| [ Index ] |
PHP Cross Reference of Wordpress 2.9.1 |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress AJAX Process Execution. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** 10 * Executing AJAX process. 11 * 12 * @since unknown 13 */ 14 define('DOING_AJAX', true); 15 define('WP_ADMIN', true); 16 17 require_once ('../wp-load.php'); 18 require_once ('includes/admin.php'); 19 @header('Content-Type: text/html; charset=' . get_option('blog_charset')); 20 21 do_action('admin_init'); 22 23 if ( ! is_user_logged_in() ) { 24 25 if ( $_POST['action'] == 'autosave' ) { 26 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; 27 28 if ( ! $id ) 29 die('-1'); 30 31 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() ); 32 $x = new WP_Ajax_Response( array( 33 'what' => 'autosave', 34 'id' => $id, 35 'data' => $message 36 ) ); 37 $x->send(); 38 } 39 40 if ( !empty( $_REQUEST['action']) ) 41 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] ); 42 43 die('-1'); 44 } 45 46 if ( isset( $_GET['action'] ) ) : 47 switch ( $action = $_GET['action'] ) : 48 case 'ajax-tag-search' : 49 if ( !current_user_can( 'edit_posts' ) ) 50 die('-1'); 51 52 $s = $_GET['q']; // is this slashed already? 53 54 if ( isset($_GET['tax']) ) 55 $taxonomy = sanitize_title($_GET['tax']); 56 else 57 die('0'); 58 59 if ( false !== strpos( $s, ',' ) ) { 60 $s = explode( ',', $s ); 61 $s = $s[count( $s ) - 1]; 62 } 63 $s = trim( $s ); 64 if ( strlen( $s ) < 2 ) 65 die; // require 2 chars for matching 66 67 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" ); 68 69 echo join( $results, "\n" ); 70 die; 71 break; 72 case 'wp-compression-test' : 73 if ( !current_user_can( 'manage_options' ) ) 74 die('-1'); 75 76 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 77 update_site_option('can_compress_scripts', 0); 78 die('0'); 79 } 80 81 if ( isset($_GET['test']) ) { 82 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 83 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 84 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 85 header( 'Pragma: no-cache' ); 86 header('Content-Type: application/x-javascript; charset=UTF-8'); 87 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 88 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 89 90 if ( 1 == $_GET['test'] ) { 91 echo $test_str; 92 die; 93 } elseif ( 2 == $_GET['test'] ) { 94 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 95 die('-1'); 96 if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 97 header('Content-Encoding: deflate'); 98 $out = gzdeflate( $test_str, 1 ); 99 } elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) { 100 header('Content-Encoding: gzip'); 101 $out = gzencode( $test_str, 1 ); 102 } else { 103 die('-1'); 104 } 105 echo $out; 106 die; 107 } elseif ( 'no' == $_GET['test'] ) { 108 update_site_option('can_compress_scripts', 0); 109 } elseif ( 'yes' == $_GET['test'] ) { 110 update_site_option('can_compress_scripts', 1); 111 } 112 } 113 114 die('0'); 115 break; 116 case 'imgedit-preview' : 117 $post_id = intval($_GET['postid']); 118 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 119 die('-1'); 120 121 check_ajax_referer( "image_editor-$post_id" ); 122 123 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 124 if ( !stream_preview_image($post_id) ) 125 die('-1'); 126 127 die(); 128 break; 129 case 'oembed-cache' : 130 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 131 die( $return ); 132 break; 133 default : 134 do_action( 'wp_ajax_' . $_GET['action'] ); 135 die('0'); 136 break; 137 endswitch; 138 endif; 139 140 /** 141 * Sends back current comment total and new page links if they need to be updated. 142 * 143 * Contrary to normal success AJAX response ("1"), die with time() on success. 144 * 145 * @since 2.7 146 * 147 * @param int $comment_id 148 * @return die 149 */ 150 function _wp_ajax_delete_comment_response( $comment_id ) { 151 $total = (int) @$_POST['_total']; 152 $per_page = (int) @$_POST['_per_page']; 153 $page = (int) @$_POST['_page']; 154 $url = esc_url_raw( @$_POST['_url'] ); 155 // JS didn't send us everything we need to know. Just die with success message 156 if ( !$total || !$per_page || !$page || !$url ) 157 die( (string) time() ); 158 159 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one) 160 $total = 0; 161 162 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page 163 die( (string) time() ); 164 165 $post_id = 0; 166 $status = 'total_comments'; // What type of comment count are we looking for? 167 $parsed = parse_url( $url ); 168 if ( isset( $parsed['query'] ) ) { 169 parse_str( $parsed['query'], $query_vars ); 170 if ( !empty( $query_vars['comment_status'] ) ) 171 $status = $query_vars['comment_status']; 172 if ( !empty( $query_vars['p'] ) ) 173 $post_id = (int) $query_vars['p']; 174 } 175 176 $comment_count = wp_count_comments($post_id); 177 $time = time(); // The time since the last comment count 178 179 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 180 $total = $comment_count->$status; 181 // else use the decremented value from above 182 183 $page_links = paginate_links( array( 184 'base' => add_query_arg( 'apage', '%#%', $url ), 185 'format' => '', 186 'prev_text' => __('«'), 187 'next_text' => __('»'), 188 'total' => ceil($total / $per_page), 189 'current' => $page 190 ) ); 191 $x = new WP_Ajax_Response( array( 192 'what' => 'comment', 193 'id' => $comment_id, // here for completeness - not used 194 'supplemental' => array( 195 'pageLinks' => $page_links, 196 'total' => $total, 197 'time' => $time 198 ) 199 ) ); 200 $x->send(); 201 } 202 203 $id = isset($_POST['id'])? (int) $_POST['id'] : 0; 204 switch ( $action = $_POST['action'] ) : 205 case 'delete-comment' : // On success, die with time() instead of 1 206 if ( !