Projects : mp-wp : mp-wp_genesis
1 | <?php |
2 | /** |
3 | * WordPress AJAX Process Execution. |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | /** |
10 | * Executing AJAX process. |
11 | * |
12 | * @since unknown |
13 | */ |
14 | define('DOING_AJAX', true); |
15 | define('WP_ADMIN', true); |
16 | |
17 | require_once('../wp-load.php'); |
18 | require_once('includes/admin.php'); |
19 | |
20 | if ( ! is_user_logged_in() ) { |
21 | |
22 | if ( $_POST['action'] == 'autosave' ) { |
23 | $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0; |
24 | |
25 | if ( ! $id ) |
26 | die('-1'); |
27 | |
28 | $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() ); |
29 | $x = new WP_Ajax_Response( array( |
30 | 'what' => 'autosave', |
31 | 'id' => $id, |
32 | 'data' => $message |
33 | ) ); |
34 | $x->send(); |
35 | } |
36 | |
37 | die('-1'); |
38 | } |
39 | |
40 | if ( isset( $_GET['action'] ) ) : |
41 | switch ( $action = $_GET['action'] ) : |
42 | case 'ajax-tag-search' : |
43 | if ( !current_user_can( 'manage_categories' ) ) |
44 | die('-1'); |
45 | |
46 | $s = $_GET['q']; // is this slashed already? |
47 | |
48 | if ( false !== strpos( $s, ',' ) ) { |
49 | $s = explode( ',', $s ); |
50 | $s = $s[count( $s ) - 1]; |
51 | } |
52 | $s = trim( $s ); |
53 | if ( strlen( $s ) < 2 ) |
54 | die; // require 2 chars for matching |
55 | $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ('%". $s . "%')" ); |
56 | echo join( $results, "\n" ); |
57 | die; |
58 | break; |
59 | default : |
60 | do_action( 'wp_ajax_' . $_GET['action'] ); |
61 | die('0'); |
62 | break; |
63 | endswitch; |
64 | endif; |
65 | |
66 | $id = isset($_POST['id'])? (int) $_POST['id'] : 0; |
67 | switch ( $action = $_POST['action'] ) : |
68 | case 'delete-comment' : |
69 | check_ajax_referer( "delete-comment_$id" ); |
70 | if ( !$comment = get_comment( $id ) ) |
71 | die('1'); |
72 | if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) |
73 | die('-1'); |
74 | |
75 | if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { |
76 | if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) ) |
77 | die('1'); |
78 | $r = wp_set_comment_status( $comment->comment_ID, 'spam' ); |
79 | } else { |
80 | $r = wp_delete_comment( $comment->comment_ID ); |
81 | } |
82 | |
83 | die( $r ? '1' : '0' ); |
84 | break; |
85 | case 'delete-cat' : |
86 | check_ajax_referer( "delete-category_$id" ); |
87 | if ( !current_user_can( 'manage_categories' ) ) |
88 | die('-1'); |
89 | |
90 | $cat = get_category( $id ); |
91 | if ( !$cat || is_wp_error( $cat ) ) |
92 | die('1'); |
93 | |
94 | if ( wp_delete_category( $id ) ) |
95 | die('1'); |
96 | else |
97 | die('0'); |
98 | break; |
99 | case 'delete-tag' : |
100 | check_ajax_referer( "delete-tag_$id" ); |
101 | if ( !current_user_can( 'manage_categories' ) ) |
102 | die('-1'); |
103 | |
104 | $tag = get_term( $id, 'post_tag' ); |
105 | if ( !$tag || is_wp_error( $tag ) ) |
106 | die('1'); |
107 | |
108 | if ( wp_delete_term($id, 'post_tag')) |
109 | die('1'); |
110 | else |
111 | die('0'); |
112 | break; |
113 | case 'delete-link-cat' : |
114 | check_ajax_referer( "delete-link-category_$id" ); |
115 | if ( !current_user_can( 'manage_categories' ) ) |
116 | die('-1'); |
117 | |
118 | $cat = get_term( $id, 'link_category' ); |
119 | if ( !$cat || is_wp_error( $cat ) ) |
120 | die('1'); |
121 | |
122 | $cat_name = get_term_field('name', $id, 'link_category'); |
123 | |
124 | // Don't delete the default cats. |
125 | if ( $id == get_option('default_link_category') ) { |
126 | $x = new WP_AJAX_Response( array( |
127 | 'what' => 'link-cat', |
128 | 'id' => $id, |
129 | 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) ) |
130 | ) ); |
131 | $x->send(); |
132 | } |
133 | |
134 | $r = wp_delete_term($id, 'link_category'); |
135 | if ( !$r ) |
136 | die('0'); |
137 | if ( is_wp_error($r) ) { |
138 | $x = new WP_AJAX_Response( array( |
139 | 'what' => 'link-cat', |
140 | 'id' => $id, |
141 | 'data' => $r |
142 | ) ); |
143 | $x->send(); |
144 | } |
145 | die('1'); |
146 | break; |
147 | case 'delete-link' : |
148 | check_ajax_referer( "delete-bookmark_$id" ); |
149 | if ( !current_user_can( 'manage_links' ) ) |
150 | die('-1'); |
151 | |
152 | $link = get_bookmark( $id ); |
