Changeset 42343 for trunk/src/wp-admin/includes/ajax-actions.php
- Timestamp:
- 11/30/2017 11:09:33 PM (8 years ago)
- File:
-
- 1 edited
-
trunk/src/wp-admin/includes/ajax-actions.php (modified) (148 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r42228 r42343 24 24 25 25 // screen_id is the same as $current_screen->id and the JS global 'pagenow'. 26 if ( ! empty( $_POST['screen_id']) )27 $screen_id = sanitize_key( $_POST['screen_id']);28 else26 if ( ! empty( $_POST['screen_id'] ) ) { 27 $screen_id = sanitize_key( $_POST['screen_id'] ); 28 } else { 29 29 $screen_id = 'front'; 30 31 if ( ! empty($_POST['data']) ) { 30 } 31 32 if ( ! empty( $_POST['data'] ) ) { 32 33 $data = wp_unslash( (array) $_POST['data'] ); 33 34 … … 69 70 $response['server_time'] = time(); 70 71 71 wp_send_json( $response);72 wp_send_json( $response ); 72 73 } 73 74 … … 110 111 111 112 $taxonomy = sanitize_key( $_GET['tax'] ); 112 $tax = get_taxonomy( $taxonomy );113 $tax = get_taxonomy( $taxonomy ); 113 114 if ( ! $tax ) { 114 115 wp_die( 0 ); … … 122 123 123 124 $comma = _x( ',', 'tag delimiter' ); 124 if ( ',' !== $comma ) 125 if ( ',' !== $comma ) { 125 126 $s = str_replace( $comma, ',', $s ); 127 } 126 128 if ( false !== strpos( $s, ',' ) ) { 127 129 $s = explode( ',', $s ); 128 $s = $s[ count( $s ) - 1];130 $s = $s[ count( $s ) - 1 ]; 129 131 } 130 132 $s = trim( $s ); … … 145 147 * ensure it's a non-negative, non-zero integer. 146 148 */ 147 if ( ( $term_search_min_chars == 0 ) || ( strlen( $s ) < $term_search_min_chars ) ) {149 if ( ( $term_search_min_chars == 0 ) || ( strlen( $s ) < $term_search_min_chars ) ) { 148 150 wp_die(); 149 151 } 150 152 151 $results = get_terms( $taxonomy, array( 'name__like' => $s, 'fields' => 'names', 'hide_empty' => false ) ); 153 $results = get_terms( 154 $taxonomy, array( 155 'name__like' => $s, 156 'fields' => 'names', 157 'hide_empty' => false, 158 ) 159 ); 152 160 153 161 echo join( $results, "\n" ); … … 161 169 */ 162 170 function wp_ajax_wp_compression_test() { 163 if ( ! current_user_can( 'manage_options' ) )171 if ( ! current_user_can( 'manage_options' ) ) { 164 172 wp_die( -1 ); 165 166 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 167 update_site_option('can_compress_scripts', 0); 173 } 174 175 if ( ini_get( 'zlib.output_compression' ) || 'ob_gzhandler' == ini_get( 'output_handler' ) ) { 176 update_site_option( 'can_compress_scripts', 0 ); 168 177 wp_die( 0 ); 169 178 } 170 179 171 if ( isset( $_GET['test']) ) {180 if ( isset( $_GET['test'] ) ) { 172 181 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 173 182 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 174 183 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 175 header( 'Content-Type: application/javascript; charset=UTF-8');176 $force_gzip = ( defined( 'ENFORCE_GZIP') && ENFORCE_GZIP );177 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';184 header( 'Content-Type: application/javascript; charset=UTF-8' ); 185 $force_gzip = ( defined( 'ENFORCE_GZIP' ) && ENFORCE_GZIP ); 186 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 178 187 179 188 if ( 1 == $_GET['test'] ) { 180 181 189 echo $test_str; 190 wp_die(); 182 191 } elseif ( 2 == $_GET['test'] ) { 183 if ( ! isset($_SERVER['HTTP_ACCEPT_ENCODING']) )192 if ( ! isset( $_SERVER['HTTP_ACCEPT_ENCODING'] ) ) { 184 193 wp_die( -1 ); 185 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 186 header('Content-Encoding: deflate'); 194 } 195 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate' ) && function_exists( 'gzdeflate' ) && ! $force_gzip ) { 196 header( 'Content-Encoding: deflate' ); 187 197 $out = gzdeflate( $test_str, 1 ); 188 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip' ) && function_exists('gzencode') ) {189 header( 'Content-Encoding: gzip');198 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip' ) && function_exists( 'gzencode' ) ) { 199 header( 'Content-Encoding: gzip' ); 190 200 $out = gzencode( $test_str, 1 ); 191 201 } else { … … 196 206 } elseif ( 'no' == $_GET['test'] ) { 197 207 check_ajax_referer( 'update_can_compress_scripts' ); 198 update_site_option( 'can_compress_scripts', 0);208 update_site_option( 'can_compress_scripts', 0 ); 199 209 } elseif ( 'yes' == $_GET['test'] ) { 200 210 check_ajax_referer( 'update_can_compress_scripts' ); 201 update_site_option( 'can_compress_scripts', 1);211 update_site_option( 'can_compress_scripts', 1 ); 202 212 } 203 213 } … … 212 222 */ 213 223 function wp_ajax_imgedit_preview() { 214 $post_id = intval( $_GET['postid']);215 if ( empty( $post_id) || !current_user_can('edit_post', $post_id) )224 $post_id = intval( $_GET['postid'] ); 225 if ( empty( $post_id ) || ! current_user_can( 'edit_post', $post_id ) ) { 216 226 wp_die( -1 ); 227 } 217 228 218 229 check_ajax_referer( "image_editor-$post_id" ); 219 230 220 231 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' ); 221 if ( ! stream_preview_image( $post_id) )232 if ( ! stream_preview_image( $post_id ) ) { 222 233 wp_die( -1 ); 234 } 223 235 224 236 wp_die(); … … 243 255 */ 244 256 function wp_ajax_autocomplete_user() { 245 if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) ) 257 if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) ) { 246 258 wp_die( -1 ); 259 } 247 260 248 261 /** This filter is documented in wp-admin/user-new.php */ 249 if ( ! current_user_can( 'manage_network_users' ) && ! apply_filters( 'autocomplete_users_for_site_admins', false ) ) 262 if ( ! current_user_can( 'manage_network_users' ) && ! apply_filters( 'autocomplete_users_for_site_admins', false ) ) { 250 263 wp_die( -1 ); 264 } 251 265 252 266 $return = array(); … … 275 289 } 276 290 277 $include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() ); 278 $exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() ); 279 280 $users = get_users( array( 281 'blog_id' => false, 282 'search' => '*' . $_REQUEST['term'] . '*', 283 'include' => $include_blog_users, 284 'exclude' => $exclude_blog_users, 285 'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ), 286 ) ); 291 $include_blog_users = ( $type == 'search' ? get_users( 292 array( 293 'blog_id' => $id, 294 'fields' => 'ID', 295 ) 296 ) : array() ); 297 $exclude_blog_users = ( $type == 'add' ? get_users( 298 array( 299 'blog_id' => $id, 300 'fields' => 'ID', 301 ) 302 ) : array() ); 303 304 $users = get_users( 305 array( 306 'blog_id' => false, 307 'search' => '*' . $_REQUEST['term'] . '*', 308 'include' => $include_blog_users, 309 'exclude' => $exclude_blog_users, 310 'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ), 311 ) 312 ); 287 313 288 314 foreach ( $users as $user ) { … … 316 342 317 343 if ( is_wp_error( $events ) ) { 318 wp_send_json_error( array( 319 'error' => $events->get_error_message(), 320 ) ); 344 wp_send_json_error( 345 array( 346 'error' => $events->get_error_message(), 347 ) 348 ); 321 349 } else { 322 350 if ( empty( $saved_location['ip'] ) && ! empty( $events['location']['ip'] ) ) { … … 361 389 362 390 switch ( $_GET['widget'] ) { 363 case 'dashboard_primary' 391 case 'dashboard_primary': 364 392 wp_dashboard_primary(); 365 393 break; … … 393 421 */ 394 422 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { 395 $total = isset( $_POST['_total'] ) ? (int) $_POST['_total']: 0;423 $total = isset( $_POST['_total'] ) ? (int) $_POST['_total'] : 0; 396 424 $per_page = isset( $_POST['_per_page'] ) ? (int) $_POST['_per_page'] : 0; 397 $page = isset( $_POST['_page'] ) ? (int) $_POST['_page']: 0;398 $url = isset( $_POST['_url'] ) 425 $page = isset( $_POST['_page'] ) ? (int) $_POST['_page'] : 0; 426 $url = isset( $_POST['_url'] ) ? esc_url_raw( $_POST['_url'] ) : ''; 399 427 400 428 // JS didn't send us everything we need to know. Just die with success message … … 415 443 $counts = wp_count_comments(); 416 444 417 $x = new WP_Ajax_Response( array( 418 'what' => 'comment', 419 // Here for completeness - not used. 420 'id' => $comment_id, 421 'supplemental' => array( 422 'status' => $comment_status, 423 'postId' => $comment ? $comment->comment_post_ID : '', 424 'time' => $time, 425 'in_moderation' => $counts->moderated, 426 'i18n_comments_text' => sprintf( 427 _n( '%s Comment', '%s Comments', $counts->approved ), 428 number_format_i18n( $counts->approved ) 445 $x = new WP_Ajax_Response( 446 array( 447 'what' => 'comment', 448 // Here for completeness - not used. 449 'id' => $comment_id, 450 'supplemental' => array( 451 'status' => $comment_status, 452 'postId' => $comment ? $comment->comment_post_ID : '', 453 'time' => $time, 454 'in_moderation' => $counts->moderated, 455 'i18n_comments_text' => sprintf( 456 _n( '%s Comment', '%s Comments', $counts->approved ), 457 number_format_i18n( $counts->approved ) 458 ), 459 'i18n_moderation_text' => sprintf( 460 _nx( '%s in moderation', '%s in moderation', $counts->moderated, 'comments' ), 461 number_format_i18n( $counts->moderated ) 462 ), 463 'comment_link' => $comment_link, 429 464 ), 430 'i18n_moderation_text' => sprintf(431 _nx( '%s in moderation', '%s in moderation', $counts->moderated, 'comments' ),432 number_format_i18n( $counts->moderated )433 ),434 'comment_link' => $comment_link,435 465 ) 436 ) );466 ); 437 467 $x->send(); 438 468 } 439 469 440 470 $total += $delta; 441 if ( $total < 0 ) 471 if ( $total < 0 ) { 442 472 $total = 0; 473 } 443 474 444 475 // Only do the expensive stuff on a page-break, and about 1 other time per page … … 450 481 if ( isset( $parsed['query'] ) ) { 451 482 parse_str( $parsed['query'], $query_vars ); 452 if ( ! empty( $query_vars['comment_status'] ) )483 if ( ! empty( $query_vars['comment_status'] ) ) { 453 484 $status = $query_vars['comment_status']; 454 if ( !empty( $query_vars['p'] ) ) 485 } 486 if ( ! empty( $query_vars['p'] ) ) { 455 487 $post_id = (int) $query_vars['p']; 456 if ( ! empty( $query_vars['comment_type'] ) ) 488 } 489 if ( ! empty( $query_vars['comment_type'] ) ) { 457 490 $type = $query_vars['comment_type']; 491 } 458 492 } 459 493 460 494 if ( empty( $type ) ) { 461 495 // Only use the comment count if not filtering by a comment_type. 462 $comment_count = wp_count_comments( $post_id);496 $comment_count = wp_count_comments( $post_id ); 463 497 464 498 // We're looking for a known type of comment count. … … 471 505 472 506 // The time since the last comment count. 473 $time = time();507 $time = time(); 474 508 $comment = get_comment( $comment_id ); 475 509 476 $x = new WP_Ajax_Response( array( 477 'what' => 'comment', 478 // Here for completeness - not used. 479 'id' => $comment_id, 480 'supplemental' => array( 481 'status' => $comment ? $comment->comment_approved : '', 482 'postId' => $comment ? $comment->comment_post_ID : '', 483 'total_items_i18n' => sprintf( _n( '%s item', '%s items', $total ), number_format_i18n( $total ) ), 484 'total_pages' => ceil( $total / $per_page ), 485 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ), 486 'total' => $total, 487 'time' => $time 510 $x = new WP_Ajax_Response( 511 array( 512 'what' => 'comment', 513 // Here for completeness - not used. 514 'id' => $comment_id, 515 'supplemental' => array( 516 'status' => $comment ? $comment->comment_approved : '', 517 'postId' => $comment ? $comment->comment_post_ID : '', 518 'total_items_i18n' => sprintf( _n( '%s item', '%s items', $total ), number_format_i18n( $total ) ), 519 'total_pages' => ceil( $total / $per_page ), 520 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ), 521 'total' => $total, 522 'time' => $time, 523 ), 488 524 ) 489 ) );525 ); 490 526 $x->send(); 491 527 } … … 502 538 */ 503 539 function _wp_ajax_add_hierarchical_term() { 504 $action = $_POST['action'];505 $taxonomy = get_taxonomy( substr($action, 4));540 $action = $_POST['action']; 541 $taxonomy = get_taxonomy( substr( $action, 4 ) ); 506 542 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 507 if ( ! current_user_can( $taxonomy->cap->edit_terms ) )543 if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) { 508 544 wp_die( -1 ); 509 $names = explode(',', $_POST['new'.