Make WordPress Core


Ignore:
Timestamp:
10/09/2007 10:49:42 PM (16 years ago)
Author:
ryan
Message:

jquery for list manipulation. Round one, fight. Props mdawaffe. fixes #4805

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-ajax.php

    r6125 r6213  
    55define('DOING_AJAX', true);
    66
    7 check_ajax_referer();
    87if ( !is_user_logged_in() )
    98    die('-1');
     
    1211add_action( 'shutdown', 'get_out_now', -1 );
    1312
    14 function wp_ajax_meta_row( $pid, $mid, $key, $value ) {
    15     $value = attribute_escape($value);
    16     $key_js = addslashes(wp_specialchars($key, 'double'));
    17     $key = attribute_escape($key);
    18     $r .= "<tr id='meta-$mid'><td valign='top'>";
    19     $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);\",event);' type='text' size='20' value='$key' />";
    20     $r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
    21     $r .= "<input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' onclick='return theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);' /><br />";
    22     $r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";
    23     $r .= js_escape(sprintf(__("You are about to delete the '%s' custom field on this post.\n'OK' to delete, 'Cancel' to stop."), $key_js));
    24     $r .= "' );\" class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td></tr>";
    25     return $r;
    26 }
    27 
    2813$id = (int) $_POST['id'];
    29 switch ( $_POST['action'] ) :
     14switch ( $action = $_POST['action'] ) :
     15case 'add-post' :
     16    check_ajax_referer( 'add-post' );
     17    add_filter( 'post_limits', $limit_filter = create_function( '$a', '$b = split(" ",$a); if ( !isset($b[2]) ) return $a; $start = intval(trim($b[1])) / 20 * 15; if ( !is_int($start) ) return $a; $start += intval(trim($b[2])) - 1; return "LIMIT $start, 1";' ) );
     18    wp_edit_posts_query( '_POST' );
     19    $posts_columns = wp_manage_posts_columns();
     20    ob_start();
     21        include( 'edit-post-rows.php' );
     22        $data = ob_get_contents();
     23    ob_end_clean();
     24    if ( !preg_match('|<tbody.+?>(.+)</tbody>|s', $data, $matches) )
     25        my_dump($data);
     26    $data = trim($matches[1]);
     27    $x = new WP_Ajax_Response( array( 'what' => 'post', 'id' => $id, 'data' => $data ) );
     28    $x->send();
     29    break;
    3030case 'delete-comment' :
     31    check_ajax_referer( "delete-comment_$id" );
    3132    if ( !$comment = get_comment( $id ) )
    3233        die('0');
     
    3435        die('-1');
    3536
    36     if ( wp_delete_comment( $comment->comment_ID ) )
     37    if ( isset($_POST['spam']) && 1 == $_POST['spam'] )
     38        $r = wp_set_comment_status( $comment->comment_ID, 'spam' );
     39    else
     40        $r = wp_delete_comment( $comment->comment_ID );
     41
     42    die( $r ? '1' : '0' );
     43    break;
     44case 'delete-cat' :
     45    check_ajax_referer( "delete-category_$id" );
     46    if ( !current_user_can( 'manage_categories' ) )
     47        die('-1');
     48
     49    if ( wp_delete_category( $id ) )
    3750        die('1');
    3851    else    die('0');
    3952    break;
    40 case 'delete-comment-as-spam' :
    41     if ( !$comment = get_comment( $id ) )
    42         die('0');
    43     if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
    44         die('-1');
    45 
    46     if ( wp_set_comment_status( $comment->comment_ID, 'spam' ) )
     53case 'delete-link' :
     54    check_ajax_referer( "delete-bookmark_$id" );
     55    if ( !current_user_can( 'manage_links' ) )
     56        die('-1');
     57
     58    if ( wp_delete_link( $id ) )
    4759        die('1');
    4860    else    die('0');
    4961    break;
    50 case 'delete-cat' :
    51     if ( !current_user_can( 'manage_categories' ) )
    52         die('-1');
    53 
    54     if ( wp_delete_category( $id ) )
    55         die('1');
    56     else    die('0');
    57     break;
    58 case 'delete-link' :
    59     if ( !current_user_can( 'manage_links' ) )
    60         die('-1');
    61 
    62     if ( wp_delete_link( $id ) )
    63         die('1');
    64     else    die('0');
    65     break;
    6662case 'delete-meta' :
     63    check_ajax_referer( 'change_meta' );
    6764    if ( !$meta = get_post_meta_by_id( $id ) )
    6865        die('0');
     
