WordPress.org

Make WordPress Core

Ticket #23665: 23665-post-preview-2.patch

File 23665-post-preview-2.patch, 7.3 KB (added by johnjamesjacoby, 5 years ago)

Introduce wp_get_preview_post_url() to funnel post-preview URL handling through, and replace in all instances. Also patches _set_preview() and moves _show_post_preview() to 'set_current_user' priority 20 instead.

  • wp-admin/edit-form-advanced.php

     
    4040         5 => isset($_GET['revision']) ? sprintf( __('Post restored to revision from %s'), wp_post_revision_title( (int) $_GET['revision'], false ) ) : false,
    4141         6 => sprintf( __('Post published. <a href="%s">View post</a>'), esc_url( get_permalink($post_ID) ) ),
    4242         7 => __('Post saved.'),
    43          8 => sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
     43         8 => sprintf( __('Post submitted. <a target="_blank" href="%s">Preview post</a>'), esc_url( wp_get_preview_post_url( $post_ID ) ) ),
    4444         9 => sprintf( __('Post scheduled for: <strong>%1$s</strong>. <a target="_blank" href="%2$s">Preview post</a>'),
    4545                // translators: Publish box date format, see http://php.net/date
    4646                date_i18n( __( 'M j, Y @ G:i' ), strtotime( $post->post_date ) ), esc_url( get_permalink($post_ID) ) ),
    47         10 => sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), esc_url( add_query_arg( 'preview', 'true', get_permalink($post_ID) ) ) ),
     47        10 => sprintf( __('Post draft updated. <a target="_blank" href="%s">Preview post</a>'), esc_url( wp_get_preview_post_url( $post_ID ) ) ),
    4848);
    4949$messages['page'] = array(
    5050         0 => '', // Unused. Messages start at index 1.
  • wp-admin/includes/class-wp-posts-list-table.php

     
    587587                                if ( $post_type_object->public ) {
    588588                                        if ( in_array( $post->post_status, array( 'pending', 'draft', 'future' ) ) ) {
    589589                                                if ( $can_edit_post )
    590                                                         $actions['view'] = '<a href="' . esc_url( apply_filters( 'preview_post_link', add_query_arg( 'preview', 'true', get_permalink( $post->ID ) ) ) ) . '" title="' . esc_attr( sprintf( __( 'Preview &#8220;%s&#8221;' ), $title ) ) . '" rel="permalink">' . __( 'Preview' ) . '</a>';
     590                                                        $actions['view'] = '<a href="' . esc_url( wp_get_preview_post_url( $post->ID ) ) . '" title="' . esc_attr( sprintf( __( 'Preview &#8220;%s&#8221;' ), $title ) ) . '" rel="permalink">' . __( 'Preview' ) . '</a>';
    591591                                        } elseif ( 'trash' != $post->post_status ) {
    592592                                                $actions['view'] = '<a href="' . get_permalink( $post->ID ) . '" title="' . esc_attr( sprintf( __( 'View &#8220;%s&#8221;' ), $title ) ) . '" rel="permalink">' . __( 'View' ) . '</a>';
    593593                                        }
  • wp-admin/includes/meta-boxes.php

     
    4141        $preview_link = esc_url( get_permalink( $post->ID ) );
    4242        $preview_button = __( 'Preview Changes' );
    4343} else {
    44         $preview_link = set_url_scheme( get_permalink( $post->ID ) );
    45         $preview_link = esc_url( apply_filters( 'preview_post_link', add_query_arg( 'preview', 'true', $preview_link ) ) );
    46  No newline at end of file
     44        $preview_link = esc_url( wp_get_preview_post_url( $post->ID ) );
     45 No newline at end of file
    4746        $preview_button = __( 'Preview' );
    4847}
  • wp-admin/includes/post.php

     ?>
     
    12131213        <?php
    12141214
    12151215        if ( $locked ) {
    1216                 $preview_link = set_url_scheme( add_query_arg( 'preview', 'true', get_permalink( $post->ID ) ) );
    1217 
    1218                 if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) {
    1219                         // Latest content is in autosave
    1220                         $nonce = wp_create_nonce( 'post_preview_' . $post->ID );
    1221                         $preview_link = add_query_arg( array( 'preview_id' => $post->ID, 'preview_nonce' => $nonce ), $preview_link );
    1222                 }
    1223 
    1224                 $preview_link = apply_filters( 'preview_post_link', $preview_link );
     1216                $preview_link = wp_get_preview_post_url( $post->ID );
    12251217                $override = apply_filters( 'override_post_lock', true, $post, $user );
    12261218                $tab_last = $override ? '' : ' wp-tab-last';
    12271219
     