$taxonomy->name]); 510 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 511 if ( 0 > $parent ) 545 } 546 $names = explode( ',', $_POST[ 'new' . $taxonomy->name ] ); 547 $parent = isset( $_POST[ 'new' . $taxonomy->name . '_parent' ] ) ? (int) $_POST[ 'new' . $taxonomy->name . '_parent' ] : 0; 548 if ( 0 > $parent ) { 512 549 $parent = 0; 513 if ( $taxonomy->name == 'category' ) 514 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 515 else 516 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 550 } 551 if ( $taxonomy->name == 'category' ) { 552 $post_category = isset( $_POST['post_category'] ) ? (array) $_POST['post_category'] : array(); 553 } else { 554 $post_category = ( isset( $_POST['tax_input'] ) && isset( $_POST['tax_input'][ $taxonomy->name ] ) ) ? (array) $_POST['tax_input'][ $taxonomy->name ] : array(); 555 } 517 556 $checked_categories = array_map( 'absint', (array) $post_category ); 518 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);557 $popular_ids = wp_popular_terms_checklist( $taxonomy->name, 0, 10, false ); 519 558 520 559 foreach ( $names as $cat_name ) { 521 $cat_name = trim($cat_name);522 $category_nicename = sanitize_title( $cat_name);523 if ( '' === $category_nicename ) 560 $cat_name = trim( $cat_name ); 561 $category_nicename = sanitize_title( $cat_name ); 562 if ( '' === $category_nicename ) { 524 563 continue; 564 } 525 565 526 566 $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) ); … … 531 571 } 532 572 $checked_categories[] = $cat_id; 533 if ( $parent ) // Do these all at once in a second573 if ( $parent ) { // Do these all at once in a second 534 574 continue; 575 } 535 576 536 577 ob_start(); 537 578 538 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 579 wp_terms_checklist( 580 0, array( 581 'taxonomy' => $taxonomy->name, 582 'descendants_and_self' => $cat_id, 583 'selected_cats' => $checked_categories, 584 'popular_cats' => $popular_ids, 585 ) 586 ); 539 587 540 588 $data = ob_get_clean(); 541 589 542 590 $add = array( 543 'what' => $taxonomy->name,544 'id' => $cat_id,545 'data' => str_replace( array("\n", "\t"), '', $data),546 'position' => -1 591 'what' => $taxonomy->name, 592 'id' => $cat_id, 593 'data' => str_replace( array( "\n", "\t" ), '', $data ), 594 'position' => -1, 547 595 ); 548 596 } 549 597 550 598 if ( $parent ) { // Foncy - replace the parent and all its children 551 $parent = get_term( $parent, $taxonomy->name );599 $parent = get_term( $parent, $taxonomy->name ); 552 600 $term_id = $parent->term_id; 553 601 554 602 while ( $parent->parent ) { // get the top parent 555 603 $parent = get_term( $parent->parent, $taxonomy->name ); 556 if ( is_wp_error( $parent ) ) 604 if ( is_wp_error( $parent ) ) { 557 605 break; 606 } 558 607 $term_id = $parent->term_id; 559 608 } … … 561 610 ob_start(); 562 611 563 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 612 wp_terms_checklist( 613 0, array( 614 'taxonomy' => $taxonomy->name, 615 'descendants_and_self' => $term_id, 616 'selected_cats' => $checked_categories, 617 'popular_cats' => $popular_ids, 618 ) 619 ); 564 620 565 621 $data = ob_get_clean(); 566 622 567 623 $add = array( 568 'what' => $taxonomy->name,569 'id' => $term_id,570 'data' => str_replace( array("\n", "\t"), '', $data),571 'position' => -1 624 'what' => $taxonomy->name, 625 'id' => $term_id, 626 'data' => str_replace( array( "\n", "\t" ), '', $data ), 627 'position' => -1, 572 628 ); 573 629 } … … 575 631 ob_start(); 576 632 577 wp_dropdown_categories( array( 578 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 579 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —' 580 ) ); 633 wp_dropdown_categories( 634 array( 635 'taxonomy' => $taxonomy->name, 636 'hide_empty' => 0, 637 'name' => 'new' . $taxonomy->name . '_parent', 638 'orderby' => 'name', 639 'hierarchical' => 1, 640 'show_option_none' => '— ' . $taxonomy->labels->parent_item . ' —', 641 ) 642 ); 581 643 582 644 $sup = ob_get_clean(); … … 596 658 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 597 659 598 if ( ! $comment = get_comment( $id ) )660 if ( ! $comment = get_comment( $id ) ) { 599 661 wp_die( time() ); 600 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 662 } 663 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) { 601 664 wp_die( -1 ); 665 } 602 666 603 667 check_ajax_referer( "delete-comment_$id" ); … … 605 669 606 670 $delta = -1; 607 if ( isset( $_POST['trash']) && 1 == $_POST['trash'] ) {608 if ( 'trash' == $status ) 671 if ( isset( $_POST['trash'] ) && 1 == $_POST['trash'] ) { 672 if ( 'trash' == $status ) { 609 673 wp_die( time() ); 674 } 610 675 $r = wp_trash_comment( $comment ); 611 } elseif ( isset( $_POST['untrash']) && 1 == $_POST['untrash'] ) {612 if ( 'trash' != $status ) 676 } elseif ( isset( $_POST['untrash'] ) && 1 == $_POST['untrash'] ) { 677 if ( 'trash' != $status ) { 613 678 wp_die( time() ); 679 } 614 680 $r = wp_untrash_comment( $comment ); 615 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash681 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) { // undo trash, not in trash 616 682 $delta = 1; 617 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 618 if ( 'spam' == $status ) 683 } 684 } elseif ( isset( $_POST['spam'] ) && 1 == $_POST['spam'] ) { 685 if ( 'spam' == $status ) { 619 686 wp_die( time() ); 687 } 620 688 $r = wp_spam_comment( $comment ); 621 } elseif ( isset( $_POST['unspam']) && 1 == $_POST['unspam'] ) {622 if ( 'spam' != $status ) 689 } elseif ( isset( $_POST['unspam'] ) && 1 == $_POST['unspam'] ) { 690 if ( 'spam' != $status ) { 623 691 wp_die( time() ); 692 } 624 693 $r = wp_unspam_comment( $comment ); 625 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam694 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) { // undo spam, not in spam 626 695 $delta = 1; 627 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 696 } 697 } elseif ( isset( $_POST['delete'] ) && 1 == $_POST['delete'] ) { 628 698 $r = wp_delete_comment( $comment ); 629 699 } else { … … 631 701 } 632 702 633 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts703 if ( $r ) { // Decide if we need to send back '1' or a more complicated response including page links and comment counts 634 704 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); 705 } 635 706 wp_die( 0 ); 636 707 } … … 649 720 } 650 721 651 $taxonomy = ! empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';652 $tag = get_term( $tag_id, $taxonomy );653 if ( ! $tag || is_wp_error( $tag ) )722 $taxonomy = ! empty( $_POST['taxonomy'] ) ? $_POST['taxonomy'] : 'post_tag'; 723 $tag = get_term( $tag_id, $taxonomy ); 724 if ( ! $tag || is_wp_error( $tag ) ) { 654 725 wp_die( 1 ); 655 656 if ( wp_delete_term($tag_id, $taxonomy)) 726 } 727 728 if ( wp_delete_term( $tag_id, $taxonomy ) ) { 657 729 wp_die( 1 ); 658 else730 } else { 659 731 wp_die( 0 ); 732 } 660 733 } 661 734 … … 669 742 670 743 check_ajax_referer( "delete-bookmark_$id" ); 671 if ( ! current_user_can( 'manage_links' ) )744 if ( ! current_user_can( 'manage_links' ) ) { 672 745 wp_die( -1 ); 746 } 673 747 674 748 $link = get_bookmark( $id ); 675 if ( ! $link || is_wp_error( $link ) )749 if ( ! $link || is_wp_error( $link ) ) { 676 750 wp_die( 1 ); 677 678 if ( wp_delete_link( $id ) ) 751 } 752 753 if ( wp_delete_link( $id ) ) { 679 754 wp_die( 1 ); 680 else755 } else { 681 756 wp_die( 0 ); 757 } 682 758 } 683 759 … … 691 767 692 768 check_ajax_referer( "delete-meta_$id" ); 693 if ( ! $meta = get_metadata_by_mid( 'post', $id ) )769 if ( ! $meta = get_metadata_by_mid( 'post', $id ) ) { 694 770 wp_die( 1 ); 695 696 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) 771 } 772 773 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) { 697 774 wp_die( -1 ); 698 if ( delete_meta( $meta->meta_id ) ) 775 } 776 if ( delete_meta( $meta->meta_id ) ) { 699 777 wp_die( 1 ); 778 } 700 779 wp_die( 0 ); 701 780 } … … 709 788 */ 710 789 function wp_ajax_delete_post( $action ) { 711 if ( empty( $action ) ) 790 if ( empty( $action ) ) { 712 791 $action = 'delete-post'; 792 } 713 793 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 714 794 715 795 check_ajax_referer( "{$action}_$id" ); 716 if ( ! current_user_can( 'delete_post', $id ) )796 if ( ! current_user_can( 'delete_post', $id ) ) { 717 797 wp_die( -1 ); 718 719 if ( !get_post( $id ) ) 798 } 799 800 if ( ! get_post( $id ) ) { 720 801 wp_die( 1 ); 721 722 if ( wp_delete_post( $id ) ) 802 } 803 804 if ( wp_delete_post( $id ) ) { 723 805 wp_die( 1 ); 724 else806 } else { 725 807 wp_die( 0 ); 808 } 726 809 } 727 810 … … 734 817 */ 735 818 function wp_ajax_trash_post( $action ) { 736 if ( empty( $action ) ) 819 if ( empty( $action ) ) { 737 820 $action = 'trash-post'; 821 } 738 822 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 739 823 740 824 check_ajax_referer( "{$action}_$id" ); 741 if ( ! current_user_can( 'delete_post', $id ) )825 if ( ! current_user_can( 'delete_post', $id ) ) { 742 826 wp_die( -1 ); 743 744 if ( !get_post( $id ) ) 827 } 828 829 if ( ! get_post( $id ) ) { 745 830 wp_die( 1 ); 746 747 if ( 'trash-post' == $action ) 831 } 832 833 if ( 'trash-post' == $action ) { 748 834 $done = wp_trash_post( $id ); 749 else835 } else { 750 836 $done = wp_untrash_post( $id ); 751 752 if ( $done ) 837 } 838 839 if ( $done ) { 753 840 wp_die( 1 ); 841 } 754 842 755 843 wp_die( 0 ); … … 764 852 */ 765 853 function wp_ajax_untrash_post( $action ) { 766 if ( empty( $action ) ) 854 if ( empty( $action ) ) { 767 855 $action = 'untrash-post'; 856 } 768 857 wp_ajax_trash_post( $action ); 769 858 } … … 775 864 */ 776 865 function wp_ajax_delete_page( $action ) { 777 if ( empty( $action ) ) 866 if ( empty( $action ) ) { 778 867 $action = 'delete-page'; 868 } 779 869 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 780 870 781 871 check_ajax_referer( "{$action}_$id" ); 782 if ( ! current_user_can( 'delete_page', $id ) )872 if ( ! current_user_can( 'delete_page', $id ) ) { 783 873 wp_die( -1 ); 784 785 if ( ! get_post( $id ) ) 874 } 875 876 if ( ! get_post( $id ) ) { 786 877 wp_die( 1 ); 787 788 if ( wp_delete_post( $id ) ) 878 } 879 880 if ( wp_delete_post( $id ) ) { 789 881 wp_die( 1 ); 790 else882 } else { 791 883 wp_die( 0 ); 884 } 792 885 } 793 886 … … 800 893 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 801 894 802 if ( !$comment = get_comment( $id ) ) { 803 $x = new WP_Ajax_Response( array( 804 'what' => 'comment', 805 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 806 ) ); 895 if ( ! $comment = get_comment( $id ) ) { 896 $x = new WP_Ajax_Response( 897 array( 898 'what' => 'comment', 899 'id' => new WP_Error( 'invalid_comment', sprintf( __( 'Comment %d does not exist' ), $id ) ), 900 ) 901 ); 807 902 $x->send(); 808 903 } 809 904 810 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) 905 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) { 811 906 wp_die( -1 ); 907 } 812 908 813 909 $current = wp_get_comment_status( $comment ); 814 if ( isset( $_POST['new'] ) && $_POST['new'] == $current ) 910 if ( isset( $_POST['new'] ) && $_POST['new'] == $current ) { 815 911 wp_die( time() ); 912 } 816 913 817 914 check_ajax_referer( "approve-comment_$id" ); … … 822 919 } 823 920 824 if ( is_wp_error($result) ) { 825 $x = new WP_Ajax_Response( array( 826 'what' => 'comment', 827 'id' => $result 828 ) ); 921 if ( is_wp_error( $result ) ) { 922 $x = new WP_Ajax_Response( 923 array( 924 'what' => 'comment', 925 'id' => $result, 926 ) 927 ); 829 928 $x->send(); 830 929 } … … 843 942 */ 844 943 function wp_ajax_add_link_category( $action ) { 845 if ( empty( $action ) ) 944 if ( empty( $action ) ) { 846 945 $action = 'add-link-category'; 946 } 847 947 check_ajax_referer( $action ); 848 948 $tax = get_taxonomy( 'link_category' ); … … 850 950 wp_die( -1 ); 851 951 } 852 $names = explode( ',', wp_unslash( $_POST['newcat'] ) );853 $x = new WP_Ajax_Response();952 $names = explode( ',', wp_unslash( $_POST['newcat'] ) ); 953 $x = new WP_Ajax_Response(); 854 954 foreach ( $names as $cat_name ) { 855 $cat_name = trim( $cat_name);856 $slug = sanitize_title($cat_name);857 if ( '' === $slug ) 955 $cat_name = trim( $cat_name ); 956 $slug = sanitize_title( $cat_name ); 957 if ( '' === $slug ) { 858 958 continue; 959 } 859 960 860 961 $cat_id = wp_insert_term( $cat_name, 'link_category' ); … … 865 966 } 866 967 $cat_name = esc_html( $cat_name ); 867 $x->add( array( 868 'what' => 'link-category', 869 'id' => $cat_id, 870 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 871 'position' => -1 872 ) ); 968 $x->add( 969 array( 970 'what' => 'link-category', 971 'id' => $cat_id, 972 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr( $cat_id ) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 973 'position' => -1, 974 ) 975 ); 873 976 } 874 977 $x->send(); … … 882 985 function wp_ajax_add_tag() { 883 986 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 884 $taxonomy = ! empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';885 $tax = get_taxonomy($taxonomy);886 887 if ( ! current_user_can( $tax->cap->edit_terms ) )987 $taxonomy = ! empty( $_POST['taxonomy'] ) ? $_POST['taxonomy'] : 'post_tag'; 988 $tax = get_taxonomy( $taxonomy ); 989 990 if ( ! current_user_can( $tax->cap->edit_terms ) ) { 888 991 wp_die( -1 ); 992 } 889 993 890 994 $x = new WP_Ajax_Response(); 891 995 892 $tag = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST );893 894 if ( ! $tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {895 $message = __( 'An error has occurred. Please reload the page and try again.');896 if ( is_wp_error( $tag) && $tag->get_error_message() )996 $tag = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); 997 998 if ( ! $tag || is_wp_error( $tag ) || ( ! $tag = get_term( $tag['term_id'], $taxonomy ) ) ) { 999 $message = __( 'An error has occurred. Please reload the page and try again.' ); 1000 if ( is_wp_error( $tag ) && $tag->get_error_message() ) { 897 1001 $message = $tag->get_error_message(); 898 899 $x->add( array( 900 'what' => 'taxonomy', 901 'data' => new WP_Error('error', $message ) 902 ) ); 1002 } 1003 1004 $x->add( 1005 array( 1006 'what' => 'taxonomy', 1007 'data' => new WP_Error( 'error', $message ), 1008 ) 1009 ); 903 1010 $x->send(); 904 1011 } … … 907 1014 908 1015 $level = 0; 909 if ( is_taxonomy_hierarchical( $taxonomy) ) {1016 if ( is_taxonomy_hierarchical( $taxonomy ) ) { 910 1017 $level = count( get_ancestors( $tag->term_id, $taxonomy, 'taxonomy' ) ); 911 1018 ob_start(); … … 918 1025 $parents = ob_get_clean(); 919 1026 920 $x->add( array( 921 'what' => 'taxonomy', 922 'supplemental' => compact('parents', 'noparents') 923 ) ); 924 $x->add( array( 925 'what' => 'term', 926 'position' => $level, 927 'supplemental' => (array) $tag 928 ) ); 1027 $x->add( 1028 array( 1029 'what' => 'taxonomy', 1030 'supplemental' => compact( 'parents', 'noparents' ), 1031 ) 1032 ); 1033 $x->add( 1034 array( 1035 'what' => 'term', 1036 'position' => $level, 1037 'supplemental' => (array) $tag, 1038 ) 1039 ); 929 1040 $x->send(); 930 1041 } … … 941 1052 942 1053 $taxonomy = sanitize_key( $_POST['tax'] ); 943 $tax = get_taxonomy( $taxonomy );1054 $tax = get_taxonomy( $taxonomy ); 944 1055 if ( ! $tax ) { 945 1056 wp_die( 0 ); … … 950 1061 } 951 1062 952 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 953 954 if ( empty( $tags ) ) 1063 $tags = get_terms( 1064 $taxonomy, array( 1065 'number' => 45, 1066 'orderby' => 'count', 1067 'order' => 'DESC', 1068 ) 1069 ); 1070 1071 if ( empty( $tags ) ) { 955 1072 wp_die( $tax->labels->not_found ); 956 957 if ( is_wp_error( $tags ) ) 1073 } 1074 1075 if ( is_wp_error( $tags ) ) { 958 1076 wp_die( $tags->get_error_message() ); 1077 } 959 1078 960 1079 foreach ( $tags as $key => $tag ) { 961 1080 $tags[ $key ]->link = '#'; 962 $tags[ $key ]->id = $tag->term_id;1081 $tags[ $key ]->id = $tag->term_id; 963 1082 } 964 1083 965 1084 // We need raw tag names here, so don't filter the output 966 $return = wp_generate_tag_cloud( $tags, array( 'filter' => 0, 'format' => 'list' ) ); 967 968 if ( empty($return) ) 1085 $return = wp_generate_tag_cloud( 1086 $tags, array( 1087 'filter' => 0, 1088 'format' => 'list', 1089 ) 1090 ); 1091 1092 if ( empty( $return ) ) { 969 1093 wp_die( 0 ); 1094 } 970 1095 971 1096 echo $return; … … 1016 1141 ob_start(); 1017 1142 foreach ( $wp_list_table->items as $comment ) { 1018 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && 0 === $comment->comment_approved ) 1143 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && 0 === $comment->comment_approved ) { 1019 1144 continue; 1145 } 1020 1146 get_comment( $comment ); 1021 1147 $wp_list_table->single_row( $comment ); … … 1023 1149 $comment_list_item = ob_get_clean(); 1024 1150 1025 $x->add( array( 1026 'what' => 'comments', 1027 'data' => $comment_list_item 1028 ) ); 1151 $x->add( 1152 array( 1153 'what' => 'comments', 1154 'data' => $comment_list_item, 1155 ) 1156 ); 1029 1157 $x->send(); 1030 1158 } … … 1038 1166 */ 1039 1167 function wp_ajax_replyto_comment( $action ) { 1040 if ( empty( $action ) ) 1168 if ( empty( $action ) ) { 1041 1169 $action = 'replyto-comment'; 1170 } 1042 1171 1043 1172 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 1044 1173 1045 1174 $comment_post_ID = (int) $_POST['comment_post_ID']; 1046 $post = get_post( $comment_post_ID );1047 if ( ! $post ) 1175 $post = get_post( $comment_post_ID ); 1176 if ( ! $post ) { 1048 1177 wp_die( -1 ); 1049 1050 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 1178 } 1179 1180 if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) { 1051 1181 wp_die( -1 ); 1052 1053 if ( empty( $post->post_status ) ) 1182 } 1183 1184 if ( empty( $post->post_status ) ) { 1054 1185 wp_die( 1 ); 1055 elseif ( in_array($post->post_status, array('draft', 'pending', 'trash') ) ) 1056 wp_die( __('ERROR: you are replying to a comment on a draft post.') ); 1186 } elseif ( in_array( $post->post_status, array( 'draft', 'pending', 'trash' ) ) ) { 1187 wp_die( __( 'ERROR: you are replying to a comment on a draft post.' ) ); 1188 } 1057 1189 1058 1190 $user = wp_get_current_user(); 1059 1191 if ( $user->exists() ) { 1060 $user_ID = $user->ID;1192 $user_ID = $user->ID; 1061 1193 $comment_author = wp_slash( $user->display_name ); 1062 1194 $comment_author_email = wp_slash( $user->user_email ); … … 1065 1197 $comment_type = isset( $_POST['comment_type'] ) ? trim( $_POST['comment_type'] ) : ''; 1066 1198 if ( current_user_can( 'unfiltered_html' ) ) { 1067 if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) ) 1199 if ( ! isset( $_POST['_wp_unfiltered_html_comment'] ) ) { 1068 1200 $_POST['_wp_unfiltered_html_comment'] = ''; 1201 } 1069 1202 1070 1203 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { … … 1077 1210 } 1078 1211 1079 if ( '' == $comment_content ) 1212 if ( '' == $comment_content ) { 1080 1213 wp_die( __( 'ERROR: please type a comment.' ) ); 1214 } 1081 1215 1082 1216 $comment_parent = 0; 1083 if ( isset( $_POST['comment_ID'] ) ) 1217 if ( isset( $_POST['comment_ID'] ) ) { 1084 1218 $comment_parent = absint( $_POST['comment_ID'] ); 1219 } 1085 1220 $comment_auto_approved = false; 1086 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');1221 $commentdata = compact( 'comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID' ); 1087 1222 1088 1223 // Automatically approve parent comment. 1089 if ( ! empty($_POST['approve_parent']) ) {1224 if ( ! empty( $_POST['approve_parent'] ) ) { 1090 1225 $parent = get_comment( $comment_parent ); 1091 1226 … … 1095 1230 } 1096 1231 1097 if ( wp_set_comment_status( $parent, 'approve' ) ) 1232 if ( wp_set_comment_status( $parent, 'approve' ) ) { 1098 1233 $comment_auto_approved = true; 1234 } 1099 1235 } 1100 1236 } … … 1106 1242 } 1107 1243 1108 $comment = get_comment($comment_id); 1109 if ( ! $comment ) wp_die( 1 ); 1110 1111 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 1244 $comment = get_comment( $comment_id ); 1245 if ( ! $comment ) { 1246 wp_die( 1 ); 1247 } 1248 1249 $position = ( isset( $_POST['position'] ) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 1112 1250 1113 1251 ob_start(); … … 1117 1255 } else { 1118 1256 if ( isset( $_REQUEST['mode'] ) && 'single' == $_REQUEST['mode'] ) { 1119 $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );1257 $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 1120 1258 } else { 1121 $wp_list_table = _get_list_table( 'WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );1259 $wp_list_table = _get_list_table( 'WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 1122 1260 } 1123 1261 $wp_list_table->single_row( $comment ); … … 1125 1263 $comment_list_item = ob_get_clean(); 1126 1264 1127 $response = 1128 'what' => 'comment',1129 'id' => $comment->comment_ID,1130 'data' => $comment_list_item,1131 'position' => $position 1265 $response = array( 1266 'what' => 'comment', 1267 'id' => $comment->comment_ID, 1268 'data' => $comment_list_item, 1269 'position' => $position, 1132 1270 ); 1133 1271 1134 $counts = wp_count_comments();1272 $counts = wp_count_comments(); 1135 1273 $response['supplemental'] = array( 1136 'in_moderation' => $counts->moderated,1137 'i18n_comments_text' => sprintf(1274 'in_moderation' => $counts->moderated, 1275 'i18n_comments_text' => sprintf( 1138 1276 _n( '%s Comment', '%s Comments', $counts->approved ), 1139 1277 number_format_i18n( $counts->approved ) … … 1142 1280 _nx( '%s in moderation', '%s in moderation', $counts->moderated, 'comments' ), 1143 1281 number_format_i18n( $counts->moderated ) 1144 ) 1282 ), 1145 1283 ); 1146 1284 1147 1285 if ( $comment_auto_approved ) { 1148 1286 $response['supplemental']['parent_approved'] = $parent->comment_ID; 1149 $response['supplemental']['parent_post_id'] = $parent->comment_post_ID;1287 $response['supplemental']['parent_post_id'] = $parent->comment_post_ID; 1150 1288 } 1151 1289 … … 1164 1302 1165 1303 $comment_id = (int) $_POST['comment_ID']; 1166 if ( ! current_user_can( 'edit_comment', $comment_id ) ) 1304 if ( ! current_user_can( 'edit_comment', $comment_id ) ) { 1167 1305 wp_die( -1 ); 1168 1169 if ( '' == $_POST['content'] ) 1306 } 1307 1308 if ( '' == $_POST['content'] ) { 1170 1309 wp_die( __( 'ERROR: please type a comment.' ) ); 1171 1172 if ( isset( $_POST['status'] ) ) 1310 } 1311 1312 if ( isset( $_POST['status'] ) ) { 1173 1313 $_POST['comment_status'] = $_POST['status']; 1314 } 1174 1315 edit_comment(); 1175 1316 1176 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';1177 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;1317 $position = ( isset( $_POST['position'] ) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 1318 $checkbox = ( isset( $_POST['checkbox'] ) && true == $_POST['checkbox'] ) ? 1 : 0; 1178 1319 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) ); 1179 1320 1180 1321 $comment = get_comment( $comment_id ); 1181 if ( empty( $comment->comment_ID ) ) 1322 if ( empty( $comment->comment_ID ) ) { 1182 1323 wp_die( -1 ); 1324 } 1183 1325 1184 1326 ob_start(); … … 1188 1330 $x = new WP_Ajax_Response(); 1189 1331 1190 $x->add( array( 1191 'what' => 'edit_comment', 1192 'id' => $comment->comment_ID, 1193 'data' => $comment_list_item, 1194 'position' => $position 1195 )); 1332 $x->add( 1333 array( 1334 'what' => 'edit_comment', 1335 'id' => $comment->comment_ID, 1336 'data' => $comment_list_item, 1337 'position' => $position, 1338 ) 1339 ); 1196 1340 1197 1341 $x->send(); … … 1206 1350 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1207 1351 1208 if ( ! current_user_can( 'edit_theme_options' ) ) 1352 if ( ! current_user_can( 'edit_theme_options' ) ) { 1209 1353 wp_die( -1 ); 1354 } 1210 1355 1211 1356 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; … … 1221 1366 ! empty( $menu_item_data['menu-item-object-id'] ) 1222 1367 ) { 1223 switch ( $menu_item_data['menu-item-type'] ) {1224 case 'post_type' 1368 switch ( $menu_item_data['menu-item-type'] ) { 1369 case 'post_type': 1225 1370 $_object = get_post( $menu_item_data['menu-item-object-id'] ); 1226 break;1227 1228 case 'post_type_archive' 1371 break; 1372 1373 case 'post_type_archive': 1229 1374 $_object = get_post_type_object( $menu_item_data['menu-item-object'] ); 1230 break;1231 1232 case 'taxonomy' 1375 break; 1376 1377 case 'taxonomy': 1233 1378 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] ); 1234 break;1379 break; 1235 1380 } 1236 1381 1237 1382 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) ); 1238 $_menu_item = reset( $_menu_items );1383 $_menu_item = reset( $_menu_items ); 1239 1384 1240 1385 // Restore the missing menu item properties … … 1246 1391 1247 1392 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); 1248 if ( is_wp_error( $item_ids ) ) 1393 if ( is_wp_error( $item_ids ) ) { 1249 1394 wp_die( 0 ); 1395 } 1250 1396 1251 1397 $menu_items = array(); … … 1254 1400 $menu_obj = get_post( $menu_item_id ); 1255 1401 if ( ! empty( $menu_obj->ID ) ) { 1256 $menu_obj = wp_setup_nav_menu_item( $menu_obj );1402 $menu_obj = wp_setup_nav_menu_item( $menu_obj ); 1257 1403 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items 1258 $menu_items[] = $menu_obj;1404 $menu_items[] = $menu_obj; 1259 1405 } 1260 1406 } … … 1263 1409 $walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] ); 1264 1410 1265 if ( ! class_exists( $walker_class_name ) ) 1411 if ( ! class_exists( $walker_class_name ) ) { 1266 1412 wp_die( 0 ); 1413 } 1267 1414 1268 1415 if ( ! empty( $menu_items ) ) { 1269 1416 $args = array( 1270 'after' => '',1271 'before' => '',1272 'link_after' => '',1417 'after' => '', 1418 'before' => '', 1419 'link_after' => '', 1273 1420 'link_before' => '', 1274 'walker' => new $walker_class_name,1421 'walker' => new $walker_class_name, 1275 1422 ); 1276 1423 echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); … … 1286 1433 function wp_ajax_add_meta() { 1287 1434 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 