$comment = get_comment( $id ) ) 207 die( (string) time() ); 208 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 209 die('-1'); 210 211 check_ajax_referer( "delete-comment_$id" ); 212 $status = wp_get_comment_status( $comment->comment_ID ); 213 214 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 215 if ( 'trash' == $status ) 216 die( (string) time() ); 217 $r = wp_trash_comment( $comment->comment_ID ); 218 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 219 if ( 'trash' != $status ) 220 die( (string) time() ); 221 $r = wp_untrash_comment( $comment->comment_ID ); 222 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 223 if ( 'spam' == $status ) 224 die( (string) time() ); 225 $r = wp_spam_comment( $comment->comment_ID ); 226 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 227 if ( 'spam' != $status ) 228 die( (string) time() ); 229 $r = wp_unspam_comment( $comment->comment_ID ); 230 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 231 $r = wp_delete_comment( $comment->comment_ID ); 232 } else { 233 die('-1'); 234 } 235 236 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 237 _wp_ajax_delete_comment_response( $comment->comment_ID ); 238 die( '0' ); 239 break; 240 case 'delete-cat' : 241 check_ajax_referer( "delete-category_$id" ); 242 if ( !current_user_can( 'manage_categories' ) ) 243 die('-1'); 244 245 $cat = get_category( $id ); 246 if ( !$cat || is_wp_error( $cat ) ) 247 die('1'); 248 249 if ( wp_delete_category( $id ) ) 250 die('1'); 251 else 252 die('0'); 253 break; 254 case 'delete-tag' : 255 $tag_id = (int) $_POST['tag_ID']; 256 check_ajax_referer( "delete-tag_$tag_id" ); 257 if ( !current_user_can( 'manage_categories' ) ) 258 die('-1'); 259 260 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 261 262 $tag = get_term( $tag_id, $taxonomy ); 263 if ( !$tag || is_wp_error( $tag ) ) 264 die('1'); 265 266 if ( wp_delete_term($tag_id, $taxonomy)) 267 die('1'); 268 else 269 die('0'); 270 break; 271 case 'delete-link-cat' : 272 check_ajax_referer( "delete-link-category_$id" ); 273 if ( !current_user_can( 'manage_categories' ) ) 274 die('-1'); 275 276 $cat = get_term( $id, 'link_category' ); 277 if ( !$cat || is_wp_error( $cat ) ) 278 die('1'); 279 280 $cat_name = get_term_field('name', $id, 'link_category'); 281 282 $default = get_option('default_link_category'); 283 284 // Don't delete the default cats. 285 if ( $id == $default ) { 286 $x = new WP_AJAX_Response( array( 287 'what' => 'link-cat', 288 'id' => $id, 289 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) ) 290 ) ); 291 $x->send(); 292 } 293 294 $r = wp_delete_term($id, 'link_category', array('default' => $default)); 295 if ( !$r ) 296 die('0'); 297 if ( is_wp_error($r) ) { 298 $x = new WP_AJAX_Response( array( 299 'what' => 'link-cat', 300 'id' => $id, 301 'data' => $r 302 ) ); 303 $x->send(); 304 } 305 die('1'); 306 break; 307 case 'delete-link' : 308 check_ajax_referer( "delete-bookmark_$id" ); 309 if ( !current_user_can( 'manage_links' ) ) 310 die('-1'); 311 312 $link = get_bookmark( $id ); 313 if ( !$link || is_wp_error( $link ) ) 314 die('1'); 315 316 if ( wp_delete_link( $id ) ) 317 die('1'); 318 else 319 die('0'); 320 break; 321 case 'delete-meta' : 322 check_ajax_referer( "delete-meta_$id" ); 323 if ( !$meta = get_post_meta_by_id( $id ) ) 324 die('1'); 325 326 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 327 die('-1'); 328 if ( delete_meta( $meta->meta_id ) ) 329 die('1'); 330 die('0'); 331 break; 332 case 'delete-post' : 333 check_ajax_referer( "{$action}_$id" ); 334 if ( !current_user_can( 'delete_post', $id ) ) 335 die('-1'); 336 337 if ( !get_post( $id ) ) 338 die('1'); 339 340 if ( wp_delete_post( $id ) ) 341 die('1'); 342 else 343 die('0'); 344 break; 345 case 'trash-post' : 346 case 'untrash-post' : 347 check_ajax_referer( "{$action}_$id" ); 348 if ( !current_user_can( 'delete_post', $id ) ) 349 die('-1'); 350 351 if ( !get_post( $id ) ) 352 die('1'); 353 354 if ( 'trash-post' == $action ) 355 $done = wp_trash_post( $id ); 356 else 357 $done = wp_untrash_post( $id ); 358 359 if ( $done ) 360 die('1'); 361 362 die('0'); 363 break; 364 case 'delete-page' : 365 check_ajax_referer( "{$action}_$id" ); 366 if ( !current_user_can( 'delete_page', $id ) ) 367 die('-1'); 368 369 if ( !get_page( $id ) ) 370 die('1'); 371 372 if ( wp_delete_post( $id ) ) 373 die('1'); 374 else 375 die('0'); 376 break; 377 case 'dim-comment' : // On success, die with time() instead of 1 378 379 if ( !