153 | if ( !$link || is_wp_error( $link ) ) |
154 | die('1'); |
155 | |
156 | if ( wp_delete_link( $id ) ) |
157 | die('1'); |
158 | else |
159 | die('0'); |
160 | break; |
161 | case 'delete-meta' : |
162 | check_ajax_referer( "delete-meta_$id" ); |
163 | if ( !$meta = get_post_meta_by_id( $id ) ) |
164 | die('1'); |
165 | |
166 | if ( !current_user_can( 'edit_post', $meta->post_id ) ) |
167 | die('-1'); |
168 | if ( delete_meta( $meta->meta_id ) ) |
169 | die('1'); |
170 | die('0'); |
171 | break; |
172 | case 'delete-post' : |
173 | check_ajax_referer( "{$action}_$id" ); |
174 | if ( !current_user_can( 'delete_post', $id ) ) |
175 | die('-1'); |
176 | |
177 | if ( !get_post( $id ) ) |
178 | die('1'); |
179 | |
180 | if ( wp_delete_post( $id ) ) |
181 | die('1'); |
182 | else |
183 | die('0'); |
184 | break; |
185 | case 'delete-page' : |
186 | check_ajax_referer( "{$action}_$id" ); |
187 | if ( !current_user_can( 'delete_page', $id ) ) |
188 | die('-1'); |
189 | |
190 | if ( !get_page( $id ) ) |
191 | die('1'); |
192 | |
193 | if ( wp_delete_post( $id ) ) |
194 | die('1'); |
195 | else |
196 | die('0'); |
197 | break; |
198 | case 'dim-comment' : |
199 | if ( !$comment = get_comment( $id ) ) |
200 | die('0'); |
201 | |
202 | if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) |
203 | die('-1'); |
204 | if ( !current_user_can( 'moderate_comments' ) ) |
205 | die('-1'); |
206 | |
207 | $current = wp_get_comment_status( $comment->comment_ID ); |
208 | if ( $_POST['new'] == $current ) |
209 | die('1'); |
210 | |
211 | if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) { |
212 | check_ajax_referer( "approve-comment_$id" ); |
213 | if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) ) |
214 | die('1'); |
215 | } else { |
216 | check_ajax_referer( "unapprove-comment_$id" ); |
217 | if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) ) |
218 | die('1'); |
219 | } |
220 | die('0'); |
221 | break; |
222 | case 'add-category' : // On the Fly |
223 | check_ajax_referer( $action ); |
224 | if ( !current_user_can( 'manage_categories' ) ) |
225 | die('-1'); |
226 | $names = explode(',', $_POST['newcat']); |
227 | if ( 0 > $parent = (int) $_POST['newcat_parent'] ) |
228 | $parent = 0; |
229 | $post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array(); |
230 | $checked_categories = array_map( 'absint', (array) $post_category ); |
231 | $popular_ids = isset( $_POST['popular_ids'] ) ? |
232 | array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) : |
233 | false; |
234 | |
235 | $x = new WP_Ajax_Response(); |
236 | foreach ( $names as $cat_name ) { |
237 | $cat_name = trim($cat_name); |
238 | $category_nicename = sanitize_title($cat_name); |
239 | if ( '' === $category_nicename ) |
240 | continue; |
241 | $cat_id = wp_create_category( $cat_name, $parent ); |
242 | $checked_categories[] = $cat_id; |
243 | if ( $parent ) // Do these all at once in a second |
244 | continue; |
245 | $category = get_category( $cat_id ); |
246 | ob_start(); |
247 | wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids ); |
248 | $data = ob_get_contents(); |
249 | ob_end_clean(); |
250 | $x->add( array( |
251 | 'what' => 'category', |
252 | 'id' => $cat_id, |
253 | 'data' => $data, |
254 | 'position' => -1 |
255 | ) ); |
256 | } |
257 | if ( $parent ) { // Foncy - replace the parent and all its children |
258 | $parent = get_category( $parent ); |
259 | ob_start(); |
260 | dropdown_categories( 0, $parent ); |
261 | $data = ob_get_contents(); |
262 | ob_end_clean(); |
263 | $x->add( array( |
264 | 'what' => 'category', |
265 | 'id' => $parent->term_id, |
266 | 'old_id' => $parent->term_id, |
267 | 'data' => $data, |
268 | 'position' => -1 |
269 | ) ); |
270 | |
271 | } |
272 | $x->send(); |
273 | break; |
274 | case 'add-link-category' : // On the Fly |
275 | check_ajax_referer( $action ); |
276 | if ( !current_user_can( 'manage_categories' ) ) |
277 | die('-1'); |
278 | $names = explode(',', $_POST['newcat']); |
279 | $x = new WP_Ajax_Response(); |
280 | foreach ( $names as $cat_name ) { |
281 | $cat_name = trim($cat_name); |
282 | $slug = sanitize_title($cat_name); |
283 | if ( '' === $slug ) |
284 | continue; |
285 | if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) { |
