Changeset 6213 for trunk/wp-admin/admin-ajax.php
- Timestamp:
- 10/09/2007 10:49:42 PM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r6125 r6213 5 5 define('DOING_AJAX', true); 6 6 7 check_ajax_referer();8 7 if ( !is_user_logged_in() ) 9 8 die('-1'); … … 12 11 add_action( 'shutdown', 'get_out_now', -1 ); 13 12 14 function wp_ajax_meta_row( $pid, $mid, $key, $value ) {15 $value = attribute_escape($value);16 $key_js = addslashes(wp_specialchars($key, 'double'));17 $key = attribute_escape($key);18 $r .= "<tr id='meta-$mid'><td valign='top'>";19 $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater('meta','meta-$mid');\",event);' type='text' size='20' value='$key' />";20 $r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";21 $r .= "<input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' onclick='return theList.ajaxUpdater('meta','meta-$mid');' /><br />";22 $r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";23 $r .= js_escape(sprintf(__("You are about to delete the '%s' custom field on this post.\n'OK' to delete, 'Cancel' to stop."), $key_js));24 $r .= "' );\" class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td></tr>";25 return $r;26 }27 28 13 $id = (int) $_POST['id']; 29 switch ( $_POST['action'] ) : 14 switch ( $action = $_POST['action'] ) : 15 case 'add-post' : 16 check_ajax_referer( 'add-post' ); 17 add_filter( 'post_limits', $limit_filter = create_function( '$a', '$b = split(" ",$a); if ( !isset($b[2]) ) return $a; $start = intval(trim($b[1])) / 20 * 15; if ( !is_int($start) ) return $a; $start += intval(trim($b[2])) - 1; return "LIMIT $start, 1";' ) ); 18 wp_edit_posts_query( '_POST' ); 19 $posts_columns = wp_manage_posts_columns(); 20 ob_start(); 21 include( 'edit-post-rows.php' ); 22 $data = ob_get_contents(); 23 ob_end_clean(); 24 if ( !preg_match('|<tbody.+?>(.+)</tbody>|s', $data, $matches) ) 25 my_dump($data); 26 $data = trim($matches[1]); 27 $x = new WP_Ajax_Response( array( 'what' => 'post', 'id' => $id, 'data' => $data ) ); 28 $x->send(); 29 break; 30 30 case 'delete-comment' : 31 check_ajax_referer( "delete-comment_$id" ); 31 32 if ( !$comment = get_comment( $id ) ) 32 33 die('0'); … … 34 35 die('-1'); 35 36 36 if ( wp_delete_comment( $comment->comment_ID ) ) 37 if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) 38 $r = wp_set_comment_status( $comment->comment_ID, 'spam' ); 39 else 40 $r = wp_delete_comment( $comment->comment_ID ); 41 42 die( $r ? '1' : '0' ); 43 break; 44 case 'delete-cat' : 45 check_ajax_referer( "delete-category_$id" ); 46 if ( !current_user_can( 'manage_categories' ) ) 47 die('-1'); 48 49 if ( wp_delete_category( $id ) ) 37 50 die('1'); 38 51 else die('0'); 39 52 break; 40 case 'delete-comment-as-spam' : 41 if ( !$comment = get_comment( $id ) ) 42 die('0'); 43 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 44 die('-1'); 45 46 if ( wp_set_comment_status( $comment->comment_ID, 'spam' ) ) 53 case 'delete-link' : 54 check_ajax_referer( "delete-bookmark_$id" ); 55 if ( !current_user_can( 'manage_links' ) ) 56 die('-1'); 57 58 if ( wp_delete_link( $id ) ) 47 59 die('1'); 48 60 else die('0'); 49 61 break; 50 case 'delete-cat' :51 if ( !current_user_can( 'manage_categories' ) )52 die('-1');53 54 if ( wp_delete_category( $id ) )55 die('1');56 else die('0');57 break;58 case 'delete-link' :59 if ( !current_user_can( 'manage_links' ) )60 die('-1');61 62 if ( wp_delete_link( $id ) )63 die('1');64 else die('0');65 break;66 62 case 'delete-meta' : 63 check_ajax_referer( 'change_meta' ); 67 64 if ( !