WordPress.org

Make WordPress Core

Ticket #9593: 9593.diff

File 9593.diff, 7.0 KB (added by DD32, 5 years ago)
  • wp-admin/press-this.php

     
    1010require_once('admin.php'); 
    1111header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); 
    1212 
    13 if ( ! current_user_can('edit_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); 
     13if ( ! current_user_can('edit_posts') ) 
     14        wp_die( __( 'Cheatin’ uh?' ) ); 
    1415 
    1516/** 
    1617 * Convert characters. 
     
    4142function press_it() { 
    4243        // define some basic variables 
    4344        $quick['post_status'] = 'draft'; // set as draft first 
    44         $quick['post_category'] = $_REQUEST['post_category']; 
    45         $quick['tax_input'] = $_REQUEST['tax_input']; 
    46         $quick['post_title'] = $_REQUEST['title']; 
     45        $quick['post_category'] = isset($_REQUEST['post_category']) ? $_REQUEST['post_category'] : null; 
     46        $quick['tax_input'] = isset($_REQUEST['tax_input']) ? $_REQUEST['tax_input'] : ''; 
     47        $quick['post_title'] = isset($_REQUEST['title']) ? $_REQUEST['title'] : ''; 
    4748        $quick['post_content'] = ''; 
    4849 
    4950        // insert the post with nothing in it, to get an ID 
    5051        $post_ID = wp_insert_post($quick, true); 
    51         $content = $_REQUEST['content']; 
     52        $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : ''; 
    5253 
    53         if( $_REQUEST['photo_src'] && current_user_can('upload_files') ) 
     54        $upload = false; 
     55        if( !empty($_REQUEST['photo_src']) && current_user_can('upload_files') ) 
    5456                foreach( (array) $_REQUEST['photo_src'] as $key => $image) 
    5557                        // see if files exist in content - we don't want to upload non-used selected files. 
    5658                        if( strpos($_REQUEST['content'], $image) !== false ) { 
    57                                 $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]); 
     59                                $desc = isset($_REQUEST['photo_description'][$key]) ? $_REQUEST['photo_description'][$key] : ''; 
     60                                $upload = media_sideload_image($image, $post_ID, $desc); 
    5861                                 
    5962                                // Replace the POSTED content <img> with correct uploaded ones. Regex contains fix for Magic Quotes 
    6063                                if( !is_wp_error($upload) ) $content = preg_replace('/<img ([^>]*)src=\\\?(\"|\')'.preg_quote($image, '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); 
     
    7982} 
    8083 
    8184// For submitted posts. 
    82 if ( 'post' == $_REQUEST['action'] ) { 
     85if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { 
    8386        check_admin_referer('press-this'); 
    8487        $post_ID = press_it(); 
    8588        $posted =  $post_ID; 
     89} else { 
     90        $post_ID = 0; 
    8691} 
    8792 
    8893// Set Variables 
    89 $title = wp_specialchars(aposfix(stripslashes($_GET['t']))); 
    90 $selection = trim( aposfix( stripslashes($_GET['s']) ) ); 
     94$title = isset($_GET['t']) ? wp_specialchars(aposfix(stripslashes($_GET['t']))) : ''; 
     95$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; 
    9196if ( ! empty($selection) ) { 
    9297        $selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection); 
    9398        $selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>'; 
    9499} 
    95 $url = clean_url($_GET['u']); 
    96 $image = $_GET['i']; 
     100$url = isset($_GET['u']) ? clean_url($_GET['u']) : ''; 
     101$image = isset($_GET['i']) ? $_GET['i'] : ''; 
    97102 
    98 if($_REQUEST['ajax']) { 
     103if ( !empty($_REQUEST['ajax']) ) { 
    99104switch ($_REQUEST['ajax']) { 
    100105        case 'video': ?> 
    101106                <script type="text/javascript" charset="utf-8"> 
     
