WordPress 3.0 beta 1 documentation kindly provided to you by Hay Kranen
WordPress 3.0 beta 1 documentation kindly provided to you by Hay Kranen
| [ Index ] |
PHP Cross Reference of WordPress 3.0 beta 1 |
|
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress AJAX Process Execution. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** 10 * Executing AJAX process. 11 * 12 * @since unknown 13 */ 14 define('DOING_AJAX', true); 15 define('WP_ADMIN', true); 16 17 require_once ('../wp-load.php'); 18 19 if ( ! isset( $_REQUEST['action'] ) ) 20 die('-1'); 21 22 require_once ('includes/admin.php'); 23 @header('Content-Type: text/html; charset=' . get_option('blog_charset')); 24 send_nosniff_header(); 25 26 do_action('admin_init'); 27 28 if ( ! is_user_logged_in() ) { 29 30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) { 31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; 32 33 if ( ! $id ) 34 die('-1'); 35 36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 37 $x = new WP_Ajax_Response( array( 38 'what' => 'autosave', 39 'id' => $id, 40 'data' => $message 41 ) ); 42 $x->send(); 43 } 44 45 if ( !empty( $_REQUEST['action'] ) ) 46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 47 48 die('-1'); 49 } 50 51 if ( isset( $_GET['action'] ) ) : 52 switch ( $action = $_GET['action'] ) : 53 case 'ajax-tag-search' : 54 if ( !current_user_can( 'edit_posts' ) ) 55 die('-1'); 56 57 $s = $_GET['q']; // is this slashed already? 58 59 if ( isset($_GET['tax']) ) 60 $taxonomy = sanitize_title($_GET['tax']); 61 else 62 die('0'); 63 64 if ( false !== strpos( $s, ',' ) ) { 65 $s = explode( ',', $s ); 66 $s = $s[count( $s ) - 1]; 67 } 68 $s = trim( $s ); 69 if ( strlen( $s ) < 2 ) 70 die; // require 2 chars for matching 71 72 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" ); 73 74 echo join( $results, "\n" ); 75 die; 76 break; 77 case 'wp-compression-test' : 78 if ( !current_user_can( 'manage_options' ) ) 79 die('-1'); 80 81 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 82 update_site_option('can_compress_scripts', 0); 83 die('0'); 84 } 85 86 if ( isset($_GET['test']) ) { 87 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 88 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 89 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 90 header( 'Pragma: no-cache' ); 91 header('Content-Type: application/x-javascript; charset=UTF-8'); 92 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 93 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 94 95 if ( 1 == $_GET['test'] ) { 96 echo $test_str; 97 die; 98 } elseif ( 2 == $_GET['test'] ) { 99 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 100 die('-1'); 101 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 102 header('Content-Encoding: deflate'); 103 $out = gzdeflate( $test_str, 1 ); 104 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { 105 header('Content-Encoding: gzip'); 106 $out = gzencode( $test_str, 1 ); 107 } else { 108 die('-1'); 109 } 110 echo $out; 111 die; 112 } elseif ( 'no' == $_GET['test'] ) { 113 update_site_option('can_compress_scripts', 0); 114 } elseif ( 'yes' == $_GET['test'] ) { 115 update_site_option('can_compress_scripts', 1); 116 } 117 } 118 119 die('0'); 120 break; 121 case 'imgedit-preview' : 122 $post_id = intval($_GET['postid']); 123 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 124 die('-1'); 125 126 check_ajax_referer( "image_editor-$post_id" ); 127 128 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 129 if ( !stream_preview_image($post_id) ) 130 die('-1'); 131 132 die(); 133 break; 134 case 'oembed-cache' : 135 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 136 die( $return ); 137 break; 138 default : 139 do_action( 'wp_ajax_' . $_GET['action'] ); 140 die('0'); 141 break; 142 endswitch; 143 endif; 144 145 /** 146 * Sends back current comment total and new page links if they need to be updated. 147 * 148 * Contrary to normal success AJAX response ("1"), die with time() on success. 149 * 150 * @since 2.7 151 * 152 * @param int $comment_id 153 * @return die 154 */ 155 function _wp_ajax_delete_comment_response( $comment_id ) { 156 $total = (int) @$_POST['_total']; 157 $per_page = (int) @$_POST['_per_page']; 158 $page = (int) @$_POST['_page']; 159 $url = esc_url_raw( @$_POST['_url'] ); 160 // JS didn't send us everything we need to know. Just die with success message 161 if ( !$total || !$per_page || !$page || !$url ) 162 die( (string) time() ); 163 164 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one) 165 $total = 0; 166 167 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page 168 die( (string) time() ); 169 170 $post_id = 0; 171 $status = 'total_comments'; // What type of comment count are we looking for? 172 $parsed = parse_url( $url ); 173 if ( isset( $parsed['query'] ) ) { 174 parse_str( $parsed['query'], $query_vars ); 175 if ( !empty( $query_vars['comment_status'] ) ) 176 $status = $query_vars['comment_status']; 177 if ( !empty( $query_vars['p'] ) ) 178 $post_id = (int) $query_vars['p']; 179 } 180 181 $comment_count = wp_count_comments($post_id); 182 $time = time(); // The time since the last comment count 183 184 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 185 $total = $comment_count->$status; 186 // else use the decremented value from above 187 188 $page_links = paginate_links( array( 189 'base' => add_query_arg( 'apage', '%#%', $url ), 190 'format' => '', 191 'prev_text' => __('«'), 192 'next_text' => __('»'), 193 'total' => ceil($total / $per_page), 194 'current' => $page 195 ) ); 196 $x = new WP_Ajax_Response( array( 197 'what' => 'comment', 198 'id' => $comment_id, // here for completeness - not used 199 'supplemental' => array( 200 'pageLinks' => $page_links, 201 'total' => $total, 202 'time' => $time 203 ) 204 ) ); 205 $x->send(); 206 } 207 208 function _wp_ajax_add_hierarchical_term() { 209 $action = $_POST['action']; 210 $taxonomy = get_taxonomy(substr($action, 4)); 211 check_ajax_referer( $action ); 212 if ( !current_user_can( $taxonomy->edit_cap ) ) 213 die('-1'); 214 $names = explode(',', $_POST['new'.