2006-03-29 03:51:55 +02:00
< ? php
2008-08-11 22:26:31 +02:00
/**
* WordPress AJAX Process Execution .
*
* @ package WordPress
* @ subpackage Administration
*/
/**
* Executing AJAX process .
*
* @ since unknown
*/
2008-01-05 00:34:33 +01:00
define ( 'DOING_AJAX' , true );
2008-09-11 00:47:03 +02:00
define ( 'WP_ADMIN' , true );
2008-01-05 00:34:33 +01:00
2008-05-21 07:59:27 +02:00
require_once ( '../wp-load.php' );
2007-05-25 11:53:16 +02:00
require_once ( 'includes/admin.php' );
2006-03-29 03:51:55 +02:00
if ( ! is_user_logged_in () )
die ( '-1' );
2008-02-22 18:43:56 +01:00
if ( isset ( $_GET [ 'action' ]) && 'ajax-tag-search' == $_GET [ 'action' ] ) {
2008-01-03 02:34:11 +01:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
$s = $_GET [ 'q' ]; // is this slashed already?
2008-08-27 22:47:01 +02:00
if ( false !== strpos ( $s , ',' ) ) {
2008-08-09 07:36:14 +02:00
$s = explode ( ',' , $s );
$s = $s [ count ( $s ) - 1 ];
2008-06-30 02:04:22 +02:00
}
$s = trim ( $s );
if ( strlen ( $s ) < 2 )
die ; // require 2 chars for matching
$results = $wpdb -> get_col ( " SELECT name FROM $wpdb->terms WHERE name LIKE ('% " . $s . " %') " );
2008-01-03 02:34:11 +01:00
echo join ( $results , " \n " );
die ;
}
2008-02-22 18:43:56 +01:00
$id = isset ( $_POST [ 'id' ]) ? ( int ) $_POST [ 'id' ] : 0 ;
2007-10-10 00:49:42 +02:00
switch ( $action = $_POST [ 'action' ] ) :
2006-03-29 03:51:55 +02:00
case 'delete-comment' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " delete-comment_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! $comment = get_comment ( $id ) )
2008-07-09 04:00:21 +02:00
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
if ( isset ( $_POST [ 'spam' ]) && 1 == $_POST [ 'spam' ] ) {
if ( 'spam' == wp_get_comment_status ( $comment -> comment_ID ) )
die ( '1' );
2007-10-10 00:49:42 +02:00
$r = wp_set_comment_status ( $comment -> comment_ID , 'spam' );
2008-07-09 04:00:21 +02:00
} else {
2007-10-10 00:49:42 +02:00
$r = wp_delete_comment ( $comment -> comment_ID );
2008-07-09 04:00:21 +02:00
}
2006-03-29 03:51:55 +02:00
2007-10-10 00:49:42 +02:00
die ( $r ? '1' : '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'delete-cat' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " delete-category_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$cat = get_category ( $id );
if ( ! $cat || is_wp_error ( $cat ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_category ( $id ) )
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
2008-01-25 20:29:01 +01:00
case 'delete-tag' :
check_ajax_referer ( " delete-tag_ $id " );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$tag = get_term ( $id , 'post_tag' );
if ( ! $tag || is_wp_error ( $tag ) )
die ( '1' );
2008-01-25 20:29:01 +01:00
if ( wp_delete_term ( $id , 'post_tag' ))
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2008-01-25 20:29:01 +01:00
break ;
2007-10-31 04:53:32 +01:00
case 'delete-link-cat' :
check_ajax_referer ( " delete-link-category_ $id " );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$cat = get_term ( $id , 'link_category' );
if ( ! $cat || is_wp_error ( $cat ) )
die ( '1' );
2007-10-31 04:53:32 +01:00
$cat_name = get_term_field ( 'name' , $id , 'link_category' );
// Don't delete the default cats.
