31) ? 31 : $jj; $hh = ($hh > 23) ? $hh -24 : $hh; $mn = ($mn > 59) ? $mn -60 : $mn; $ss = ($ss > 59) ? $ss -60 : $ss; $_POST['post_date'] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss); $_POST['post_date_gmt'] = get_gmt_from_date($_POST['post_date']); } // Create the post. $post_ID = wp_insert_post($_POST); add_meta($post_ID); // Reunite any orphaned attachments with their parent if ( $_POST['temp_ID'] ) relocate_children($_POST['temp_ID'], $post_ID); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links($post_ID); return $post_ID; } // Move child posts to a new parent function relocate_children($old_ID, $new_ID) { global $wpdb; $old_ID = (int) $old_ID; $new_ID = (int) $new_ID; return $wpdb->query("UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID"); } // Replace hrefs of attachment anchors with up-to-date permalinks. function fix_attachment_links($post_ID) { global $wp_rewrite; $post = & get_post($post_ID, ARRAY_A); $search = "#]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; // See if we have any rel="attachment" links if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) ) return; $i = 0; $search = "# id=(\"|')p(\d+)\\1#i"; foreach ( $anchor_matches[0] as $anchor ) { if ( 0 == preg_match($search, $anchor, $id_matches) ) continue; $id = $id_matches[2]; // While we have the attachment ID, let's adopt any orphans. $attachment = & get_post($id, ARRAY_A); if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) { $attachment['post_parent'] = $post_ID; // Escape data pulled from DB. $attachment = add_magic_quotes($attachment); wp_update_post($attachment); } $post_search[$i] = $anchor; $post_replace[$i] = preg_replace("#href=(\"|')[^'\"]*\\1#e", "stripslashes('href=\\1').get_attachment_link($id).stripslashes('\\1')", $anchor); ++$i; } $post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']); // Escape data pulled from DB. $post = add_magic_quotes($post); return wp_update_post($post); } // Update an existing post with values provided in $_POST. function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can('edit_page', $post_ID) ) die(__('You are not allowed to edit this page.')); } else { if ( !current_user_can('edit_post', $post_ID) ) die(__('You are not allowed to edit this post.')); } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ($_POST['post_author_override'])) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else if (!empty ($_POST['post_author'])) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } if ($_POST['post_author'] != $_POST['user_ID']) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can('edit_others_pages') ) die(__('You cannot edit pages as this user.')); } else { if ( !current_user_can('edit_others_posts') ) die(__('You cannot edit posts as this user.')); } } // What to do based on which button they pressed if ('' != $_POST['saveasdraft']) $_POST['post_status'] = 'draft'; if ('' != $_POST['saveasprivate']) $_POST['post_status'] = 'private'; if ('' != $_POST['publish']) $_POST['post_status'] = 'publish'; if ('' != $_POST['advanced']) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages')) $_POST['post_status'] = 'draft'; } else { if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts')) $_POST['post_status'] = 'draft'; } if (!isset ($_POST['comment_status'])) $_POST['comment_status'] = 'closed'; if (!isset ($_POST['ping_status'])) $_POST['ping_status'] = 'closed'; if (!empty ($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = ($jj > 31) ? 31 : $jj; $hh = ($hh > 23) ? $hh -24 : $hh; $mn = ($mn > 59) ? $mn -60 : $mn; $ss = ($ss > 59) ? $ss -60 : $ss; $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; $_POST['post_date_gmt'] = get_gmt_from_date("$aa-$mm-$jj $hh:$mn:$ss"); } // Meta Stuff if ($_POST['meta']) { foreach ($_POST['meta'] as $key => $value) update_meta($key, $value['key'], $value['value']); } if ($_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) delete_meta($key); } add_meta($post_ID); wp_update_post($_POST); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links($post_ID); return $post_ID; } function edit_comment() { global $user_ID; $comment_ID = (int) $_POST['comment_ID']; $comment_post_ID = (int) $_POST['comment_post_ID']; if (!current_user_can('edit_post', $comment_post_ID)) die(__('You are not allowed to edit comments on this post, so you cannot edit this comment.')); $_POST['comment_author'] = $_POST['newcomment_author']; $_POST['comment_author_email'] = $_POST['newcomment_author_email']; $_POST['comment_author_url'] = $_POST['newcomment_author_url']; $_POST['comment_approved'] = $_POST['comment_status']; $_POST['comment_content'] = $_POST['content']; $_POST['comment_ID'] = (int) $_POST['comment_ID']; if (!empty ($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = ($jj > 31) ? 