$taxonomy->name]); 215 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 216 if ( 0 > $parent ) 217 $parent = 0; 218 if ( $taxonomy->name == 'category' ) 219 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 220 else 221 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 222 $checked_categories = array_map( 'absint', (array) $post_category ); 223 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 224 225 foreach ( $names as $cat_name ) { 226 $cat_name = trim($cat_name); 227 $category_nicename = sanitize_title($cat_name); 228 if ( '' === $category_nicename ) 229 continue; 230 if ( !($cat_id = is_term($cat_name, $taxonomy->name, $parent)) ) { 231 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent)); 232 $cat_id = $new_term['term_id']; 233 } 234 $checked_categories[] = $cat_id; 235 if ( $parent ) // Do these all at once in a second 236 continue; 237 $category = get_term( $cat_id, $taxonomy->name ); 238 ob_start(); 239 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 240 $data = ob_get_contents(); 241 ob_end_clean(); 242 $add = array( 243 'what' => $taxonomy->name, 244 'id' => $cat_id, 245 'data' => str_replace( array("\n", "\t"), '', $data), 246 'position' => -1 247 ); 248 } 249 250 if ( $parent ) { // Foncy - replace the parent and all its children 251 $parent = get_term( $parent, $taxonomy->name ); 252 $term_id = $parent->term_id; 253 254 while ( $parent->parent ) { // get the top parent 255 $parent = &get_term( $parent->parent, $taxonomy->name ); 256 if ( is_wp_error( $parent ) ) 257 break; 258 $term_id = $parent->term_id; 259 } 260 261 ob_start(); 262 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 263 $data = ob_get_contents(); 264 ob_end_clean(); 265 $add = array( 266 'what' => $taxonomy->name, 267 'id' => $term_id, 268 'data' => str_replace( array("\n", "\t"), '', $data), 269 'position' => -1 270 ); 271 } 272 273 ob_start(); 274 wp_dropdown_categories( array( 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => sprintf( __('— Parent %s —'), $taxonomy->singular_label ) ) ); 275 $sup = ob_get_contents(); 276 ob_end_clean(); 277 $add['supplemental'] = array( 'newcat_parent' => $sup ); 278 279 $x = new WP_Ajax_Response( $add ); 280 $x->send(); 281 } 282 283 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 284 switch ( $action = $_POST['action'] ) : 285 case 'delete-comment' : // On success, die with time() instead of 1 286 if ( !$comment = get_comment( $id ) ) 287 die( (string) time() ); 288 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 289 die('-1'); 290 291 check_ajax_referer( "delete-comment_$id" ); 292 $status = wp_get_comment_status( $comment->comment_ID ); 293 294 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 295 if ( 'trash' == $status ) 296 die( (string) time() ); 297 $r = wp_trash_comment( $comment->comment_ID ); 298 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 299 if ( 'trash' != $status ) 300 die( (string) time() ); 301 $r = wp_untrash_comment( $comment->comment_ID ); 302 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 303 if ( 'spam' == $status ) 304 die( (string) time() ); 305 $r = wp_spam_comment( $comment->comment_ID ); 306 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 307 if ( 'spam' != $status ) 308 die( (string) time() ); 309 $r = wp_unspam_comment( $comment->comment_ID ); 310 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 311 $r = wp_delete_comment( $comment->comment_ID ); 312 } else { 313 die('-1'); 314 } 315 316 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 317 _wp_ajax_delete_comment_response( $comment->comment_ID ); 318 die( '0' ); 319 break; 320 case 'delete-tag' : 321 $tag_id = (int) $_POST['tag_ID']; 322 check_ajax_referer( "delete-tag_$tag_id" ); 323 324 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 325 $tax = get_taxonomy($taxonomy); 326 327 if ( !current_user_can( $tax->delete_cap ) ) 328 die('-1'); 329 330 $tag = get_term( $tag_id, $taxonomy ); 331 if ( !$tag || is_wp_error( $tag ) ) 332 die('1'); 333 334 if ( wp_delete_term($tag_id, $taxonomy)) 335 die('1'); 336 else 337 die('0'); 338 break; 339 case 'delete-link-cat' : 340 check_ajax_referer( "delete-link-category_$id" ); 341 if ( !current_user_can( 'manage_categories' ) ) 342 die('-1'); 343 344 $cat = get_term( $id, 'link_category' ); 345 if ( !