1288 $c = 0;1289 $pid = (int) $_POST['post_id'];1435 $c = 0; 1436 $pid = (int) $_POST['post_id']; 1290 1437 $post = get_post( $pid ); 1291 1438 1292 if ( isset( $_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {1293 if ( ! current_user_can( 'edit_post', $pid ) )1439 if ( isset( $_POST['metakeyselect'] ) || isset( $_POST['metakeyinput'] ) ) { 1440 if ( ! current_user_can( 'edit_post', $pid ) ) { 1294 1441 wp_die( -1 ); 1295 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 1442 } 1443 if ( isset( $_POST['metakeyselect'] ) && '#NONE#' == $_POST['metakeyselect'] && empty( $_POST['metakeyinput'] ) ) { 1296 1444 wp_die( 1 ); 1445 } 1297 1446 1298 1447 // If the post is an autodraft, save the post as a draft and then attempt to save the meta. 1299 1448 if ( $post->post_status == 'auto-draft' ) { 1300 $post_data = array();1301 $post_data['action'] = 'draft'; // Warning fix1302 $post_data['post_ID'] = $pid;1303 $post_data['post_type'] = $post->post_type;1449 $post_data = array(); 1450 $post_data['action'] = 'draft'; // Warning fix 1451 $post_data['post_ID'] = $pid; 1452 $post_data['post_type'] = $post->post_type; 1304 1453 $post_data['post_status'] = 'draft'; 1305 $now = current_time('timestamp', 1);1454 $now = current_time( 'timestamp', 1 ); 1306 1455 /* translators: 1: Post creation date, 2: Post creation time */ 1307 1456 $post_data['post_title'] = sprintf( __( 'Draft created on %1$s at %2$s' ), date( __( 'F j, Y' ), $now ), date( __( 'g:i a' ), $now ) ); … … 1310 1459 if ( $pid ) { 1311 1460 if ( is_wp_error( $pid ) ) { 1312 $x = new WP_Ajax_Response( array( 1313 'what' => 'meta', 1314 'data' => $pid 1315 ) ); 1461 $x = new WP_Ajax_Response( 1462 array( 1463 'what' => 'meta', 1464 'data' => $pid, 1465 ) 1466 ); 1316 1467 $x->send(); 1317 1468 } 1318 1469 1319 if ( ! $mid = add_meta( $pid ) )1470 if ( ! $mid = add_meta( $pid ) ) { 1320 1471 wp_die( __( 'Please provide a custom field value.' ) ); 1472 } 1321 1473 } else { 1322 1474 wp_die( 0 ); … … 1327 1479 1328 1480 $meta = get_metadata_by_mid( 'post', $mid ); 1329 $pid = (int) $meta->post_id;1481 $pid = (int) $meta->post_id; 1330 1482 $meta = get_object_vars( $meta ); 1331 $x = new WP_Ajax_Response( array( 1332 'what' => 'meta', 1333 'id' => $mid, 1334 'data' => _list_meta_row( $meta, $c ), 1335 'position' => 1, 1336 'supplemental' => array('postid' => $pid) 1337 ) ); 1483 $x = new WP_Ajax_Response( 1484 array( 1485 'what' => 'meta', 1486 'id' => $mid, 1487 'data' => _list_meta_row( $meta, $c ), 1488 'position' => 1, 1489 'supplemental' => array( 'postid' => $pid ), 1490 ) 1491 ); 1338 1492 } else { // Update? 1339 $mid = (int) key( $_POST['meta'] );1340 $key = wp_unslash( $_POST['meta'][$mid]['key'] );1341 $value = wp_unslash( $_POST['meta'][ $mid]['value'] );1342 if ( '' == trim( $key) )1493 $mid = (int) key( $_POST['meta'] ); 1494 $key = wp_unslash( $_POST['meta'][ $mid ]['key'] ); 1495 $value = wp_unslash( $_POST['meta'][ $mid ]['value'] ); 1496 if ( '' == trim( $key ) ) { 1343 1497 wp_die( __( 'Please provide a custom field name.' ) ); 1344 if ( '' == trim($value) ) 1498 } 1499 if ( '' == trim( $value ) ) { 1345 1500 wp_die( __( 'Please provide a custom field value.' ) ); 1346 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) 1501 } 1502 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) { 1347 1503 wp_die( 0 ); // if meta doesn't exist 1504 } 1348 1505 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 1349 1506 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 1350 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) 1507 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) { 1351 1508 wp_die( -1 ); 1509 } 1352 1510 if ( $meta->meta_value != $value || $meta->meta_key != $key ) { 1353 if ( ! $u = update_metadata_by_mid( 'post', $mid, $value, $key ) )1511 if ( ! $u = update_metadata_by_mid( 'post', $mid, $value, $key ) ) { 1354 1512 wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 1355 } 1356 1357 $x = new WP_Ajax_Response( array( 1358 'what' => 'meta', 1359 'id' => $mid, 'old_id' => $mid, 1360 'data' => _list_meta_row( array( 1361 'meta_key' => $key, 1362 'meta_value' => $value, 1363 'meta_id' => $mid 1364 ), $c ), 1365 'position' => 0, 1366 'supplemental' => array('postid' => $meta->post_id) 1367 ) ); 1513 } 1514 } 1515 1516 $x = new WP_Ajax_Response( 1517 array( 1518 'what' => 'meta', 1519 'id' => $mid, 1520 'old_id' => $mid, 1521 'data' => _list_meta_row( 1522 array( 1523 'meta_key' => $key, 1524 'meta_value' => $value, 1525 'meta_id' => $mid, 1526 ), $c 1527 ), 1528 'position' => 0, 1529 'supplemental' => array( 'postid' => $meta->post_id ), 1530 ) 1531 ); 1368 1532 } 1369 1533 $x->send(); … … 1383 1547 1384 1548 check_ajax_referer( $action ); 1385 if ( ! current_user_can( 'create_users') )1549 if ( ! current_user_can( 'create_users' ) ) { 1386 1550 wp_die( -1 ); 1551 } 1387 1552 if ( ! $user_id = edit_user() ) { 1388 1553 wp_die( 0 ); 1389 1554 } elseif ( is_wp_error( $user_id ) ) { 1390 $x = new WP_Ajax_Response( array( 1391 'what' => 'user', 1392 'id' => $user_id 1393 ) ); 1555 $x = new WP_Ajax_Response( 1556 array( 1557 'what' => 'user', 1558 'id' => $user_id, 1559 ) 1560 ); 1394 1561 $x->send(); 1395 1562 } 1396 1563 $user_object = get_userdata( $user_id ); 1397 1564 1398 $wp_list_table = _get_list_table( 'WP_Users_List_Table');1565 $wp_list_table = _get_list_table( 'WP_Users_List_Table' ); 1399 1566 1400 1567 $role = current( $user_object->roles ); 1401 1568 1402 $x = new WP_Ajax_Response( array( 1403 'what' => 'user', 1404 'id' => $user_id, 1405 'data' => $wp_list_table->single_row( $user_object, '', $role ), 1406 'supplemental' => array( 1407 'show-link' => sprintf( 1408 /* translators: %s: the new user */ 1409 __( 'User %s added' ), 1410 '<a href="#user-' . $user_id . '">' . $user_object->user_login . '</a>' 1569 $x = new WP_Ajax_Response( 1570 array( 1571 'what' => 'user', 1572 'id' => $user_id, 1573 'data' => $wp_list_table->single_row( $user_object, '', $role ), 1574 'supplemental' => array( 1575 'show-link' => sprintf( 1576 /* translators: %s: the new user */ 1577 __( 'User %s added' ), 1578 '<a href="#user-' . $user_id . '">' . $user_object->user_login . '</a>' 1579 ), 1580 'role' => $role, 1411 1581 ), 1412 'role' => $role,1413 1582 ) 1414 ) );1583 ); 1415 1584 $x->send(); 1416 1585 } … … 1423 1592 function wp_ajax_closed_postboxes() { 1424 1593 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1425 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed'] ) : array();1426 $closed = array_filter( $closed);1427 1428 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden'] ) : array();1429 $hidden = array_filter( $hidden);1594 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed'] ) : array(); 1595 $closed = array_filter( $closed ); 1596 1597 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden'] ) : array(); 1598 $hidden = array_filter( $hidden ); 1430 1599 1431 1600 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1432 1601 1433 if ( $page != sanitize_key( $page ) ) 1602 if ( $page != sanitize_key( $page ) ) { 1434 1603 wp_die( 0 ); 1435 1436 if ( ! $user = wp_get_current_user() ) 1604 } 1605 1606 if ( ! $user = wp_get_current_user() ) { 1437 1607 wp_die( -1 ); 1438 1439 if ( is_array($closed) ) 1440 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); 1441 1442 if ( is_array($hidden) ) { 1443 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1444 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1608 } 1609 1610 if ( is_array( $closed ) ) { 1611 update_user_option( $user->ID, "closedpostboxes_$page", $closed, true ); 1612 } 1613 1614 if ( is_array( $hidden ) ) { 1615 $hidden = array_diff( $hidden, array( 'submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu' ) ); // postboxes that are always shown 1616 update_user_option( $user->ID, "metaboxhidden_$page", $hidden, true ); 1445 1617 } 1446 1618 … … 1457 1629 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1458 1630 1459 if ( $page != sanitize_key( $page ) ) 1631 if ( $page != sanitize_key( $page ) ) { 1460 1632 wp_die( 0 ); 1461 1462 if ( ! $user = wp_get_current_user() ) 1633 } 1634 1635 if ( ! $user = wp_get_current_user() ) { 1463 1636 wp_die( -1 ); 1637 } 1464 1638 1465 1639 $hidden = ! empty( $_POST['hidden'] ) ? explode( ',', $_POST['hidden'] ) : array(); … … 1477 1651 check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' ); 1478 1652 1479 if ( ! current_user_can( 'edit_theme_options' ) ) 1653 if ( ! current_user_can( 'edit_theme_options' ) ) { 1480 1654 wp_die( -1 ); 1655 } 1481 1656 1482 1657 update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 ); … … 1491 1666 */ 1492 1667 function wp_ajax_menu_get_metabox() { 1493 if ( ! current_user_can( 'edit_theme_options' ) ) 1668 if ( ! current_user_can( 'edit_theme_options' ) ) { 1494 1669 wp_die( -1 ); 1670 } 1495 1671 1496 1672 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1497 1673 1498 1674 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) { 1499 $type = 'posttype';1675 $type = 'posttype'; 1500 1676 $callback = 'wp_nav_menu_item_post_type_meta_box'; 1501 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );1677 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); 1502 1678 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) { 1503 $type = 'taxonomy';1679 $type = 'taxonomy'; 1504 1680 $callback = 'wp_nav_menu_item_taxonomy_meta_box'; 1505 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );1506 } 1507 1508 if ( ! empty( $_POST['item-object'] ) && isset( $items[ $_POST['item-object']] ) ) {1681 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); 1682 } 1683 1684 if ( ! empty( $_POST['item-object'] ) && isset( $items[ $_POST['item-object'] ] ) ) { 1509 1685 $menus_meta_box_object = $items[ $_POST['item-object'] ]; 1510 1686 … … 1512 1688 $item = apply_filters( 'nav_menu_meta_box_object', $menus_meta_box_object ); 1513 1689 ob_start(); 1514 call_user_func_array($callback, array( 1515 null, 1690 call_user_func_array( 1691 $callback, array( 1692 null, 1693 array( 1694 'id' => 'add-' . $item->name, 1695 'title' => $item->labels->name, 1696 'callback' => $callback, 1697 'args' => $item, 1698 ), 1699 ) 1700 ); 1701 1702 $markup = ob_get_clean(); 1703 1704 echo wp_json_encode( 1516 1705 array( 1517 'id' => 'add-' . $item->name, 1518 'title' => $item->labels->name, 1519 'callback' => $callback, 1520 'args' => $item, 1706 'replace-id' => $type . '-' . $item->name, 1707 'markup' => $markup, 1521 1708 ) 1522 )); 1523 1524 $markup = ob_get_clean(); 1525 1526 echo wp_json_encode(array( 1527 'replace-id' => $type . '-' . $item->name, 1528 'markup' => $markup, 1529 )); 1709 ); 1530 1710 } 1531 1711 … … 1559 1739 $results = _WP_Editors::wp_link_query( $args ); 1560 1740 1561 if ( ! isset( $results ) ) 1741 if ( ! isset( $results ) ) { 1562 1742 wp_die( 0 ); 1743 } 1563 1744 1564 1745 echo wp_json_encode( $results ); … … 1574 1755 */ 1575 1756 function wp_ajax_menu_locations_save() { 1576 if ( ! current_user_can( 'edit_theme_options' ) ) 1757 if ( ! current_user_can( 'edit_theme_options' ) ) { 1577 1758 wp_die( -1 ); 1759 } 1578 1760 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1579 if ( ! isset( $_POST['menu-locations'] ) ) 1761 if ( ! isset( $_POST['menu-locations'] ) ) { 1580 1762 wp_die( 0 ); 1763 } 1581 1764 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1582 1765 wp_die( 1 ); … … 1590 1773 function wp_ajax_meta_box_order() { 1591 1774 check_ajax_referer( 'meta-box-order' ); 1592 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;1775 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1593 1776 $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto'; 1594 1777 1595 if ( $page_columns != 'auto' ) 1778 if ( $page_columns != 'auto' ) { 1596 1779 $page_columns = (int) $page_columns; 1780 } 1597 1781 1598 1782 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1599 1783 1600 if ( $page != sanitize_key( $page ) ) 1784 if ( $page != sanitize_key( $page ) ) { 1601 1785 wp_die( 0 ); 1602 1603 if ( ! $user = wp_get_current_user() ) 1786 } 1787 1788 if ( ! $user = wp_get_current_user() ) { 1604 1789 wp_die( -1 ); 1605 1606 if ( $order ) 1607 update_user_option($user->ID, "meta-box-order_$page", $order, true); 1608 1609 if ( $page_columns ) 1610 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1790 } 1791 1792 if ( $order ) { 1793 update_user_option( $user->ID, "meta-box-order_$page", $order, true ); 1794 } 1795 1796 if ( $page_columns ) { 1797 update_user_option( $user->ID, "screen_layout_$page", $page_columns, true ); 1798 } 1611 1799 1612 1800 wp_die( 1 ); … … 1619 1807 */ 1620 1808 