$comment = get_comment( $id ) ) { 380 $x = new WP_Ajax_Response( array( 381 'what' => 'comment', 382 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 383 ) ); 384 $x->send(); 385 } 386 387 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) ) 388 die('-1'); 389 390 $current = wp_get_comment_status( $comment->comment_ID ); 391 if ( $_POST['new'] == $current ) 392 die( (string) time() ); 393 394 check_ajax_referer( "approve-comment_$id" ); 395 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 396 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 397 else 398 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 399 400 if ( is_wp_error($result) ) { 401 $x = new WP_Ajax_Response( array( 402 'what' => 'comment', 403 'id' => $result 404 ) ); 405 $x->send(); 406 } 407 408 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 409 _wp_ajax_delete_comment_response( $comment->comment_ID ); 410 die( '0' ); 411 break; 412 case 'add-category' : // On the Fly 413 check_ajax_referer( $action ); 414 if ( !current_user_can( 'manage_categories' ) ) 415 die('-1'); 416 $names = explode(',', $_POST['newcat']); 417 if ( 0 > $parent = (int) $_POST['newcat_parent'] ) 418 $parent = 0; 419 $post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array(); 420 $checked_categories = array_map( 'absint', (array) $post_category ); 421 $popular_ids = wp_popular_terms_checklist('category', 0, 10, false); 422 423 foreach ( $names as $cat_name ) { 424 $cat_name = trim($cat_name); 425 $category_nicename = sanitize_title($cat_name); 426 if ( '' === $category_nicename ) 427 continue; 428 $cat_id = wp_create_category( $cat_name, $parent ); 429 $checked_categories[] = $cat_id; 430 if ( $parent ) // Do these all at once in a second 431 continue; 432 $category = get_category( $cat_id ); 433 ob_start(); 434 wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids ); 435 $data = ob_get_contents(); 436 ob_end_clean(); 437 $add = array( 438 'what' => 'category', 439 'id' => $cat_id, 440 'data' => str_replace( array("\n", "\t"), '', $data), 441 'position' => -1 442 ); 443 } 444 if ( $parent ) { // Foncy - replace the parent and all its children 445 $parent = get_category( $parent ); 446 $term_id = $parent->term_id; 447 448 while ( $parent->parent ) { // get the top parent 449 $parent = &get_category( $parent->parent ); 450 if ( is_wp_error( $parent ) ) 451 break; 452 $term_id = $parent->term_id; 453 } 454 455 ob_start(); 456 wp_category_checklist( 0, $term_id, $checked_categories, $popular_ids, null, false ); 457 $data = ob_get_contents(); 458 ob_end_clean(); 459 $add = array( 460 'what' => 'category', 461 'id' => $term_id, 462 'data' => str_replace( array("\n", "\t"), '', $data), 463 'position' => -1 464 ); 465 } 466 467 ob_start(); 468 wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category') ) ); 469 $sup = ob_get_contents(); 470 ob_end_clean(); 471 $add['supplemental'] = array( 'newcat_parent' => $sup ); 472 473 $x = new WP_Ajax_Response( $add ); 474 $x->send(); 475 break; 476 case 'add-link-category' : // On the Fly 477 check_ajax_referer( $action ); 478 if ( !current_user_can( 'manage_categories' ) ) 479 die('-1'); 480 $names = explode(',', $_POST['newcat']); 481 $x = new WP_Ajax_Response(); 482 foreach ( $names as $cat_name ) { 483 $cat_name = trim($cat_name); 484 $slug = sanitize_title($cat_name); 485 if ( '' === $slug ) 486 continue; 487 if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) { 488 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 489 } 490 $cat_id = $cat_id['term_id']; 491 $cat_name = esc_html(stripslashes($cat_name)); 492 $x->add( array( 493 'what' => 'link-category', 494 'id' => $cat_id, 495 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 496 'position' => -1 497 ) ); 498 } 499 $x->send(); 500 break; 501 case 'add-cat' : // From Manage->Categories 502 check_ajax_referer( 'add-category' ); 503 if ( !current_user_can( 'manage_categories' ) ) 504 die('-1'); 505 506 if ( '' === trim($_POST['cat_name']) ) { 507 $x = new WP_Ajax_Response( array( 508 'what' => 'cat', 509 'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') ) 510 ) ); 511 $x->send(); 512 } 513 514 if ( category_exists( trim( $_POST['cat_name'] ), $_POST['category_parent'] ) ) { 515 $x = new WP_Ajax_Response( array( 516 'what' => 'cat', 517 'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ), 518 ) ); 519 $x->send(); 520 } 521 522 $cat = wp_insert_category( $_POST, true ); 523 524 if ( is_wp_error($cat) ) { 525 $x = new WP_Ajax_Response( array( 526 'what' => 'cat', 527 'id' => $cat 528 ) ); 529 $x->send(); 530 } 531 532 if ( !$cat || (!$cat = get_category( $cat )) ) 533 die('0'); 534 535 $level = 0; 536 $cat_full_name = $cat->name; 537 $_cat = $cat; 538 while ( $_cat->parent ) { 539 $_cat = get_category( $_cat->parent ); 540 $cat_full_name = $_cat->name . ' — ' . $cat_full_name; 541 $level++; 542 } 543 $cat_full_name = esc_attr($cat_full_name); 544 545 $x = new WP_Ajax_Response( array( 546 'what' => 'cat', 547 'id' => $cat->term_id, 548 'position' => -1, 549 'data' => _cat_row( $cat, $level, $cat_full_name ), 550 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name)) 551 ) ); 552 $x->send(); 553 break; 554 case 'add-link-cat' : // From Blogroll -> Categories 555 check_ajax_referer( 'add-link-category' ); 556 if ( !current_user_can( 'manage_categories' ) ) 557 die('-1'); 558 559 if ( '' === trim($_POST['name']) ) { 560 $x = new WP_Ajax_Response( array( 561 'what' => 'link-cat', 562 'id' => new WP_Error( 'name', __('You did not enter a category name.') ) 563 ) ); 564 $x->send(); 565 } 566 567 $r = wp_insert_term($_POST['name'], 'link_category', $_POST ); 568 if ( is_wp_error( $r ) ) { 569 $x = new WP_AJAX_Response( array( 570 'what' => 'link-cat', 571 'id' => $r 572 ) ); 573 $x->send(); 574 } 575 576 extract($r, EXTR_SKIP); 577 578 if ( !