    7471    break;
    7572case 'delete-post' :
     73    check_ajax_referer( "{$action}_$id" );
    7674    if ( !current_user_can( 'delete_post', $id ) )
    7775        die('-1');
     
    7977    if ( wp_delete_post( $id ) )
    8078        die('1');
    81     else    die('0');
     79    else
     80        die('0');
    8281    break;
    8382case 'delete-page' :
     83    check_ajax_referer( "{$action}_$id" );
    8484    if ( !current_user_can( 'delete_page', $id ) )
    8585        die('-1');
     
    9898
    9999    if ( 'unapproved' == wp_get_comment_status($comment->comment_ID) ) {
     100        check_ajax_referer( "approve-comment_$id" );
    100101        if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
    101102            die('1');
    102103    } else {
     104        check_ajax_referer( "unapprove-comment_$id" );
    103105        if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
    104106            die('1');
     
    107109    break;
    108110case 'add-category' : // On the Fly
     111    check_ajax_referer( $action );
    109112    if ( !current_user_can( 'manage_categories' ) )
    110113        die('-1');
     
    121124            'what' => 'category',
    122125            'id' => $cat_id,
    123             'data' => "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>"
     126            'data' => "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>",
     127            'position' => -1
    124128        ) );
    125129    }
     
    127131    break;
    128132case 'add-link-category' : // On the Fly
     133    check_ajax_referer( $action );
    129134    if ( !current_user_can( 'manage_categories' ) )
    130135        die('-1');
     
    137142        if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
    138143            $cat_id = wp_insert_term( $cat_name, 'link_category' );
    139             $cat_id = $cat_id['term_id'];
    140144        }
     145        $cat_id = $cat_id['term_id'];
    141146        $cat_name = wp_specialchars(stripslashes($cat_name));
    142147        $x->add( array(
    143148            'what' => 'link-category',
    144149            'id' => $cat_id,
    145             'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>"
     150            'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
     151            'position' => -1
    146152        ) );
    147153    }
     
    149155    break;
    150156case 'add-cat' : // From Manage->Categories
     157    check_ajax_referer( 'add-category' );
    151158    if ( !current_user_can( 'manage_categories' ) )
    152159        die('-1');
     
    156163        die('0');
    157164    $level = 0;
    158     $cat_full_name = $cat->cat_name;
     165    $cat_full_name = $cat->name;
    159166    $_cat = $cat;
    160     while ( $_cat->category_parent ) {
    161         $_cat = get_category( $_cat->category_parent );
    162         $cat_full_name = $_cat->cat_name . ' &#8212; ' . $cat_full_name;
     167    while ( $_cat->parent ) {
     168        $_cat = get_category( $_cat->parent );
     169        $cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
    163170        $level++;
    164171    }
     
    167174    $x = new WP_Ajax_Response( array(
    168175        'what' => 'cat',
    169         'id' => $cat->cat_ID,
     176        'id' => $cat->term_id,
    170177        'data' => _cat_row( $cat, $level, $cat_full_name ),
    171         'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->cat_ID", $cat_full_name))
     178        'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name))
    172179    ) );
    173180    $x->send();
    174181    break;
    175182case 'add-comment' :
     183    check_ajax_referer( $action );
    176184    if ( !current_user_can( 'edit_post', $id ) )
    177185        die('-1');
    178186    $search = isset($_POST['s']) ? $_POST['s'] : false;
    179     $start = isset($_POST['page']) ? intval($_POST['page']) * 25 : 25;
     187    $start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
    180188
    181189    list($comments, $total) = _wp_get_comment_list( $search, $start, 1 );
     