31 : $jj; $hh = ($hh > 23) ? $hh -24 : $hh; $mn = ($mn > 59) ? $mn -60 : $mn; $ss = ($ss > 59) ? $ss -60 : $ss; $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; } wp_update_comment($_POST); } // Get an existing post and format it for editing. function get_post_to_edit($id) { global $richedit; $richedit = ( 'true' == get_user_option('rich_editing') ) ? true : false; $post = get_post($id); $post->post_content = format_to_edit($post->post_content, $richedit); $post->post_content = apply_filters('content_edit_pre', $post->post_content); $post->post_excerpt = format_to_edit($post->post_excerpt); $post->post_excerpt = apply_filters('excerpt_edit_pre', $post->post_excerpt); $post->post_title = format_to_edit($post->post_title); $post->post_title = apply_filters('title_edit_pre', $post->post_title); if ($post->post_type == 'page') $post->page_template = get_post_meta($id, '_wp_page_template', true); return $post; } // Default post information to use when populating the "Write Post" form. function get_default_post_to_edit() { if ( !empty($_REQUEST['post_title']) ) $post_title = wp_specialchars(stripslashes($_REQUEST['post_title'])); else if ( !empty($_REQUEST['popuptitle']) ) { $post_title = wp_specialchars(stripslashes($_REQUEST['popuptitle'])); $post_title = funky_javascript_fix($post_title); } else { $post_title = ''; } if ( !empty($_REQUEST['content']) ) $post_content = wp_specialchars(stripslashes($_REQUEST['content'])); else if ( !empty($post_title) ) { $text = wp_specialchars(stripslashes(urldecode($_REQUEST['text']))); $text = funky_javascript_fix($text); $popupurl = wp_specialchars($_REQUEST['popupurl']); $post_content = ''.$post_title.''."\n$text"; } if ( !empty($_REQUEST['excerpt']) ) $post_excerpt = wp_specialchars(stripslashes($_REQUEST['excerpt'])); else $post_excerpt = ''; $post->post_status = 'draft'; $post->comment_status = get_settings('default_comment_status'); $post->ping_status = get_settings('default_ping_status'); $post->post_pingback = get_settings('default_pingback_flag'); $post->post_category = get_settings('default_category'); $post->post_content = apply_filters('default_content', $post_content); $post->post_title = apply_filters('default_title', $post_title); $post->post_excerpt = apply_filters('default_excerpt', $post_excerpt); $post->page_template = 'default'; $post->post_parent = 0; $post->menu_order = 0; return $post; } function get_comment_to_edit($id) { global $richedit; $richedit = ( 'true' == get_user_option('rich_editing') ) ? true : false; $comment = get_comment($id); $comment->comment_content = format_to_edit($comment->comment_content, $richedit); $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content); $comment->comment_author = format_to_edit($comment->comment_author); $comment->comment_author_email = format_to_edit($comment->comment_author_email); $comment->comment_author_url = format_to_edit($comment->comment_author_url); return $comment; } function get_category_to_edit($id) { $category = get_category($id); return $category; } // Creates a new user from the "Users" form using $_POST information. function add_user() { return edit_user(); } function edit_user($user_id = 0) { global $current_user, $wp_roles, $wpdb; if ($user_id != 0) { $update = true; $user->ID = $user_id; $userdata = get_userdata($user_id); $user->user_login = $wpdb->escape($userdata->user_login); } else { $update = false; $user = ''; } if (isset ($_POST['user_login'])) $user->user_login = wp_specialchars(trim($_POST['user_login'])); $pass1 = $pass2 = ''; if (isset ($_POST['pass1'])) $pass1 = $_POST['pass1']; if (isset ($_POST['pass2'])) $pass2 = $_POST['pass2']; if (isset ($_POST['role'])) { if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) $user->role = $_POST['role']; } if (isset ($_POST['email'])) $user->user_email = wp_specialchars(trim($_POST['email'])); if (isset ($_POST['url'])) { $user->user_url = wp_specialchars(trim($_POST['url'])); $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; } if (isset ($_POST['first_name'])) $user->first_name = wp_specialchars(trim($_POST['first_name'])); if (isset ($_POST['last_name'])) $user->last_name = wp_specialchars(trim($_POST['last_name'])); if (isset ($_POST['nickname'])) $user->nickname = wp_specialchars(trim($_POST['nickname'])); if (isset ($_POST['display_name'])) $user->display_name = wp_specialchars(trim($_POST['display_name'])); if (isset ($_POST['description'])) $user->description = wp_specialchars(trim($_POST['description'])); if (isset ($_POST['jabber'])) $user->jabber = wp_specialchars(trim($_POST['jabber'])); if (isset ($_POST['aim'])) $user->aim = wp_specialchars(trim($_POST['aim'])); if (isset ($_POST['yim'])) $user->yim = wp_specialchars(trim($_POST['yim'])); $errors = array (); /* checking that username has been typed */ if ($user->user_login == '') $errors['user_login'] = __('ERROR: Please enter a username.'); /* checking the password has been typed twice */ do_action('check_passwords', array ($user->user_login, & $pass1, & $pass2)); if (!$update) { if ($pass1 == '' || $pass2 == '') $errors['pass'] = __('ERROR: Please enter your password twice.'); } else { if ((empty ($pass1) && !empty ($pass2)) || (empty ($pass2) && !empty ($pass1))) $errors['pass'] = __("ERROR: you typed your new password only once."); } /* Check for "\" in password */ if( strpos( " ".$pass1, "\\" ) ) $errors['pass'] = __('ERROR: Passwords may not contain the character "\\".'); /* checking the password has been typed twice the same */ if ($pass1 != $pass2) $errors['pass'] = __('ERROR: Please type the same password in the two password fields.'); if (!empty ($pass1)) $user->user_pass = $pass1; if ( !validate_username($user->user_login) ) $errors['user_login'] = __('ERROR: This username is invalid. Please enter a valid username.'); if (!$update && username_exists($user->user_login)) $errors['user_login'] = __('ERROR: This username is already registered, please choose another one.'); /* checking e-mail address */ if (empty ($user->user_email)) { $errors['user_email'] = __("ERROR: please type an e-mail address"); } else if (!is_email($user->user_email)) { $errors['user_email'] = __("ERROR: the email address isn't correct"); } if (count($errors) != 0) return $errors; if ($update) { $user_id = wp_update_user(get_object_vars($user)); } else { $user_id = wp_insert_user(get_object_vars($user)); wp_new_user_notification($user_id); } return $errors; } function get_link_to_edit($link_id) { $link = get_link($link_id); $link->link_url = wp_specialchars($link->link_url, 1); $link->link_name = wp_specialchars($link->link_name, 1); $link->link_description = wp_specialchars($link->link_description); $link->link_notes = wp_specialchars($link->link_notes); $link->link_rss = wp_specialchars($link->link_rss); $link->post_category = $link->link_category; return $link; } function get_default_link_to_edit() { if ( isset($_GET['linkurl']) ) $link->link_url = wp_specialchars($_GET['linkurl'], 1); else $link->link_url = ''; if ( isset($_GET['name']) ) $link->link_name = wp_specialchars($_GET['name'], 1); else $link->link_name = ''; $link->link_visible = 'Y'; return $link; } function add_link() { return edit_link(); } function edit_link($link_id = '') { if (!current_user_can('manage_links')) die(__("Cheatin' uh ?")); $_POST['link_url'] = wp_specialchars($_POST['link_url']); $_POST['link_url'] = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $_POST['link_url']) ? $_POST['link_url'] : 'http://' . $_POST['link_url']; $_POST['link_name'] = wp_specialchars($_POST['link_name']); $_POST['link_image'] = wp_specialchars($_POST['link_image']); $_POST['link_rss'] = wp_specialchars($_POST['link_rss']); $_POST['link_category'] = $_POST['post_category']; if ( !empty($link_id) ) { $_POST['link_id'] = $link_id; return wp_update_link($_POST); } else { return wp_insert_link($_POST); } } function url_shorten($url) { $short_url = str_replace('http://', '', stripslashes($url)); $short_url = str_replace('www.', '', $short_url); if ('/' == substr($short_url, -1)) $short_url = substr($short_url, 0, -1); if (strlen($short_url) > 35) $short_url = substr($short_url, 0, 32).'