if ( $id == get_option ( 'default_link_category' ) ) {
$x = new WP_AJAX_Response ( array (
'what' => 'link-cat' ,
'id' => $id ,
'data' => new WP_Error ( 'default-link-cat' , sprintf ( __ ( " Can’t delete the <strong>%s</strong> category: this is the default one " ), $cat_name ) )
) );
$x -> send ();
}
$r = wp_delete_term ( $id , 'link_category' );
if ( ! $r )
die ( '0' );
if ( is_wp_error ( $r ) ) {
$x = new WP_AJAX_Response ( array (
'what' => 'link-cat' ,
'id' => $id ,
'data' => $r
) );
$x -> send ();
}
die ( '1' );
break ;
2006-03-29 03:51:55 +02:00
case 'delete-link' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " delete-bookmark_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_links' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$link = get_bookmark ( $id );
if ( ! $link || is_wp_error ( $link ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_link ( $id ) )
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'delete-meta' :
2008-03-22 09:15:48 +01:00
check_ajax_referer ( " delete-meta_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! $meta = get_post_meta_by_id ( $id ) )
2008-07-09 04:00:21 +02:00
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'edit_post' , $meta -> post_id ) )
die ( '-1' );
if ( delete_meta ( $meta -> meta_id ) )
die ( '1' );
die ( '0' );
break ;
case 'delete-post' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " { $action } _ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'delete_post' , $id ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
if ( ! get_post ( $id ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_post ( $id ) )
die ( '1' );
2007-10-10 00:49:42 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'delete-page' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " { $action } _ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'delete_page' , $id ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
if ( ! get_page ( $id ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_post ( $id ) )
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'dim-comment' :
if ( ! $comment = get_comment ( $id ) )
die ( '0' );
2008-07-09 04:00:21 +02:00
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
if ( ! current_user_can ( 'moderate_comments' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$current = wp_get_comment_status ( $comment -> comment_ID );
if ( $_POST [ 'new' ] == $current )
die ( '1' );
2008-08-20 23:42:31 +02:00
if ( in_array ( $current , array ( 'unapproved' , 'spam' ) ) ) {
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " approve-comment_ $id " );
2006-03-29 03:51:55 +02:00
if ( wp_set_comment_status ( $comment -> comment_ID , 'approve' ) )
die ( '1' );
} else {
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " unapprove-comment_ $id " );
2006-03-29 03:51:55 +02:00
if ( wp_set_comment_status ( $comment -> comment_ID , 'hold' ) )
die ( '1' );
}
die ( '0' );
break ;
case 'add-category' : // On the Fly
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
$names = explode ( ',' , $_POST [ 'newcat' ]);
2008-01-10 10:39:35 +01:00
if ( 0 > $parent = ( int ) $_POST [ 'newcat_parent' ] )
$parent = 0 ;
2008-02-22 18:43:56 +01:00
$post_category = isset ( $_POST [ 'post_category' ]) ? ( array ) $_POST [ 'post_category' ] : array ();
$checked_categories = array_map ( 'absint' , ( array ) $post_category );
2008-05-19 23:35:18 +02:00
$popular_ids = isset ( $_POST [ 'popular_ids' ] ) ?
array_map ( 'absint' , explode ( ',' , $_POST [ 'popular_ids' ] ) ) :
false ;
2008-01-10 10:39:35 +01:00
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ();
2006-03-29 03:51:55 +02:00
foreach ( $names as $cat_name ) {
$cat_name = trim ( $cat_name );
2007-11-01 07:23:16 +01:00
$category_nicename = sanitize_title ( $cat_name );
if ( '' === $category_nicename )
continue ;
2008-01-10 10:39:35 +01:00
$cat_id = wp_create_category ( $cat_name , $parent );
$checked_categories [] = $cat_id ;
if ( $parent ) // Do these all at once in a second
continue ;