286 | $cat_id = wp_insert_term( $cat_name, 'link_category' ); |
287 | } |
288 | $cat_id = $cat_id['term_id']; |
289 | $cat_name = wp_specialchars(stripslashes($cat_name)); |
290 | $x->add( array( |
291 | 'what' => 'link-category', |
292 | 'id' => $cat_id, |
293 | 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", |
294 | 'position' => -1 |
295 | ) ); |
296 | } |
297 | $x->send(); |
298 | break; |
299 | case 'add-cat' : // From Manage->Categories |
300 | check_ajax_referer( 'add-category' ); |
301 | if ( !current_user_can( 'manage_categories' ) ) |
302 | die('-1'); |
303 | |
304 | if ( '' === trim($_POST['cat_name']) ) { |
305 | $x = new WP_Ajax_Response( array( |
306 | 'what' => 'cat', |
307 | 'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') ) |
308 | ) ); |
309 | $x->send(); |
310 | } |
311 | |
312 | if ( category_exists( trim( $_POST['cat_name'] ) ) ) { |
313 | $x = new WP_Ajax_Response( array( |
314 | 'what' => 'cat', |
315 | 'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ), |
316 | ) ); |
317 | $x->send(); |
318 | } |
319 | |
320 | $cat = wp_insert_category( $_POST, true ); |
321 | |
322 | if ( is_wp_error($cat) ) { |
323 | $x = new WP_Ajax_Response( array( |
324 | 'what' => 'cat', |
325 | 'id' => $cat |
326 | ) ); |
327 | $x->send(); |
328 | } |
329 | |
330 | if ( !$cat || (!$cat = get_category( $cat )) ) |
331 | die('0'); |
332 | |
333 | $level = 0; |
334 | $cat_full_name = $cat->name; |
335 | $_cat = $cat; |
336 | while ( $_cat->parent ) { |
337 | $_cat = get_category( $_cat->parent ); |
338 | $cat_full_name = $_cat->name . ' — ' . $cat_full_name; |
339 | $level++; |
340 | } |
341 | $cat_full_name = attribute_escape($cat_full_name); |
342 | |
343 | $x = new WP_Ajax_Response( array( |
344 | 'what' => 'cat', |
345 | 'id' => $cat->term_id, |
346 | 'position' => -1, |
347 | 'data' => _cat_row( $cat, $level, $cat_full_name ), |
348 | 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name)) |
349 | ) ); |
350 | $x->send(); |
351 | break; |
352 | case 'add-link-cat' : // From Blogroll -> Categories |
353 | check_ajax_referer( 'add-link-category' ); |
354 | if ( !current_user_can( 'manage_categories' ) ) |
355 | die('-1'); |
356 | |
357 | if ( '' === trim($_POST['name']) ) { |
358 | $x = new WP_Ajax_Response( array( |
359 | 'what' => 'link-cat', |
360 | 'id' => new WP_Error( 'name', __('You did not enter a category name.') ) |
361 | ) ); |
362 | $x->send(); |
363 | } |
364 | |
365 | $r = wp_insert_term($_POST['name'], 'link_category', $_POST ); |
366 | if ( is_wp_error( $r ) ) { |
367 | $x = new WP_AJAX_Response( array( |
368 | 'what' => 'link-cat', |
369 | 'id' => $r |
370 | ) ); |
371 | $x->send(); |
372 | } |
373 | |
374 | extract($r, EXTR_SKIP); |
375 | |
376 | if ( !$link_cat = link_cat_row( $term_id ) ) |
377 | die('0'); |
378 | |
379 | $x = new WP_Ajax_Response( array( |
380 | 'what' => 'link-cat', |
381 | 'id' => $term_id, |
382 | 'position' => -1, |
383 | 'data' => $link_cat |
384 | ) ); |
385 | $x->send(); |
386 | break; |
387 | case 'add-tag' : // From Manage->Tags |
388 | check_ajax_referer( 'add-tag' ); |
389 | if ( !current_user_can( 'manage_categories' ) ) |
390 | die('-1'); |
391 | |
392 | if ( '' === trim($_POST['name']) ) { |
393 | $x = new WP_Ajax_Response( array( |
394 | 'what' => 'tag', |
395 | 'id' => new WP_Error( 'name', __('You did not enter a tag name.') ) |
396 | ) ); |
397 | $x->send(); |
398 | } |
399 | |
400 | $tag = wp_insert_term($_POST['name'], 'post_tag', $_POST ); |
401 | |
402 | if ( is_wp_error($tag) ) { |
403 | $x = new WP_Ajax_Response( array( |
404 | 'what' => 'tag', |
405 | 'id' => $tag |
406 | ) ); |
407 | $x->send(); |
408 | } |
409 | |
410 | if ( !$tag || (!$tag = get_term( $tag['term_id'], 'post_tag' )) ) |
411 | die('0'); |
412 | |
413 | $tag_full_name = $tag->name; |
414 | $tag_full_name = attribute_escape($tag_full_name); |
415 | |
416 | $x = new WP_Ajax_Response( array( |
417 | 'what' => 'tag', |
418 | 'id' => $tag->term_id, |
419 | 'position' => '-1', |
420 | 'data' => _tag_row( $tag ), |
421 | 'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name)) |
422 | ) ); |
423 | $x->send(); |
424 | break; |
425 | case 'get-tagcloud' : |
426 | if ( !current_user_can( 'manage_categories' ) ) |
427 | die('-1'); |
428 | |