...'; return $short_url; } function selected($selected, $current) { if ($selected == $current) echo ' selected="selected"'; } function checked($checked, $current) { if ($checked == $current) echo ' checked="checked"'; } function return_categories_list($parent = 0) { global $wpdb; return $wpdb->get_col("SELECT cat_ID FROM $wpdb->categories WHERE category_parent = $parent ORDER BY category_count DESC LIMIT 100"); } function sort_cats($cat1, $cat2) { return strcasecmp($cat1['cat_name'], $cat2['cat_name']); } function get_nested_categories($default = 0, $parent = 0) { global $post_ID, $link_id, $mode, $wpdb; if ($post_ID) { $checked_categories = $wpdb->get_col(" SELECT category_id FROM $wpdb->categories, $wpdb->post2cat WHERE $wpdb->post2cat.category_id = cat_ID AND $wpdb->post2cat.post_id = '$post_ID' "); if (count($checked_categories) == 0) { // No selected categories, strange $checked_categories[] = $default; } } else if ($link_id) { $checked_categories = $wpdb->get_col(" SELECT category_id FROM $wpdb->categories, $wpdb->link2cat WHERE $wpdb->link2cat.category_id = cat_ID AND $wpdb->link2cat.link_id = '$link_id' "); if (count($checked_categories) == 0) { // No selected categories, strange $checked_categories[] = $default; } } else { $checked_categories[] = $default; } $cats = return_categories_list($parent); $result = array (); if (is_array($cats)) { foreach ($cats as $cat) { $result[$cat]['children'] = get_nested_categories($default, $cat); $result[$cat]['cat_ID'] = $cat; $result[$cat]['checked'] = in_array($cat, $checked_categories); $result[$cat]['cat_name'] = get_the_category_by_ID($cat); } } usort($result, 'sort_cats'); return $result; } function write_nested_categories($categories) { foreach ($categories as $category) { echo '\n"; if (isset ($category['children'])) { echo "\n\n"; write_nested_categories($category['children']); echo "\n"; } } } function dropdown_categories($default = 0) { write_nested_categories(get_nested_categories($default)); } // Dandy new recursive multiple category stuff. function cat_rows($parent = 0, $level = 0, $categories = 0) { global $wpdb, $class; if (!$categories) $categories = $wpdb->get_results("SELECT * FROM $wpdb->categories ORDER BY cat_name"); if ($categories) { foreach ($categories as $category) { if ($category->category_parent == $parent) { $category->cat_name = wp_specialchars($category->cat_name); $pad = str_repeat('— ', $level); if ( current_user_can('manage_categories') ) { $edit = "".__('Edit').""; $default_cat_id = get_option('default_category'); $default_link_cat_id = get_option('default_link_category'); if ( ($category->cat_ID != $default_cat_id) && ($category->cat_ID != $default_link_cat_id) ) $edit .= "
upload_max_filesize
directive in php.ini
."),
__("The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form."),
__("The uploaded file was only partially uploaded."),
__("No file was uploaded."),
__("Missing a temporary folder."),
__("Failed to write file to disk."));
// Accepted MIME types are set here as PCRE. Override with $override['mimes'].
$mimes = apply_filters('upload_mimes', array (
'jpg|jpeg|jpe' => 'image/jpeg',
'gif' => 'image/gif',
'png' => 'image/png',
'bmp' => 'image/bmp',
'tif|tiff' => 'image/tiff',
'ico' => 'image/x-icon',
'asf|asx|wax|wmv|wmx' => 'video/asf',
'avi' => 'video/avi',
'mov|qt' => 'video/quicktime',
'mpeg|mpg|mpe' => 'video/mpeg',
'txt|c|cc|h' => 'text/plain',
'rtx' => 'text/richtext',
'css' => 'text/css',
'htm|html' => 'text/html',
'mp3|mp4' => 'audio/mpeg',
'ra|ram' => 'audio/x-realaudio',
'wav' => 'audio/wav',
'ogg' => 'audio/ogg',
'mid|midi' => 'audio/midi',
'wma' => 'audio/wma',
'rtf' => 'application/rtf',
'js' => 'application/javascript',
'pdf' => 'application/pdf',
'doc' => 'application/msword',
'pot|pps|ppt' => 'application/vnd.ms-powerpoint',
'wri' => 'application/vnd.ms-write',
'xla|xls|xlt|xlw' => 'application/vnd.ms-excel',
'mdb' => 'application/vnd.ms-access',
'mpp' => 'application/vnd.ms-project',
'swf' => 'application/x-shockwave-flash',
'class' => 'application/java',
'tar' => 'application/x-tar',
'zip' => 'application/zip',
'gz|gzip' => 'application/x-gzip',
'exe' => 'application/x-msdownload'
));
// All tests are on by default. Most can be turned off by $override[{test_name}] = false;
$test_form = true;
$test_size = true;
// If you override this, you must provide $ext and $type!!!!