$category = get_category ( $cat_id );
ob_start ();
2008-05-19 23:35:18 +02:00
wp_category_checklist ( 0 , $cat_id , $checked_categories , $popular_ids );
2008-01-10 10:39:35 +01:00
$data = ob_get_contents ();
ob_end_clean ();
2006-09-13 23:39:53 +02:00
$x -> add ( array (
'what' => 'category' ,
'id' => $cat_id ,
2008-01-10 10:39:35 +01:00
'data' => $data ,
'position' => - 1
) );
}
if ( $parent ) { // Foncy - replace the parent and all its children
$parent = get_category ( $parent );
ob_start ();
dropdown_categories ( 0 , $parent );
$data = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'category' ,
'id' => $parent -> term_id ,
'old_id' => $parent -> term_id ,
'data' => $data ,
2007-10-10 00:49:42 +02:00
'position' => - 1
2006-09-13 23:39:53 +02:00
) );
2008-01-10 10:39:35 +01:00
2006-03-29 03:51:55 +02:00
}
2006-09-13 23:39:53 +02:00
$x -> send ();
2006-03-29 03:51:55 +02:00
break ;
2007-06-02 04:53:09 +02:00
case 'add-link-category' : // On the Fly
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2007-06-02 04:53:09 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
$names = explode ( ',' , $_POST [ 'newcat' ]);
$x = new WP_Ajax_Response ();
foreach ( $names as $cat_name ) {
$cat_name = trim ( $cat_name );
2007-11-01 07:23:16 +01:00
$slug = sanitize_title ( $cat_name );
if ( '' === $slug )
continue ;
2007-06-05 07:08:27 +02:00
if ( ! $cat_id = is_term ( $cat_name , 'link_category' ) ) {
2007-06-02 04:53:09 +02:00
$cat_id = wp_insert_term ( $cat_name , 'link_category' );
}
2007-10-10 00:49:42 +02:00
$cat_id = $cat_id [ 'term_id' ];
2007-06-02 04:53:09 +02:00
$cat_name = wp_specialchars ( stripslashes ( $cat_name ));
$x -> add ( array (
'what' => 'link-category' ,
'id' => $cat_id ,
2007-10-10 00:49:42 +02:00
'data' => " <li id='link-category- $cat_id '><label for='in-link-category- $cat_id ' class='selectit'><input value=' $cat_id ' type='checkbox' checked='checked' name='link_category[]' id='in-link-category- $cat_id '/> $cat_name </label></li> " ,
'position' => - 1
2007-06-02 04:53:09 +02:00
) );
}
$x -> send ();
break ;
2006-03-29 03:51:55 +02:00
case 'add-cat' : // From Manage->Categories
2007-10-10 00:49:42 +02:00
check_ajax_referer ( 'add-category' );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
2006-11-19 08:56:05 +01:00
die ( '-1' );
2007-11-01 07:23:16 +01:00
if ( '' === trim ( $_POST [ 'cat_name' ]) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
'id' => new WP_Error ( 'cat_name' , __ ( 'You did not enter a category name.' ) )
) );
$x -> send ();
}
2008-03-16 21:37:02 +01:00
if ( category_exists ( trim ( $_POST [ 'cat_name' ] ) ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
'id' => new WP_Error ( 'cat_exists' , __ ( 'The category you are trying to create already exists.' ), array ( 'form-field' => 'cat_name' ) ),
) );
$x -> send ();
}
2008-08-09 07:36:14 +02:00
2007-11-12 20:12:49 +01:00
$cat = wp_insert_category ( $_POST , true );
if ( is_wp_error ( $cat ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
'id' => $cat
) );
$x -> send ();
}
if ( ! $cat || ( ! $cat = get_category ( $cat )) )
2006-03-29 03:51:55 +02:00
die ( '0' );
2007-11-12 20:12:49 +01:00
2006-07-25 08:36:10 +02:00
$level = 0 ;
2007-10-10 00:49:42 +02:00
$cat_full_name = $cat -> name ;
2006-03-29 03:51:55 +02:00
$_cat = $cat ;
2007-10-10 00:49:42 +02:00
while ( $_cat -> parent ) {
$_cat = get_category ( $_cat -> parent );
$cat_full_name = $_cat -> name . ' — ' . $cat_full_name ;
2006-07-25 08:36:10 +02:00
$level ++ ;
2006-03-29 03:51:55 +02:00
}
2006-12-21 11:45:58 +01:00
$cat_full_name = attribute_escape ( $cat_full_name );
2006-03-29 03:51:55 +02:00
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
2007-10-10 00:49:42 +02:00
'id' => $cat -> term_id ,
2006-09-13 23:39:53 +02:00
'data' => _cat_row ( $cat , $level , $cat_full_name ),
2007-10-10 00:49:42 +02:00
'supplemental' => array ( 'name' => $cat_full_name , 'show-link' => sprintf ( __ ( 'Category <a href="#%s">%s</a> added' ), " cat- $cat->term_id " , $cat_full_name ))
2006-09-13 23:39:53 +02:00