function wp_ajax_menu_quick_search() { 1621 if ( ! current_user_can( 'edit_theme_options' ) ) 1809 if ( ! current_user_can( 'edit_theme_options' ) ) { 1622 1810 wp_die( -1 ); 1811 } 1623 1812 1624 1813 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; … … 1636 1825 function wp_ajax_get_permalink() { 1637 1826 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1638 $post_id = isset( $_POST['post_id'])? intval($_POST['post_id']) : 0;1827 $post_id = isset( $_POST['post_id'] ) ? intval( $_POST['post_id'] ) : 0; 1639 1828 wp_die( get_preview_post_link( $post_id ) ); 1640 1829 } … … 1647 1836 function wp_ajax_sample_permalink() { 1648 1837 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1649 $post_id = isset( $_POST['post_id'])? intval($_POST['post_id']) : 0;1650 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';1651 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;1838 $post_id = isset( $_POST['post_id'] ) ? intval( $_POST['post_id'] ) : 0; 1839 $title = isset( $_POST['new_title'] ) ? $_POST['new_title'] : ''; 1840 $slug = isset( $_POST['new_slug'] ) ? $_POST['new_slug'] : null; 1652 1841 wp_die( get_sample_permalink_html( $post_id, $title, $slug ) ); 1653 1842 } … … 1665 1854 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1666 1855 1667 if ( ! isset( $_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )1856 if ( ! isset( $_POST['post_ID'] ) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) { 1668 1857 wp_die(); 1858 } 1669 1859 1670 1860 if ( 'page' == $_POST['post_type'] ) { 1671 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1861 if ( ! current_user_can( 'edit_page', $post_ID ) ) { 1672 1862 wp_die( __( 'Sorry, you are not allowed to edit this page.' ) ); 1863 } 1673 1864 } else { 1674 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1865 if ( ! current_user_can( 'edit_post', $post_ID ) ) { 1675 1866 wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); 1867 } 1676 1868 } 1677 1869 1678 1870 if ( $last = wp_check_post_lock( $post_ID ) ) { 1679 $last_user = get_userdata( $last );1871 $last_user = get_userdata( $last ); 1680 1872 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1681 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), 1873 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1682 1874 wp_die(); 1683 1875 } … … 1688 1880 1689 1881 // Since it's coming from the database. 1690 $post = wp_slash( $post);1882 $post = wp_slash( $post ); 1691 1883 1692 1884 $data['content'] = $post['post_content']; … … 1696 1888 $data['user_ID'] = get_current_user_id(); 1697 1889 1698 if ( isset( $data['post_parent']) )1890 if ( isset( $data['post_parent'] ) ) { 1699 1891 $data['parent_id'] = $data['post_parent']; 1892 } 1700 1893 1701 1894 // Status. … … 1707 1900 } 1708 1901 1709 if ( empty( $data['comment_status']) )1902 if ( empty( $data['comment_status'] ) ) { 1710 1903 $data['comment_status'] = 'closed'; 1711 if ( empty($data['ping_status']) ) 1904 } 1905 if ( empty( $data['ping_status'] ) ) { 1712 1906 $data['ping_status'] = 'closed'; 1907 } 1713 1908 1714 1909 // Exclude terms from taxonomies that are not supposed to appear in Quick Edit. … … 1726 1921 if ( ! empty( $data['post_name'] ) && in_array( $post['post_status'], array( 'draft', 'pending' ) ) ) { 1727 1922 $post['post_status'] = 'publish'; 1728 $data['post_name'] = wp_unique_post_slug( $data['post_name'], $post['ID'], $post['post_status'], $post['post_type'], $post['post_parent'] );1923 $data['post_name'] = wp_unique_post_slug( $data['post_name'], $post['ID'], $post['post_status'], $post['post_type'], $post['post_parent'] ); 1729 1924 } 1730 1925 … … 1762 1957 1763 1958 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1764 $tax = get_taxonomy( $taxonomy );1765 if ( ! $tax ) 1959 $tax = get_taxonomy( $taxonomy ); 1960 if ( ! $tax ) { 1766 1961 wp_die( 0 ); 1962 } 1767 1963 1768 1964 if ( ! isset( $_POST['tax_ID'] ) || ! ( $id = (int) $_POST['tax_ID'] ) ) { … … 1776 1972 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); 1777 1973 1778 $tag = get_term( $id, $taxonomy );1974 $tag = get_term( $id, $taxonomy ); 1779 1975 $_POST['description'] = $tag->description; 1780 1976 1781 $updated = wp_update_term( $id, $taxonomy, $_POST);1782 if ( $updated && ! is_wp_error($updated) ) {1977 $updated = wp_update_term( $id, $taxonomy, $_POST ); 1978 if ( $updated && ! is_wp_error( $updated ) ) { 1783 1979 $tag = get_term( $updated['term_id'], $taxonomy ); 1784 if ( ! $tag || is_wp_error( $tag ) ) {1785 if ( is_wp_error( $tag) && $tag->get_error_message() )1980 if ( ! $tag || is_wp_error( $tag ) ) { 1981 if ( is_wp_error( $tag ) && $tag->get_error_message() ) { 1786 1982 wp_die( $tag->get_error_message() ); 1983 } 1787 1984 wp_die( __( 'Item not updated.' ) ); 1788 1985 } 1789 1986 } else { 1790 if ( is_wp_error( $updated) && $updated->get_error_message() )1987 if ( is_wp_error( $updated ) && $updated->get_error_message() ) { 1791 1988 wp_die( $updated->get_error_message() ); 1989 } 1792 1990 wp_die( __( 'Item not updated.' ) ); 1793 1991 } 1794 $level = 0;1992 $level = 0; 1795 1993 $parent = $tag->parent; 1796 1994 while ( $parent > 0 ) { 1797 1995 $parent_tag = get_term( $parent, $taxonomy ); 1798 $parent = $parent_tag->parent;1996 $parent = $parent_tag->parent; 1799 1997 $level++; 1800 1998 } … … 1816 2014 unset( $post_types['attachment'] ); 1817 2015 1818 $s = wp_unslash( $_POST['ps'] );2016 $s = wp_unslash( $_POST['ps'] ); 1819 2017 $args = array( 1820 'post_type' => array_keys( $post_types ),1821 'post_status' => 'any',2018 'post_type' => array_keys( $post_types ), 2019 'post_status' => 'any', 1822 2020 'posts_per_page' => 50, 1823 2021 ); 1824 if ( '' !== $s ) 2022 if ( '' !== $s ) { 1825 2023 $args['s'] = $s; 2024 } 1826 2025 1827 2026 $posts = get_posts( $args ); … … 1831 2030 } 1832 2031 1833 $html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>' .__('Title').'</th><th class="no-break">'.__('Type').'</th><th class="no-break">'.__('Date').'</th><th class="no-break">'.__('Status').'</th></tr></thead><tbody>';1834 $alt = '';2032 $html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>' . __( 'Title' ) . '</th><th class="no-break">' . __( 'Type' ) . '</th><th class="no-break">' . __( 'Date' ) . '</th><th class="no-break">' . __( 'Status' ) . '</th></tr></thead><tbody>'; 2033 $alt = ''; 1835 2034 foreach ( $posts as $post ) { 1836 2035 $title = trim( $post->post_title ) ? $post->post_title : __( '(no title)' ); 1837 $alt = ( 'alternate' == $alt ) ? '' : 'alternate';2036 $alt = ( 'alternate' == $alt ) ? '' : 'alternate'; 1838 2037 1839 2038 switch ( $post->post_status ) { 1840 case 'publish' 1841 case 'private' 1842 $stat = __( 'Published');2039 case 'publish': 2040 case 'private': 2041 $stat = __( 'Published' ); 1843 2042 break; 1844 case 'future' 1845 $stat = __( 'Scheduled');2043 case 'future': 2044 $stat = __( 'Scheduled' ); 1846 2045 break; 1847 case 'pending' 1848 $stat = __( 'Pending Review');2046 case 'pending': 2047 $stat = __( 'Pending Review' ); 1849 2048 break; 1850 case 'draft' 1851 $stat = __( 'Draft');2049 case 'draft': 2050 $stat = __( 'Draft' ); 1852 2051 break; 1853 2052 } … … 1857 2056 } else { 1858 2057 /* translators: date format in table columns, see https://secure.php.net/date */ 1859 $time = mysql2date( __('Y/m/d'), $post->post_date);1860 } 1861 1862 $html .= '<tr class="' . trim( 'found-posts ' . $alt ) . '"><td class="found-radio"><input type="radio" id="found-' .$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';1863 $html .= '<td><label for="found-' .$post->ID.'">' . esc_html( $title ) . '</label></td><td class="no-break">' . esc_html( $post_types[$post->post_type]->labels->singular_name ) . '</td><td class="no-break">'.esc_html( $time ) . '</td><td class="no-break">' . esc_html( $stat ). ' </td></tr>' . "\n\n";2058 $time = mysql2date( __( 'Y/m/d' ), $post->post_date ); 2059 } 2060 2061 $html .= '<tr class="' . trim( 'found-posts ' . $alt ) . '"><td class="found-radio"><input type="radio" id="found-' . $post->ID . '" name="found_post_id" value="' . esc_attr( $post->ID ) . '"></td>'; 2062 $html .= '<td><label for="found-' . $post->ID . '">' . esc_html( $title ) . '</label></td><td class="no-break">' . esc_html( $post_types[ $post->post_type ]->labels->singular_name ) . '</td><td class="no-break">' . esc_html( $time ) . '</td><td class="no-break">' . esc_html( $stat ) . ' </td></tr>' . "\n\n"; 1864 2063 } 1865 2064 … … 1877 2076 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1878 2077 1879 if ( ! current_user_can('edit_theme_options') )2078 if ( ! current_user_can( 'edit_theme_options' ) ) { 1880 2079 wp_die( -1 ); 2080 } 1881 2081 1882 2082 unset( $_POST['savewidgets'], $_POST['action'] ); 1883 2083 1884 2084 // Save widgets order for all sidebars. 1885 if ( is_array( $_POST['sidebars']) ) {2085 if ( is_array( $_POST['sidebars'] ) ) { 1886 2086 $sidebars = array(); 1887 2087 foreach ( wp_unslash( $_POST['sidebars'] ) as $key => $val ) { 1888 2088 $sb = array(); 1889 if ( ! empty($val) ) {1890 $val = explode( ',', $val);2089 if ( ! empty( $val ) ) { 2090 $val = explode( ',', $val ); 1891 2091 foreach ( $val as $k => $v ) { 1892 if ( strpos( $v, 'widget-') === false )2092 if ( strpos( $v, 'widget-' ) === false ) { 1893 2093 continue; 1894 1895 $sb[$k] = substr($v, strpos($v, '_') + 1); 2094 } 2095 2096 $sb[ $k ] = substr( $v, strpos( $v, '_' ) + 1 ); 1896 2097 } 1897 2098 } 1898 $sidebars[ $key] = $sb;1899 } 1900 wp_set_sidebars_widgets( $sidebars);2099 $sidebars[ $key ] = $sb; 2100 } 2101 wp_set_sidebars_widgets( $sidebars ); 1901 2102 wp_die( 1 ); 1902 2103 } … … 1919 2120 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1920 2121 1921 if ( ! current_user_can('edit_theme_options') || !isset($_POST['id_base']) )2122 if ( ! current_user_can( 'edit_theme_options' ) || ! isset( $_POST['id_base'] ) ) { 1922 2123 wp_die( -1 ); 2124 } 1923 2125 1924 2126 unset( $_POST['savewidgets'], $_POST['action'] ); … … 1941 2143 do_action( 'sidebar_admin_setup' ); 1942 2144 1943 $id_base = wp_unslash( $_POST['id_base'] );1944 $widget_id = wp_unslash( $_POST['widget-id'] );1945 $sidebar_id = $_POST['sidebar'];1946 $multi_number = ! empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;1947 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;1948 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>';2145 $id_base = wp_unslash( $_POST['id_base'] ); 2146 $widget_id = wp_unslash( $_POST['widget-id'] ); 2147 $sidebar_id = $_POST['sidebar']; 2148 $multi_number = ! empty( $_POST['multi_number'] ) ? (int) $_POST['multi_number'] : 0; 2149 $settings = isset( $_POST[ 'widget-' . $id_base ] ) && is_array( $_POST[ 'widget-' . $id_base ] ) ? $_POST[ 'widget-' . $id_base ] : false; 2150 $error = '<p>' . __( 'An error has occurred. Please reload the page and try again.' ) . '</p>'; 1949 2151 1950 2152 $sidebars = wp_get_sidebars_widgets(); 1951 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();2153 $sidebar = isset( $sidebars[ $sidebar_id ] ) ? $sidebars[ $sidebar_id ] : array(); 1952 2154 1953 2155 // Delete. 