Changes in trunk/wp-admin/edit-form-advanced.php [3456:4349]

File:

• trunk/wp-admin/edit-form-advanced.php (modified) (15 diffs)

trunk/wp-admin/edit-form-advanced.php

@@ -15 +15 @@
 
 <div class="wrap">
-<h2 id="write-post"><?php _e('Write Post'); ?><?php if ( 0 != $post_ID ) : ?>
- <small class="quickjump"><a href="#preview-post"><?php _e('preview &darr;'); ?></a></small><?php endif; ?></h2>
 <?php
 
@@ -22 +20 @@
     $form_action = 'post';
     $temp_ID = -1 * time();
-    $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+    $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
+    wp_nonce_field('add-post');
 } else {
     $form_action = 'editpost';
-    $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+    $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
+    wp_nonce_field('update-post_' .  $post_ID);
 }
 
@@ -38 +38 @@
     $already_pinged = explode("\n", trim($post->pinged));
     foreach ($already_pinged as $pinged_url) {
-        $pings .= "\n\t<li>$pinged_url</li>";
+        $pings .= "\n\t<li>" . wp_specialchars($pinged_url) . "</li>";
     }
     $pings .= '</ul>';
@@ -50 +50 @@
 
 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value="<?php echo $form_action ?>" />
+<input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
+<input type="hidden" id="originalaction" name="originalaction" value="<?php echo $form_action ?>" />
 <input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
+<input type="hidden" id="post_type" name="post_type" value="post" />
 
 <?php echo $form_extra ?>
@@ -67 +69 @@
 <div id="moremeta">
 <div id="grabit" class="dbx-group">
+
+<fieldset id="categorydiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Categories') ?></h3>
+<div class="dbx-content">
+<p id="jaxcat"></p>
+<ul id="categorychecklist"><?php dropdown_categories(); ?></ul></div>
+</fieldset>
 
 <fieldset id="commentstatusdiv" class="dbx-box">
@@ -80 +89 @@
 
 <fieldset id="passworddiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3> 
+<h3 class="dbx-handle"><?php _e('Post Password') ?></h3> 
 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo $post->post_password ?>" /></div>
 </fieldset>
 
 <fieldset id="slugdiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Post slug') ?></h3> 
+<h3 class="dbx-handle"><?php _e('Post Slug') ?></h3> 
 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
 </fieldset>
 
-<fieldset id="categorydiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Categories') ?></h3>
-<div class="dbx-content">
-<p id="jaxcat"></p>
-<div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
-</fieldset>
-
-<fieldset class="dbx-box">
+<fieldset id="poststatusdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Status') ?></h3> 
 <div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
-<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); ?> /> <?php _e('Published') ?></label>
+<label for="post_status_publish" class="selectit"><input id="post_status_publish" name="post_status" type="radio" value="publish" <?php checked($post->post_status, 'publish'); checked($post->post_status, 'future'); ?> /> <?php _e('Published') ?></label>
 <?php endif; ?>
       <label for="post_status_draft" class="selectit"><input id="post_status_draft" name="post_status" type="radio" value="draft" <?php checked($post->post_status, 'draft'); ?> /> <?php _e('Draft') ?></label>
@@ -106 +108 @@
 
 <?php if ( current_user_can('edit_posts') ) : ?>
-<fieldset class="dbx-box">
+<fieldset id="posttimestampdiv" class="dbx-box">
 <h3 class="dbx-handle"><?php _e('Post Timestamp'); ?>:</h3>
 <div class="dbx-content"><?php touch_time(($action == 'edit')); ?></div>
@@ -112 +114 @@
 <?php endif; ?>
 
-<?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
+<?php 
+$authors = get_editable_authors( $current_user->id ); // TODO: ROLE SYSTEM
+if ( $authors && count( $authors ) > 1 ) :
+?>
 <fieldset id="authordiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
+<h3 class="dbx-handle"><?php _e('Post Author'); ?>:</h3>
 <div class="dbx-content">
 <select name="post_author_override" id="post_author_override">
@@ -143 +148 @@
 <legend><?php _e('Post') ?></legend>
 