) );
$x -> send ();
2006-03-29 03:51:55 +02:00
break ;
2007-10-31 04:53:32 +01:00
case 'add-link-cat' : // From Blogroll -> Categories
check_ajax_referer ( 'add-link-category' );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2007-11-01 07:23:16 +01:00
if ( '' === trim ( $_POST [ 'name' ]) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'link-cat' ,
'id' => new WP_Error ( 'name' , __ ( 'You did not enter a category name.' ) )
) );
$x -> send ();
}
2007-10-31 04:53:32 +01:00
$r = wp_insert_term ( $_POST [ 'name' ], 'link_category' , $_POST );
if ( is_wp_error ( $r ) ) {
$x = new WP_AJAX_Response ( array (
'what' => 'link-cat' ,
'id' => $r
) );
$x -> send ();
}
extract ( $r , EXTR_SKIP );
if ( ! $link_cat = link_cat_row ( $term_id ) )
die ( '0' );
2008-02-05 07:47:27 +01:00
2007-10-31 04:53:32 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'link-cat' ,
'id' => $term_id ,
'data' => $link_cat
) );
$x -> send ();
break ;
2008-01-25 20:29:01 +01:00
case 'add-tag' : // From Manage->Tags
check_ajax_referer ( 'add-tag' );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
if ( '' === trim ( $_POST [ 'name' ]) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'tag' ,
'id' => new WP_Error ( 'name' , __ ( 'You did not enter a tag name.' ) )
) );
$x -> send ();
}
$tag = wp_insert_term ( $_POST [ 'name' ], 'post_tag' , $_POST );
if ( is_wp_error ( $tag ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'tag' ,
'id' => $tag
) );
$x -> send ();
}
if ( ! $tag || ( ! $tag = get_term ( $tag [ 'term_id' ], 'post_tag' )) )
die ( '0' );
$tag_full_name = $tag -> name ;
$tag_full_name = attribute_escape ( $tag_full_name );
$x = new WP_Ajax_Response ( array (
'what' => 'tag' ,
'id' => $tag -> term_id ,
'data' => _tag_row ( $tag ),
'supplemental' => array ( 'name' => $tag_full_name , 'show-link' => sprintf ( __ ( 'Tag <a href="#%s">%s</a> added' ), " tag- $tag->term_id " , $tag_full_name ))
) );
$x -> send ();
break ;
2007-03-27 23:20:16 +02:00
case 'add-comment' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2007-03-27 23:20:16 +02:00
if ( ! current_user_can ( 'edit_post' , $id ) )
die ( '-1' );
$search = isset ( $_POST [ 's' ]) ? $_POST [ 's' ] : false ;
2007-10-10 00:49:42 +02:00
$start = isset ( $_POST [ 'page' ]) ? intval ( $_POST [ 'page' ]) * 25 - 1 : 24 ;
2008-02-28 07:50:25 +01:00
$status = isset ( $_POST [ 'comment_status' ]) ? $_POST [ 'comment_status' ] : false ;
$mode = isset ( $_POST [ 'mode' ]) ? $_POST [ 'mode' ] : 'detail' ;
2007-03-27 23:20:16 +02:00
2008-02-28 07:50:25 +01:00
list ( $comments , $total ) = _wp_get_comment_list ( $status , $search , $start , 1 );
2007-03-27 23:20:16 +02:00
2008-07-30 00:14:53 +02:00
if ( get_option ( 'show_avatars' ) )
add_filter ( 'comment_author' , 'floated_admin_avatar' );
2007-03-27 23:20:16 +02:00
if ( ! $comments )
die ( '1' );
$x = new WP_Ajax_Response ();
foreach ( ( array ) $comments as $comment ) {
get_comment ( $comment );
ob_start ();
2008-07-30 00:14:53 +02:00
_wp_comment_row ( $comment -> comment_ID , $mode , $status );
2007-03-27 23:20:16 +02:00
$comment_list_item = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'comment' ,
'id' => $comment -> comment_ID ,
'data' => $comment_list_item
) );
}
2008-08-24 08:56:22 +02:00
$x -> send ();
break ;
case 'replyto-comment' :
check_ajax_referer ( $action );
$comment_post_ID = ( int ) $_POST [ 'comment_post_ID' ];
if ( ! current_user_can ( 'edit_post' , $comment_post_ID ) )
die ( '-1' );
$status = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT post_status FROM $wpdb->posts WHERE ID = %d " , $comment_post_ID ) );
if ( empty ( $status ) )
die ( '1' );
elseif ( in_array ( $status -> post_status , array ( 'draft' , 'pending' ) ) )
die ( __ ( 'Error: you are replying to comment on a draft post.' ) );
$user = wp_get_current_user ();
if ( $user -> ID ) {
$comment_author = $wpdb -> escape ( $user -> display_name );
$comment_author_email = $wpdb -> escape ( $user -> user_email );
$comment_author_url = $wpdb -> escape ( $user -> user_url );