$cat || is_wp_error( $cat ) ) 346 die('1'); 347 348 $cat_name = get_term_field('name', $id, 'link_category'); 349 350 $default = get_option('default_link_category'); 351 352 // Don't delete the default cats. 353 if ( $id == $default ) { 354 $x = new WP_AJAX_Response( array( 355 'what' => 'link-cat', 356 'id' => $id, 357 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) ) 358 ) ); 359 $x->send(); 360 } 361 362 $r = wp_delete_term($id, 'link_category', array('default' => $default)); 363 if ( !$r ) 364 die('0'); 365 if ( is_wp_error($r) ) { 366 $x = new WP_AJAX_Response( array( 367 'what' => 'link-cat', 368 'id' => $id, 369 'data' => $r 370 ) ); 371 $x->send(); 372 } 373 die('1'); 374 break; 375 case 'delete-link' : 376 check_ajax_referer( "delete-bookmark_$id" ); 377 if ( !current_user_can( 'manage_links' ) ) 378 die('-1'); 379 380 $link = get_bookmark( $id ); 381 if ( !$link || is_wp_error( $link ) ) 382 die('1'); 383 384 if ( wp_delete_link( $id ) ) 385 die('1'); 386 else 387 die('0'); 388 break; 389 case 'delete-meta' : 390 check_ajax_referer( "delete-meta_$id" ); 391 if ( !$meta = get_post_meta_by_id( $id ) ) 392 die('1'); 393 394 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 395 die('-1'); 396 if ( delete_meta( $meta->meta_id ) ) 397 die('1'); 398 die('0'); 399 break; 400 case 'delete-post' : 401 check_ajax_referer( "{$action}_$id" ); 402 if ( !current_user_can( 'delete_post', $id ) ) 403 die('-1'); 404 405 if ( !get_post( $id ) ) 406 die('1'); 407 408 if ( wp_delete_post( $id ) ) 409 die('1'); 410 else 411 die('0'); 412 break; 413 case 'trash-post' : 414 case 'untrash-post' : 415 check_ajax_referer( "{$action}_$id" ); 416 if ( !current_user_can( 'delete_post', $id ) ) 417 die('-1'); 418 419 if ( !get_post( $id ) ) 420 die('1'); 421 422 if ( 'trash-post' == $action ) 423 $done = wp_trash_post( $id ); 424 else 425 $done = wp_untrash_post( $id ); 426 427 if ( $done ) 428 die('1'); 429 430 die('0'); 431 break; 432 case 'delete-page' : 433 check_ajax_referer( "{$action}_$id" ); 434 if ( !current_user_can( 'delete_page', $id ) ) 435 die('-1'); 436 437 if ( !get_page( $id ) ) 438 die('1'); 439 440 if ( wp_delete_post( $id ) ) 441 die('1'); 442 else 443 die('0'); 444 break; 445 case 'dim-comment' : // On success, die with time() instead of 1 446 447 if ( !$comment = get_comment( $id ) ) { 448 $x = new WP_Ajax_Response( array( 449 'what' => 'comment', 450 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 451 ) ); 452 $x->send(); 453 } 454 455 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) ) 456 die('-1'); 457 458 $current = wp_get_comment_status( $comment->comment_ID ); 459 if ( $_POST['new'] == $current ) 460 die( (string) time() ); 461 462 check_ajax_referer( "approve-comment_$id" ); 463 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 464 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 465 else 466 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 467 468 if ( is_wp_error($result) ) { 469 $x = new WP_Ajax_Response( array( 470 'what' => 'comment', 471 'id' => $result 472 ) ); 473 $x->send(); 474 } 475 476 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 477 _wp_ajax_delete_comment_response( $comment->comment_ID ); 478 die( '0' ); 479 break; 480 case 'add-link-category' : // On the Fly 481 check_ajax_referer( $action ); 482 if ( !current_user_can( 'manage_categories' ) ) 483 die('-1'); 484 $names = explode(',', $_POST['newcat']); 485 $x = new WP_Ajax_Response(); 486 foreach ( $names as $cat_name ) { 487 $cat_name = trim($cat_name); 488 $slug = sanitize_title($cat_name); 489 if ( '' === $slug ) 490 continue; 491 if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) { 492 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 493 } 494 $cat_id = $cat_id['term_id']; 495 $cat_name = esc_html(stripslashes($cat_name)); 496 $x->add( array( 497 'what' => 'link-category', 498 'id' => $cat_id, 499 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 500 'position' => -1 501 ) ); 502 } 503 $x->send(); 504 break; 505 case 'add-link-cat' : // From Blogroll -> Categories 506 check_ajax_referer( 'add-link-category' ); 507 if ( !current_user_can( 'manage_categories' ) ) 508 die('-1'); 509 510 if ( '' === trim($_POST['name']) ) { 511 $x = new WP_Ajax_Response( array( 512 'what' => 'link-cat', 513 'id' => new WP_Error( 'name', __('You did not enter a category name.') ) 514 ) ); 515 $x->send(); 516 } 517 518 $r = wp_insert_term($_POST['name'], 'link_category', $_POST ); 519 if ( is_wp_error( $r ) ) { 520 $x = new WP_AJAX_Response( array( 521 'what' => 'link-cat', 522 'id' => $r 523 ) ); 524 $x->send(); 525 } 526 527 extract($r, EXTR_SKIP); 528 529 if ( !$link_cat = link_cat_row( $term_id ) ) 530 die('0'); 531 532 $x = new WP_Ajax_Response( array( 533 'what' => 'link-cat', 534 'id' => $term_id, 535 'position' => -1, 536 'data' => $link_cat 537 ) ); 538 $x->send(); 539 break; 540 case 'add-tag' : // From Manage->Tags 541 check_ajax_referer( 'add-tag' ); 542 543 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 544 $tax = get_taxonomy($taxonomy); 545 546 $x = new WP_Ajax_Response(); 547 548 if ( !current_user_can( $tax->edit_cap ) ) 549 die('-1'); 550 551 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 552 553 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 554 $message = __('An error has occured. Please reload the page and try again.'); 555 if ( is_wp_error($tag) && $tag->get_error_message() ) 556 $message = $tag->get_error_message(); 557 558 $x->add( array( 559 'what' => 'taxonomy', 560 'data' => new