$link_cat = link_cat_row( $term_id ) ) 579 die('0'); 580 581 $x = new WP_Ajax_Response( array( 582 'what' => 'link-cat', 583 'id' => $term_id, 584 'position' => -1, 585 'data' => $link_cat 586 ) ); 587 $x->send(); 588 break; 589 case 'add-tag' : // From Manage->Tags 590 check_ajax_referer( 'add-tag' ); 591 if ( !current_user_can( 'manage_categories' ) ) 592 die('-1'); 593 594 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 595 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 596 597 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 598 echo '<div class="error"><p>' . __('An error has occured. Please reload the page and try again.') . '</p></div>'; 599 exit; 600 } 601 602 echo _tag_row( $tag, '', $taxonomy ); 603 exit; 604 break; 605 case 'get-tagcloud' : 606 if ( !current_user_can( 'edit_posts' ) ) 607 die('-1'); 608 609 if ( isset($_POST['tax']) ) 610 $taxonomy = sanitize_title($_POST['tax']); 611 else 612 die('0'); 613 614 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 615 616 if ( empty( $tags ) ) 617 die( __('No tags found!') ); 618 619 if ( is_wp_error($tags) ) 620 die($tags->get_error_message()); 621 622 foreach ( $tags as $key => $tag ) { 623 $tags[ $key ]->link = '#'; 624 $tags[ $key ]->id = $tag->term_id; 625 } 626 627 // We need raw tag names here, so don't filter the output 628 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 629 630 if ( empty($return) ) 631 die('0'); 632 633 echo $return; 634 635 exit; 636 break; 637 case 'add-comment' : 638 check_ajax_referer( $action ); 639 if ( !current_user_can( 'edit_posts' ) ) 640 die('-1'); 641 $search = isset($_POST['s']) ? $_POST['s'] : false; 642 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all'; 643 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28; 644 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1; 645 if ( 1 > $start ) 646 $start = 27; 647 648 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail'; 649 $p = isset($_POST['p']) ? $_POST['p'] : 0; 650 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : ''; 651 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type ); 652 653 if ( get_option('show_avatars') ) 654 add_filter( 'comment_author', 'floated_admin_avatar' ); 655 656 if ( !$comments ) 657 die('1'); 658 $x = new WP_Ajax_Response(); 659 foreach ( (array) $comments as $comment ) { 660 get_comment( $comment ); 661 ob_start(); 662 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true ); 663 $comment_list_item = ob_get_contents(); 664 ob_end_clean(); 665 $x->add( array( 666 'what' => 'comment', 667 'id' => $comment->comment_ID, 668 'data' => $comment_list_item 669 ) ); 670 } 671 $x->send(); 672 break; 673 case 'get-comments' : 674 check_ajax_referer( $action ); 675 676 $post_ID = (int) $_POST['post_ID']; 677 if ( !current_user_can( 'edit_post', $post_ID ) ) 678 die('-1'); 679 680 $start = isset($_POST['start']) ? intval($_POST['start']) : 0; 681 $num = isset($_POST['num']) ? intval($_POST['num']) : 10; 682 683 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID ); 684 685 if ( !$comments ) 686 die('1'); 687 688 $comment_list_item = ''; 689 $x = new WP_Ajax_Response(); 690 foreach ( (array) $comments as $comment ) { 691 get_comment( $comment ); 692 ob_start(); 693 _wp_comment_row( $comment->comment_ID, 'single', false, false ); 694 $comment_list_item .= ob_get_contents(); 695 ob_end_clean(); 696 } 697 $x->add( array( 698 'what' => 'comments', 699 'data' => $comment_list_item 700 ) ); 701 $x->send(); 702 break; 703 case 'replyto-comment' : 704 check_ajax_referer( $action ); 705 706 $comment_post_ID = (int) $_POST['comment_post_ID']; 707 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 708 die('-1'); 709 710 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 711 712 if ( empty($status) ) 713 die('1'); 714 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 715 die( __('Error: you are replying to a comment on a draft post.') ); 716 717 $user = wp_get_current_user(); 718 if ( $user->ID ) { 719 $comment_author = $wpdb->escape($user->display_name); 720 $comment_author_email = $wpdb->escape($user->user_email); 721 $comment_author_url = $wpdb->escape($user->user_url); 722 $comment_content = trim($_POST['content']); 723 if ( current_user_can('unfiltered_html') ) { 724 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { 725 kses_remove_filters(); // start with a clean slate 726 kses_init_filters(); // set up the filters 727 } 728 } 729 } else { 730 die( __('Sorry, you must be logged in to reply to a comment.') ); 731 } 732 733 if ( '' == $comment_content ) 734 die( __('Error: please type a comment.') ); 735 736 $comment_parent = absint($_POST['comment_ID']); 737 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 738 739 $comment_id = wp_new_comment( $commentdata ); 740 $comment = get_comment($comment_id); 741 if ( ! $comment ) die('1'); 742 743 $modes = array( 'single', 'detail', 'dashboard' ); 744 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail'; 745 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 746 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 747 748 if ( get_option('show_avatars') && 'single' != $mode ) 749 add_filter( 'comment_author', 'floated_admin_avatar' ); 750 751 $x = new WP_Ajax_Response(); 752 753 ob_start(); 754 if ( 'dashboard' == $mode ) { 755 require_once ( ABSPATH . 