$comment_content = trim ( $_POST [ 'comment' ]);
if ( current_user_can ( 'unfiltered_html' ) ) {
if ( wp_create_nonce ( 'unfiltered-html-comment_' . $comment_post_ID ) != $_POST [ '_wp_unfiltered_html_comment' ] ) {
kses_remove_filters (); // start with a clean slate
kses_init_filters (); // set up the filters
}
}
} else {
die ( __ ( 'Sorry, you must be logged in to reply to a comment.' ) );
}
if ( '' == $comment_content )
die ( __ ( 'Error: please type a comment.' ) );
$comment_parent = absint ( $_POST [ 'comment_ID' ]);
$commentdata = compact ( 'comment_post_ID' , 'comment_author' , 'comment_author_email' , 'comment_author_url' , 'comment_content' , 'comment_type' , 'comment_parent' , 'user_ID' );
$comment_id = wp_new_comment ( $commentdata );
$comment = get_comment ( $comment_id );
if ( ! $comment ) die ( '1' );
$mode = ( isset ( $_POST [ 'mode' ]) && 'single' == $_POST [ 'mode' ] ) ? 'single' : 'detail' ;
$position = ( isset ( $_POST [ 'position' ]) && ( int ) $_POST [ 'position' ]) ? ( int ) $_POST [ 'position' ] : '-1' ;
$checkbox = ( isset ( $_POST [ 'checkbox' ]) && true == $_POST [ 'checkbox' ] ) ? 1 : 0 ;
if ( get_option ( 'show_avatars' ) && 'single' != $mode )
add_filter ( 'comment_author' , 'floated_admin_avatar' );
$x = new WP_Ajax_Response ();
ob_start ();
_wp_comment_row ( $comment -> comment_ID , $mode , false , $checkbox );
$comment_list_item = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'comment' ,
'id' => $comment -> comment_ID ,
'data' => $comment_list_item ,
'position' => $position
));
2007-03-27 23:20:16 +02:00
$x -> send ();
break ;
2006-03-29 03:51:55 +02:00
case 'add-meta' :
2008-03-22 09:15:48 +01:00
check_ajax_referer ( 'add-meta' );
2007-10-10 00:49:42 +02:00
$c = 0 ;
$pid = ( int ) $_POST [ 'post_id' ];
2008-03-25 02:42:38 +01:00
if ( isset ( $_POST [ 'metakeyselect' ]) || isset ( $_POST [ 'metakeyinput' ]) ) {
2007-10-10 00:49:42 +02:00
if ( ! current_user_can ( 'edit_post' , $pid ) )
die ( '-1' );
2007-11-01 07:23:16 +01:00
if ( '#NONE#' == $_POST [ 'metakeyselect' ] && empty ( $_POST [ 'metakeyinput' ]) )
die ( '1' );
2007-10-10 00:49:42 +02:00
if ( $pid < 0 ) {
$now = current_time ( 'timestamp' , 1 );
if ( $pid = wp_insert_post ( array (
'post_title' => sprintf ( 'Draft created on %s at %s' , date ( get_option ( 'date_format' ), $now ), date ( get_option ( 'time_format' ), $now ))
) ) ) {
if ( is_wp_error ( $pid ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'meta' ,
'data' => $pid
) );
$x -> send ();
}
$mid = add_meta ( $pid );
} else {
die ( '0' );
}
} else if ( ! $mid = add_meta ( $pid ) ) {
2006-03-29 03:51:55 +02:00
die ( '0' );
2007-10-10 00:49:42 +02:00
}
2006-09-02 19:03:57 +02:00
2007-10-10 00:49:42 +02:00
$meta = get_post_meta_by_id ( $mid );
$pid = ( int ) $meta -> post_id ;
$meta = get_object_vars ( $meta );
$x = new WP_Ajax_Response ( array (
'what' => 'meta' ,
'id' => $mid ,
'data' => _list_meta_row ( $meta , $c ),
'position' => 1 ,
'supplemental' => array ( 'postid' => $pid )
) );
} else {
$mid = ( int ) array_pop ( array_keys ( $_POST [ 'meta' ]));
$key = $_POST [ 'meta' ][ $mid ][ 'key' ];
$value = $_POST [ 'meta' ][ $mid ][ 'value' ];
if ( ! $meta = get_post_meta_by_id ( $mid ) )
die ( '0' ); // if meta doesn't exist
if ( ! current_user_can ( 'edit_post' , $meta -> post_id ) )
die ( '-1' );
if ( ! $u = update_meta ( $mid , $key , $value ) )
die ( '1' ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
2006-03-29 03:51:55 +02:00
$key = stripslashes ( $key );
$value = stripslashes ( $value );
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ( array (
'what' => 'meta' ,
2007-10-10 00:49:42 +02:00
'id' => $mid , 'old_id' => $mid ,
'data' => _list_meta_row ( array (
'meta_key' => $key ,
'meta_value' => $value ,
'meta_id' => $mid
), $c ),
'position' => 0 ,
2006-09-13 23:39:53 +02:00
'supplemental' => array ( 'postid' => $meta -> post_id )
) );
2006-03-29 03:51:55 +02:00
}
2007-10-10 00:49:42 +02:00
$x -> send ();
2006-03-29 03:51:55 +02:00
break ;