WP_Error('error', $message ) 561 ) ); 562 $x->send(); 563 } 564 565 $level = 0; 566 $tag_full_name = false; 567 $tag_full_name = $tag->name; 568 if ( is_taxonomy_hierarchical($taxonomy) ) { 569 $_tag = $tag; 570 while ( $_tag->parent ) { 571 $_tag = get_term( $_tag->parent, $taxonomy ); 572 $tag_full_name = $_tag->name . ' — ' . $tag_full_name; 573 $level++; 574 } 575 } 576 if ( is_taxonomy_hierarchical($taxonomy) ) 577 $noparents = _tag_row( $tag, $level, $taxonomy ); 578 $tag->name = $tag_full_name; 579 $parents = _tag_row( $tag, 0, $taxonomy); 580 581 $x->add( array( 582 'what' => 'taxonomy', 583 'supplemental' => compact('parents', 'noparents') 584 ) ); 585 $x->add( array( 586 'what' => 'term', 587 'position' => $level, 588 'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name. 589 ) ); 590 $x->send(); 591 break; 592 case 'get-tagcloud' : 593 if ( !current_user_can( 'edit_posts' ) ) 594 die('-1'); 595 596 if ( isset($_POST['tax']) ) 597 $taxonomy = sanitize_title($_POST['tax']); 598 else 599 die('0'); 600 601 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 602 603 if ( empty( $tags ) ) { 604 $tax = get_taxonomy( $taxonomy ); 605 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 606 } 607 608 if ( is_wp_error($tags) ) 609 die($tags->get_error_message()); 610 611 foreach ( $tags as $key => $tag ) { 612 $tags[ $key ]->link = '#'; 613 $tags[ $key ]->id = $tag->term_id; 614 } 615 616 // We need raw tag names here, so don't filter the output 617 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 618 619 if ( empty($return) ) 620 die('0'); 621 622 echo $return; 623 624 exit; 625 break; 626 case 'add-comment' : 627 check_ajax_referer( $action ); 628 if ( !current_user_can( 'edit_posts' ) ) 629 die('-1'); 630 $search = isset($_POST['s']) ? $_POST['s'] : false; 631 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all'; 632 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28; 633 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1; 634 if ( 1 > $start ) 635 $start = 27; 636 637 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail'; 638 $p = isset($_POST['p']) ? $_POST['p'] : 0; 639 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : ''; 640 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type ); 641 642 if ( get_option('show_avatars') ) 643 add_filter( 'comment_author', 'floated_admin_avatar' ); 644 645 if ( !$comments ) 646 die('1'); 647 $x = new WP_Ajax_Response(); 648 foreach ( (array) $comments as $comment ) { 649 get_comment( $comment ); 650 ob_start(); 651 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true ); 652 $comment_list_item = ob_get_contents(); 653 ob_end_clean(); 654 $x->add( array( 655 'what' => 'comment', 656 'id' => $comment->comment_ID, 657 'data' => $comment_list_item 658 ) ); 659 } 660 $x->send(); 661 break; 662 case 'get-comments' : 663 check_ajax_referer( $action ); 664 665 $post_ID = (int) $_POST['post_ID']; 666 if ( !current_user_can( 'edit_post', $post_ID ) ) 667 die('-1'); 668 669 $start = isset($_POST['start']) ? intval($_POST['start']) : 0; 670 $num = isset($_POST['num']) ? intval($_POST['num']) : 10; 671 672 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID ); 673 674 if ( !$comments ) 675 die('1'); 676 677 $comment_list_item = ''; 678 $x = new WP_Ajax_Response(); 679 foreach ( (array) $comments as $comment ) { 680 get_comment( $comment ); 681 ob_start(); 682 _wp_comment_row( $comment->comment_ID, 'single', false, false ); 683 $comment_list_item .= ob_get_contents(); 684 ob_end_clean(); 685 } 686 $x->add( array( 687 'what' => 'comments', 688 'data' => $comment_list_item 689 ) ); 690 $x->send(); 691 break; 692 case 'replyto-comment' : 693 check_ajax_referer( $action ); 694 695 $comment_post_ID = (int) $_POST['comment_post_ID']; 696 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 697 die('-1'); 698 699 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 700 701 if ( empty($status) ) 702 die('1'); 703 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 704 die( __('Error: you are replying to a comment on a draft post.') ); 705 706 $user = wp_get_current_user(); 707 if ( $user->ID ) { 708 $comment_author = $wpdb->escape($user->display_name); 709 $comment_author_email = $wpdb->escape($user->user_email); 710 $comment_author_url = $wpdb->escape($user->user_url); 711 $comment_content = trim($_POST['content']); 712 if ( current_user_can('unfiltered_html') ) { 713 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 714 kses_remove_filters(); // start with a clean slate 715 kses_init_filters(); // set up the filters 716 } 717 } 718 } else { 719 die( __('Sorry, you must be logged in to reply to a comment.') ); 720 } 721 722 if ( '' == $comment_content ) 723 die( __('Error: please type a comment.') ); 724 725 $comment_parent = absint($_POST['comment_ID']); 726 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 727 728 $comment_id = wp_new_comment( $commentdata ); 729 $comment = get_comment($comment_id); 730 if ( ! $comment ) die('1'); 731 732 $modes = array( 'single', 'detail', 'dashboard' ); 733 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail'; 734 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 735 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 736 737 if ( get_option('show_avatars') && 'single' != $mode ) 738 add_filter( 'comment_author', 'floated_admin_avatar' ); 739 740 $x = new WP_Ajax_Response(); 741 742 ob_start(); 743 if ( 'dashboard' == $mode ) { 744 require_once ( ABSPATH . 