'wp-admin/includes/dashboard.php' ); 756 _wp_dashboard_recent_comments_row( $comment, false ); 757 } else { 758 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox ); 759 } 760 $comment_list_item = ob_get_contents(); 761 ob_end_clean(); 762 763 $x->add( array( 764 'what' => 'comment', 765 'id' => $comment->comment_ID, 766 'data' => $comment_list_item, 767 'position' => $position 768 )); 769 770 $x->send(); 771 break; 772 case 'edit-comment' : 773 check_ajax_referer( 'replyto-comment' ); 774 775 $comment_post_ID = (int) $_POST['comment_post_ID']; 776 if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) 777 die('-1'); 778 779 if ( '' == $_POST['content'] ) 780 die( __('Error: please type a comment.') ); 781 782 $comment_id = (int) $_POST['comment_ID']; 783 $_POST['comment_status'] = $_POST['status']; 784 edit_comment(); 785 786 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail'; 787 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 788 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 789 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 790 791 if ( get_option('show_avatars') && 'single' != $mode ) 792 add_filter( 'comment_author', 'floated_admin_avatar' ); 793 794 $x = new WP_Ajax_Response(); 795 796 ob_start(); 797 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox ); 798 $comment_list_item = ob_get_contents(); 799 ob_end_clean(); 800 801 $x->add( array( 802 'what' => 'edit_comment', 803 'id' => $comment->comment_ID, 804 'data' => $comment_list_item, 805 'position' => $position 806 )); 807 808 $x->send(); 809 break; 810 case 'add-meta' : 811 check_ajax_referer( 'add-meta' ); 812 $c = 0; 813 $pid = (int) $_POST['post_id']; 814 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 815 if ( !current_user_can( 'edit_post', $pid ) ) 816 die('-1'); 817 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 818 die('1'); 819 if ( $pid < 0 ) { 820 $now = current_time('timestamp', 1); 821 if ( $pid = wp_insert_post( array( 822 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)) 823 ) ) ) { 824 if ( is_wp_error( $pid ) ) { 825 $x = new WP_Ajax_Response( array( 826 'what' => 'meta', 827 'data' => $pid 828 ) ); 829 $x->send(); 830 } 831 if ( !$mid = add_meta( $pid ) ) 832 die(__('Please provide a custom field value.')); 833 } else { 834 die('0'); 835 } 836 } else if ( !$mid = add_meta( $pid ) ) { 837 die(__('Please provide a custom field value.')); 838 } 839 840 $meta = get_post_meta_by_id( $mid ); 841 $pid = (int) $meta->post_id; 842 $meta = get_object_vars( $meta ); 843 $x = new WP_Ajax_Response( array( 844 'what' => 'meta', 845 'id' => $mid, 846 'data' => _list_meta_row( $meta, $c ), 847 'position' => 1, 848 'supplemental' => array('postid' => $pid) 849 ) ); 850 } else { 851 $mid = (int) array_pop(array_keys($_POST['meta'])); 852 $key = $_POST['meta'][$mid]['key']; 853 $value = $_POST['meta'][$mid]['value']; 854 if ( !$meta = get_post_meta_by_id( $mid ) ) 855 die('0'); // if meta doesn't exist 856 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 857 die('-1'); 858 if ( $meta->meta_value != stripslashes($value) ) { 859 if ( !$u = update_meta( $mid, $key, $value ) ) 860 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 861 } 862 863 $key = stripslashes($key); 864 $value = stripslashes($value); 865 $x = new WP_Ajax_Response( array( 866 'what' => 'meta', 867 'id' => $mid, 'old_id' => $mid, 868 'data' => _list_meta_row( array( 869 'meta_key' => $key, 870 'meta_value' => $value, 871 'meta_id' => $mid 872 ), $c ), 873 'position' => 0, 874 'supplemental' => array('postid' => $meta->post_id) 875 ) ); 876 } 877 $x->send(); 878 break; 879 case 'add-user' : 880 check_ajax_referer( $action ); 881 if ( !current_user_can('create_users') ) 882 die('-1'); 883 require_once(ABSPATH . WPINC . '/registration.php'); 884 if ( !$user_id = add_user() ) 885 die('0'); 886 elseif ( is_wp_error( $user_id ) ) { 887 $x = new WP_Ajax_Response( array( 888 'what' => 'user', 889 'id' => $user_id 890 ) ); 891 $x->send(); 892 } 893 $user_object = new WP_User( $user_id ); 894 895 $x = new WP_Ajax_Response( array( 896 'what' => 'user', 897 'id' => $user_id, 898 'data' => user_row( $user_object, '', $user_object->roles[0] ), 899 'supplemental' => array( 900 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 901 'role' => $user_object->roles[0] 902 ) 903 ) ); 904 $x->send(); 905 break; 906 case 'autosave' : // The name of this action is hardcoded in edit_post() 907 define( 'DOING_AUTOSAVE', true ); 908 909 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 910 global $current_user; 911 912 $_POST['post_category'] = explode(",", $_POST['catslist']); 913 if($_POST['post_type'] == 'page' || empty($_POST['post_category'])) 914 unset($_POST['post_category']); 915 916 $do_autosave = (bool) $_POST['autosave']; 917 $do_lock = true; 918 919 $data = ''; 920 /* translators: draft saved date format, see http://php.net/date */ 921 $draft_saved_date_format = __('g:i:s a'); 922 $message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) ); 923 924 $supplemental = array(); 925 if ( isset($login_grace_period) ) 926 $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() ); 927 928 $id = $revision_id = 0; 929 if($_POST['post_ID'] < 0) { 930 $_POST['post_status'] = 'draft'; 931 $_POST['temp_ID'] = $_POST['post_ID']; 932 if ( $do_autosave ) { 933 $id = wp_write_post(); 934 $data = $message; 935 } 936 } else { 937 $post_ID = (int) $_POST['post_ID']; 938 $_POST['ID'] = $post_ID; 939 $post = get_post($post_ID); 940 941 if ( $last = wp_check_post_lock( $post->ID ) ) { 942 $do_autosave = $do_lock = false; 943 944 $last_user = get_userdata( $last ); 945 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 946 $data = new WP_Error( 'locked', sprintf( 947 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ), 948 esc_html( $last_user_name ) 949 ) ); 950 951 $supplemental['disable_autosave'] = 'disable'; 952 } 953 954 if ( 'page' == $post->post_type ) { 955 if ( !current_user_can('edit_page', $post_ID) ) 956 die(__('You are not allowed to edit this page.')); 957 } else { 958 if ( !current_user_can('edit_post', $post_ID) ) 959 die(__('You are not allowed to edit this post.')); 960 } 961 962 if ( $do_autosave ) { 963 // Drafts are just overwritten by autosave 964 if ( 'draft' == $post->post_status ) { 965 $id = edit_post(); 966 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 967 $revision_id = wp_create_post_autosave( $post->ID ); 968 if ( is_wp_error($revision_id) ) 969 $id = $revision_id; 970 else 971 $id = $post->ID; 972 } 973 $data = $message; 974 } else { 975 $id = $post->ID; 976 } 977 } 978 979 if ( $do_lock && $id && is_numeric($id) ) 980 wp_set_post_lock( $id ); 981 982 if ( $nonce_age == 2 ) { 983 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 984 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 985 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 986 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 987 if ( $id ) { 988 if ( $_POST['post_type'] == 'post' ) 989 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 990 elseif ( $_POST['post_type'] == 'page' ) 991 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 992 } 993 } 994 995 $x = new WP_Ajax_Response( array( 996 'what' => 'autosave', 997 'id' => $id, 998 'data' => $id ? $data : '', 999 'supplemental' => $supplemental 1000 ) ); 1001 $x->send(); 1002 break; 1003 case 'autosave-generate-nonces' : 1004 check_ajax_referer( 'autosave', 'autosavenonce' ); 1005 $ID = (int) $_POST['post_ID']; 1006 $post_type = ( 'page' == $_POST['post_type'] ) ? 'page' : 'post'; 1007 if ( current_user_can( "edit_{$post_type}", $ID ) ) 1008 die( json_encode( array( 'updateNonce' => wp_create_nonce( "update-{$post_type}_{$ID}" ), 'deleteURL' => str_replace( '&', '&', wp_nonce_url( admin_url( $post_type . '.php?action=trash&post=' . $ID ), "trash-{$post_type}_{$ID}" ) ) ) ) ); 1009 do_action('autosave_generate_nonces'); 1010 die('0'); 1011 break; 1012 case 'closed-postboxes' : 1013 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1014 $closed = isset( $_POST['closed'] ) ? $_POST['closed'] : ''; 1015 $closed = explode( ',', $_POST['closed'] ); 1016 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1017 $hidden = explode( ',', $_POST['hidden'] ); 1018 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1019 1020 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1021 die('-1'); 1022 1023 if ( ! $user = wp_get_current_user() ) 1024 die('-1'); 1025 1026 if ( is_array($closed) ) 1027 update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed); 1028 1029 if ( is_array($hidden) ) { 1030 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv') ); // postboxes that are always shown 1031 update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden); 1032 } 1033 1034 die('1'); 1035 break; 1036 case 'hidden-columns' : 1037 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1038 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1039 $hidden = explode( ',', $_POST['hidden'] ); 1040 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1041 1042 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1043 die('-1'); 1044 1045 if ( ! $user = wp_get_current_user() ) 1046 die('-1'); 1047 1048 if ( is_array($hidden) ) 1049 update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden); 1050 1051 die('1'); 1052 break; 1053 case 'meta-box-order': 1054 check_ajax_referer( 'meta-box-order' ); 1055 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1056 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0; 1057 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1058 1059 if ( !preg_match( '/^[a-z_-]+$/', $page ) ) 1060 die('-1'); 1061 1062 if ( ! $user = wp_get_current_user() ) 1063 die('-1'); 1064 1065 if ( $order ) 1066 update_user_option($user->ID, "meta-box-order_$page", $order); 1067 1068 if ( $page_columns ) 1069 update_usermeta($user->ID, "screen_layout_$page", $page_columns); 1070 1071 die('1'); 1072 break; 1073 case 'get-permalink': 1074 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1075 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1076 