die( '0' ); 1318 1319 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1320 die( '-1' ); 1321 1322 set_current_screen( 'edit-' . $taxonomy ); 1323 1324 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 1325 1326 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1327 die(-1); 1328 1329 $tag = get_term( $id, $taxonomy ); 1330 $_POST['description'] = $tag->description; 1331 1332 $updated = wp_update_term($id, $taxonomy, $_POST); 1333 if ( $updated && !is_wp_error($updated) ) { 1334 $tag = get_term( $updated['term_id'], $taxonomy ); 1335 if ( !$tag || is_wp_error( $tag ) ) { 1336 if ( is_wp_error($tag) && $tag->get_error_message() ) 1337 die( $tag->get_error_message() ); 1338 die( __('Item not updated.') ); 1339 } 1340 1341 echo $wp_list_table->single_row( $tag ); 1342 } else { 1343 if ( is_wp_error($updated) && $updated->get_error_message() ) 1344 die( $updated->get_error_message() ); 1345 die( __('Item not updated.') ); 1346 } 1347 1348 exit; 1349 } 1350 1351 add_action('wp_ajax_find_posts', 'wp_ajax_find_posts'); 1352 function wp_ajax_find_posts() { 1353 check_ajax_referer( 'find-posts' ); 1354 1355 if ( empty($_POST['ps']) ) 1356 exit; 1357 1358 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) ) 1359 $what = $_POST['post_type']; 1360 else 1361 $what = 'post'; 1362 1363 $s = stripslashes($_POST['ps']); 1364 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1365 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1366 1367 $searchand = $search = ''; 1368 foreach ( (array) $search_terms as $term ) { 1369 $term = esc_sql( like_escape( $term ) ); 1370 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1371 $searchand = ' AND '; 1372 } 1373 $term = esc_sql( like_escape( $s ) ); 1374 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1375 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1376 1377 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1378 1379 if ( ! $posts ) { 1380 $posttype = get_post_type_object($what); 1381 exit($posttype->labels->not_found); 1382 } 1383 1384 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1385 foreach ( $posts as $post ) { 1386 1387 switch ( $post->post_status ) { 1388 case 'publish' : 1389 case 'private' : 1390 $stat = __('Published'); 1391 break; 1392 case 'future' : 1393 $stat = __('Scheduled'); 1394 break; 1395 case 'pending' : 1396 $stat = __('Pending Review'); 1397 break; 1398 case 'draft' : 1399 $stat = __('Draft'); 1400 break; 1401 } 1402 1403 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1404 $time = ''; 1405 } else { 1406 /* translators: date format in table columns, see http://php.net/date */ 1407 $time = mysql2date(__('Y/m/d'), $post->post_date); 1408 } 1409 1410 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1411 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1412 } 1413 $html .= '</tbody></table>'; 1414 1415 $x = new WP_Ajax_Response(); 1416 $x->add( array( 1417 'what' => $what, 1418 'data' => $html 1419 )); 1420 $x->send(); 1421 } 1422 1423 add_action('wp_ajax_widgets-order', 'wp_ajax_widgets_order'); 1424 function wp_ajax_widgets_order() { 1425 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1426 1427 if ( !current_user_can('edit_theme_options') ) 1428 die('-1'); 1429 1430 unset( $_POST['savewidgets'], $_POST['action'] ); 1431 1432 // save widgets order for all sidebars 1433 if ( is_array($_POST['sidebars']) ) { 1434 $sidebars = array(); 1435 foreach ( $_POST['sidebars'] as $key => $val ) { 1436 $sb = array(); 1437 if ( !empty($val) ) { 1438 $val = explode(',', $val); 1439 foreach ( $val as $k => $v ) { 1440 if ( strpos($v, 'widget-') === false ) 1441 continue; 1442 1443 $sb[$k] = substr($v, strpos($v, '_') + 1); 1444 } 1445 } 1446 $sidebars[$key] = $sb; 1447 } 1448 wp_set_sidebars_widgets($sidebars); 1449 die('1'); 1450 } 1451 1452 die('-1'); 1453 } 1454 1455 add_action('wp_ajax_save-widget', 'wp_ajax_save_widget'); 1456 function wp_ajax_save_widget() { 1457 global $wp_registered_widgets, $wp_registered_widget_updates; 1458 global $sidebars_widgets, $wp_registered_sidebars; 1459 1460 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1461 1462 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 1463 die('-1'); 1464 1465 unset( $_POST['savewidgets'], $_POST['action'] ); 1466 1467 do_action('load-widgets.php'); 1468 do_action('widgets.php'); 1469 do_action('sidebar_admin_setup'); 1470 1471 $id_base = $_POST['id_base']; 1472 $widget_id = $_POST['widget-id']; 1473 $sidebar_id = $_POST['sidebar']; 1474 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1475 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1476 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>'; 1477 1478 $sidebars = wp_get_sidebars_widgets(); 1479 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1480 1481 // delete 1482 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1483 1484 if ( !isset($wp_registered_widgets[$widget_id]) ) 1485 die($error); 1486 1487 $sidebar = array_diff( $sidebar, array($widget_id) ); 1488 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1489 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1490 if ( !