Index: wp-includes/functions-formatting.php
===================================================================
--- wp-includes/functions-formatting.php (revision 3659)
+++ wp-includes/functions-formatting.php (working copy)
@@ -101,8 +101,10 @@
$text = preg_replace('/&([^#])(?![a-z1-4]{1,8};)/', '&$1', $text);-
$text = str_replace('<', '<', $text);
$text = str_replace('>', '>', $text);
- if ( $quotes ) {
+ if ( 'double' == $quotes ) {
$text = str_replace('"', '"', $text);
+ } elseif ( $quotes ) {
+ $text = str_replace('"', '"', $text);
$text = str_replace("'", ''', $text);
}
return $text;
Index: wp-includes/js/fat.js
===================================================================
--- wp-includes/js/fat.js (revision 3659)
+++ wp-includes/js/fat.js (working copy)
@@ -11,7 +11,7 @@
b = b.toString(16); if (b.length == 1) b = '0' + b;
return "#" + r + g + b;
},
- fade_all : function ()
+ fade_all : function (dur)
{
var a = document.getElementsByTagName("*");
for (var i = 0; i < a.length; i++)
@@ -21,7 +21,7 @@
if (r)
{
if (!r[1]) r[1] = "";
- if (o.id) Fat.fade_element(o.id,null,null,"#"+r[1]);
+ if (o.id) Fat.fade_element(o.id,null,dur,"#"+r[1]);
}
}
},
@@ -87,4 +87,4 @@
addLoadEvent(function () {
Fat.fade_all();
-});
\ No newline at end of file
+});
Index: wp-admin/custom-fields.js
===================================================================
--- wp-admin/custom-fields.js (revision 0)
+++ wp-admin/custom-fields.js (revision 0)
@@ -0,0 +1,25 @@
+addLoadEvent(customFieldsAddIn);
+function customFieldsAddIn() {
+ if (!theList.theList) return false;
+ inputs = theList.theList.getElementsByTagName('input');
+ for ( var i=0; i < inputs.length; i++ ) {
+ if ('text' == inputs[i].type) {
+ inputs[i].setAttribute('autocomplete', 'off');
+ inputs[i].onkeypress = function(e) {return killSubmit('theList.ajaxUpdater("meta", "meta-' + parseInt(this.name.slice(5),10) + '");', e); };
+ }
+ if ('updatemeta' == inputs[i].className) {
+ inputs[i].onclick = function(e) {return killSubmit('theList.ajaxUpdater("meta", "meta-' + parseInt(this.parentNode.parentNode.id.slice(5),10) + '");', e); };
+ }
+ }
+
+ document.getElementById('metakeyinput').onkeypress = function(e) {return killSubmit('theList.inputData+="&id="+document.getElementById("post_ID").value;theList.ajaxAdder("meta", "newmeta", customFieldsOnComplete);', e); };
+ document.getElementById('updatemetasub').onclick = function(e) {return killSubmit('theList.inputData+="&id="+document.getElementById("post_ID").value;theList.ajaxAdder("meta", "newmeta", customFieldsOnComplete);', e); };
+ theList.clearInputs.push('metakeyselect','metakeyinput','metavalue');
+}
+function customFieldsOnComplete() {
+ var pidEl = document.getElementById('post_ID');
+ pidEl.name = 'post_ID';
+ pidEl.value = getNodeValue(theList.ajaxAdd.responseXML, 'postid');
+ var aEl = document.getElementById('hiddenaction')
+ if ( aEl.value == 'post' ) aEl.value = 'postajaxpost';
+}
Index: wp-admin/edit-comments.php
===================================================================
--- wp-admin/edit-comments.php (revision 3659)
+++ wp-admin/edit-comments.php (working copy)
@@ -133,13 +133,13 @@
|
-
+
@@ -162,19 +162,28 @@
';
foreach ($comments as $comment) {
$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
+ $comment_status = wp_get_comment_status($comment->comment_ID);
$class = ('alternate' == $class) ? '' : 'alternate';
+ $class .= ('unapproved' == $comment_status) ? ' unapproved' : '';
?>
-
+
'); return false } return confirm('')" />
')" />
+
Index: wp-admin/admin-ajax.php