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); 1077 break; 1078 case 'sample-permalink': 1079 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1080 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1081 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1082 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : ''; 1083 die(get_sample_permalink_html($post_id, $title, $slug)); 1084 break; 1085 case 'inline-save': 1086 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1087 1088 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1089 exit; 1090 1091 if ( 'page' == $_POST['post_type'] ) { 1092 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1093 die( __('You are not allowed to edit this page.') ); 1094 } else { 1095 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1096 die( __('You are not allowed to edit this post.') ); 1097 } 1098 1099 if ( $last = wp_check_post_lock( $post_ID ) ) { 1100 $last_user = get_userdata( $last ); 1101 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1102 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1103 exit; 1104 } 1105 1106 $data = &$_POST; 1107 1108 $post = get_post( $post_ID, ARRAY_A ); 1109 $post = add_magic_quotes($post); //since it is from db 1110 1111 $data['content'] = $post['post_content']; 1112 $data['excerpt'] = $post['post_excerpt']; 1113 1114 // rename 1115 $data['user_ID'] = $GLOBALS['user_ID']; 1116 1117 if ( isset($data['post_parent']) ) 1118 $data['parent_id'] = $data['post_parent']; 1119 1120 // status 1121 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1122 $data['post_status'] = 'private'; 1123 else 1124 $data['post_status'] = $data['_status']; 1125 1126 if ( empty($data['comment_status']) ) 1127 $data['comment_status'] = 'closed'; 1128 if ( empty($data['ping_status']) ) 1129 $data['ping_status'] = 'closed'; 1130 1131 // update the post 1132 edit_post(); 1133 1134 $post = array(); 1135 if ( 'page' == $_POST['post_type'] ) { 1136 $post[] = get_post($_POST['post_ID']); 1137 page_rows($post); 1138 } elseif ( 'post' == $_POST['post_type'] ) { 1139 $mode = $_POST['post_view']; 1140 $post[] = get_post($_POST['post_ID']); 1141 post_rows($post); 1142 } 1143 1144 exit; 1145 break; 1146 case 'inline-save-tax': 1147 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1148 1149 if ( ! current_user_can('manage_categories') ) 1150 die( __('Cheatin’ uh?') ); 1151 1152 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1153 die(-1); 1154 1155 switch ($_POST['tax_type']) { 1156 case 'cat' : 1157 $data = array(); 1158 $data['cat_ID'] = $id; 1159 $data['cat_name'] = $_POST['name']; 1160 $data['category_nicename'] = $_POST['slug']; 1161 if ( isset($_POST['parent']) && (int) $_POST['parent'] > 0 ) 1162 $data['category_parent'] = $_POST['parent']; 1163 1164 $cat = get_category($id, ARRAY_A); 1165 $data['category_description'] = $cat['category_description']; 1166 1167 $updated = wp_update_category($data); 1168 1169 if ( $updated && !is_wp_error($updated) ) 1170 echo _cat_row( $updated, 0 ); 1171 else 1172 die( __('Category not updated.') ); 1173 1174 break; 1175 case 'link-cat' : 1176 $updated = wp_update_term($id, 'link_category', $_POST); 1177 1178 if ( $updated && !is_wp_error($updated) ) 1179 echo link_cat_row($updated['term_id']); 1180 else 1181 die( __('Category not updated.') ); 1182 1183 break; 1184 case 'tag' : 1185 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 1186 1187 $tag = get_term( $id, $taxonomy ); 1188 $_POST['description'] = $tag->description; 1189 1190 $updated = wp_update_term($id, $taxonomy, $_POST); 1191 if ( $updated && !is_wp_error($updated) ) { 1192 $tag = get_term( $updated['term_id'], $taxonomy ); 1193 if ( !$tag || is_wp_error( $tag ) ) 1194 die( __('Tag not updated.') ); 1195 1196 echo _tag_row($tag, '', $taxonomy); 1197 } else { 1198 die( __('Tag not updated.') ); 1199 } 1200 1201 break; 1202 } 1203 1204 exit; 1205 break; 1206 case 'find_posts': 1207 check_ajax_referer( 'find-posts' ); 1208 1209 if ( empty($_POST['ps']) ) 1210 exit; 1211 1212 $what = isset($_POST['pages']) ? 'page' : 'post'; 1213 $s = stripslashes($_POST['ps']); 1214 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1215 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1216 1217 $searchand = $search = ''; 1218 foreach ( (array) $search_terms as $term ) { 1219 $term = addslashes_gpc($term); 1220 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1221 $searchand = ' AND '; 1222 } 1223 $term = $wpdb->escape($s); 1224 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1225 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1226 1227 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1228 1229 if ( ! $posts ) 1230 exit( __('No posts found.') ); 1231 1232 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1233 foreach ( $posts as $post ) { 1234 1235 switch ( $post->post_status ) { 1236 case 'publish' : 1237 case 'private' : 1238 $stat = __('Published'); 1239 break; 1240 case 'future' : 1241 $stat = __('Scheduled'); 1242 break; 1243 case 'pending' : 1244 $stat = __('Pending Review'); 1245 break; 1246 case 'draft' : 1247 $stat = __('Draft'); 1248 break; 1249 } 1250 1251 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1252 $time = ''; 1253 } else { 1254 /* translators: date format in table columns, see http://php.net/date */ 1255 $time = mysql2date(__('Y/m/d'), $post->post_date); 1256 } 1257 1258 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1259 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1260 } 1261 $html .