$multi_number ) 1491 die($error); 1492 1493 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1494 $widget_id = $id_base . '-' . $multi_number; 1495 $sidebar[] = $widget_id; 1496 } 1497 $_POST['widget-id'] = $sidebar; 1498 1499 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1500 1501 if ( $name == $id_base ) { 1502 if ( !is_callable( $control['callback'] ) ) 1503 continue; 1504 1505 ob_start(); 1506 call_user_func_array( $control['callback'], $control['params'] ); 1507 ob_end_clean(); 1508 break; 1509 } 1510 } 1511 1512 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1513 $sidebars[$sidebar_id] = $sidebar; 1514 wp_set_sidebars_widgets($sidebars); 1515 echo "deleted:$widget_id"; 1516 die(); 1517 } 1518 1519 if ( !empty($_POST['add_new']) ) 1520 die(); 1521 1522 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1523 call_user_func_array( $form['callback'], $form['params'] ); 1524 1525 die(); 1526 } 1527 1528 add_action('wp_ajax_set-post-thumbnail', 'wp_ajax_set_post_thumbnail'); 1529 function wp_ajax_set_thumbnail() { 1530 $post_ID = intval( $_POST['post_id'] ); 1531 if ( !current_user_can( 'edit_post', $post_ID ) ) 1532 die( '-1' ); 1533 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1534 1535 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 1536 1537 if ( $thumbnail_id == '-1' ) { 1538 if ( delete_post_thumbnail( $post_ID ) ) 1539 die( _wp_post_thumbnail_html() ); 1540 else 1541 die( '0' ); 1542 } 1543 1544 if ( set_post_thumbnail( $post_ID, $thumbnail_id ) ) 1545 die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1546 die( '0' ); 1547 } 1548 1549 add_action('wp_ajax_date_format', 'wp_ajax_date_format'); 1550 function wp_ajax_date_format() { 1551 die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) ); 1552 } 1553 1554 add_action('wp_ajax_time_format', 'wp_ajax_time_format'); 1555 function wp_ajax_time_format() { 1556 die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) ); 1557 } 1558 1559 add_action('wp_ajax_wp-fullscreen-save-post', 'wp_ajax_wp_fullscreen_save_post'); 1560 function wp_ajax_wp_fullscreen_save_post() { 1561 if ( isset($_POST['post_ID']) ) 1562 $post_id = (int) $_POST['post_ID']; 1563 else 1564 $post_id = 0; 1565 1566 $post = null; 1567 $post_type_object = null; 1568 $post_type = null; 1569 if ( $post_id ) { 1570 $post = get_post($post_id); 1571 if ( $post ) { 1572 $post_type_object = get_post_type_object($post->post_type); 1573 if ( $post_type_object ) { 1574 $post_type = $post->post_type; 1575 $current_screen->post_type = $post->post_type; 1576 $current_screen->id = $current_screen->post_type; 1577 } 1578 } 1579 } elseif ( isset($_POST['post_type']) ) { 1580 $post_type_object = get_post_type_object($_POST['post_type']); 1581 if ( $post_type_object ) { 1582 $post_type = $post_type_object->name; 1583 $current_screen->post_type = $post_type; 1584 $current_screen->id = $current_screen->post_type; 1585 } 1586 } 1587 1588 check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce'); 1589 1590 $post_id = edit_post(); 1591 1592 if ( is_wp_error($post_id) ) { 1593 if ( $post_id->get_error_message() ) 1594 $message = $post_id->get_error_message(); 1595 else 1596 $message = __('Save failed'); 1597 1598 echo json_encode( array( 'message' => $message, 'last_edited' => '' ) ); 1599 die(); 1600 } else { 1601 $message = __('Saved.'); 1602 } 1603 1604 if ( $post ) { 1605 $last_date = mysql2date( get_option('date_format'), $post->post_modified ); 1606 $last_time = mysql2date( get_option('time_format'), $post->post_modified ); 1607 } else { 1608 $last_date = date_i18n( get_option('date_format') ); 1609 $last_time = date_i18n( get_option('time_format') ); 1610 } 1611 1612 if ( $last_id = get_post_meta($post_id, '_edit_last', true) ) { 1613 $last_user = get_userdata($last_id); 1614 $last_edited = sprintf( __('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time ); 1615 } else { 1616 $last_edited = sprintf( __('Last edited on %1$s at %2$s'), $last_date, $last_time ); 1617 } 1618 1619 echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) ); 1620 die(); 1621 } 1622 1623 add_action('wp_ajax_wp-remove-post-lock', 'wp_ajax_wp_remove_post_lock'); 1624 function wp_ajax_wp_remove_post_lock() { 1625 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) 1626 die( '0' ); 1627 $post_id = (int) $_POST['post_ID']; 1628 if ( ! $post = get_post( $post_id ) ) 1629 die( '0' ); 1630 1631 check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id ); 1632 1633 if ( ! current_user_can( 'edit_post', $post_id ) ) 1634 die( '-1' ); 1635 1636 $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) ); 1637 if ( $active_lock[1] != get_current_user_id() ) 1638 die( '0' ); 1639 1640 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; 1641 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); 1642 die( '1' ); 1643 } 1644 1645 ?> 1646 No newline at end of file