429 | $tags = get_tags( array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); |
430 | |
431 | if ( empty( $tags ) ) |
432 | die( __('No tags found!') ); |
433 | |
434 | foreach ( $tags as $key => $tag ) { |
435 | $tags[ $key ]->link = '#'; |
436 | $tags[ $key ]->id = $tag->term_id; |
437 | } |
438 | |
439 | $return = wp_generate_tag_cloud( $tags ); |
440 | |
441 | if ( empty($return) ) |
442 | die('0'); |
443 | |
444 | echo $return; |
445 | |
446 | exit; |
447 | break; |
448 | case 'add-comment' : |
449 | check_ajax_referer( $action ); |
450 | if ( !current_user_can( 'edit_post', $id ) ) |
451 | die('-1'); |
452 | $search = isset($_POST['s']) ? $_POST['s'] : false; |
453 | $start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24; |
454 | $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false; |
455 | $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail'; |
456 | $p = isset($_POST['p']) ? $_POST['p'] : 0; |
457 | $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : ''; |
458 | list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type ); |
459 | |
460 | if ( get_option('show_avatars') ) |
461 | add_filter( 'comment_author', 'floated_admin_avatar' ); |
462 | |
463 | if ( !$comments ) |
464 | die('1'); |
465 | $x = new WP_Ajax_Response(); |
466 | foreach ( (array) $comments as $comment ) { |
467 | get_comment( $comment ); |
468 | ob_start(); |
469 | _wp_comment_row( $comment->comment_ID, $mode, $status, true, true ); |
470 | $comment_list_item = ob_get_contents(); |
471 | ob_end_clean(); |
472 | $x->add( array( |
473 | 'what' => 'comment', |
474 | 'id' => $comment->comment_ID, |
475 | 'data' => $comment_list_item |
476 | ) ); |
477 | } |
478 | $x->send(); |
479 | break; |
480 | case 'get-comments' : |
481 | check_ajax_referer( $action ); |
482 | |
483 | $post_ID = (int) $_POST['post_ID']; |
484 | if ( !current_user_can( 'edit_post', $post_ID ) ) |
485 | die('-1'); |
486 | |
487 | $start = isset($_POST['start']) ? intval($_POST['start']) : 0; |
488 | $num = isset($_POST['num']) ? intval($_POST['num']) : 10; |
489 | |
490 | list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID ); |
491 | |
492 | if ( !$comments ) |
493 | die('1'); |
494 | |
495 | $comment_list_item = ''; |
496 | $x = new WP_Ajax_Response(); |
497 | foreach ( (array) $comments as $comment ) { |
498 | get_comment( $comment ); |
499 | ob_start(); |
500 | _wp_comment_row( $comment->comment_ID, 'single', false, false ); |
501 | $comment_list_item .= ob_get_contents(); |
502 | ob_end_clean(); |
503 | } |
504 | $x->add( array( |
505 | 'what' => 'comments', |
506 | 'data' => $comment_list_item |
507 | ) ); |
508 | $x->send(); |
509 | break; |
510 | case 'replyto-comment' : |
511 | check_ajax_referer( $action ); |
512 | |
513 | $comment_post_ID = (int) $_POST['comment_post_ID']; |
514 | if ( !current_user_can( 'edit_post', $comment_post_ID ) ) |
515 | die('-1'); |
516 | |
517 | $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); |
518 | |
519 | if ( empty($status) ) |
520 | die('1'); |
521 | elseif ( in_array($status, array('draft', 'pending') ) ) |
522 | die( __('Error: you are replying to a comment on a draft post.') ); |
523 | |
524 | $user = wp_get_current_user(); |
525 | if ( $user->ID ) { |
526 | $comment_author = $wpdb->escape($user->display_name); |
527 | $comment_author_email = $wpdb->escape($user->user_email); |
528 | $comment_author_url = $wpdb->escape($user->user_url); |
529 | $comment_content = trim($_POST['content']); |
530 | if ( current_user_can('unfiltered_html') ) { |
531 | if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) { |
532 | kses_remove_filters(); // start with a clean slate |
533 | kses_init_filters(); // set up the filters |
534 | } |
535 | } |
536 | } else { |
537 | die( __('Sorry, you must be logged in to reply to a comment.') ); |
538 | } |
539 | |
540 | if ( '' == $comment_content ) |
541 | die( __('Error: please type a comment.') ); |
542 | |
543 | $comment_parent = absint($_POST['comment_ID']); |
544 | $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); |
545 | |
546 | $comment_id = wp_new_comment( $commentdata ); |
547 | $comment = get_comment($comment_id); |
548 | if ( ! $comment ) die('1'); |
549 | |
550 | $modes = array( 'single', 'detail', 'dashboard' ); |