2006-04-02 02:31:26 +02:00
case 'add-user' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2008-04-14 18:57:29 +02:00
if ( ! current_user_can ( 'create_users' ) )
2006-04-02 02:31:26 +02:00
die ( '-1' );
2006-06-11 19:55:18 +02:00
require_once ( ABSPATH . WPINC . '/registration.php' );
2007-03-23 03:05:29 +01:00
if ( ! $user_id = add_user () )
2006-04-02 02:31:26 +02:00
die ( '0' );
2006-09-13 23:39:53 +02:00
elseif ( is_wp_error ( $user_id ) ) {
2007-11-01 07:23:16 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'user' ,
'id' => $user_id
) );
$x -> send ();
2006-04-02 02:31:26 +02:00
}
2006-12-02 00:00:04 +01:00
$user_object = new WP_User ( $user_id );
2007-10-10 00:49:42 +02:00
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ( array (
'what' => 'user' ,
'id' => $user_id ,
2008-01-07 21:38:49 +01:00
'data' => user_row ( $user_object , '' , $user_object -> roles [ 0 ] ),
2007-10-10 00:49:42 +02:00
'supplemental' => array (
'show-link' => sprintf ( __ ( 'User <a href="#%s">%s</a> added' ), " user- $user_id " , $user_object -> user_login ),
'role' => $user_object -> roles [ 0 ]
)
2006-09-13 23:39:53 +02:00
) );
$x -> send ();
2006-04-02 02:31:26 +02:00
break ;
2007-01-18 04:32:54 +01:00
case 'autosave' : // The name of this action is hardcoded in edit_post()
2008-04-19 01:38:21 +02:00
define ( 'DOING_AUTOSAVE' , true );
2008-05-08 19:25:07 +02:00
$nonce_age = check_ajax_referer ( 'autosave' , 'autosavenonce' );
2008-02-29 10:51:36 +01:00
global $current_user ;
2006-08-11 05:54:45 +02:00
$_POST [ 'post_category' ] = explode ( " , " , $_POST [ 'catslist' ]);
2007-12-11 21:30:22 +01:00
$_POST [ 'tags_input' ] = explode ( " , " , $_POST [ 'tags_input' ]);
2006-08-11 05:54:45 +02:00
if ( $_POST [ 'post_type' ] == 'page' || empty ( $_POST [ 'post_category' ]))
2007-02-27 16:24:54 +01:00
unset ( $_POST [ 'post_category' ]);
2008-02-29 10:51:36 +01:00
$do_autosave = ( bool ) $_POST [ 'autosave' ];
$do_lock = true ;
2008-03-03 21:58:06 +01:00
$data = '' ;
2008-03-03 22:15:34 +01:00
$message = sprintf ( __ ( 'Draft Saved at %s.' ), date ( __ ( 'g:i:s a' ), current_time ( 'timestamp' , true ) ) );
2008-02-29 10:51:36 +01:00
$supplemental = array ();
2008-05-08 19:25:07 +02:00
$id = $revision_id = 0 ;
2006-08-11 05:54:45 +02:00
if ( $_POST [ 'post_ID' ] < 0 ) {
2008-05-08 19:25:07 +02:00
$_POST [ 'post_status' ] = 'draft' ;
2006-08-11 05:54:45 +02:00
$_POST [ 'temp_ID' ] = $_POST [ 'post_ID' ];
2008-03-03 21:58:06 +01:00
if ( $do_autosave ) {
2008-02-29 10:51:36 +01:00
$id = wp_write_post ();
2008-03-03 21:58:06 +01:00
$data = $message ;
}
2006-08-11 05:54:45 +02:00
} else {
$post_ID = ( int ) $_POST [ 'post_ID' ];
$_POST [ 'ID' ] = $post_ID ;
$post = get_post ( $post_ID );
2008-02-29 10:51:36 +01:00
if ( $last = wp_check_post_lock ( $post -> ID ) ) {
$do_autosave = $do_lock = false ;
$last_user = get_userdata ( $last );
$last_user_name = $last_user ? $last_user -> display_name : __ ( 'Someone' );
$data = new WP_Error ( 'locked' , sprintf (
$_POST [ 'post_type' ] == 'page' ? __ ( 'Autosave disabled: %s is currently editing this page.' ) : __ ( 'Autosave disabled: %s is currently editing this post.' ),
wp_specialchars ( $last_user_name )
) );
$supplemental [ 'disable_autosave' ] = 'disable' ;
}
2006-08-11 05:54:45 +02:00
if ( 'page' == $post -> post_type ) {
if ( ! current_user_can ( 'edit_page' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this page.' ));
} else {
if ( ! current_user_can ( 'edit_post' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this post.' ));
}
2008-05-08 19:25:07 +02:00
2008-03-03 21:58:06 +01:00
if ( $do_autosave ) {
2008-05-08 19:25:07 +02:00
// Drafts are just overwritten by autosave
if ( 'draft' == $post -> post_status ) {
$id = edit_post ();
} else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
2008-05-30 00:21:36 +02:00
$revision_id = wp_create_post_autosave ( $post -> ID );
2008-05-08 19:25:07 +02:00
if ( is_wp_error ( $revision_id ) )
$id = $revision_id ;
else
$id = $post -> ID ;
}
2008-03-03 21:58:06 +01:00