'wp-admin/includes/dashboard.php' ); 745 _wp_dashboard_recent_comments_row( $comment, false ); 746 } else { 747 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox ); 748 } 749 $comment_list_item = ob_get_contents(); 750 ob_end_clean(); 751 752 $x->add( array( 753 'what' => 'comment', 754 'id' => $comment->comment_ID, 755 'data' => $comment_list_item, 756 'position' => $position 757 )); 758 759 $x->send(); 760 break; 761 case 'edit-comment' : 762 check_ajax_referer( 'replyto-comment' ); 763 764 $comment_post_ID = (int) $_POST['comment_post_ID']; 765 if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) 766 die('-1'); 767 768 if ( '' == $_POST['content'] ) 769 die( __('Error: please type a comment.') ); 770 771 $comment_id = (int) $_POST['comment_ID']; 772 $_POST['comment_status'] = $_POST['status']; 773 edit_comment(); 774 775 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail'; 776 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 777 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 778 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 779 780 if ( get_option('show_avatars') && 'single' != $mode ) 781 add_filter( 'comment_author', 'floated_admin_avatar' ); 782 783 $x = new WP_Ajax_Response(); 784 785 ob_start(); 786 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox ); 787 $comment_list_item = ob_get_contents(); 788 ob_end_clean(); 789 790 $x->add( array( 791 'what' => 'edit_comment', 792 'id' => $comment->comment_ID, 793 'data' => $comment_list_item, 794 'position' => $position 795 )); 796 797 $x->send(); 798 break; 799 case 'add-meta' : 800 check_ajax_referer( 'add-meta' ); 801 $c = 0; 802 $pid = (int) $_POST['post_id']; 803 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 804 if ( !current_user_can( 'edit_post', $pid ) ) 805 die('-1'); 806 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 807 die('1'); 808 if ( $pid < 0 ) { 809 $now = current_time('timestamp', 1); 810 if ( $pid = wp_insert_post( array( 811 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)) 812 ) ) ) { 813 if ( is_wp_error( $pid ) ) { 814 $x = new WP_Ajax_Response( array( 815 'what' => 'meta', 816 'data' => $pid 817 ) ); 818 $x->send(); 819 } 820 if ( !$mid = add_meta( $pid ) ) 821 die(__('Please provide a custom field value.')); 822 } else { 823 die('0'); 824 } 825 } else if ( !$mid = add_meta( $pid ) ) { 826 die(__('Please provide a custom field value.')); 827 } 828 829 $meta = get_post_meta_by_id( $mid ); 830 $pid = (int) $meta->post_id; 831 $meta = get_object_vars( $meta ); 832 $x = new WP_Ajax_Response( array( 833 'what' => 'meta', 834 'id' => $mid, 835 'data' => _list_meta_row( $meta, $c ), 836 'position' => 1, 837 'supplemental' => array('postid' => $pid) 838 ) ); 839 } else { // Update? 840 $mid = (int) array_pop(array_keys($_POST['meta'])); 841 $key = $_POST['meta'][$mid]['key']; 842 $value = $_POST['meta'][$mid]['value']; 843 if ( !$meta = get_post_meta_by_id( $mid ) ) 844 die('0'); // if meta doesn't exist 845 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 846 die('-1'); 847 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) { 848 if ( !$u = update_meta( $mid, $key, $value ) ) 849 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 850 } 851 852 $key = stripslashes($key); 853 $value = stripslashes($value); 854 $x = new WP_Ajax_Response( array( 855 'what' => 'meta', 856 'id' => $mid, 'old_id' => $mid, 857 'data' => _list_meta_row( array( 858 'meta_key' => $key, 859 'meta_value' => $value, 860 'meta_id' => $mid 861 ), $c ), 862 'position' => 0, 863 'supplemental' => array('postid' => $meta->post_id) 864 ) ); 865 } 866 $x->send(); 867 break; 868 case 'add-user' : 869 check_ajax_referer( $action ); 870 if ( !current_user_can('create_users') ) 871 die('-1'); 872 require_once(ABSPATH . WPINC . '/registration.php'); 873 if ( !$user_id = add_user() ) 874 die('0'); 875 elseif ( is_wp_error( $user_id ) ) { 876 $x = new WP_Ajax_Response( array( 877 'what' => 'user', 878 'id' => $user_id 879 ) ); 880 $x->send(); 881 } 882 $user_object = new WP_User( $user_id ); 883 884 $x = new WP_Ajax_Response( array( 885 'what' => 'user', 886 'id' => $user_id, 887 'data' => user_row( $user_object, '', $user_object->roles[0] ), 888 'supplemental' => array( 889 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 890 'role' => $user_object->roles[0] 891 ) 892 ) ); 893 $x->send(); 894 break; 895 case 'autosave' : // The name of this action is hardcoded in edit_post() 896 define( 'DOING_AUTOSAVE', true ); 897 898 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 899 global $current_user; 900 901 $_POST['post_category'] = explode(",", $_POST['catslist']); 902 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) 903 unset($_POST['post_category']); 904 905 $do_autosave = (bool) $_POST['autosave']; 906 $do_lock = true; 907 908 $data = ''; 909 /* translators: draft saved date format, see http://php.net/date */ 910 $draft_saved_date_format = __('g:i:s a'); 911 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); 912 913 $supplemental = array(); 914 if ( isset($login_grace_period) ) 915 $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() ); 916 