551 | $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail'; |
552 | $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; |
553 | $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; |
554 | |
555 | if ( get_option('show_avatars') && 'single' != $mode ) |
556 | add_filter( 'comment_author', 'floated_admin_avatar' ); |
557 | |
558 | $x = new WP_Ajax_Response(); |
559 | |
560 | ob_start(); |
561 | if ( 'dashboard' == $mode ) { |
562 | require_once( ABSPATH . 'wp-admin/includes/dashboard.php' ); |
563 | _wp_dashboard_recent_comments_row( $comment, false ); |
564 | } else { |
565 | _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox ); |
566 | } |
567 | $comment_list_item = ob_get_contents(); |
568 | ob_end_clean(); |
569 | |
570 | $x->add( array( |
571 | 'what' => 'comment', |
572 | 'id' => $comment->comment_ID, |
573 | 'data' => $comment_list_item, |
574 | 'position' => $position |
575 | )); |
576 | |
577 | $x->send(); |
578 | break; |
579 | case 'edit-comment' : |
580 | check_ajax_referer( 'replyto-comment' ); |
581 | |
582 | $comment_post_ID = (int) $_POST['comment_post_ID']; |
583 | if ( ! current_user_can( 'edit_post', $comment_post_ID ) ) |
584 | die('-1'); |
585 | |
586 | if ( '' == $_POST['content'] ) |
587 | die( __('Error: please type a comment.') ); |
588 | |
589 | $comment_id = (int) $_POST['comment_ID']; |
590 | $_POST['comment_status'] = $_POST['status']; |
591 | edit_comment(); |
592 | |
593 | $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail'; |
594 | $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; |
595 | $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; |
596 | |
597 | if ( get_option('show_avatars') && 'single' != $mode ) |
598 | add_filter( 'comment_author', 'floated_admin_avatar' ); |
599 | |
600 | $x = new WP_Ajax_Response(); |
601 | |
602 | ob_start(); |
603 | _wp_comment_row( $comment_id, $mode, true, $checkbox ); |
604 | $comment_list_item = ob_get_contents(); |
605 | ob_end_clean(); |
606 | |
607 | $x->add( array( |
608 | 'what' => 'edit_comment', |
609 | 'id' => $comment->comment_ID, |
610 | 'data' => $comment_list_item, |
611 | 'position' => $position |
612 | )); |
613 | |
614 | $x->send(); |
615 | break; |
616 | case 'add-meta' : |
617 | check_ajax_referer( 'add-meta' ); |
618 | $c = 0; |
619 | $pid = (int) $_POST['post_id']; |
620 | if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { |
621 | if ( !current_user_can( 'edit_post', $pid ) ) |
622 | die('-1'); |
623 | if ( '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) |
624 | die('1'); |
625 | if ( $pid < 0 ) { |
626 | $now = current_time('timestamp', 1); |
627 | if ( $pid = wp_insert_post( array( |
628 | 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)) |
629 | ) ) ) { |
630 | if ( is_wp_error( $pid ) ) { |
631 | $x = new WP_Ajax_Response( array( |
632 | 'what' => 'meta', |
633 | 'data' => $pid |
634 | ) ); |
635 | $x->send(); |
636 | } |
637 | $mid = add_meta( $pid ); |
638 | } else { |
639 | die('0'); |
640 | } |
641 | } else if ( !$mid = add_meta( $pid ) ) { |
642 | die('0'); |
643 | } |
644 | |
645 | $meta = get_post_meta_by_id( $mid ); |
646 | $pid = (int) $meta->post_id; |
647 | $meta = get_object_vars( $meta ); |
648 | $x = new WP_Ajax_Response( array( |
649 | 'what' => 'meta', |
650 | 'id' => $mid, |
651 | 'data' => _list_meta_row( $meta, $c ), |
652 | 'position' => 1, |
653 | 'supplemental' => array('postid' => $pid) |
654 | ) ); |
655 | } else { |
656 | $mid = (int) array_pop(array_keys($_POST['meta'])); |
657 | $key = $_POST['meta'][$mid]['key']; |
658 | $value = $_POST['meta'][$mid]['value']; |
659 | if ( !$meta = get_post_meta_by_id( $mid ) ) |
660 | die('0'); // if meta doesn't exist |
661 | if ( !current_user_can( 'edit_post', $meta->post_id ) ) |
662 | die('-1'); |
663 | if ( !$u = update_meta( $mid, $key, $value ) ) |
664 | die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). |
665 | $key = stripslashes($key); |
666 | $value = stripslashes($value); |
667 | $x = new WP_Ajax_Response( array( |
668 | 'what' => 'meta', |
669 | 'id' => $mid, 'old_id' => $mid, |
670 | 'data' => _list_meta_row( array( |
671 | 'meta_key' => $key, |
672 | 'meta_value' => $value, |
673 | 'meta_id' => $mid |
674 | ), $c ), |
675 | 'position' => 0, |