===================================================================
--- wp-admin/admin-ajax.php (revision 0)
+++ wp-admin/admin-ajax.php (revision 0)
@@ -0,0 +1,209 @@
+escape( rawurldecode(stripslashes($i)) );
+ return $i;
+}
+
+function wp_ajax_echo_meta( $pid, $mid, $key, $value ) {
+ $r = "$mid$pid";
+ $r .= "| ";
+ $r .= "";
+ $r .= " | | ";
+ $r .= "
";
+ $r .= "";
+ $r .= " |
]]>";
+ return $r;
+}
+
+$_POST = wp_clean_ajax_input( $_POST );
+$id = (int) $_POST['id'];
+switch ( $_POST['action'] ) :
+case 'delete-comment' :
+ if ( !$comment = get_comment( $id ) )
+ die('0');
+ if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+ die('-1');
+
+ if ( wp_delete_comment( $comment->comment_ID ) )
+ die('1');
+ else die('0');
+ break;
+case 'delete-comment-as-spam' :
+ if ( !$comment = get_comment( $id ) )
+ die('0');
+ if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+ die('-1');
+
+ if ( wp_set_comment_status( $comment->comment_ID, 'spam' ) )
+ die('1');
+ else die('0');
+ break;
+case 'delete-cat' :
+ if ( !current_user_can( 'manage_categories' ) )
+ die('-1');
+
+ if ( wp_delete_category( $id ) )
+ die('1');
+ else die('0');
+ break;
+case 'delete-link' :
+ if ( !current_user_can( 'manage_links' ) )
+ die('-1');
+
+ if ( wp_delete_link( $id ) )
+ die('1');
+ else die('0');
+ break;
+case 'delete-meta' :
+ if ( !$meta = get_post_meta_by_id( $id ) )
+ die('0');
+ if ( !current_user_can( 'edit_post', $meta->post_id ) )
+ die('-1');
+ if ( delete_meta( $meta->meta_id ) )
+ die('1');
+ die('0');
+ break;
+case 'delete-post' :
+ if ( !current_user_can( 'delete_post', $id ) )
+ die('-1');
+
+ if ( wp_delete_post( $id ) )
+ die('1');
+ else die('0');
+ break;
+case 'delete-page' :
+ if ( !current_user_can( 'delete_page', $id ) )
+ die('-1');
+
+ if ( wp_delete_post( $id ) )
+ die('1');
+ else die('0');
+ break;
+case 'dim-comment' :
+ if ( !$comment = get_comment( $id ) )
+ die('0');
+ if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+ die('-1');
+ if ( !current_user_can( 'moderate_comments' ) )
+ die('-1');
+
+ if ( 'unapproved' == wp_get_comment_status($comment->comment_ID) ) {
+ if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
+ die('1');
+ } else {
+ if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
+ die('1');
+ }
+ die('0');
+ break;
+case 'add-category' : // On the Fly
+ if ( !current_user_can( 'manage_categories' ) )
+ die('-1');
+ $names = explode(',', $_POST['newcat']);
+ $r = "";
+ foreach ( $names as $cat_name ) {
+ $cat_name = trim($cat_name);
+ if ( !$category_nicename = sanitize_title($cat_name) )
+ die('0');
+ if ( !$cat_id = category_exists( $cat_name ) )
+ $cat_id = wp_create_category( $cat_name );
+ $cat_name = stripslashes($cat_name);
+ $r .= "$cat_id";
+ $r .= "]]>";
+ }
+ $r .= '';
+ header('Content-type: text/xml');
+ die($r);
+ break;
+case 'add-cat' : // From Manage->Categories
+ if ( !current_user_can( 'manage_categories' ) )
+ die('-1');
+ if ( !$cat = wp_insert_category( $_POST ) )
+ die('0');
+ if ( !$cat = get_category( $cat ) )
+ die('0');
+ $pad = 0;
+ $_cat = $cat;
+ while ( $_cat->category_parent ) {
+ $_cat = get_category( $_cat->category_parent );
+ $pad++;
+ }
+ $pad = str_repeat('— ', $pad);
+
+ $r = "";
+ $r .= "$cat->cat_ID";
+ $r .= "| $cat->cat_ID | $pad $cat->cat_name | ";
+ $r .= "$cat->category_description | $cat->category_count | $cat->link_count | ";
+ $r .= "" . __('Edit') . " | ";
+ $r .= "cat_name));
+ $r .= "\" );' class='delete'>".__('Delete')." |
|---|
";
+ $r .= "]]>";
+ header('Content-type: text/xml');
+ die($r);
+
+ break;
+case 'add-meta' :
+ if ( !current_user_can( 'edit_post', $id ) )