-<?php
- $rows = get_settings('default_post_edit_rows');
- if (($rows < 3) || ($rows > 100)) {
-     $rows = 12;
- }
-?>
-<?php the_quicktags(); ?>
-
-<div><textarea <?php if ( user_can_richedit() ) echo 'title="true" '; ?>rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="2" id="content"><?php echo user_can_richedit() ? wp_richedit_pre($post->post_content) : $post->post_content; ?></textarea></div>
-</fieldset>
-
-<script type="text/javascript">
-<!--
-edCanvas = document.getElementById('content');
-<?php if ( user_can_richedit() ) : ?>
-// This code is meant to allow tabbing from Title to Post (TinyMCE).
-if ( tinyMCE.isMSIE )
-    document.getElementById('title').onkeydown = function (e)
-        {
-            e = e ? e : window.event;
-            if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
-                var i = tinyMCE.selectedInstance;
-                if(typeof i ==  'undefined')
-                    return true;
-                                tinyMCE.execCommand("mceStartTyping");
-                this.blur();
-                i.contentWindow.focus();
-                e.returnValue = false;
-                return false;
-            }
-        }
-else
-    document.getElementById('title').onkeypress = function (e)
-        {
-            e = e ? e : window.event;
-            if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
-                var i = tinyMCE.selectedInstance;
-                if(typeof i ==  'undefined')
-                    return true;
-                                tinyMCE.execCommand("mceStartTyping");
-                this.blur();
-                i.contentWindow.focus();
-                e.returnValue = false;
-                return false;
-            }
-        }
-<?php endif; ?>
-//-->
-</script>
+    <?php the_editor($post->post_content); ?>
+</fieldset>
 
 <?php echo $form_pingback ?>
@@ -197 +155 @@
 
 
-<p class="submit"><?php echo $saveasdraft; ?> <input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" /> 
+<p class="submit">
+<span id="autosave"></span>
+<?php echo $saveasdraft; ?>
+<input type="submit" name="submit" value="<?php _e('Save') ?>" style="font-weight: bold;" tabindex="4" /> 
 <?php 
 if ('publish' != $post->post_status || 0 == $post_ID) {
@@ -210 +171 @@
 if ( !empty($_REQUEST['popupurl']) )
     echo wp_specialchars($_REQUEST['popupurl']);
-else if ( url_to_postid($_SERVER['HTTP_REFERER']) == $post_ID )
+else if ( url_to_postid(wp_get_referer()) == $post_ID )
     echo 'redo';
 else
-    echo wp_specialchars($_SERVER['HTTP_REFERER']);
+    echo wp_specialchars(wp_get_referer());
 ?>" /></p>
 
@@ -221 +182 @@
 if (current_user_can('upload_files')) {
     $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
-    $uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+    $uploading_iframe_src = wp_nonce_url("upload.php?style=inline&amp;tab=upload&amp;post_id=$uploading_iframe_ID", 'inlineuploading');
     $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
     if ( false != $uploading_iframe_src )
-        echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
+        echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
 }
 ?>
@@ -230 +191 @@
 <div id="advancedstuff" class="dbx-group" >
 
+<div class="dbx-box-wrapper">
 <fieldset id="postexcerpt" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Optional Excerpt') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div class="dbx-content"><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea></div>
-</fieldset>
-
-<fieldset class="dbx-box">
+</div>
+</fieldset>
+</div>
+
+<div class="dbx-box-wrapper">
+<fieldset id="trackbacksdiv" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Trackbacks') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div class="dbx-content"><?php _e('Send trackbacks to'); ?>: <?php echo $form_trackback; ?> (<?php _e('Separate multiple URIs with spaces'); ?>)
 <?php 
@@ -243 +214 @@
 ?>
 </div>
-</fieldset>
-
+</div>
+</fieldset>
+</div>
+
+<div class="dbx-box-wrapper">
 <fieldset id="postcustom" class="dbx-box">
+<div class="dbx-handle-wrapper">
 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
+</div>
+<div class="dbx-content-wrapper">
 <div id="postcustomstuff" class="dbx-content">
-<?php 
-if($metadata = has_meta($post_ID)) {
-?>
-<?php
-    list_meta($metadata); 
-?>
-<?php
-}
+<table cellpadding="3">
+<?php
+$metadata = has_meta($post_ID);
+list_meta($metadata); 
+?>
+
+</table>
+<?php
     meta_form();
 ?>
-</div>
-</fieldset>
+<div id="ajax-response"></div>
+</div>
+</div>
+</fieldset>
+</div>
 
 <?php do_action('dbx_post_advanced'); ?>
@@ -265 +245 @@
 </div>
 
-<?php if ('edit' == $action) : ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button delete" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
 <?php endif; ?>