$meta = get_post_meta_by_id( $id ) ) 68 65 die('0'); … … 74 71 break; 75 72 case 'delete-post' : 73 check_ajax_referer( "{$action}_$id" ); 76 74 if ( !current_user_can( 'delete_post', $id ) ) 77 75 die('-1'); … … 79 77 if ( wp_delete_post( $id ) ) 80 78 die('1'); 81 else die('0'); 79 else 80 die('0'); 82 81 break; 83 82 case 'delete-page' : 83 check_ajax_referer( "{$action}_$id" ); 84 84 if ( !current_user_can( 'delete_page', $id ) ) 85 85 die('-1'); … … 98 98 99 99 if ( 'unapproved' == wp_get_comment_status($comment->comment_ID) ) { 100 check_ajax_referer( "approve-comment_$id" ); 100 101 if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) ) 101 102 die('1'); 102 103 } else { 104 check_ajax_referer( "unapprove-comment_$id" ); 103 105 if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) ) 104 106 die('1'); … … 107 109 break; 108 110 case 'add-category' : // On the Fly 111 check_ajax_referer( $action ); 109 112 if ( !current_user_can( 'manage_categories' ) ) 110 113 die('-1'); … … 121 124 'what' => 'category', 122 125 'id' => $cat_id, 123 'data' => "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>" 126 'data' => "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>", 127 'position' => -1 124 128 ) ); 125 129 } … … 127 131 break; 128 132 case 'add-link-category' : // On the Fly 133 check_ajax_referer( $action ); 129 134 if ( !current_user_can( 'manage_categories' ) ) 130 135 die('-1'); … … 137 142 if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) { 138 143 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 139 $cat_id = $cat_id['term_id'];140 144 } 145 $cat_id = $cat_id['term_id']; 141 146 $cat_name = wp_specialchars(stripslashes($cat_name)); 142 147 $x->add( array( 143 148 'what' => 'link-category', 144 149 'id' => $cat_id, 145 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>" 150 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 151 'position' => -1 146 152 ) ); 147 153 } … … 149 155 break; 150 156 case 'add-cat' : // From Manage->Categories 157 check_ajax_referer( 'add-category' ); 151 158 if ( !current_user_can( 'manage_categories' ) ) 152 159 die('-1'); … … 156 163 die('0'); 157 164 $level = 0; 158 $cat_full_name = $cat-> cat_name;165 $cat_full_name = $cat->name; 159 166 $_cat = $cat; 160 while ( $_cat-> category_parent ) {161 $_cat = get_category( $_cat-> category_parent );162 $cat_full_name = $_cat-> cat_name . ' — ' . $cat_full_name;167 while ( $_cat->parent ) { 168 $_cat = get_category( $_cat->parent ); 169 $cat_full_name = $_cat->name . ' — ' . $cat_full_name; 163 170 $level++; 164 171 } … … 167 174 $x = new WP_Ajax_Response( array( 168 175 'what' => 'cat', 169 'id' => $cat-> cat_ID,176 'id' => $cat->term_id, 170 177 'data' => _cat_row( $cat, $level, $cat_full_name ), 171 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat-> cat_ID", $cat_full_name))178 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name)) 172 179 ) ); 173 180 $x->send(); 174 181 break; 175 182 case 'add-comment' : 183 check_ajax_referer( $action ); 176 184 if ( !current_user_can( 'edit_post', $id ) ) 177 185 die('-1'); 178 186 $search = isset($_POST['s']) ? $_POST['s'] : false; 179 $start = isset($_POST['page']) ? intval($_POST['page']) * 25 : 25;187 $start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24; 180 188 181 189 list($comments, $total) = _wp_get_comment_list( $search, $start, 1 ); … … 199 207 break; 200 208 case 'add-meta' : 201 if ( !current_user_can( 'edit_post', $id ) ) 202 die('-1'); 203 if ( $id < 0 ) { 204 $now = current_time('timestamp', 1); 205 if ( $pid = wp_insert_post( array( 206 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)) 207 ) ) ) { 208 if ( is_wp_error( $pid ) ) 209 return $pid; 210 $mid = add_meta( $pid ); 209 check_ajax_referer( 'change_meta' ); 210 $c = 0; 211 $pid = (int) $_POST['post_id']; 212 if ( isset($_POST['addmeta']) ) { 213 if ( !current_user_can( 'edit_post', $pid ) ) 214 die('-1'); 215 if ( $pid < 0 ) { 216 $now = current_time('timestamp', 1); 217 if ( $pid = wp_insert_post( array( 218 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)) 219 ) ) ) { 220 if ( is_wp_error( $pid ) ) { 221 $x = new WP_Ajax_Response( array( 222 'what' => 'meta', 223 'data' => $pid 224 ) ); 225 $x->send(); 226 } 227 $mid = add_meta( $pid ); 228 } else { 229 die('0'); 230 } 231 } else if ( !