+ die('-1');
+ if ( $id < 0 ) {
+ if ( $pid = write_post() )
+ $meta = has_meta( $pid );
+ else
+ die('0');
+ $key = wp_specialchars( $meta[0]['meta_key'], true );
+ $value = wp_specialchars( $meta[0]['meta_value'], true );
+ $mid = (int) $meta[0]['meta_id'];
+ } else {
+ if ( $mid = add_meta( $id ) )
+ $meta = get_post_meta_by_id( $mid );
+ else
+ die('0');
+ $key = wp_specialchars($meta->meta_key, true);
+ $value = wp_specialchars($meta->meta_value, true);
+ $pid = (int) $meta->post_id;
+ }
+ $r = "";
+ $r .= wp_ajax_echo_meta( $pid, $mid, $key, $value );
+ $r .= '';
+ header('Content-type: text/xml');
+ die($r);
+ break;
+case 'update-meta' :
+ $mid = (int) array_pop(array_keys($_POST['meta']));
+ $key = $_POST['meta'][$mid]['key'];
+ $value = $_POST['meta'][$mid]['value'];
+ if ( !$meta = get_post_meta_by_id( $mid ) )
+ die('0');
+ if ( !current_user_can( 'edit_post', $meta->post_id ) )
+ die('-1');
+ $r = "";
+ if ( $u = update_meta( $mid, $key, $value ) ) {
+ $key = wp_specialchars(stripslashes($key), true);
+ $value = wp_specialchars(stripslashes($value), true);
+ $r .= wp_ajax_echo_meta( $meta->post_id, $mid, $key, $value );
+ }
+ $r .= '';
+ header('Content-type: text/xml');
+ die($r);
+ break;
+default :
+ die('0');
+ break;
+endswitch;
+?>
Index: wp-admin/list-manipulation.php
===================================================================
--- wp-admin/list-manipulation.php (revision 3659)
+++ wp-admin/list-manipulation.php (working copy)
@@ -1,69 +0,0 @@
-comment_post_ID ) )
- die('-1');
-
- if ( wp_delete_comment( $comment->comment_ID ) )
- die('1');
- else die('0');
- break;
-case 'delete-comment-as-spam' :
- if ( !$comment = get_comment( $id ) )
- die('0');
- if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
- die('-1');
-
- if ( wp_set_comment_status( $comment->comment_ID, 'spam' ) )
- die('1');
- else die('0');
- break;
-endswitch;
-?>
Index: wp-admin/edit-form-ajax-cat.php
===================================================================
--- wp-admin/edit-form-ajax-cat.php (revision 3659)
+++ wp-admin/edit-form-ajax-cat.php (working copy)
@@ -1,35 +0,0 @@
-
\ No newline at end of file
Index: wp-admin/wp-admin.css
===================================================================
--- wp-admin/wp-admin.css (revision 3659)
+++ wp-admin/wp-admin.css (working copy)
@@ -91,11 +91,6 @@
padding: .1em .3em;
}
-fieldset span.cat-nest {
- display: block;
- margin-left: 10px;
-}
-
fieldset.options {
padding: 1em;
}
@@ -326,6 +321,18 @@
color: #009ef0;
}
+.approve {
+ display: none;
+}
+
+.unapproved .approve {
+ display: inline;
+}
+
+.unapproved .unapprove {
+ display: none;
+}
+
.updated {
background: #CFEBF7 url(images/notice.gif) no-repeat 1em ;
border: 1px solid #2580B2;
@@ -804,11 +811,20 @@
margin-top: .5em;
}
-#categorydiv div div {
+#categorydiv ul {
+ list-style: none;
+ padding: 0;
+ margin-left:10px;
+}
+#categorychecklist {
height: 12em;
overflow: auto;
+ margin-top: 8px;
}
-
+#categorychecklist li {
+ margin: 0;
+ padding: 0;
+}
#ajaxcat input {
border: 1px solid #ccc;
}
@@ -951,4 +967,4 @@
#jaxcat {
margin: 0;
padding: 0;
-}
\ No newline at end of file
+}
Index: wp-admin/post.php
===================================================================
--- wp-admin/post.php (revision 3659)
+++ wp-admin/post.php (working copy)
@@ -17,15 +17,15 @@
}
}
}
-
if (isset($_POST['deletepost']))
$action = "delete";
switch($action) {
+case 'postajaxpost':
case 'post':
check_admin_referer();
- $post_ID = write_post();
+ $post_ID = 'post' == $action ? write_post() : edit_post();
// Redirect.