676 | 'supplemental' => array('postid' => $meta->post_id) |
677 | ) ); |
678 | } |
679 | $x->send(); |
680 | break; |
681 | case 'add-user' : |
682 | check_ajax_referer( $action ); |
683 | if ( !current_user_can('create_users') ) |
684 | die('-1'); |
685 | require_once(ABSPATH . WPINC . '/registration.php'); |
686 | if ( !$user_id = add_user() ) |
687 | die('0'); |
688 | elseif ( is_wp_error( $user_id ) ) { |
689 | $x = new WP_Ajax_Response( array( |
690 | 'what' => 'user', |
691 | 'id' => $user_id |
692 | ) ); |
693 | $x->send(); |
694 | } |
695 | $user_object = new WP_User( $user_id ); |
696 | |
697 | $x = new WP_Ajax_Response( array( |
698 | 'what' => 'user', |
699 | 'id' => $user_id, |
700 | 'data' => user_row( $user_object, '', $user_object->roles[0] ), |
701 | 'supplemental' => array( |
702 | 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), |
703 | 'role' => $user_object->roles[0] |
704 | ) |
705 | ) ); |
706 | $x->send(); |
707 | break; |
708 | case 'autosave' : // The name of this action is hardcoded in edit_post() |
709 | define( 'DOING_AUTOSAVE', true ); |
710 | |
711 | $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); |
712 | global $current_user; |
713 | |
714 | $_POST['post_category'] = explode(",", $_POST['catslist']); |
715 | $_POST['tags_input'] = explode(",", $_POST['tags_input']); |
716 | if($_POST['post_type'] == 'page' || empty($_POST['post_category'])) |
717 | unset($_POST['post_category']); |
718 | |
719 | $do_autosave = (bool) $_POST['autosave']; |
720 | $do_lock = true; |
721 | |
722 | $data = ''; |
723 | $message = sprintf( __('Draft Saved at %s.'), date( __('g:i:s a'), current_time( 'timestamp', true ) ) ); |
724 | |
725 | $supplemental = array(); |
726 | |
727 | $id = $revision_id = 0; |
728 | if($_POST['post_ID'] < 0) { |
729 | $_POST['post_status'] = 'draft'; |
730 | $_POST['temp_ID'] = $_POST['post_ID']; |
731 | if ( $do_autosave ) { |
732 | $id = wp_write_post(); |
733 | $data = $message; |
734 | } |
735 | } else { |
736 | $post_ID = (int) $_POST['post_ID']; |
737 | $_POST['ID'] = $post_ID; |
738 | $post = get_post($post_ID); |
739 | |
740 | if ( $last = wp_check_post_lock( $post->ID ) ) { |
741 | $do_autosave = $do_lock = false; |
742 | |
743 | $last_user = get_userdata( $last ); |
744 | $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); |
745 | $data = new WP_Error( 'locked', sprintf( |
746 | $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ), |
747 | wp_specialchars( $last_user_name ) |
748 | ) ); |
749 | |
750 | $supplemental['disable_autosave'] = 'disable'; |
751 | } |
752 | |
753 | if ( 'page' == $post->post_type ) { |
754 | if ( !current_user_can('edit_page', $post_ID) ) |
755 | die(__('You are not allowed to edit this page.')); |
756 | } else { |
757 | if ( !current_user_can('edit_post', $post_ID) ) |
758 | die(__('You are not allowed to edit this post.')); |
759 | } |
760 | |
761 | if ( $do_autosave ) { |
762 | // Drafts are just overwritten by autosave |
763 | if ( 'draft' == $post->post_status ) { |
764 | $id = edit_post(); |
765 | } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. |
766 | $revision_id = wp_create_post_autosave( $post->ID ); |
767 | if ( is_wp_error($revision_id) ) |
768 | $id = $revision_id; |
769 | else |
770 | $id = $post->ID; |
771 | } |
772 | $data = $message; |
773 | } else { |
774 | $id = $post->ID; |
775 | } |
776 | } |
777 | |
778 | if ( $do_lock && $id && is_numeric($id) ) |
779 | wp_set_post_lock( $id ); |
780 | |
781 | if ( $nonce_age == 2 ) { |
782 | $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); |
783 | $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); |
784 | $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); |
785 | $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); |
786 | if ( $id ) { |
787 | if ( $_POST['post_type'] == 'post' ) |
788 | $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); |
789 | elseif ( $_POST['post_type'] == 'page' ) |
790 | $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); |
791 | } |
792 | } |
793 | |
794 | $x = new WP_Ajax_Response( array( |
795 | 'what' => 'autosave', |
796 | 'id' => $id, |
797 | 'data' => $id ? $data : '', |
798 | 'supplemental' => $supplemental |
799 | ) ); |
800 | $x->send(); |
801 | break; |