$data = $message ;
} else {
2008-02-29 10:51:36 +01:00
$id = $post -> ID ;
2008-03-03 21:58:06 +01:00
}
2006-08-11 05:54:45 +02:00
}
2008-02-29 10:51:36 +01:00
if ( $do_lock && $id && is_numeric ( $id ) )
wp_set_post_lock ( $id );
2008-03-18 05:59:54 +01:00
if ( $nonce_age == 2 ) {
2008-03-18 03:43:20 +01:00
$supplemental [ 'replace-autosavenonce' ] = wp_create_nonce ( 'autosave' );
2008-03-18 05:59:54 +01:00
$supplemental [ 'replace-getpermalinknonce' ] = wp_create_nonce ( 'getpermalink' );
$supplemental [ 'replace-samplepermalinknonce' ] = wp_create_nonce ( 'samplepermalink' );
$supplemental [ 'replace-closedpostboxesnonce' ] = wp_create_nonce ( 'closedpostboxes' );
if ( $id ) {
if ( $_POST [ 'post_type' ] == 'post' )
$supplemental [ 'replace-_wpnonce' ] = wp_create_nonce ( 'update-post_' . $id );
elseif ( $_POST [ 'post_type' ] == 'page' )
$supplemental [ 'replace-_wpnonce' ] = wp_create_nonce ( 'update-page_' . $id );
}
}
2008-03-18 03:43:20 +01:00
2008-02-29 10:51:36 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'autosave' ,
'id' => $id ,
'data' => $id ? $data : '' ,
'supplemental' => $supplemental
) );
$x -> send ();
break ;
2006-08-11 20:50:28 +02:00
case 'autosave-generate-nonces' :
2008-02-06 22:19:47 +01:00
check_ajax_referer ( 'autosave' , 'autosavenonce' );
2006-08-11 20:50:28 +02:00
$ID = ( int ) $_POST [ 'post_ID' ];
if ( $_POST [ 'post_type' ] == 'post' ) {
if ( current_user_can ( 'edit_post' , $ID ))
die ( wp_create_nonce ( 'update-post_' . $ID ));
}
if ( $_POST [ 'post_type' ] == 'page' ) {
if ( current_user_can ( 'edit_page' , $ID )) {
die ( wp_create_nonce ( 'update-page_' . $ID ));
}
}
2007-08-23 17:53:25 +02:00
die ( '0' );
2006-08-11 20:50:28 +02:00
break ;
2008-01-09 18:46:13 +01:00
case 'closed-postboxes' :
2008-02-08 20:57:50 +01:00
check_ajax_referer ( 'closedpostboxes' , 'closedpostboxesnonce' );
$closed = isset ( $_POST [ 'closed' ] ) ? $_POST [ 'closed' ] : '' ;
$closed = explode ( ',' , $_POST [ 'closed' ] );
2008-08-22 20:58:42 +02:00
$hidden = isset ( $_POST [ 'hidden' ] ) ? $_POST [ 'hidden' ] : '' ;
$hidden = explode ( ',' , $_POST [ 'hidden' ] );
2008-02-08 20:57:50 +01:00
$page = isset ( $_POST [ 'page' ] ) ? $_POST [ 'page' ] : '' ;
if ( ! preg_match ( '/^[a-z-]+$/' , $page ) ) {
die ( - 1 );
}
2008-01-09 18:46:13 +01:00
$current_user = wp_get_current_user ();
2008-08-22 20:58:42 +02:00
if ( is_array ( $closed ) )
update_usermeta ( $current_user -> ID , 'closedpostboxes_' . $page , $closed );
if ( is_array ( $hidden ) )
update_usermeta ( $current_user -> ID , 'meta-box-hidden_' . $page , $hidden );
2008-01-09 18:46:13 +01:00
break ;
2008-09-11 03:46:30 +02:00
case 'hidden-columns' :
check_ajax_referer ( 'hiddencolumns' , 'hiddencolumnsnonce' );
$hidden = isset ( $_POST [ 'hidden' ] ) ? $_POST [ 'hidden' ] : '' ;
$hidden = explode ( ',' , $_POST [ 'hidden' ] );
$page = isset ( $_POST [ 'page' ] ) ? $_POST [ 'page' ] : '' ;
if ( ! preg_match ( '/^[a-z-]+$/' , $page ) ) {
die ( - 1 );
}
$current_user = wp_get_current_user ();
if ( is_array ( $hidden ) )
update_usermeta ( $current_user -> ID , " manage- $page -columns-hidden " , $hidden );
2008-09-21 21:45:45 +02:00
break ;
2008-02-21 07:19:46 +01:00
case 'get-permalink' :
check_ajax_referer ( 'getpermalink' , 'getpermalinknonce' );
$post_id = isset ( $_POST [ 'post_id' ]) ? intval ( $_POST [ 'post_id' ]) : 0 ;
2008-02-21 18:08:06 +01:00
die ( add_query_arg ( array ( 'preview' => 'true' ), get_permalink ( $post_id )));
2008-02-21 07:19:46 +01:00
break ;
2008-01-17 17:51:32 +01:00
case 'sample-permalink' :
2008-02-11 18:40:16 +01:00
check_ajax_referer ( 'samplepermalink' , 'samplepermalinknonce' );
2008-01-17 17:51:32 +01:00
$post_id = isset ( $_POST [ 'post_id' ]) ? intval ( $_POST [ 'post_id' ]) : 0 ;
2008-03-05 23:09:28 +01:00
$title = isset ( $_POST [ 'new_title' ]) ? $_POST [ 'new_title' ] : '' ;
$slug = isset ( $_POST [ 'new_slug' ]) ? $_POST [ 'new_slug' ] : '' ;
die ( get_sample_permalink_html ( $post_id , $title , $slug ));
2008-01-17 17:51:32 +01:00