1954 if ( isset( $_POST['delete_widget']) && $_POST['delete_widget'] ) {1955 1956 if ( ! isset($wp_registered_widgets[$widget_id]) )2156 if ( isset( $_POST['delete_widget'] ) && $_POST['delete_widget'] ) { 2157 2158 if ( ! isset( $wp_registered_widgets[ $widget_id ] ) ) { 1957 2159 wp_die( $error ); 1958 1959 $sidebar = array_diff( $sidebar, array($widget_id) ); 1960 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 2160 } 2161 2162 $sidebar = array_diff( $sidebar, array( $widget_id ) ); 2163 $_POST = array( 2164 'sidebar' => $sidebar_id, 2165 'widget-' . $id_base => array(), 2166 'the-widget-id' => $widget_id, 2167 'delete_widget' => '1', 2168 ); 1961 2169 1962 2170 /** This action is documented in wp-admin/widgets.php */ 1963 2171 do_action( 'delete_widget', $widget_id, $sidebar_id, $id_base ); 1964 2172 1965 } elseif ( $settings && preg_match( '/__i__|%i%/', key( $settings) ) ) {1966 if ( ! $multi_number )2173 } elseif ( $settings && preg_match( '/__i__|%i%/', key( $settings ) ) ) { 2174 if ( ! $multi_number ) { 1967 2175 wp_die( $error ); 2176 } 1968 2177 1969 2178 $_POST[ 'widget-' . $id_base ] = array( $multi_number => reset( $settings ) ); 1970 $widget_id = $id_base . '-' . $multi_number;1971 $sidebar[] = $widget_id;2179 $widget_id = $id_base . '-' . $multi_number; 2180 $sidebar[] = $widget_id; 1972 2181 } 1973 2182 $_POST['widget-id'] = $sidebar; … … 1976 2185 1977 2186 if ( $name == $id_base ) { 1978 if ( ! is_callable( $control['callback'] ) )2187 if ( ! is_callable( $control['callback'] ) ) { 1979 2188 continue; 2189 } 1980 2190 1981 2191 ob_start(); … … 1986 2196 } 1987 2197 1988 if ( isset( $_POST['delete_widget']) && $_POST['delete_widget'] ) {1989 $sidebars[ $sidebar_id] = $sidebar;1990 wp_set_sidebars_widgets( $sidebars);2198 if ( isset( $_POST['delete_widget'] ) && $_POST['delete_widget'] ) { 2199 $sidebars[ $sidebar_id ] = $sidebar; 2200 wp_set_sidebars_widgets( $sidebars ); 1991 2201 echo "deleted:$widget_id"; 1992 2202 wp_die(); 1993 2203 } 1994 2204 1995 if ( ! empty($_POST['add_new']) )2205 if ( ! empty( $_POST['add_new'] ) ) { 1996 2206 wp_die(); 1997 1998 if ( $form = $wp_registered_widget_controls[$widget_id] ) 2207 } 2208 2209 if ( $form = $wp_registered_widget_controls[ $widget_id ] ) { 1999 2210 call_user_func_array( $form['callback'], $form['params'] ); 2211 } 2000 2212 2001 2213 wp_die(); … … 2037 2249 2038 2250 foreach ( $sidebars_widgets['wp_inactive_widgets'] as $key => $widget_id ) { 2039 $pieces = explode( '-', $widget_id );2251 $pieces = explode( '-', $widget_id ); 2040 2252 $multi_number = array_pop( $pieces ); 2041 $id_base = implode( '-', $pieces );2042 $widget = get_option( 'widget_' . $id_base );2043 unset( $widget[ $multi_number] );2253 $id_base = implode( '-', $pieces ); 2254 $widget = get_option( 'widget_' . $id_base ); 2255 unset( $widget[ $multi_number ] ); 2044 2256 update_option( 'widget_' . $id_base, $widget ); 2045 unset( $sidebars_widgets['wp_inactive_widgets'][ $key] );2257 unset( $sidebars_widgets['wp_inactive_widgets'][ $key ] ); 2046 2258 } 2047 2259 … … 2065 2277 2066 2278 if ( ! current_user_can( 'upload_files' ) ) { 2067 echo wp_json_encode( array( 2068 'success' => false, 2069 'data' => array( 2070 'message' => __( 'Sorry, you are not allowed to upload files.' ), 2071 'filename' => $_FILES['async-upload']['name'], 2279 echo wp_json_encode( 2280 array( 2281 'success' => false, 2282 'data' => array( 2283 'message' => __( 'Sorry, you are not allowed to upload files.' ), 2284 'filename' => $_FILES['async-upload']['name'], 2285 ), 2072 2286 ) 2073 ) );2287 ); 2074 2288 2075 2289 wp_die(); … … 2079 2293 $post_id = $_REQUEST['post_id']; 2080 2294 if ( ! current_user_can( 'edit_post', $post_id ) ) { 2081 echo wp_json_encode( array( 2082 'success' => false, 2083 'data' => array( 2084 'message' => __( 'Sorry, you are not allowed to attach files to this post.' ), 2085 'filename' => $_FILES['async-upload']['name'], 2295 echo wp_json_encode( 2296 array( 2297 'success' => false, 2298 'data' => array( 2299 'message' => __( 'Sorry, you are not allowed to attach files to this post.' ), 2300 'filename' => $_FILES['async-upload']['name'], 2301 ), 2086 2302 ) 2087 ) );2303 ); 2088 2304 2089 2305 wp_die(); … … 2099 2315 $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'] ); 2100 2316 if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) { 2101 echo wp_json_encode( array( 2317 echo wp_json_encode( 2318 array( 2319 'success' => false, 2320 'data' => array( 2321 'message' => __( 'The uploaded file is not a valid image. Please try again.' ), 2322 'filename' => $_FILES['async-upload']['name'], 2323 ), 2324 ) 2325 ); 2326 2327 wp_die(); 2328 } 2329 } 2330 2331 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); 2332 2333 if ( is_wp_error( $attachment_id ) ) { 2334 echo wp_json_encode( 2335 array( 2102 2336 'success' => false, 2103 2337 'data' => array( 2104 'message' => __( 'The uploaded file is not a valid image. Please try again.'),2338 'message' => $attachment_id->get_error_message(), 2105 2339 'filename' => $_FILES['async-upload']['name'], 2106 ) 2107 ) ); 2108 2109 wp_die(); 2110 } 2111 } 2112 2113 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); 2114 2115 if ( is_wp_error( $attachment_id ) ) { 2116 echo wp_json_encode( array( 2117 'success' => false, 2118 'data' => array( 2119 'message' => $attachment_id->get_error_message(), 2120 'filename' => $_FILES['async-upload']['name'], 2340 ), 2121 2341 ) 2122 ) );2342 ); 2123 2343 2124 2344 wp_die(); … … 2126 2346 2127 2347 if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) { 2128 if ( 'custom-background' === $post_data['context'] ) 2348 if ( 'custom-background' === $post_data['context'] ) { 2129 2349 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] ); 2130 2131 if ( 'custom-header' === $post_data['context'] ) 2350 } 2351 2352 if ( 'custom-header' === $post_data['context'] ) { 2132 2353 update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] ); 2133 } 2134 2135 if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) 2354 } 2355 } 2356 2357 if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) ) { 2136 2358 wp_die(); 2137 2138 echo wp_json_encode( array( 2139 'success' => true, 2140 'data' => $attachment, 2141 ) ); 2359 } 2360 2361 echo wp_json_encode( 2362 array( 2363 'success' => true, 2364 'data' => $attachment, 2365 ) 2366 ); 2142 2367 2143 2368 wp_die(); … … 2150 2375 */ 2151 2376 function wp_ajax_image_editor() { 2152 $attachment_id = intval( $_POST['postid']);2153 if ( empty( $attachment_id) || !current_user_can('edit_post', $attachment_id) )2377 $attachment_id = intval( $_POST['postid'] ); 2378 if ( empty( $attachment_id ) || ! current_user_can( 'edit_post', $attachment_id ) ) { 2154 2379 wp_die( -1 ); 2380 } 2155 2381 2156 2382 check_ajax_referer( "image_editor-$attachment_id" ); … … 2159 2385 $msg = false; 2160 2386 switch ( $_POST['do'] ) { 2161 case 'save' 2162 $msg = wp_save_image( $attachment_id);2163 $msg = wp_json_encode( $msg);2387 case 'save': 2388 $msg = wp_save_image( $attachment_id ); 2389 $msg = wp_json_encode( $msg ); 2164 2390 wp_die( $msg ); 2165 2391 break; 2166 case 'scale' 2167 $msg = wp_save_image( $attachment_id);2392 case 'scale': 2393 $msg = wp_save_image( $attachment_id ); 2168 2394 break; 2169 case 'restore' 2170 $msg = wp_restore_image( $attachment_id);2395 case 'restore': 2396 $msg = wp_restore_image( $attachment_id ); 2171 2397 break; 2172 2398 } 2173 2399 2174 wp_image_editor( $attachment_id, $msg);2400 wp_image_editor( $attachment_id, $msg ); 2175 2401 wp_die(); 2176 2402 } … … 2185 2411 2186 2412 $post_ID = intval( $_POST['post_id'] ); 2187 if ( ! current_user_can( 'edit_post', $post_ID ) ) 2413 if ( ! current_user_can( 'edit_post', $post_ID ) ) { 2188 2414 wp_die( -1 ); 2415 } 2189 2416 2190 2417 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 2191 2418 2192 if ( $json ) 2419 if ( $json ) { 2193 2420 check_ajax_referer( "update-post_$post_ID" ); 2194 else2421 } else { 2195 2422 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 2423 } 2196 2424 2197 2425 if ( $thumbnail_id == '-1' ) { … … 2317 2545 $post = null; 2318 2546 2319 if ( $post_id ) 2547 if ( $post_id ) { 2320 2548 $post = get_post( $post_id ); 2321 2322 check_ajax_referer('update-post_' . $post_id, '_wpnonce'); 2549 } 2550 2551 check_ajax_referer( 'update-post_' . $post_id, '_wpnonce' ); 2323 2552 2324 2553 $post_id = edit_post(); … … 2337 2566 2338 2567 if ( $last_id = get_post_meta( $post_id, '_edit_last', true ) ) { 2339 $last_user = get_userdata( $last_id );2340 $last_edited = sprintf( __( 'Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time );2568 $last_user = get_userdata( $last_id ); 2569 $last_edited = sprintf( __( 'Last edited by %1$s on %2$s at %3$s' ), esc_html( $last_user->display_name ), $last_date, $last_time ); 2341 2570 } else { 2342 $last_edited = sprintf( __( 'Last edited on %1$s at %2$s'), $last_date, $last_time );2571 $last_edited = sprintf( __( 'Last edited on %1$s at %2$s' ), $last_date, $last_time ); 2343 2572 } 2344 2573 … … 2352 2581 */ 2353 2582 function wp_ajax_wp_remove_post_lock() { 2354 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) 2583 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) { 2355 2584 wp_die( 0 ); 2585 } 2356 2586 $post_id = (int) $_POST['post_ID']; 2357 if ( ! $post = get_post( $post_id ) ) 2587 if ( ! $post = get_post( $post_id ) ) { 2358 2588 wp_die( 0 ); 2589 } 2359 2590 2360 2591 check_ajax_referer( 'update-post_' . $post_id ); 2361 2592 2362 if ( ! current_user_can( 'edit_post', $post_id ) ) 2593 if ( ! current_user_can( 'edit_post', $post_id ) ) { 2363 2594 wp_die( -1 ); 2595 } 2364 2596 2365 2597 $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) ); 2366 if ( $active_lock[1] != get_current_user_id() ) 2598 if ( $active_lock[1] != get_current_user_id() ) { 2367 2599 wp_die( 0 ); 2600 } 2368 2601 2369 2602 /** … … 2387 2620 function wp_ajax_dismiss_wp_pointer() { 2388 2621 $pointer = $_POST['pointer']; 2389 if ( $pointer != sanitize_key( $pointer ) ) 2622 if ( $pointer != sanitize_key( $pointer ) ) { 2390 2623 wp_die( 0 ); 2391 2392 // check_ajax_referer( 'dismiss-pointer_' . $pointer ); 2624 } 2625 2626 // check_ajax_referer( 'dismiss-pointer_' . $pointer ); 2393 2627 2394 2628 $dismissed = array_filter( explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) ) ); 2395 2629 2396 if ( in_array( $pointer, $dismissed ) ) 2630 if ( in_array( $pointer, $dismissed ) ) { 2397 2631 wp_die( 0 ); 2632 } 2398 2633 2399 2634 $dismissed[] = $pointer; 2400 $dismissed = implode( ',', $dismissed );2635 $dismissed = implode( ',', $dismissed ); 2401 2636 2402 2637 update_user_meta( get_current_user_id(), 'dismissed_wp_pointers', $dismissed ); … … 2410 2645 */ 2411 2646 function wp_ajax_get_attachment() { 2412 if ( ! isset( $_REQUEST['id'] ) ) 2647 if ( ! isset( $_REQUEST['id'] ) ) { 2413 2648 wp_send_json_error(); 2414 2415 if ( ! $id = absint( $_REQUEST['id'] ) ) 2649 } 2650 2651 if ( ! $id = absint( $_REQUEST['id'] ) ) { 2416 2652 wp_send_json_error(); 2417 2418 if ( ! $post = get_post( $id ) ) 2653 } 2654 2655 if ( ! $post = get_post( $id ) ) { 2419 2656 wp_send_json_error(); 2420 2421 if ( 'attachment' != $post->post_type ) 2657 } 2658 2659 if ( 'attachment' != $post->post_type ) { 2422 2660 wp_send_json_error(); 2423 2424 if ( ! current_user_can( 'upload_files' ) ) 2661 } 2662 2663 if ( ! current_user_can( 'upload_files' ) ) { 2425 2664 wp_send_json_error(); 2426 2427 if ( ! $attachment = wp_prepare_attachment_for_js( $id ) ) 2665 } 2666 2667 if ( ! $attachment = wp_prepare_attachment_for_js( $id ) ) { 2428 2668 wp_send_json_error(); 2669 } 2429 2670 2430 2671 wp_send_json_success( $attachment ); … … 2437 2678 */ 2438 2679 function wp_ajax_query_attachments() { 2439 if ( ! current_user_can( 'upload_files' ) ) 2680 if ( ! current_user_can( 'upload_files' ) ) { 2440 2681 wp_send_json_error(); 2682 } 2441 2683 2442 2684 $query = isset( $_REQUEST['query'] ) ? (array) $_REQUEST['query'] : array(); 2443 $keys = array( 2444 's', 'order', 'orderby', 'posts_per_page', 'paged', 'post_mime_type', 2445 'post_parent', 'post__in', 'post__not_in', 'year', 'monthnum' 2685 $keys = array( 2686 's', 2687 'order', 2688 'orderby', 2689 'posts_per_page', 2690 'paged', 2691 'post_mime_type', 2692 'post_parent', 2693 'post__in', 2694 'post__not_in', 2695 'year', 2696 'monthnum', 2446 2697 ); 2447 2698 foreach ( get_taxonomies_for_attachments( 'objects' ) as $t ) { … … 2451 2702 } 2452 2703 2453 $query = array_intersect_key( $query, array_flip( $keys ) );2704 $query = array_intersect_key( $query, array_flip( $keys ) ); 2454 2705 $query['post_type'] = 'attachment'; 2455 2706 if ( MEDIA_TRASH … … 2461 2712 } 2462 2713 2463 if ( current_user_can( get_post_type_object( 'attachment' )->cap->read_private_posts ) ) 2714 if ( current_user_can( get_post_type_object( 'attachment' )->cap->read_private_posts ) ) { 2464 2715 $query['post_status'] .