    199207    break;
    200208case 'add-meta' :
    201     if ( !current_user_can( 'edit_post', $id ) )
    202         die('-1');
    203     if ( $id < 0 ) {
    204         $now = current_time('timestamp', 1);
    205         if ( $pid = wp_insert_post( array(
    206             'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
    207         ) ) ) {
    208             if ( is_wp_error( $pid ) )
    209                 return $pid;
    210             $mid = add_meta( $pid );
     209    check_ajax_referer( 'change_meta' );
     210    $c = 0;
     211    $pid = (int) $_POST['post_id'];
     212    if ( isset($_POST['addmeta']) ) {
     213        if ( !current_user_can( 'edit_post', $pid ) )
     214            die('-1');
     215        if ( $pid < 0 ) {
     216            $now = current_time('timestamp', 1);
     217            if ( $pid = wp_insert_post( array(
     218                'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
     219            ) ) ) {
     220                if ( is_wp_error( $pid ) ) {
     221                    $x = new WP_Ajax_Response( array(
     222                        'what' => 'meta',
     223                        'data' => $pid
     224                    ) );
     225                    $x->send();
     226                }
     227                $mid = add_meta( $pid );
     228            } else {
     229                die('0');
     230            }
     231        } else if ( !$mid = add_meta( $pid ) ) {
     232            die('0');
    211233        }
    212         else
    213             die('0');
    214     } else if ( !$mid = add_meta( $id ) ) {
    215         die('0');
    216     }
    217 
    218     $meta = get_post_meta_by_id( $mid );
    219     $key = $meta->meta_key;
    220     $value = $meta->meta_value;
    221     $pid = (int) $meta->post_id;
    222 
    223     $x = new WP_Ajax_Response( array(
    224         'what' => 'meta',
    225         'id' => $mid,
    226         'data' => wp_ajax_meta_row( $pid, $mid, $key, $value ),
    227         'supplemental' => array('postid' => $pid)
    228     ) );
    229     $x->send();
    230     break;
    231 case 'update-meta' :
    232     $mid = (int) array_pop(array_keys($_POST['meta']));
    233     $key = $_POST['meta'][$mid]['key'];
    234     $value = $_POST['meta'][$mid]['value'];
    235     if ( !$meta = get_post_meta_by_id( $mid ) )
    236         die('0'); // if meta doesn't exist
    237     if ( !current_user_can( 'edit_post', $meta->post_id ) )
    238         die('-1');
    239     if ( $u = update_meta( $mid, $key, $value ) ) {
     234
     235        $meta = get_post_meta_by_id( $mid );
     236        $pid = (int) $meta->post_id;
     237        $meta = get_object_vars( $meta );
     238        $x = new WP_Ajax_Response( array(
     239            'what' => 'meta',
     240            'id' => $mid,
     241            'data' => _list_meta_row( $meta, $c ),
     242            'position' => 1,
     243            'supplemental' => array('postid' => $pid)
     244        ) );
     245    } else {
     246        $mid = (int) array_pop(array_keys($_POST['meta']));
     247        $key = $_POST['meta'][$mid]['key'];
     248        $value = $_POST['meta'][$mid]['value'];
     249        if ( !$meta = get_post_meta_by_id( $mid ) )
     250            die('0'); // if meta doesn't exist
     251        if ( !current_user_can( 'edit_post', $meta->post_id ) )
     252            die('-1');
     253        if ( !$u = update_meta( $mid, $key, $value ) )
     254            die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
    240255        $key = stripslashes($key);
    241256        $value = stripslashes($value);
    242257        $x = new WP_Ajax_Response( array(
    243258            'what' => 'meta',
    244             'id' => $mid,
    245             'data' => wp_ajax_meta_row( $meta->post_id, $mid, $key, $value ),
     259            'id' => $mid, 'old_id' => $mid,
     260            'data' => _list_meta_row( array(
     261                'meta_key' => $key,
     262                'meta_value' => $value,
     263                'meta_id' => $mid
     264            ), $c ),
     265            'position' => 0,
    246266            'supplemental' => array('postid' => $meta->post_id)
    247267        ) );
    248         $x->send();
    249     }
    250     die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
     268    }
     269    $x->send();
    251270    break;
    252271case 'add-user' :
     272    check_ajax_referer( $action );
    253273    if ( !current_user_can('edit_users') )
    254274        die('-1');
     
    262282    }
    263283    $user_object = new WP_User( $user_id );
     284
    264285    $x = new WP_Ajax_Response( array(
    265286        'what' => 'user',
    266287        'id' => $user_id,
    267288        'data' => user_row( $user_object ),
    268         'supplemental' => array('show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login))
     289        'supplemental' => array(
     290            'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
     291            'role' => $user_object->roles[0]
     292        )
    269293    ) );
    270294    $x->send();
    271295    break;
    272296case 'autosave' : // The name of this action is hardcoded in edit_post()
     297    check_ajax_referer( $action );
    273298    $_POST['post_content'] = $_POST['content'];
    274299    $_POST['post_excerpt'] = $_POST['excerpt'];
     
    301326break;
    302327case 'autosave-generate-nonces' :
     328    check_ajax_referer( $action );
    303329    $ID = (int) $_POST['post_ID'];
    304330    if($_POST['post_type'] == 'post') {
Note: See TracChangeset for help on using the changeset viewer.