$test_type = true;
// Install user overrides. Did we mention that this voids your warranty?
if ( is_array($overrides) )
extract($overrides, EXTR_OVERWRITE);
// A correct form post will pass this test.
if ( $test_form && (!isset($_POST['action']) || ($_POST['action'] != $action)) )
return $upload_error_handler($file, __('Invalid form submission.'));
// A successful upload will pass this test. It makes no sense to override this one.
if ( $file['error'] > 0 )
return $upload_error_handler($file, $upload_error_strings[$file['error']]);
// A non-empty file will pass this test.
if ( $test_size && !($file['size'] > 0) )
return $upload_error_handler($file, __('File is empty. Please upload something more substantial.'));
// A properly uploaded file will pass this test. There should be no reason to override this one.
if (! @ is_uploaded_file($file['tmp_name']) )
return $upload_error_handler($file, __('Specified file failed upload test.'));
// A correct MIME type will pass this test.
if ( $test_type ) {
$type = false;
$ext = false;
foreach ($mimes as $ext_preg => $mime_match) {
$ext_preg = '![^.]\.(' . $ext_preg . ')$!i';
if ( preg_match($ext_preg, $file['name'], $ext_matches) ) {
$type = $mime_match;
$ext = $ext_matches[1];
}
}
if ( !$type || !$ext )
return $upload_error_handler($file, __('File type does not meet security guidelines. Try another.'));
}
// A writable uploads dir will pass this test. Again, there's no point overriding this one.
if ( ! ( ( $uploads = wp_upload_dir() ) && false === $uploads['error'] ) )
return $upload_error_handler($file, $uploads['error']);
// Increment the file number until we have a unique file to save in $dir. Use $override['unique_filename_callback'] if supplied.
if ( isset($unique_filename_callback) && function_exists($unique_filename_callback) ) {
$filename = $unique_filename_callback($uploads['path'], $file['name']);
} else {
$number = '';
$filename = str_replace('#', '_', $file['name']);
$filename = str_replace(array('\\', "'"), '', $filename);
if ( empty($ext) )
$ext = '';
else
$ext = ".$ext";
while ( file_exists($uploads['path'] . "/$filename") ) {
if ( '' == "$number$ext" )
$filename = $filename . ++$number . $ext;
else
$filename = str_replace("$number$ext", ++$number . $ext, $filename);
}
}
// Move the file to the uploads dir
$new_file = $uploads['path'] . "/$filename";
if ( false === @ move_uploaded_file($file['tmp_name'], $new_file) )
die(printf(__('The uploaded file could not be moved to %s.'), $file['path']));
// Set correct file permissions
$stat = stat(dirname($new_file));
$perms = $stat['mode'] & 0000666;
@ chmod($new_file, $perms);
// Compute the URL
$url = $uploads['url'] . "/$filename";
return array('file' => $new_file, 'url' => $url, 'type' => $type);
}
function wp_shrink_dimensions($width, $height, $wmax = 128, $hmax = 96) {
if ( $height <= $hmax && $width <= $wmax )
return array($width, $height);
elseif ( $width / $height > $wmax / $hmax )
return array($wmax, (int) ($height / $width * $wmax));
else
return array((int) ($width / $height * $hmax), $hmax);
}
function wp_import_cleanup($id) {
wp_delete_attachment($id);
}
function wp_import_upload_form($action) {
?>
false, 'test_type' => false);
$file = wp_handle_upload($_FILES['import'], $overrides);
if ( isset($file['error']) )
return $file;
$url = $file['url'];
$file = $file['file'];
$filename = basename($file);
// Construct the object array
$object = array(
'post_title' => $filename,
'post_content' => $url,
'post_mime_type' => 'import',
'guid' => $url
);
// Save the data
$id = wp_insert_attachment($object, $file);
return array('file' => $file, 'id' => $id);
}
function user_can_richedit() {
if ( 'true' != get_user_option('rich_editing') )
return false;
if ( preg_match('!opera[ /][2-8]|konqueror|safari!i', $_SERVER['HTTP_USER_AGENT']) )
return false;
return true; // Best guess
}
function the_attachment_links($id = false) {
$id = (int) $id;
$post = & get_post($id);
if ( $post->post_type != 'attachment' )
return false;
$icon = get_attachment_icon($post->ID);
?>