    130135                <h3 class="tb"><label for="this_photo_description"><?php _e('Description') ?></label></h3> 
    131136                <div class="titlediv"> 
    132137                <div class="titlewrap"> 
    133                         <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/> 
     138                        <input id="this_photo_description" name="photo_description" class="tbtitle text" onKeyPress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/> 
    134139                </div> 
    135140                </div> 
    136141 
     
    155160                <h3 class="tb"><label for="this_photo"><?php _e('URL') ?></label></h3> 
    156161                <div class="titlediv"> 
    157162                        <div class="titlewrap"> 
    158                         <input id="this_photo" name="this_photo" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" /> 
     163                        <input id="this_photo" name="this_photo" class="tbtitle text" onKeyPress="if(event.keyCode==13) image_selector();" /> 
    159164                        </div> 
    160165                </div> 
    161166 
     
    163168                <h3 class="tb"><label for="photo_description"><?php _e('Description') ?></label></h3> 
    164169                <div id="titlediv"> 
    165170                        <div class="titlewrap"> 
    166                         <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/> 
     171                        <input id="this_photo_description" name="photo_description" class="tbtitle text" onKeyPress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/> 
    167172                        </div> 
    168173                </div> 
    169174 
     
    467472 
    468473                                        <div id="categories-all" class="ui-tabs-panel"> 
    469474                                                <ul id="categorychecklist" class="list:category categorychecklist form-no-clear"> 
    470                                                         <?php wp_category_checklist($post->ID, false, false, $popular_ids) ?> 
     475                                                        <?php wp_category_checklist($post_ID, false) ?> 
    471476                                                </ul> 
    472477                                        </div> 
    473478 
     
    506511 
    507512        <div class="posting"> 
    508513                <?php if ( isset($posted) && intval($posted) ) { $post_ID = intval($posted); ?> 
    509                 <div id="message" class="updated fade"><p><strong><?php _e('Your post has been saved.'); ?></strong> <a onclick="window.opener.location.replace(this.href); window.close();" href="<?php echo get_permalink( $post_ID); ?>"><?php _e('View post'); ?></a> | <a href="<?php echo get_edit_post_link( $post_ID ); ?>" onclick="window.opener.location.replace(this.href); window.close();"><?php _e('Edit post'); ?></a> | <a href="#" onclick="window.close();"><?php _e('Close Window'); ?></a></p></div> 
     514                <div id="message" class="updated fade"><p><strong><?php _e('Your post has been saved.'); ?></strong> <a onClick="window.opener.location.replace(this.href); window.close();" href="<?php echo get_permalink( $post_ID); ?>"><?php _e('View post'); ?></a> | <a href="<?php echo get_edit_post_link( $post_ID ); ?>" onClick="window.opener.location.replace(this.href); window.close();"><?php _e('Edit post'); ?></a> | <a href="#" onClick="window.close();"><?php _e('Close Window'); ?></a></p></div> 
    510515                <?php } ?> 
    511516 
    512517                <div id="titlediv"> 
     
    532537                                <li id="switcher"> 
    533538                                        <?php wp_print_scripts( 'quicktags' ); ?> 
    534539                                        <?php add_filter('the_editor_content', 'wp_richedit_pre'); ?> 
    535                                         <a id="edButtonHTML" onclick="switchEditors.go('content', 'html');"><?php _e('HTML'); ?></a> 
    536                                         <a id="edButtonPreview" class="active" onclick="switchEditors.go('content', 'tinymce');"><?php _e('Visual'); ?></a> 
    537                                         <div class="zerosize"><input accesskey="e" type="button" onclick="switchEditors.go('content')" /></div> 
     540                                        <a id="edButtonHTML" onClick="switchEditors.go('content', 'html');"><?php _e('HTML'); ?></a> 
     541                                        <a id="edButtonPreview" class="active" onClick="switchEditors.go('content', 'tinymce');"><?php _e('Visual'); ?></a> 
     542                                        <div class="zerosize"><input accesskey="e" type="button" onClick="switchEditors.go('content')" /></div> 
    538543                                </li> 
    539544                                <?php } ?> 
    540545                        </ul>