$mid = add_meta( $pid ) ) { 232 die('0'); 211 233 } 212 else 213 die('0'); 214 } else if ( !$mid = add_meta( $id ) ) { 215 die('0'); 216 } 217 218 $meta = get_post_meta_by_id( $mid ); 219 $key = $meta->meta_key; 220 $value = $meta->meta_value; 221 $pid = (int) $meta->post_id; 222 223 $x = new WP_Ajax_Response( array( 224 'what' => 'meta', 225 'id' => $mid, 226 'data' => wp_ajax_meta_row( $pid, $mid, $key, $value ), 227 'supplemental' => array('postid' => $pid) 228 ) ); 229 $x->send(); 230 break; 231 case 'update-meta' : 232 $mid = (int) array_pop(array_keys($_POST['meta'])); 233 $key = $_POST['meta'][$mid]['key']; 234 $value = $_POST['meta'][$mid]['value']; 235 if ( !$meta = get_post_meta_by_id( $mid ) ) 236 die('0'); // if meta doesn't exist 237 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 238 die('-1'); 239 if ( $u = update_meta( $mid, $key, $value ) ) { 234 235 $meta = get_post_meta_by_id( $mid ); 236 $pid = (int) $meta->post_id; 237 $meta = get_object_vars( $meta ); 238 $x = new WP_Ajax_Response( array( 239 'what' => 'meta', 240 'id' => $mid, 241 'data' => _list_meta_row( $meta, $c ), 242 'position' => 1, 243 'supplemental' => array('postid' => $pid) 244 ) ); 245 } else { 246 $mid = (int) array_pop(array_keys($_POST['meta'])); 247 $key = $_POST['meta'][$mid]['key']; 248 $value = $_POST['meta'][$mid]['value']; 249 if ( !$meta = get_post_meta_by_id( $mid ) ) 250 die('0'); // if meta doesn't exist 251 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 252 die('-1'); 253 if ( !$u = update_meta( $mid, $key, $value ) ) 254 die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 240 255 $key = stripslashes($key); 241 256 $value = stripslashes($value); 242 257 $x = new WP_Ajax_Response( array( 243 258 'what' => 'meta', 244 'id' => $mid, 245 'data' => wp_ajax_meta_row( $meta->post_id, $mid, $key, $value ), 259 'id' => $mid, 'old_id' => $mid, 260 'data' => _list_meta_row( array( 261 'meta_key' => $key, 262 'meta_value' => $value, 263 'meta_id' => $mid 264 ), $c ), 265 'position' => 0, 246 266 'supplemental' => array('postid' => $meta->post_id) 247 267 ) ); 248 $x->send(); 249 } 250 die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 268 } 269 $x->send(); 251 270 break; 252 271 case 'add-user' : 272 check_ajax_referer( $action ); 253 273 if ( !current_user_can('edit_users') ) 254 274 die('-1'); … … 262 282 } 263 283 $user_object = new WP_User( $user_id ); 284 264 285 $x = new WP_Ajax_Response( array( 265 286 'what' => 'user', 266 287 'id' => $user_id, 267 288 'data' => user_row( $user_object ), 268 'supplemental' => array('show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login)) 289 'supplemental' => array( 290 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 291 'role' => $user_object->roles[0] 292 ) 269 293 ) ); 270 294 $x->send(); 271 295 break; 272 296 case 'autosave' : // The name of this action is hardcoded in edit_post() 297 check_ajax_referer( $action ); 273 298 $_POST['post_content'] = $_POST['content']; 274 299 $_POST['post_excerpt'] = $_POST['excerpt']; … … 301 326 break; 302 327 case 'autosave-generate-nonces' : 328 check_ajax_referer( $action ); 303 329 $ID = (int) $_POST['post_ID']; 304 330 if($_POST['post_type'] == 'post') {
Note: See TracChangeset
for help on using the changeset viewer.