= '</tbody></table>'; 1262 1263 $x = new WP_Ajax_Response(); 1264 $x->add( array( 1265 'what' => $what, 1266 'data' => $html 1267 )); 1268 $x->send(); 1269 1270 break; 1271 case 'lj-importer' : 1272 check_ajax_referer( 'lj-api-import' ); 1273 if ( !current_user_can( 'publish_posts' ) ) 1274 die('-1'); 1275 if ( empty( $_POST['step'] ) ) 1276 die( '-1' ); 1277 define('WP_IMPORTING', true); 1278 include ( ABSPATH . 'wp-admin/import/livejournal.php' ); 1279 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }(); 1280 if ( is_wp_error( $result ) ) 1281 echo $result->get_error_message(); 1282 die; 1283 break; 1284 case 'widgets-order' : 1285 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1286 1287 if ( !current_user_can('switch_themes') ) 1288 die('-1'); 1289 1290 unset( $_POST['savewidgets'], $_POST['action'] ); 1291 1292 // save widgets order for all sidebars 1293 if ( is_array($_POST['sidebars']) ) { 1294 $sidebars = array(); 1295 foreach ( $_POST['sidebars'] as $key => $val ) { 1296 $sb = array(); 1297 if ( !empty($val) ) { 1298 $val = explode(',', $val); 1299 foreach ( $val as $k => $v ) { 1300 if ( strpos($v, 'widget-') === false ) 1301 continue; 1302 1303 $sb[$k] = substr($v, strpos($v, '_') + 1); 1304 } 1305 } 1306 $sidebars[$key] = $sb; 1307 } 1308 wp_set_sidebars_widgets($sidebars); 1309 die('1'); 1310 } 1311 1312 die('-1'); 1313 break; 1314 case 'save-widget' : 1315 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1316 1317 if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) ) 1318 die('-1'); 1319 1320 unset( $_POST['savewidgets'], $_POST['action'] ); 1321 1322 do_action('load-widgets.php'); 1323 do_action('widgets.php'); 1324 do_action('sidebar_admin_setup'); 1325 1326 $id_base = $_POST['id_base']; 1327 $widget_id = $_POST['widget-id']; 1328 $sidebar_id = $_POST['sidebar']; 1329 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1330 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1331 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>'; 1332 1333 $sidebars = wp_get_sidebars_widgets(); 1334 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1335 1336 // delete 1337 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1338 1339 if ( !isset($wp_registered_widgets[$widget_id]) ) 1340 die($error); 1341 1342 $sidebar = array_diff( $sidebar, array($widget_id) ); 1343 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1344 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1345 if ( !$multi_number ) 1346 die($error); 1347 1348 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1349 $widget_id = $id_base . '-' . $multi_number; 1350 $sidebar[] = $widget_id; 1351 } 1352 $_POST['widget-id'] = $sidebar; 1353 1354 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1355 1356 if ( $name == $id_base ) { 1357 if ( !is_callable( $control['callback'] ) ) 1358 continue; 1359 1360 ob_start(); 1361 call_user_func_array( $control['callback'], $control['params'] ); 1362 ob_end_clean(); 1363 break; 1364 } 1365 } 1366 1367 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1368 $sidebars[$sidebar_id] = $sidebar; 1369 wp_set_sidebars_widgets($sidebars); 1370 echo "deleted:$widget_id"; 1371 die(); 1372 } 1373 1374 if ( !empty($_POST['add_new']) ) 1375 die(); 1376 1377 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1378 call_user_func_array( $form['callback'], $form['params'] ); 1379 1380 die(); 1381 break; 1382 case 'image-editor': 1383 $attachment_id = intval($_POST['postid']); 1384 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1385 die('-1'); 1386 1387 check_ajax_referer( "image_editor-$attachment_id" ); 1388 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1389 1390 $msg = false; 1391 switch ( $_POST['do'] ) { 1392 case 'save' : 1393 $msg = wp_save_image($attachment_id); 1394 $msg = json_encode($msg); 1395 die($msg); 1396 break; 1397 case 'scale' : 1398 $msg = wp_save_image($attachment_id); 1399 break; 1400 case 'restore' : 1401 $msg = wp_restore_image($attachment_id); 1402 break; 1403 } 1404 1405 wp_image_editor($attachment_id, $msg); 1406 die(); 1407 break; 1408 case 'set-post-thumbnail': 1409 $post_id = intval( $_POST['post_id'] ); 1410 if ( !current_user_can( 'edit_post', $post_id ) ) 1411 die( '-1' ); 1412 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1413 1414 if ( $thumbnail_id == '-1' ) { 1415 delete_post_meta( $post_id, '_thumbnail_id' ); 1416 die( _wp_post_thumbnail_html() ); 1417 } 1418 1419 if ( $thumbnail_id && get_post( $thumbnail_id ) ) { 1420 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' ); 1421 if ( !empty( $thumbnail_html ) ) { 1422 update_post_meta( $post_id, '_thumbnail_id', $thumbnail_id ); 1423 die( _wp_post_thumbnail_html( $thumbnail_id ) ); 1424 } 1425 } 1426 die( '0' ); 1427 default : 1428 do_action( 'wp_ajax_' . $_POST['action'] ); 1429 die('0'); 1430 break; 1431 endswitch; 1432 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri Jan 8 00:19:48 2010 | Cross-referenced by PHPXref 0.7 |