if (!empty($_POST['mode'])) {
Index: wp-admin/admin.php
===================================================================
--- wp-admin/admin.php (revision 3659)
+++ wp-admin/admin.php (working copy)
@@ -40,7 +40,7 @@
}
}
-$xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
+$xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $pmeta_js = $editing = false;
require(ABSPATH . '/wp-admin/menu.php');
Index: wp-admin/admin-functions.php
===================================================================
--- wp-admin/admin-functions.php (revision 3659)
+++ wp-admin/admin-functions.php (working copy)
@@ -602,12 +602,12 @@
function write_nested_categories($categories) {
foreach ($categories as $category) {
- echo '\n";
+ echo '\n";
- if (isset ($category['children'])) {
- echo "\n\n";
+ if ( $category['children'] ) {
+ echo "\n";
write_nested_categories($category['children']);
- echo "
\n";
+ echo "\n";
}
}
}
@@ -626,7 +626,7 @@
if ($categories) {
foreach ($categories as $category) {
if ($category->category_parent == $parent) {
- $category->cat_name = wp_specialchars($category->cat_name);
+ $category->cat_name = wp_specialchars($category->cat_name,'double');
$pad = str_repeat('— ', $level);
if ( current_user_can('manage_categories') ) {
$edit = "".__('Edit')."";
@@ -634,7 +634,7 @@
$default_link_cat_id = get_option('default_link_category');
if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) )
- $edit .= "cat_ID, '".sprintf(__("You are about to delete the category "%s". All of its posts and bookmarks will go to the default categories.\\n"OK" to delete, "Cancel" to stop."), wp_specialchars($category->cat_name, 1))."' );\" class='delete'>".__('Delete')."";
+ $edit .= " | cat_ID, '".sprintf(__("You are about to delete the category "%s". All of its posts and bookmarks will go to the default categories.\\n"OK" to delete, "Cancel" to stop."), addslashes($category->cat_name))."' );\" class='delete'>".__('Delete')."";
else
$edit .= " | ".__("Default");
}
@@ -684,7 +684,7 @@
| post_modified); ?> |
|
" . __('Edit') . ""; } ?> |
- " . __('Delete') . ""; } ?> |
+ " . __('Delete') . ""; } ?> |
'; //TBODY needed for list-manipulation JS
return;
+ }
$count = 0;
?>
-
- ";
+ echo $r;
+ echo "\n\t";
}
// Get a list of previously defined keys
@@ -886,7 +887,7 @@
LIMIT 10");
?>
-
+
-
+
escape(stripslashes(trim($_POST['metakeyselect'])));
$metakeyinput = $wpdb->escape(stripslashes(trim($_POST['metakeyinput'])));
@@ -926,7 +928,7 @@
// We have a key/value pair. If both the select and the
// input for the key have data, the input takes precedence:
- if ('#NONE#' != $metakeyselect)
+ if ('#NONE#' != $metakeyselect)
$metakey = $metakeyselect;
if ($metakeyinput)
@@ -937,21 +939,32 @@
(post_id,meta_key,meta_value)
VALUES ('$post_ID','$metakey','$metavalue')
");
+ return $wpdb->insert_id;
}
+ return false;
} // add_meta
function delete_meta($mid) {
global $wpdb;
+ $mid = (int) $mid;
- $result = $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
+ return $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'");
}
function update_meta($mid, $mkey, $mvalue) {
global $wpdb;
+ $mid = (int) $mid;
return $wpdb->query("UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'");
}
+function get_post_meta_by_id($mid) {
+ global $wpdb;
+ $mid = (int) $mid;
+
+ return $wpdb->get_row("SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'");
+}
+
function touch_time($edit = 1, $for_post = 1) {
global $month, $post, $comment;
Index: wp-admin/edit-page-form.php
===================================================================
--- wp-admin/edit-page-form.php (revision 3659)
+++ wp-admin/edit-page-form.php (working copy)
@@ -6,10 +6,10 @@
if (0 == $post_ID) {
$form_action = 'post';
$temp_ID = -1 * time();
- $form_extra = "";
+ $form_extra = "";
} else {
$form_action = 'editpost';
- $form_extra = "";
+ $form_extra = "";
}
$sendto = $_SERVER['HTTP_REFERER'];
@@ -209,14 +209,14 @@