917 $id = $revision_id = 0; 918 919 $post_ID = (int) $_POST['post_ID']; 920 $_POST['ID'] = $post_ID; 921 $post = get_post($post_ID); 922 if ( 'auto-draft' == $post->post_status ) 923 $_POST['post_status'] = 'draft'; 924 925 if ( $last = wp_check_post_lock( $post->ID ) ) { 926 $do_autosave = $do_lock = false; 927 928 $last_user = get_userdata( $last ); 929 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 930 $data = new WP_Error( 'locked', sprintf( 931 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ), 932 esc_html( $last_user_name ) 933 ) ); 934 935 $supplemental['disable_autosave'] = 'disable'; 936 } 937 938 if ( 'page' == $post->post_type ) { 939 if ( !current_user_can('edit_page', $post_ID) ) 940 die(__('You are not allowed to edit this page.')); 941 } else { 942 if ( !current_user_can('edit_post', $post_ID) ) 943 die(__('You are not allowed to edit this post.')); 944 } 945 946 if ( $do_autosave ) { 947 // Drafts and auto-drafts are just overwritten by autosave 948 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) { 949 $id = edit_post(); 950 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 951 $revision_id = wp_create_post_autosave( $post->ID ); 952 if ( is_wp_error($revision_id) ) 953 $id = $revision_id; 954 else 955 $id = $post->ID; 956 } 957 $data = $message; 958 } else { 959 if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] ) 960 $id = 0; // This tells us it didn't actually save 961 else 962 $id = $post->ID; 963 } 964 965 if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) ) 966 wp_set_post_lock( $id ); 967 968 if ( $nonce_age == 2 ) { 969 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 970 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 971 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 972 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 973 if ( $id ) { 974 if ( $_POST['post_type'] == 'post' ) 975 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 976 elseif ( $_POST['post_type'] == 'page' ) 977 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 978 } 979 } 980 981 $x = new WP_Ajax_Response( array( 982 'what' => 'autosave', 983 'id' => $id, 984 'data' => $id ? $data : '', 985 'supplemental' => $supplemental 986 ) ); 987 $x->send(); 988 break; 989 case 'closed-postboxes' : 990 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 991 $closed = isset( $_POST['closed'] ) ? $_POST['closed'] : ''; 992 $closed = explode( ',', $_POST['closed'] ); 993 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 994 $hidden = explode( ',', $_POST['hidden'] ); 995 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 996 997 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 998 die('-1'); 999 1000 if ( ! $user = wp_get_current_user() ) 1001 die('-1'); 1002 1003 if ( is_array($closed) ) 1004 update_user_option($user->ID, "closedpostboxes_$page", $closed); 1005 1006 if ( is_array($hidden) ) { 1007 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1008 update_user_option($user->ID, "meta-box-hidden_$page", $hidden); 1009 } 1010 1011 die('1'); 1012 break; 1013 case 'hidden-columns' : 1014 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1015 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1016 $hidden = explode( ',', $_POST['hidden'] ); 1017 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1018 1019 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1020 die('-1'); 1021 1022 if ( ! $user = wp_get_current_user() ) 1023 die('-1'); 1024 1025 if ( is_array($hidden) ) 1026 update_user_option($user->ID, "manage-$page-columns-hidden", $hidden); 1027 1028 die('1'); 1029 break; 1030 case 'meta-box-order': 1031 check_ajax_referer( 'meta-box-order' ); 1032 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1033 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0; 1034 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1035 1036 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1037 die('-1'); 1038 1039 if ( ! $user = wp_get_current_user() ) 1040 die('-1'); 1041 1042 if ( $order ) 1043 update_user_option($user->ID, "meta-box-order_$page", $order); 1044 1045 if ( $page_columns ) 1046 update_user_option($user->ID, "screen_layout_$page", $page_columns); 1047 1048 die('1'); 1049 break; 1050 case 'get-permalink': 1051 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1052 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1053 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1054 break; 1055 case 'sample-permalink': 1056 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1057 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1058 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1059 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : ''; 1060 die(get_sample_permalink_html($post_id, $title, $slug)); 1061 break; 1062 case 'inline-save': 1063 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1064 1065 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1066 exit; 1067 1068 if ( 'page' == $_POST['post_type'] ) { 1069 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1070 die( __('You are not allowed to edit this page.') ); 1071 } else { 1072 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1073 die( __('You are not allowed to edit this post.') ); 1074 } 1075 1076 if ( isset($_POST['screen']) ) 1077 set_current_screen($_POST['screen']); 