802 | case 'autosave-generate-nonces' : |
803 | check_ajax_referer( 'autosave', 'autosavenonce' ); |
804 | $ID = (int) $_POST['post_ID']; |
805 | if($_POST['post_type'] == 'post') { |
806 | if(current_user_can('edit_post', $ID)) |
807 | die(wp_create_nonce('update-post_' . $ID)); |
808 | } |
809 | if($_POST['post_type'] == 'page') { |
810 | if(current_user_can('edit_page', $ID)) { |
811 | die(wp_create_nonce('update-page_' . $ID)); |
812 | } |
813 | } |
814 | die('0'); |
815 | break; |
816 | case 'closed-postboxes' : |
817 | check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); |
818 | $closed = isset( $_POST['closed'] )? $_POST['closed'] : ''; |
819 | $closed = explode( ',', $_POST['closed'] ); |
820 | $hidden = isset( $_POST['hidden'] )? $_POST['hidden'] : ''; |
821 | $hidden = explode( ',', $_POST['hidden'] ); |
822 | $page = isset( $_POST['page'] )? $_POST['page'] : ''; |
823 | if ( !preg_match( '/^[a-z-_]+$/', $page ) ) { |
824 | die(-1); |
825 | } |
826 | $current_user = wp_get_current_user(); |
827 | if ( is_array($closed) ) |
828 | update_usermeta($current_user->ID, 'closedpostboxes_'.$page, $closed); |
829 | if ( is_array($hidden) ) |
830 | update_usermeta($current_user->ID, 'meta-box-hidden_'.$page, $hidden); |
831 | break; |
832 | case 'hidden-columns' : |
833 | check_ajax_referer( 'hiddencolumns', 'hiddencolumnsnonce' ); |
834 | $hidden = isset( $_POST['hidden'] )? $_POST['hidden'] : ''; |
835 | $hidden = explode( ',', $_POST['hidden'] ); |
836 | $page = isset( $_POST['page'] )? $_POST['page'] : ''; |
837 | if ( !preg_match( '/^[a-z-_]+$/', $page ) ) { |
838 | die(-1); |
839 | } |
840 | $current_user = wp_get_current_user(); |
841 | if ( is_array($hidden) ) |
842 | update_usermeta($current_user->ID, "manage-$page-columns-hidden", $hidden); |
843 | break; |
844 | case 'get-permalink': |
845 | check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); |
846 | $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; |
847 | die(add_query_arg(array('preview' => 'true'), get_permalink($post_id))); |
848 | break; |
849 | case 'sample-permalink': |
850 | check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); |
851 | $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; |
852 | $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; |
853 | $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : ''; |
854 | die(get_sample_permalink_html($post_id, $title, $slug)); |
855 | break; |
856 | case 'inline-save': |
857 | check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); |
858 | |
859 | if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) |
860 | exit; |
861 | |
862 | if ( 'page' == $_POST['post_type'] ) { |
863 | if ( ! current_user_can( 'edit_page', $post_ID ) ) |
864 | die( __('You are not allowed to edit this page.') ); |
865 | } else { |
866 | if ( ! current_user_can( 'edit_post', $post_ID ) ) |
867 | die( __('You are not allowed to edit this post.') ); |
868 | } |
869 | |
870 | if ( $last = wp_check_post_lock( $post_ID ) ) { |
871 | $last_user = get_userdata( $last ); |
872 | $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); |
873 | printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), wp_specialchars( $last_user_name ) ); |
874 | exit; |
875 | } |
876 | |
877 | $data = &$_POST; |
878 | $post = get_post( $post_ID, ARRAY_A ); |
879 | $data['content'] = $post['post_content']; |
880 | $data['excerpt'] = $post['post_excerpt']; |
881 | |
882 | // rename |
883 | $data['user_ID'] = $GLOBALS['user_ID']; |
884 | |
885 | if ( isset($data['post_parent']) ) |
886 | $data['parent_id'] = $data['post_parent']; |
887 | |
888 | // status |
889 | if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) |
890 | $data['post_status'] = 'private'; |
891 | else |
892 | $data['post_status'] = $data['_status']; |
893 | |
894 | if ( empty($data['comment_status']) ) |
895 | $data['comment_status'] = 'closed'; |
896 | if ( empty($data['ping_status']) ) |
897 | $data['ping_status'] = 'closed'; |
898 | |
899 | // update the post |
900 | $_POST = $data; |
901 | edit_post(); |
902 | |
903 | $post = array(); |
904 | if ( 'page' == $_POST['post_type'] ) { |
905 | $post[] = get_post($_POST['post_ID']); |
906 | page_rows($post); |
907 | } elseif ( 'post' == $_POST['post_type'] ) { |