= ',private'; 2716 } 2465 2717 2466 2718 // Filter query clauses to include filenames. … … 2494 2746 */ 2495 2747 function wp_ajax_save_attachment() { 2496 if ( ! isset( $_REQUEST['id'] ) || ! isset( $_REQUEST['changes'] ) ) 2748 if ( ! isset( $_REQUEST['id'] ) || ! isset( $_REQUEST['changes'] ) ) { 2497 2749 wp_send_json_error(); 2498 2499 if ( ! $id = absint( $_REQUEST['id'] ) ) 2750 } 2751 2752 if ( ! $id = absint( $_REQUEST['id'] ) ) { 2500 2753 wp_send_json_error(); 2754 } 2501 2755 2502 2756 check_ajax_referer( 'update-post_' . $id, 'nonce' ); 2503 2757 2504 if ( ! current_user_can( 'edit_post', $id ) ) 2758 if ( ! current_user_can( 'edit_post', $id ) ) { 2505 2759 wp_send_json_error(); 2760 } 2506 2761 2507 2762 $changes = $_REQUEST['changes']; 2508 2763 $post = get_post( $id, ARRAY_A ); 2509 2764 2510 if ( 'attachment' != $post['post_type'] ) 2765 if ( 'attachment' != $post['post_type'] ) { 2511 2766 wp_send_json_error(); 2512 2513 if ( isset( $changes['parent'] ) ) 2767 } 2768 2769 if ( isset( $changes['parent'] ) ) { 2514 2770 $post['post_parent'] = $changes['parent']; 2515 2516 if ( isset( $changes['title'] ) ) 2771 } 2772 2773 if ( isset( $changes['title'] ) ) { 2517 2774 $post['post_title'] = $changes['title']; 2518 2519 if ( isset( $changes['caption'] ) ) 2775 } 2776 2777 if ( isset( $changes['caption'] ) ) { 2520 2778 $post['post_excerpt'] = $changes['caption']; 2521 2522 if ( isset( $changes['description'] ) ) 2779 } 2780 2781 if ( isset( $changes['description'] ) ) { 2523 2782 $post['post_content'] = $changes['description']; 2524 2525 if ( MEDIA_TRASH && isset( $changes['status'] ) ) 2783 } 2784 2785 if ( MEDIA_TRASH && isset( $changes['status'] ) ) { 2526 2786 $post['post_status'] = $changes['status']; 2787 } 2527 2788 2528 2789 if ( isset( $changes['alt'] ) ) { … … 2543 2804 foreach ( wp_get_attachment_id3_keys( (object) $post, 'edit' ) as $key => $label ) { 2544 2805 if ( isset( $changes[ $key ] ) ) { 2545 $changed = true;2806 $changed = true; 2546 2807 $id3data[ $key ] = sanitize_text_field( wp_unslash( $changes[ $key ] ) ); 2547 2808 } … … 2568 2829 */ 2569 2830 function wp_ajax_save_attachment_compat() { 2570 if ( ! isset( $_REQUEST['id'] ) ) 2831 if ( ! isset( $_REQUEST['id'] ) ) { 2571 2832 wp_send_json_error(); 2572 2573 if ( ! $id = absint( $_REQUEST['id'] ) ) 2833 } 2834 2835 if ( ! $id = absint( $_REQUEST['id'] ) ) { 2574 2836 wp_send_json_error(); 2575 2576 if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) ) 2837 } 2838 2839 if ( empty( $_REQUEST['attachments'] ) || empty( $_REQUEST['attachments'][ $id ] ) ) { 2577 2840 wp_send_json_error(); 2841 } 2578 2842 $attachment_data = $_REQUEST['attachments'][ $id ]; 2579 2843 2580 2844 check_ajax_referer( 'update-post_' . $id, 'nonce' ); 2581 2845 2582 if ( ! current_user_can( 'edit_post', $id ) ) 2846 if ( ! current_user_can( 'edit_post', $id ) ) { 2583 2847 wp_send_json_error(); 2848 } 2584 2849 2585 2850 $post = get_post( $id, ARRAY_A ); 2586 2851 2587 if ( 'attachment' != $post['post_type'] ) 2852 if ( 'attachment' != $post['post_type'] ) { 2588 2853 wp_send_json_error(); 2854 } 2589 2855 2590 2856 /** This filter is documented in wp-admin/includes/media.php */ … … 2599 2865 2600 2866 foreach ( get_attachment_taxonomies( $post ) as $taxonomy ) { 2601 if ( isset( $attachment_data[ $taxonomy ] ) ) 2867 if ( isset( $attachment_data[ $taxonomy ] ) ) { 2602 2868 wp_set_object_terms( $id, array_map( 'trim', preg_split( '/,+/', $attachment_data[ $taxonomy ] ) ), $taxonomy, false ); 2603 } 2604 2605 if ( ! $attachment = wp_prepare_attachment_for_js( $id ) ) 2869 } 2870 } 2871 2872 if ( ! $attachment = wp_prepare_attachment_for_js( $id ) ) { 2606 2873 wp_send_json_error(); 2874 } 2607 2875 2608 2876 wp_send_json_success( $attachment ); … … 2615 2883 */ 2616 2884 function wp_ajax_save_attachment_order() { 2617 if ( ! isset( $_REQUEST['post_id'] ) ) 2885 if ( ! isset( $_REQUEST['post_id'] ) ) { 2618 2886 wp_send_json_error(); 2619 2620 if ( ! $post_id = absint( $_REQUEST['post_id'] ) ) 2887 } 2888 2889 if ( ! $post_id = absint( $_REQUEST['post_id'] ) ) { 2621 2890 wp_send_json_error(); 2622 2623 if ( empty( $_REQUEST['attachments'] ) ) 2891 } 2892 2893 if ( empty( $_REQUEST['attachments'] ) ) { 2624 2894 wp_send_json_error(); 2895 } 2625 2896 2626 2897 check_ajax_referer( 'update-post_' . $post_id, 'nonce' ); … … 2628 2899 $attachments = $_REQUEST['attachments']; 2629 2900 2630 if ( ! current_user_can( 'edit_post', $post_id ) ) 2901 if ( ! current_user_can( 'edit_post', $post_id ) ) { 2631 2902 wp_send_json_error(); 2903 } 2632 2904 2633 2905 foreach ( $attachments as $attachment_id => $menu_order ) { 2634 if ( ! current_user_can( 'edit_post', $attachment_id ) ) 2906 if ( ! current_user_can( 'edit_post', $attachment_id ) ) { 2635 2907 continue; 2636 if ( ! $attachment = get_post( $attachment_id ) ) 2908 } 2909 if ( ! $attachment = get_post( $attachment_id ) ) { 2637 2910 continue; 2638 if ( 'attachment' != $attachment->post_type ) 2911 } 2912 if ( 'attachment' != $attachment->post_type ) { 2639 2913 continue; 2640 2641 wp_update_post( array( 'ID' => $attachment_id, 'menu_order' => $menu_order ) ); 2914 } 2915 2916 wp_update_post( 2917 array( 2918 'ID' => $attachment_id, 2919 'menu_order' => $menu_order, 2920 ) 2921 ); 2642 2922 } 2643 2923 … … 2661 2941 $id = intval( $attachment['id'] ); 2662 2942 2663 if ( ! $post = get_post( $id ) ) 2943 if ( ! $post = get_post( $id ) ) { 2664 2944 wp_send_json_error(); 2665 2666 if ( 'attachment' != $post->post_type ) 2945 } 2946 2947 if ( 'attachment' != $post->post_type ) { 2667 2948 wp_send_json_error(); 2949 } 2668 2950 2669 2951 if ( current_user_can( 'edit_post', $id ) ) { 2670 2952 // If this attachment is unattached, attach it. Primarily a back compat thing. 2671 2953 if ( 0 == $post->post_parent && $insert_into_post_id = intval( $_POST['post_id'] ) ) { 2672 wp_update_post( array( 'ID' => $id, 'post_parent' => $insert_into_post_id ) ); 2954 wp_update_post( 2955 array( 2956 'ID' => $id, 2957 'post_parent' => $insert_into_post_id, 2958 ) 2959 ); 2673 2960 } 2674 2961 } 2675 2962 2676 2963 $url = empty( $attachment['url'] ) ? '' : $attachment['url']; 2677 $rel = ( strpos( $url, 'attachment_id' ) || get_attachment_link( $id ) == $url );2964 $rel = ( strpos( $url, 'attachment_id' ) || get_attachment_link( $id ) == $url ); 2678 2965 2679 2966 remove_filter( 'media_send_to_editor', 'image_media_send_to_editor' ); … … 2681 2968 if ( 'image' === substr( $post->post_mime_type, 0, 5 ) ) { 2682 2969 $align = isset( $attachment['align'] ) ? $attachment['align'] : 'none'; 2683 $size = isset( $attachment['image-size'] ) ? $attachment['image-size'] : 'medium';2684 $alt = isset( $attachment['image_alt'] ) ? $attachment['image_alt'] : '';2970 $size = isset( $attachment['image-size'] ) ? $attachment['image-size'] : 'medium'; 2971 $alt = isset( $attachment['image_alt'] ) ? $attachment['image_alt'] : ''; 2685 2972 2686 2973 // No whitespace-only captions. … … 2691 2978 2692 2979 $title = ''; // We no longer insert title tags into <img> tags, as they are redundant. 2693 $html = get_image_send_to_editor( $id, $caption, $title, $align, $url, $rel, $size, $alt );2694 } elseif ( wp_attachment_is( 'video', $post ) || wp_attachment_is( 'audio', $post ) 2980 $html = get_image_send_to_editor( $id, $caption, $title, $align, $url, $rel, $size, $alt ); 2981 } elseif ( wp_attachment_is( 'video', $post ) || wp_attachment_is( 'audio', $post ) ) { 2695 2982 $html = stripslashes_deep( $_POST['html'] ); 2696 2983 } else { 2697 2984 $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : ''; 2698 $rel = $rel ? ' rel="attachment wp-att-' . $id . '"' : ''; // Hard-coded string, $id is already sanitized2985 $rel = $rel ? ' rel="attachment wp-att-' . $id . '"' : ''; // Hard-coded string, $id is already sanitized 2699 2986 2700 2987 if ( ! empty( $url ) ) { … … 2729 3016 check_ajax_referer( 'media-send-to-editor', 'nonce' ); 2730 3017 2731 if ( ! $src = wp_unslash( $_POST['src'] ) ) 3018 if ( ! $src = wp_unslash( $_POST['src'] ) ) { 2732 3019 wp_send_json_error(); 2733 2734 if ( ! strpos( $src, '://' ) ) 3020 } 3021 3022 if ( ! strpos( $src, '://' ) ) { 2735 3023 $src = 'http://' . $src; 2736 2737 if ( ! $src = esc_url_raw( $src ) ) 3024 } 3025 3026 if ( ! $src = esc_url_raw( $src ) ) { 2738 3027 wp_send_json_error(); 2739 2740 if ( ! $link_text = trim( wp_unslash( $_POST['link_text'] ) ) ) 3028 } 3029 3030 if ( ! $link_text = trim( wp_unslash( $_POST['link_text'] ) ) ) { 2741 3031 $link_text = wp_basename( $src ); 3032 } 2742 3033 2743 3034 $post = get_post( isset( $_POST['post_id'] ) ? $_POST['post_id'] : 0 ); 2744 3035 2745 3036 // Ping WordPress for an embed. 2746 $check_embed = $wp_embed->run_shortcode( '[embed]' . $src .'[/embed]' );3037 $check_embed = $wp_embed->run_shortcode( '[embed]' . $src . '[/embed]' ); 2747 3038 2748 3039 // Fallback that WordPress creates when no oEmbed was found. … … 2761 3052 $type = 'file'; 2762 3053 if ( ( $ext = preg_replace( '/^.+?\.([^.]+)$/', '$1', $src ) ) && ( $ext_type = wp_ext2type( $ext ) ) 2763 && ( 'audio' == $ext_type || 'video' == $ext_type ) ) 3054 && ( 'audio' == $ext_type || 'video' == $ext_type ) ) { 2764 3055 $type = $ext_type; 3056 } 2765 3057 2766 3058 /** This filter is documented in wp-admin/includes/media.php */ … … 2782 3074 } 2783 3075 2784 $response = $data = array();3076 $response = $data = array(); 2785 3077 $nonce_state = wp_verify_nonce( $_POST['_nonce'], 'heartbeat-nonce' ); 2786 3078 2787 3079 // screen_id is the same as $current_screen->id and the JS global 'pagenow'. 2788 3080 if ( ! empty( $_POST['screen_id'] ) ) { 2789 $screen_id = sanitize_key( $_POST['screen_id']);3081 $screen_id = sanitize_key( $_POST['screen_id'] ); 2790 3082 } else { 2791 3083 $screen_id = 'front'; … … 2855 3147 require ABSPATH . 'wp-admin/includes/revision.php'; 2856 3148 2857 if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) ) 3149 if ( ! $post = get_post( (int) $_REQUEST['post_id'] ) ) { 2858 3150 wp_send_json_error(); 2859 2860 if ( ! current_user_can( 'edit_post', $post->ID ) ) 3151 } 3152 3153 if ( ! current_user_can( 'edit_post', $post->ID ) ) { 2861 3154 wp_send_json_error(); 3155 } 2862 3156 2863 3157 // Really just pre-loading the cache here. 2864 if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) ) 3158 if ( ! $revisions = wp_get_post_revisions( $post->ID, array( 'check_enabled' => false ) ) ) { 2865 3159 wp_send_json_error(); 3160 } 2866 3161 2867 3162 $return = array(); … … 2872 3167 2873 3168 $return[] = array( 2874 'id' => $compare_key,3169 'id' => $compare_key, 2875 3170 'fields' => wp_get_revision_ui_diff( $post, $compare_from, $compare_to ), 2876 3171 ); … … 2901 3196 update_user_meta( get_current_user_id(), 'admin_color', $color_scheme ); 2902 3197 2903 wp_send_json_success( array( 2904 'previousScheme' => 'admin-color-' . $previous_color_scheme, 2905 'currentScheme' => 'admin-color-' . $color_scheme 2906 ) ); 3198 wp_send_json_success( 3199 array( 3200 'previousScheme' => 'admin-color-' . $previous_color_scheme, 3201 'currentScheme' => 'admin-color-' . $color_scheme, 3202 ) 3203 ); 2907 3204 } 2908 3205 … … 2922 3219 } 2923 3220 2924 $args = wp_parse_args( wp_unslash( $_REQUEST['request'] ), array( 2925 'per_page' => 20, 2926 'fields' => $theme_field_defaults 2927 ) ); 3221 $args = wp_parse_args( 3222 wp_unslash( $_REQUEST['request'] ), array( 3223 'per_page' => 20, 3224 'fields' => $theme_field_defaults, 3225 ) 3226 ); 2928 3227 2929 3228 if ( isset( $args['browse'] ) && 'favorites' === $args['browse'] && ! isset( $args['user'] ) ) { … … 2947 3246 $update_php = network_admin_url( 'update.php?action=install-theme' ); 2948 3247 foreach ( $api->themes as &$theme ) { 2949 $theme->install_url = add_query_arg( array( 2950 'theme' => $theme->slug, 2951 '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug ) 2952 ), $update_php ); 3248 $theme->install_url = add_query_arg( 3249 array( 3250 'theme' => $theme->slug, 3251 '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug ), 3252 ), $update_php 3253 ); 2953 3254 2954 3255 if ( current_user_can( 'switch_themes' ) ) { 2955 3256 if ( is_multisite() ) { 2956 $theme->activate_url = add_query_arg( array( 2957 'action' => 'enable', 2958 '_wpnonce' => wp_create_nonce( 'enable-theme_' . $theme->slug ), 2959 'theme' => $theme->slug, 2960 ), network_admin_url( 'themes.php' ) ); 3257 $theme->activate_url = add_query_arg( 3258 array( 3259 'action' => 'enable', 3260 '_wpnonce' => wp_create_nonce( 'enable-theme_' . $theme->slug ), 3261 'theme' => $theme->slug, 3262 ), network_admin_url( 'themes.php' ) 3263 ); 2961 3264 } else { 2962 $theme->activate_url = add_query_arg( array( 2963 'action' => 'activate', 2964 '_wpnonce' => wp_create_nonce( 'switch-theme_' . $theme->slug ), 2965 'stylesheet' => $theme->slug, 2966 ), admin_url( 'themes.php' ) ); 3265 $theme->activate_url = add_query_arg( 3266 array( 3267 'action' => 'activate', 3268 '_wpnonce' => wp_create_nonce( 'switch-theme_' . $theme->slug ), 3269 'stylesheet' => $theme->slug, 3270 ), admin_url( 'themes.php' ) 3271 ); 2967 3272 } 2968 3273 } 2969 3274 2970 3275 if ( ! is_multisite() && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { 2971 $theme->customize_url = add_query_arg( array( 2972 'return' => urlencode( network_admin_url( 'theme-install.php', 'relative' ) ), 2973 ), wp_customize_url( $theme->slug ) ); 3276 $theme->customize_url = add_query_arg( 3277 array( 3278 'return' => urlencode( network_admin_url( 'theme-install.php', 'relative' ) ), 3279 ), wp_customize_url( $theme->slug ) 3280 ); 2974 3281 } 2975 3282 … … 2978 3285 $theme->version = wp_kses( $theme->version, $themes_allowedtags ); 2979 3286 $theme->description = wp_kses( $theme->description, $themes_allowedtags ); 2980 $theme->stars = wp_star_rating( array( 'rating' => $theme->rating, 'type' => 'percent', 'number' => $theme->num_ratings, 'echo' => false ) ); 3287 $theme->stars = wp_star_rating( 3288 array( 3289 'rating' => $theme->rating, 3290 'type' => 'percent', 3291 'number' => $theme->num_ratings, 3292 'echo' => false, 3293 ) 3294 ); 2981 3295 $theme->num_ratings = number_format_i18n( $theme->num_ratings ); 2982 3296 $theme->preview_url = set_url_scheme( $theme->preview_url ); … … 3002 3316 wp_send_json_error(); 3003 3317 } 3004 $post_id = isset( $_POST[ 'post_ID' ] ) ? intval( $_POST[ 'post_ID'] ) : 0;3318 $post_id = isset( $_POST['post_ID'] ) ? intval( $_POST['post_ID'] ) : 0; 3005 3319 if ( $post_id > 0 ) { 3006 3320 $post = get_post( $post_id ); … … 3025 3339 } 3026 3340 3027 $parsed = false;3341 $parsed = false; 3028 3342 $wp_embed->return_false_on_fail = true; 3029 3343 … … 3041 3355 // Check if the provider supports ssl embeds and use that for the preview. 