    13721364        if ( is_wp_error($id) )
    13731365                wp_die( $id->get_error_message() );
    13741366
    1375         if ( $_POST['post_status'] == 'draft' && $user_id == $post->post_author ) {
    1376                 $url = add_query_arg( 'preview', 'true', get_permalink($id) );
    1377         } else {
    1378                 $nonce = wp_create_nonce('post_preview_' . $id);
    1379                 $url = add_query_arg( array( 'preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce ), get_permalink($id) );
    1380         }
    1381 
    1382         return apply_filters( 'preview_post_link', $url );
     1367        return apply_filters( 'preview_post_link', wp_get_preview_post_url( $id ) );
    13831368}
  • wp-includes/default-filters.php

     
    276276add_action( 'post_updated',      'wp_check_for_changed_slugs', 12, 3 );
    277277
    278278// Nonce check for Post Previews
    279 add_action( 'init', '_show_post_preview' );
     279add_action( 'set_current_user', '_show_post_preview', 20 );
    280280
    281281// Timezone
    282282add_filter( 'pre_option_gmt_offset','wp_timezone_override_offset' );
  • wp-includes/post.php

     
    49624962                update_post_caches( $fresh_posts, 'any', $update_term_cache, $update_meta_cache );
    49634963        }
    49644964}
     4965
     4966/**
     4967 * Return the URL used to preview a post.
     4968 *
     4969 * Checks that the post type is public, and makes sure the current user has the
     4970 * capability to view the post preview.
     4971 *
     4972 * @todo Always add the nonce and pass the preview_id?
     4973 *
     4974 * @since 3.6
     4975 * @param int $post_id The post ID to preview
     4976 * @return mixed Boolean false if no URL; String if URL
     4977 */
     4978function wp_get_preview_post_url( $post_id = 0 ) {
     4979
     4980        // Default return value
     4981        $preview_link = false;
     4982
     4983        // Get the post
     4984        $_post = get_post( $post_id );
     4985        if ( ! empty( $_post ) ) {
     4986
     4987                // Get the post type object, to check scope and get correct capability
     4988                $post_type_object = get_post_type_object( $_post->post_type );
     4989
     4990                // Only if post type is public
     4991                if ( $post_type_object->public ) {
     4992
     4993                        // Use post permalink as preview base, and add the preview query arg
     4994                        $preview_link   = set_url_scheme( add_query_arg( 'preview', 'true', get_permalink( $_post->ID ) ) );
     4995
     4996                        // Get correct capability, and check if user has it
     4997                        $edit_cap       = ( 'page' == $_post->post_type ) ? $post_type_object->cap->edit_page : $post_type_object->cap->edit_post;
     4998                        $user_has_caps  = ( current_user_can( $edit_cap, $_post->ID ) );
     4999
     5000                        // Is the current user the author of the post (since 3.6)
     5001                        $user_is_author = ( get_current_user_id() == $_post->post_author );
     5002
     5003                        // Hardcode the post statuses for now
     5004                        // @todo check get_post_status_object() instead?
     5005                        // @link http://core.trac.wordpress.org/attachment/ticket/23665/23665-post-preview.patch
     5006                        $draft_check   = in_array( $_post->post_status, array( 'pending', 'draft'  ) );
     5007                        $future_check  = in_array( $_post->post_status, array( 'publish', 'future' ) );
     5008
     5009                        // In some cases,
     5010                        if ( ( ! $user_has_caps && $draft_check ) || ( $user_is_author && $future_check ) ) {
     5011                                $nonce        = wp_create_nonce( 'post_preview_' . $_post->ID );
     5012                                $preview_link = add_query_arg( array( 'preview_id' => $_post->ID, 'preview_nonce' => $nonce ), $preview_link );
     5013                        }
     5014                }
     5015        }
     5016
     5017        return apply_filters( 'preview_post_link', $preview_link, $_post, $post_id );
     5018}
  • wp-includes/revision.php

     
    501501        if ( ! is_object($post) )
    502502                return $post;
    503503
    504         $preview = wp_get_post_autosave($post->ID);
     504        $preview = wp_get_post_autosave( $post->ID, get_current_user_id() );
    505505
    506506        if ( ! is_object($preview) )
    507507                return $post;