908 | $mode = $_POST['post_view']; |
909 | $post[] = get_post($_POST['post_ID']); |
910 | post_rows($post); |
911 | } |
912 | |
913 | exit; |
914 | break; |
915 | case 'inline-save-tax': |
916 | check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); |
917 | |
918 | if ( ! current_user_can('manage_categories') ) |
919 | die( __('Cheatin’ uh?') ); |
920 | |
921 | if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) |
922 | die(-1); |
923 | |
924 | switch ($_POST['tax_type']) { |
925 | case 'cat' : |
926 | $data = array(); |
927 | $data['cat_ID'] = $id; |
928 | $data['cat_name'] = $_POST['name']; |
929 | $data['category_nicename'] = $_POST['slug']; |
930 | if ( isset($_POST['parent']) && (int) $_POST['parent'] > 0 ) |
931 | $data['category_parent'] = $_POST['parent']; |
932 | |
933 | $cat = get_category($id, ARRAY_A); |
934 | $data['category_description'] = $cat['category_description']; |
935 | |
936 | $updated = wp_update_category($data); |
937 | |
938 | if ( $updated && !is_wp_error($updated) ) |
939 | echo _cat_row( $updated, 0 ); |
940 | else |
941 | die( __('Category not updated.') ); |
942 | |
943 | break; |
944 | case 'link-cat' : |
945 | $updated = wp_update_term($id, 'link_category', $_POST); |
946 | |
947 | if ( $updated && !is_wp_error($updated) ) |
948 | echo link_cat_row($updated['term_id']); |
949 | else |
950 | die( __('Category not updated.') ); |
951 | |
952 | break; |
953 | case 'tag' : |
954 | $updated = wp_update_term($id, 'post_tag', $_POST); |
955 | if ( $updated && !is_wp_error($updated) ) { |
956 | $tag = get_term( $updated['term_id'], 'post_tag' ); |
957 | if ( !$tag || is_wp_error( $tag ) ) |
958 | die( __('Tag not updated.') ); |
959 | |
960 | echo _tag_row($tag); |
961 | } else { |
962 | die( __('Tag not updated.') ); |
963 | } |
964 | |
965 | break; |
966 | } |
967 | |
968 | exit; |
969 | break; |
970 | case 'meta-box-order': |
971 | check_ajax_referer( 'meta-box-order' ); |
972 | update_user_option( $GLOBALS['current_user']->ID, "meta-box-order_$_POST[page]", $_POST['order'] ); |
973 | die('1'); |
974 | break; |
975 | case 'find_posts': |
976 | check_ajax_referer( 'find-posts' ); |
977 | |
978 | if ( empty($_POST['ps']) ) |
979 | exit; |
980 | |
981 | $what = isset($_POST['pages']) ? 'page' : 'post'; |
982 | $s = stripslashes($_POST['ps']); |
983 | preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); |
984 | $search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]); |
985 | |
986 | $searchand = $search = ''; |
987 | foreach( (array) $search_terms as $term) { |
988 | $term = addslashes_gpc($term); |
989 | $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; |
990 | $searchand = ' AND '; |
991 | } |
992 | $term = $wpdb->escape($s); |
993 | if ( count($search_terms) > 1 && $search_terms[0] != $s ) |
994 | $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; |
995 | |
996 | $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" ); |
997 | |
998 | if ( ! $posts ) |
999 | exit( __('No posts found.') ); |
1000 | |
1001 | $html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; |
1002 | foreach ( $posts as $post ) { |
1003 | |
1004 | switch ( $post->post_status ) { |
1005 | case 'publish' : |
1006 | case 'private' : |
1007 | $stat = __('Published'); |
1008 | break; |
1009 | case 'future' : |
1010 | $stat = __('Scheduled'); |
1011 | break; |
1012 | case 'pending' : |
1013 | $stat = __('Pending Review'); |
1014 | break; |
1015 | case 'draft' : |
1016 | $stat = __('Unpublished'); |
1017 | break; |
1018 | } |
1019 | |
1020 | if ( '0000-00-00 00:00:00' == $post->post_date ) { |
1021 | $time = ''; |
1022 | } else { |
1023 | $time = mysql2date(__('Y/m/d'), $post->post_date); |
1024 | } |
1025 | |
1026 | $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="'.$post->ID.'"></td>'; |
1027 | $html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n"; |
1028 | } |
1029 | $html .= '</tbody></table>'; |
1030 | |
1031 | $x = new WP_Ajax_Response(); |
1032 | $x->add( array( |
1033 | 'what' => $what, |
1034 | 'data' => $html |
1035 | )); |
1036 | $x->send(); |
1037 | |
1038 | break; |
1039 | default : |
1040 | do_action( 'wp_ajax_' . $_POST['action'] ); |
1041 | die('0'); |
1042 | break; |
1043 | endswitch; |
1044 | ?> |