3042 3356 $ssl_shortcode = preg_replace( '%^(\\[embed[^\\]]*\\])http://%i', '$1https://', $shortcode ); 3043 $parsed = $wp_embed->run_shortcode( $ssl_shortcode );3357 $parsed = $wp_embed->run_shortcode( $ssl_shortcode ); 3044 3358 3045 3359 if ( ! $parsed ) { … … 3062 3376 3063 3377 if ( ! $parsed ) { 3064 wp_send_json_error( array( 3065 'type' => 'not-embeddable', 3066 'message' => sprintf( __( '%s failed to embed.' ), '<code>' . esc_html( $url ) . '</code>' ), 3067 ) ); 3378 wp_send_json_error( 3379 array( 3380 'type' => 'not-embeddable', 3381 'message' => sprintf( __( '%s failed to embed.' ), '<code>' . esc_html( $url ) . '</code>' ), 3382 ) 3383 ); 3068 3384 } 3069 3385 3070 3386 if ( has_shortcode( $parsed, 'audio' ) || has_shortcode( $parsed, 'video' ) ) { 3071 $styles = '';3387 $styles = ''; 3072 3388 $mce_styles = wpview_media_sandbox_styles(); 3073 3389 foreach ( $mce_styles as $style ) { … … 3091 3407 preg_match( '%<link [^>]*href="http://%', $parsed ) ) ) ) { 3092 3408 // Admin is ssl and the embed is not. Iframes, scripts, and other "active content" will be blocked. 3093 wp_send_json_error( array( 3094 'type' => 'not-ssl', 3095 'message' => __( 'This preview is unavailable in the editor.' ), 3096 ) ); 3409 wp_send_json_error( 3410 array( 3411 'type' => 'not-ssl', 3412 'message' => __( 'This preview is unavailable in the editor.' ), 3413 ) 3414 ); 3097 3415 } 3098 3416 3099 3417 $return = array( 3100 3418 'body' => $parsed, 3101 'attr' => $wp_embed->last_attr 3419 'attr' => $wp_embed->last_attr, 3102 3420 ); 3103 3421 … … 3109 3427 } 3110 3428 3111 $return['head'] = '<script src="' . $script_src . '"></script>';3429 $return['head'] = '<script src="' . $script_src . '"></script>'; 3112 3430 $return['sandbox'] = true; 3113 3431 } … … 3144 3462 } 3145 3463 3146 $parsed = do_shortcode( $shortcode 3464 $parsed = do_shortcode( $shortcode ); 3147 3465 3148 3466 if ( empty( $parsed ) ) { 3149 wp_send_json_error( array( 3150 'type' => 'no-items', 3151 'message' => __( 'No items found.' ), 3152 ) ); 3153 } 3154 3155 $head = ''; 3467 wp_send_json_error( 3468 array( 3469 'type' => 'no-items', 3470 'message' => __( 'No items found.' ), 3471 ) 3472 ); 3473 } 3474 3475 $head = ''; 3156 3476 $styles = wpview_media_sandbox_styles(); 3157 3477 … … 3176 3496 } 3177 3497 3178 wp_send_json_success( array( 3179 'head' => $head, 3180 'body' => ob_get_clean() 3181 ) ); 3498 wp_send_json_success( 3499 array( 3500 'head' => $head, 3501 'body' => ob_get_clean(), 3502 ) 3503 ); 3182 3504 } 3183 3505 … … 3198 3520 3199 3521 if ( ! $user ) { 3200 wp_send_json_error( array( 3201 'message' => __( 'Could not log out user sessions. Please try again.' ), 3202 ) ); 3522 wp_send_json_error( 3523 array( 3524 'message' => __( 'Could not log out user sessions. Please try again.' ), 3525 ) 3526 ); 3203 3527 } 3204 3528 … … 3269 3593 3270 3594 default: 3271 3272 3595 /** 3273 3596 * Fires before a cropped image is saved. … … 3301 3624 3302 3625 $attachment_id = wp_insert_attachment( $object, $cropped ); 3303 $metadata = wp_generate_attachment_metadata( $attachment_id, $cropped );3626 $metadata = wp_generate_attachment_metadata( $attachment_id, $cropped ); 3304 3627 3305 3628 /** … … 3372 3695 3373 3696 if ( empty( $_POST['slug'] ) ) { 3374 wp_send_json_error( array( 3375 'slug' => '', 3376 'errorCode' => 'no_theme_specified', 3377 'errorMessage' => __( 'No theme specified.' ), 3378 ) ); 3697 wp_send_json_error( 3698 array( 3699 'slug' => '', 3700 'errorCode' => 'no_theme_specified', 3701 'errorMessage' => __( 'No theme specified.' ), 3702 ) 3703 ); 3379 3704 } 3380 3705 … … 3394 3719 include_once( ABSPATH . 'wp-admin/includes/theme.php' ); 3395 3720 3396 $api = themes_api( 'theme_information', array( 3397 'slug' => $slug, 3398 'fields' => array( 'sections' => false ), 3399 ) ); 3721 $api = themes_api( 3722 'theme_information', array( 3723 'slug' => $slug, 3724 'fields' => array( 'sections' => false ), 3725 ) 3726 ); 3400 3727 3401 3728 if ( is_wp_error( $api ) ) { … … 3441 3768 if ( current_user_can( 'switch_themes' ) ) { 3442 3769 if ( is_multisite() ) { 3443 $status['activateUrl'] = add_query_arg( array( 3444 'action' => 'enable', 3445 '_wpnonce' => wp_create_nonce( 'enable-theme_' . $slug ), 3446 'theme' => $slug, 3447 ), network_admin_url( 'themes.php' ) ); 3770 $status['activateUrl'] = add_query_arg( 3771 array( 3772 'action' => 'enable', 3773 '_wpnonce' => wp_create_nonce( 'enable-theme_' . $slug ), 3774 'theme' => $slug, 3775 ), network_admin_url( 'themes.php' ) 3776 ); 3448 3777 } else { 3449 $status['activateUrl'] = add_query_arg( array( 3450 'action' => 'activate', 3451 '_wpnonce' => wp_create_nonce( 'switch-theme_' . $slug ), 3452 'stylesheet' => $slug, 3453 ), admin_url( 'themes.php' ) ); 3778 $status['activateUrl'] = add_query_arg( 3779 array( 3780 'action' => 'activate', 3781 '_wpnonce' => wp_create_nonce( 'switch-theme_' . $slug ), 3782 'stylesheet' => $slug, 3783 ), admin_url( 'themes.php' ) 3784 ); 3454 3785 } 3455 3786 } 3456 3787 3457 3788 if ( ! is_multisite() && current_user_can( 'edit_theme_options' ) && current_user_can( 'customize' ) ) { 3458 $status['customizeUrl'] = add_query_arg( array( 3459 'return' => urlencode( network_admin_url( 'theme-install.php', 'relative' ) ), 3460 ), wp_customize_url( $slug ) ); 3789 $status['customizeUrl'] = add_query_arg( 3790 array( 3791 'return' => urlencode( network_admin_url( 'theme-install.php', 'relative' ) ), 3792 ), wp_customize_url( $slug ) 3793 ); 3461 3794 } 3462 3795 … … 3481 3814 3482 3815 if ( empty( $_POST['slug'] ) ) { 3483 wp_send_json_error( array( 3484 'slug' => '', 3485 'errorCode' => 'no_theme_specified', 3486 'errorMessage' => __( 'No theme specified.' ), 3487 ) ); 3816 wp_send_json_error( 3817 array( 3818 'slug' => '', 3819 'errorCode' => 'no_theme_specified', 3820 'errorMessage' => __( 'No theme specified.' ), 3821 ) 3822 ); 3488 3823 } 3489 3824 … … 3574 3909 3575 3910 if ( empty( $_POST['slug'] ) ) { 3576 wp_send_json_error( array( 3577 'slug' => '', 3578 'errorCode' => 'no_theme_specified', 3579 'errorMessage' => __( 'No theme specified.' ), 3580 ) ); 3911 wp_send_json_error( 3912 array( 3913 'slug' => '', 3914 'errorCode' => 'no_theme_specified', 3915 'errorMessage' => __( 'No theme specified.' ), 3916 ) 3917 ); 3581 3918 } 3582 3919 … … 3644 3981 3645 3982 if ( empty( $_POST['slug'] ) ) { 3646 wp_send_json_error( array( 3647 'slug' => '', 3648 'errorCode' => 'no_plugin_specified', 3649 'errorMessage' => __( 'No plugin specified.' ), 3650 ) ); 3983 wp_send_json_error( 3984 array( 3985 'slug' => '', 3986 'errorCode' => 'no_plugin_specified', 3987 'errorMessage' => __( 'No plugin specified.' ), 3988 ) 3989 ); 3651 3990 } 3652 3991 … … 3664 4003 include_once( ABSPATH . 'wp-admin/includes/plugin-install.php' ); 3665 4004 3666 $api = plugins_api( 'plugin_information', array( 3667 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), 3668 'fields' => array( 3669 'sections' => false, 3670 ), 3671 ) ); 4005 $api = plugins_api( 4006 'plugin_information', array( 4007 'slug' => sanitize_key( wp_unslash( $_POST['slug'] ) ), 4008 'fields' => array( 4009 'sections' => false, 4010 ), 4011 ) 4012 ); 3672 4013 3673 4014 if ( is_wp_error( $api ) ) { … … 3712 4053 3713 4054 $install_status = install_plugin_install_status( $api ); 3714 $pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : '';4055 $pagenow = isset( $_POST['pagenow'] ) ? sanitize_key( $_POST['pagenow'] ) : ''; 3715 4056 3716 4057 // If installation request is coming from import page, do not return network activation link. … … 3718 4059 3719 4060 if ( current_user_can( 'activate_plugin', $install_status['file'] ) && is_plugin_inactive( $install_status['file'] ) ) { 3720 $status['activateUrl'] = add_query_arg( array( 3721 '_wpnonce' => wp_create_nonce( 'activate-plugin_' . $install_status['file'] ), 3722 'action' => 'activate', 3723 'plugin' => $install_status['file'], 3724 ), $plugins_url ); 4061 $status['activateUrl'] = add_query_arg( 4062 array( 4063 '_wpnonce' => wp_create_nonce( 'activate-plugin_' . $install_status['file'] ), 4064 'action' => 'activate', 4065 'plugin' => $install_status['file'], 4066 ), $plugins_url 4067 ); 3725 4068 } 3726 4069 … … 3745 4088 3746 4089 if ( empty( $_POST['plugin'] ) || empty( $_POST['slug'] ) ) { 3747 wp_send_json_error( array( 3748 'slug' => '', 3749 'errorCode' => 'no_plugin_specified', 3750 'errorMessage' => __( 'No plugin specified.' ), 3751 ) ); 4090 wp_send_json_error( 4091 array( 4092 'slug' => '', 4093 'errorCode' => 'no_plugin_specified', 4094 'errorMessage' => __( 'No plugin specified.' ), 4095 ) 4096 ); 3752 4097 } 3753 4098 … … 3850 4195 3851 4196 if ( empty( $_POST['slug'] ) || empty( $_POST['plugin'] ) ) { 3852 wp_send_json_error( array( 3853 'slug' => '', 3854 'errorCode' => 'no_plugin_specified', 3855 'errorMessage' => __( 'No plugin specified.' ), 3856 ) ); 4197 wp_send_json_error( 4198 array( 4199 'slug' => '', 4200 'errorCode' => 'no_plugin_specified', 4201 'errorMessage' => __( 'No plugin specified.' ), 4202 ) 4203 ); 3857 4204 } 3858 4205 … … 3926 4273 3927 4274 /** @var WP_Plugins_List_Table $wp_list_table */ 3928 $wp_list_table = _get_list_table( 'WP_Plugins_List_Table', array( 3929 'screen' => get_current_screen(), 3930 ) ); 4275 $wp_list_table = _get_list_table( 4276 'WP_Plugins_List_Table', array( 4277 'screen' => get_current_screen(), 4278 ) 4279 ); 3931 4280 3932 4281 $status = array(); … … 3938 4287 3939 4288 // Set the correct requester, so pagination works. 3940 $_SERVER['REQUEST_URI'] = add_query_arg( array_diff_key( $_POST, array( 3941 '_ajax_nonce' => null, 3942 'action' => null, 3943 ) ), network_admin_url( 'plugins.php', 'relative' ) ); 4289 $_SERVER['REQUEST_URI'] = add_query_arg( 4290 array_diff_key( 4291 $_POST, array( 4292 '_ajax_nonce' => null, 4293 'action' => null, 4294 ) 4295 ), network_admin_url( 'plugins.php', 'relative' ) 4296 ); 3944 4297 3945 4298 $GLOBALS['s'] = wp_unslash( $_POST['s'] ); … … 3969 4322 3970 4323 /** @var WP_Plugin_Install_List_Table $wp_list_table */ 3971 $wp_list_table = _get_list_table( 'WP_Plugin_Install_List_Table', array( 3972 'screen' => get_current_screen(), 3973 ) ); 4324 $wp_list_table = _get_list_table( 4325 'WP_Plugin_Install_List_Table', array( 4326 'screen' => get_current_screen(), 4327 ) 4328 ); 3974 4329 3975 4330 $status = array(); … … 3981 4336 3982 4337 // Set the correct requester, so pagination works. 3983 $_SERVER['REQUEST_URI'] = add_query_arg( array_diff_key( $_POST, array( 3984 '_ajax_nonce' => null, 3985 'action' => null, 3986 ) ), network_admin_url( 'plugin-install.php', 'relative' ) ); 4338 $_SERVER['REQUEST_URI'] = add_query_arg( 4339 array_diff_key( 4340 $_POST, array( 4341 '_ajax_nonce' => null, 4342 'action' => null, 4343 ) 4344 ), network_admin_url( 'plugin-install.php', 'relative' ) 4345 ); 3987 4346 3988 4347 $wp_list_table->prepare_items(); … … 4005 4364 $r = wp_edit_theme_plugin_file( wp_unslash( $_POST ) ); // Validation of args is done in wp_edit_theme_plugin_file(). 4006 4365 if ( is_wp_error( $r ) ) { 4007 wp_send_json_error( array_merge( 4366 wp_send_json_error( 4367 array_merge( 4368 array( 4369 'code' => $r->get_error_code(), 4370 'message' => $r->get_error_message(), 4371 ), 4372 (array) $r->get_error_data() 4373 ) 4374 ); 4375 } else { 4376 wp_send_json_success( 4008 4377 array( 4009 'code' => $r->get_error_code(), 4010 'message' => $r->get_error_message(), 4011 ), 4012 (array) $r->get_error_data() 4013 ) ); 4014 } else { 4015 wp_send_json_success( array( 4016 'message' => __( 'File edited successfully.' ), 4017 ) ); 4018 } 4019 } 4378 'message' => __( 'File edited successfully.' ), 4379 ) 4380 ); 4381 } 4382 }
Note: See TracChangeset
for help on using the changeset viewer.