1078 1079 if ( $last = wp_check_post_lock( $post_ID ) ) { 1080 $last_user = get_userdata( $last ); 1081 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1082 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1083 exit; 1084 } 1085 1086 $data = &$_POST; 1087 1088 $post = get_post( $post_ID, ARRAY_A ); 1089 $post = add_magic_quotes($post); //since it is from db 1090 1091 $data['content'] = $post['post_content']; 1092 $data['excerpt'] = $post['post_excerpt']; 1093 1094 // rename 1095 $data['user_ID'] = $GLOBALS['user_ID']; 1096 1097 if ( isset($data['post_parent']) ) 1098 $data['parent_id'] = $data['post_parent']; 1099 1100 // status 1101 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1102 $data['post_status'] = 'private'; 1103 else 1104 $data['post_status'] = $data['_status']; 1105 1106 if ( empty($data['comment_status']) ) 1107 $data['comment_status'] = 'closed'; 1108 if ( empty($data['ping_status']) ) 1109 $data['ping_status'] = 'closed'; 1110 1111 // update the post 1112 edit_post(); 1113 1114 $post = array(); 1115 if ( 'page' == $_POST['post_type'] ) { 1116 $post[] = get_post($_POST['post_ID']); 1117 page_rows($post); 1118 } elseif ( 'post' == $_POST['post_type'] || in_array($_POST['post_type'], get_post_types( array('public' => true) ) ) ) { 1119 $mode = $_POST['post_view']; 1120 $post[] = get_post($_POST['post_ID']); 1121 post_rows($post); 1122 } 1123 1124 exit; 1125 break; 1126 case 'inline-save-tax': 1127 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1128 1129 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false; 1130 if ( ! $taxonomy ) 1131 die( __('Cheatin’ uh?') ); 1132 $tax = get_taxonomy($taxonomy); 1133 1134 if ( ! current_user_can( $tax->edit_cap ) ) 1135 die( __('Cheatin’ uh?') ); 1136 1137 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1138 die(-1); 1139 1140 switch ($_POST['tax_type']) { 1141 case 'link-cat' : 1142 $updated = wp_update_term($id, 'link_category', $_POST); 1143 1144 if ( $updated && !is_wp_error($updated) ) 1145 echo link_cat_row($updated['term_id']); 1146 else 1147 die( __('Category not updated.') ); 1148 1149 break; 1150 case 'tag' : 1151 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 1152 1153 $tag = get_term( $id, $taxonomy ); 1154 $_POST['description'] = $tag->description; 1155 1156 $updated = wp_update_term($id, $taxonomy, $_POST); 1157 if ( $updated && !is_wp_error($updated) ) { 1158 $tag = get_term( $updated['term_id'], $taxonomy ); 1159 if ( !$tag || is_wp_error( $tag ) ) { 1160 if ( is_wp_error($tag) && $tag->get_error_message() ) 1161 die( $tag->get_error_message() ); 1162 die( __('Item not updated.') ); 1163 } 1164 1165 echo _tag_row($tag, 0, $taxonomy); 1166 } else { 1167 if ( is_wp_error($updated) && $updated->get_error_message() ) 1168 die( $updated->get_error_message() ); 1169 die( __('Item not updated.') ); 1170 } 1171 1172 break; 1173 } 1174 1175 exit; 1176 break; 1177 case 'find_posts': 1178 check_ajax_referer( 'find-posts' ); 1179 1180 if ( empty($_POST['ps']) ) 1181 exit; 1182 1183 $what = isset($_POST['pages']) ? 'page' : 'post'; 1184 $s = stripslashes($_POST['ps']); 1185 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1186 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1187 1188 $searchand = $search = ''; 1189 foreach ( (array) $search_terms as $term ) { 1190 $term = addslashes_gpc($term); 1191 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1192 $searchand = ' AND '; 1193 } 1194 $term = $wpdb->escape($s); 1195 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1196 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1197 1198 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1199 1200 if ( ! $posts ) 1201 exit( __('No posts found.') ); 1202 1203 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1204 foreach ( $posts as $post ) { 1205 1206 switch ( $post->post_status ) { 1207 case 'publish' : 1208 case 'private' : 1209 $stat = __('Published'); 1210 break; 1211 case 'future' : 1212 $stat = __('Scheduled'); 1213 break; 1214 case 'pending' : 1215 $stat = __('Pending Review'); 1216 break; 1217 case 'draft' : 1218 $stat = __('Draft'); 1219 break; 1220 } 1221 1222 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1223 $time = ''; 1224 } else { 1225 /* translators: date format in table columns, see http://php.net/date */ 1226 $time = mysql2date(__('Y/m/d'), $post->post_date); 1227 } 1228 1229 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1230 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1231 } 1232 $html .= '</tbody></table>'; 1233 1234 $x = new WP_Ajax_Response(); 1235 $x->add( array( 1236 'what' => $what, 1237 'data' => $html 1238 )); 1239 $x->send(); 1240 1241 break; 1242 case 'lj-importer' : 1243 check_ajax_referer( 'lj-api-import' ); 1244 if ( !current_user_can( 'publish_posts' ) ) 1245 die('-1'); 1246 if ( empty( $_POST['step'] ) ) 1247 die( '-1' ); 1248 define('WP_IMPORTING', true); 1249 include ( ABSPATH . 