break ;
2008-09-11 00:47:03 +02:00
case 'inline-save' :
2008-09-21 21:45:45 +02:00
check_ajax_referer ( 'inlineeditnonce' , '_inline_edit' );
2008-09-17 13:32:33 +02:00
2008-09-25 15:42:34 +02:00
if ( ! isset ( $_POST [ 'post_ID' ]) || ! ( $id = ( int ) $_POST [ 'post_ID' ] ) )
2008-09-17 13:32:33 +02:00
exit ;
2008-09-25 15:42:34 +02:00
if ( $last = wp_check_post_lock ( $id ) ) {
$last_user = get_userdata ( $last );
$last_user_name = $last_user ? $last_user -> display_name : __ ( 'Someone' );
echo '<tr><td colspan="8"><div class="error"><p>' . sprintf ( $_POST [ 'post_type' ] == 'page' ? __ ( 'Saving is disabled: %s is currently editing this page.' ) : __ ( 'Saving is disabled: %s is currently editing this post.' ), wp_specialchars ( $last_user_name ) ) . '</p></div></td></tr>' ;
exit ;
}
2008-09-17 13:32:33 +02:00
2008-09-11 00:47:03 +02:00
inline_save_row ( $_POST );
2008-09-17 13:32:33 +02:00
$post = array ();
2008-09-11 00:47:03 +02:00
if ( 'page' == $_POST [ 'post_type' ] ) {
$post [] = get_post ( $_POST [ 'post_ID' ]);
2008-09-17 13:32:33 +02:00
page_rows ( $post );
2008-09-11 00:47:03 +02:00
} elseif ( 'post' == $_POST [ 'post_type' ] ) {
$mode = $_POST [ 'post_view' ];
$post [] = get_post ( $_POST [ 'post_ID' ]);
post_rows ( $post );
}
die ();
2008-09-21 21:45:45 +02:00
break ;
2008-08-20 23:42:31 +02:00
case 'meta-box-order' :
check_ajax_referer ( 'meta-box-order' );
update_user_option ( $GLOBALS [ 'current_user' ] -> ID , " meta-box-order_ $_POST[page] " , $_POST [ 'order' ] );
die ( '1' );
2008-09-16 06:24:28 +02:00
break ;
case 'find_posts' :
check_ajax_referer ( 'find-posts' );
if ( empty ( $_POST [ 'ps' ]) )
exit ;
$what = isset ( $_POST [ 'pages' ]) ? 'page' : 'post' ;
$s = stripslashes ( $_POST [ 'ps' ]);
preg_match_all ( '/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/' , $s , $matches );
$search_terms = array_map ( create_function ( '$a' , 'return trim($a, "\\"\'\\n\\r ");' ), $matches [ 0 ]);
$searchand = $search = '' ;
foreach ( ( array ) $search_terms as $term ) {
$term = addslashes_gpc ( $term );
$search .= " { $searchand } (( $wpdb->posts .post_title LIKE '% { $term } %') OR ( $wpdb->posts .post_content LIKE '% { $term } %')) " ;
$searchand = ' AND ' ;
}
$term = $wpdb -> escape ( $s );
if ( count ( $search_terms ) > 1 && $search_terms [ 0 ] != $s )
$search .= " OR ( $wpdb->posts .post_title LIKE '% { $term } %') OR ( $wpdb->posts .post_content LIKE '% { $term } %') " ;
$posts = $wpdb -> get_results ( " SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = ' $what ' AND $search ORDER BY post_date_gmt DESC LIMIT 50 " );
if ( ! $posts )
exit ( __ ( 'No posts found.' ) );
$html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>' . __ ( 'Title' ) . '</th><th>' . __ ( 'Time' ) . '</th><th>' . __ ( 'Status' ) . '</th></tr></thead><tbody>' ;
foreach ( $posts as $post ) {
switch ( $post -> post_status ) {
case 'publish' :
case 'private' :
$stat = __ ( 'Published' );
break ;
case 'future' :
$stat = __ ( 'Scheduled' );
break ;
case 'pending' :
$stat = __ ( 'Pending Review' );
break ;
case 'draft' :
$stat = __ ( 'Unpublished' );
break ;
}
if ( '0000-00-00 00:00:00' == $post -> post_date ) {
$time = '' ;
} else {
$time = mysql2date ( __ ( 'Y/m/d' ), $post -> post_date );
}
$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-' . $post -> ID . '" name="found_post_id" value="' . $post -> ID . '"></td>' ;
$html .= '<td><label for="found-' . $post -> ID . '">' . wp_specialchars ( $post -> post_title , true ) . '</label></td><td>' . wp_specialchars ( $time , true ) . '</td><td>' . wp_specialchars ( $stat , true ) . '</td></tr>' . " \n \n " ;
}
$html .= '</tbody></table>' ;
$x = new WP_Ajax_Response ();
$x -> add ( array (
'what' => $what ,
'data' => $html
));
$x -> send ();
2008-08-20 23:42:31 +02:00
break ;
2006-03-29 03:51:55 +02:00
default :
2006-07-25 21:01:52 +02:00
do_action ( 'wp_ajax_' . $_POST [ 'action' ] );
2006-03-29 03:51:55 +02:00
die ( '0' );
break ;
endswitch ;
2008-08-11 22:26:31 +02:00
?>