'wp-admin/import/livejournal.php' ); 1250 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }(); 1251 if ( is_wp_error( $result ) ) 1252 echo $result->get_error_message(); 1253 die; 1254 break; 1255 case 'widgets-order' : 1256 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1257 1258 if ( !current_user_can('switch_themes') ) 1259 die('-1'); 1260 1261 unset( $_POST['savewidgets'], $_POST['action'] ); 1262 1263 // save widgets order for all sidebars 1264 if ( is_array($_POST['sidebars']) ) { 1265 $sidebars = array(); 1266 foreach ( $_POST['sidebars'] as $key => $val ) { 1267 $sb = array(); 1268 if ( !empty($val) ) { 1269 $val = explode(',', $val); 1270 foreach ( $val as $k => $v ) { 1271 if ( strpos($v, 'widget-') === false ) 1272 continue; 1273 1274 $sb[$k] = substr($v, strpos($v, '_') + 1); 1275 } 1276 } 1277 $sidebars[$key] = $sb; 1278 } 1279 wp_set_sidebars_widgets($sidebars); 1280 die('1'); 1281 } 1282 1283 die('-1'); 1284 break; 1285 case 'save-widget' : 1286 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1287 1288 if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) ) 1289 die('-1'); 1290 1291 unset( $_POST['savewidgets'], $_POST['action'] ); 1292 1293 do_action('load-widgets.php'); 1294 do_action('widgets.php'); 1295 do_action('sidebar_admin_setup'); 1296 1297 $id_base = $_POST['id_base']; 1298 $widget_id = $_POST['widget-id']; 1299 $sidebar_id = $_POST['sidebar']; 1300 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1301 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1302 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>'; 1303 1304 $sidebars = wp_get_sidebars_widgets(); 1305 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1306 1307 // delete 1308 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1309 1310 if ( !isset($wp_registered_widgets[$widget_id]) ) 1311 die($error); 1312 1313 $sidebar = array_diff( $sidebar, array($widget_id) ); 1314 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1315 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1316 if ( !$multi_number ) 1317 die($error); 1318 1319 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1320 $widget_id = $id_base . '-' . $multi_number; 1321 $sidebar[] = $widget_id; 1322 } 1323 $_POST['widget-id'] = $sidebar; 1324 1325 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1326 1327 if ( $name == $id_base ) { 1328 if ( !is_callable( $control['callback'] ) ) 1329 continue; 1330 1331 ob_start(); 1332 call_user_func_array( $control['callback'], $control['params'] ); 1333 ob_end_clean(); 1334 break; 1335 } 1336 } 1337 1338 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1339 $sidebars[$sidebar_id] = $sidebar; 1340 wp_set_sidebars_widgets($sidebars); 1341 echo "deleted:$widget_id"; 1342 die(); 1343 } 1344 1345 if ( !empty($_POST['add_new']) ) 1346 die(); 1347 1348 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1349 call_user_func_array( $form['callback'], $form['params'] ); 1350 1351 die(); 1352 break; 1353 case 'image-editor': 1354 $attachment_id = intval($_POST['postid']); 1355 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1356 die('-1'); 1357 1358 check_ajax_referer( "image_editor-$attachment_id" ); 1359 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1360 1361 $msg = false; 1362 switch ( $_POST['do'] ) { 1363 case 'save' : 1364 $msg = wp_save_image($attachment_id); 1365 $msg = json_encode($msg); 1366 die($msg); 1367 break; 1368 case 'scale' : 1369 $msg = wp_save_image($attachment_id); 1370 break; 1371 case 'restore' : 1372 $msg = wp_restore_image($attachment_id); 1373 break; 1374 } 1375 1376 wp_image_editor($attachment_id, $msg); 1377 die(); 1378 break; 1379 case 'set-post-thumbnail': 1380 $post_id = intval( $_POST['post_id'] ); 1381 if ( !current_user_can( 'edit_post', $post_id ) ) 1382 die( '-1' ); 1383 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1384 1385 if ( $thumbnail_id == '-1' ) { 1386 delete_post_meta( $post_id, '_thumbnail_id' ); 1387 die( _wp_post_thumbnail_html() ); 1388 } 1389 1390 if ( $thumbnail_id && get_post( $thumbnail_id ) ) { 1391 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ); 1392 if ( !empty( $thumbnail_html ) ) { 1393 update_post_meta( $post_id, '_thumbnail_id', $thumbnail_id ); 1394 die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1395 } 1396 } 1397 die( '0' ); 1398 case 'save-custom-link': 1399 if ( ! current_user_can('manage_links') ) 1400 die('-1'); 1401 1402 $link_name = isset( $_POST['link_name'] ) ? esc_html($_POST['link_name']) : null; 1403 $link_url = isset( $_POST['link_url'] ) ? esc_url_raw($_POST['link_url']) : null; 1404 1405 if ( !$link_name || !$link_url ) 1406 die('-1'); 1407 1408 $post = array( 1409 'post_status' => 'draft', 'post_type' => 'nav_menu_item', 'ping_status' => 0, 1410 'post_author' => $user_ID, 'post_title' => $link_name, 'post_excerpt' => '', 1411 'post_parent' => 0, 'menu_order' => 0, 'post_content' => '', 1412 ); 1413 1414 $link_id = wp_insert_post( $post ); 1415 1416 update_post_meta( $link_id, '_menu_item_type', 'custom' ); 1417 update_post_meta( $link_id, '_menu_item_object_id', (int) $link_id ); 1418 update_post_meta( $link_id, '_menu_item_object', 'custom' ); 1419 update_post_meta( $link_id, '_menu_item_target', '_self' ); 1420 update_post_meta( $link_id, '_menu_item_classes', '' ); 1421 update_post_meta( $link_id, '_menu_item_xfn', '' ); 1422 update_post_meta( $link_id, '_menu_item_url', $link_url ); 1423 1424 die( json_encode($link_id) ); 1425 default : 1426 do_action( 'wp_ajax_' . $_POST['action'] ); 1427 die('0'); 1428 break; 1429 endswitch; 1430 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Mon Apr 5 14:26:09 2010 | Cross-referenced by PHPXref 0.7 |
