a4d31e4b3d
git-svn-id: https://develop.svn.wordpress.org/trunk@5733 602fd350-edb4-49c9-b593-d223f7449a82
479 lines
14 KiB
PHP
479 lines
14 KiB
PHP
<?php
|
|
|
|
// Update an existing post with values provided in $_POST.
|
|
function edit_post() {
|
|
global $user_ID;
|
|
|
|
$post_ID = (int) $_POST['post_ID'];
|
|
|
|
if ( 'page' == $_POST['post_type'] ) {
|
|
if ( !current_user_can( 'edit_page', $post_ID ) )
|
|
wp_die( __('You are not allowed to edit this page.' ));
|
|
} else {
|
|
if ( !current_user_can( 'edit_post', $post_ID ) )
|
|
wp_die( __('You are not allowed to edit this post.' ));
|
|
}
|
|
|
|
// Autosave shouldn't save too soon after a real save
|
|
if ( 'autosave' == $_POST['action'] ) {
|
|
$post =& get_post( $post_ID );
|
|
$now = time();
|
|
$then = strtotime($post->post_date_gmt . ' +0000');
|
|
// Keep autosave_interval in sync with autosave-js.php.
|
|
$delta = apply_filters( 'autosave_interval', 120 ) / 2;
|
|
if ( ($now - $then) < $delta )
|
|
return $post_ID;
|
|
}
|
|
|
|
// Rename.
|
|
$_POST['ID'] = (int) $_POST['post_ID'];
|
|
$_POST['post_content'] = $_POST['content'];
|
|
$_POST['post_excerpt'] = $_POST['excerpt'];
|
|
$_POST['post_parent'] = $_POST['parent_id'];
|
|
$_POST['to_ping'] = $_POST['trackback_url'];
|
|
|
|
if (!empty ( $_POST['post_author_override'] ) ) {
|
|
$_POST['post_author'] = (int) $_POST['post_author_override'];
|
|
} else
|
|
if (!empty ( $_POST['post_author'] ) ) {
|
|
$_POST['post_author'] = (int) $_POST['post_author'];
|
|
} else {
|
|
$_POST['post_author'] = (int) $_POST['user_ID'];
|
|
}
|
|
|
|
if ( $_POST['post_author'] != $_POST['user_ID'] ) {
|
|
if ( 'page' == $_POST['post_type'] ) {
|
|
if ( !current_user_can( 'edit_others_pages' ) )
|
|
wp_die( __('You are not allowed to edit pages as this user.' ));
|
|
} else {
|
|
if ( !current_user_can( 'edit_others_posts' ) )
|
|
wp_die( __('You are not allowed to edit posts as this user.' ));
|
|
|
|
}
|
|
}
|
|
|
|
// What to do based on which button they pressed
|
|
if ('' != $_POST['saveasdraft'] )
|
|
$_POST['post_status'] = 'draft';
|
|
if ('' != $_POST['saveasprivate'] )
|
|
$_POST['post_status'] = 'private';
|
|
if ('' != $_POST['publish'] )
|
|
$_POST['post_status'] = 'publish';
|
|
if ('' != $_POST['advanced'] )
|
|
$_POST['post_status'] = 'draft';
|
|
|
|
if ( 'page' == $_POST['post_type'] ) {
|
|
if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' ))
|
|
$_POST['post_status'] = 'pending';
|
|
} else {
|
|
if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' ))
|
|
$_POST['post_status'] = 'pending';
|
|
}
|
|
|
|
if (!isset( $_POST['comment_status'] ))
|
|
$_POST['comment_status'] = 'closed';
|
|
|
|
if (!isset( $_POST['ping_status'] ))
|
|
$_POST['ping_status'] = 'closed';
|
|
|
|
if (!empty ( $_POST['edit_date'] ) ) {
|
|
$aa = $_POST['aa'];
|
|
$mm = $_POST['mm'];
|
|
$jj = $_POST['jj'];
|
|
$hh = $_POST['hh'];
|
|
$mn = $_POST['mn'];
|
|
$ss = $_POST['ss'];
|
|
$jj = ($jj > 31 ) ? 31 : $jj;
|
|
$hh = ($hh > 23 ) ? $hh -24 : $hh;
|
|
$mn = ($mn > 59 ) ? $mn -60 : $mn;
|
|
$ss = ($ss > 59 ) ? $ss -60 : $ss;
|
|
$_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
|
|
$_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" );
|
|
}
|
|
|
|
// Meta Stuff
|
|
if ( $_POST['meta'] ) {
|
|
foreach ( $_POST['meta'] as $key => $value )
|
|
update_meta( $key, $value['key'], $value['value'] );
|
|
}
|
|
|
|
if ( $_POST['deletemeta'] ) {
|
|
foreach ( $_POST['deletemeta'] as $key => $value )
|
|
delete_meta( $key );
|
|
}
|
|
|
|
add_meta( $post_ID );
|
|
|
|
wp_update_post( $_POST );
|
|
|
|
// Reunite any orphaned attachments with their parent
|
|
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
|
|
$draft_ids = array();
|
|
if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
|
|
_relocate_children( $draft_temp_id, $post_ID );
|
|
|
|
// Now that we have an ID we can fix any attachment anchor hrefs
|
|
_fix_attachment_links( $post_ID );
|
|
|
|
return $post_ID;
|
|
}
|
|
|
|
// Default post information to use when populating the "Write Post" form.
|
|
function get_default_post_to_edit() {
|
|
if ( !empty( $_REQUEST['post_title'] ) )
|
|
$post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
|
|
else if ( !empty( $_REQUEST['popuptitle'] ) ) {
|
|
$post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
|
|
$post_title = funky_javascript_fix( $post_title );
|
|
} else {
|
|
$post_title = '';
|
|
}
|
|
|
|
if ( !empty( $_REQUEST['content'] ) )
|
|
$post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
|
|
else if ( !empty( $post_title ) ) {
|
|
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
|
|
$text = funky_javascript_fix( $text);
|
|
$popupurl = clean_url($_REQUEST['popupurl']);
|
|
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
|
|
}
|
|
|
|
if ( !empty( $_REQUEST['excerpt'] ) )
|
|
$post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
|
|
else
|
|
$post_excerpt = '';
|
|
|
|
$post->post_status = 'draft';
|
|
$post->comment_status = get_option( 'default_comment_status' );
|
|
$post->ping_status = get_option( 'default_ping_status' );
|
|
$post->post_pingback = get_option( 'default_pingback_flag' );
|
|
$post->post_category = get_option( 'default_category' );
|
|
$post->post_content = apply_filters( 'default_content', $post_content);
|
|
$post->post_title = apply_filters( 'default_title', $post_title );
|
|
$post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt);
|
|
$post->page_template = 'default';
|
|
$post->post_parent = 0;
|
|
$post->menu_order = 0;
|
|
|
|
return $post;
|
|
}
|
|
|
|
// Get an existing post and format it for editing.
|
|
function get_post_to_edit( $id ) {
|
|
|
|
$post = get_post( $id );
|
|
|
|
$post->post_content = format_to_edit( $post->post_content, user_can_richedit() );
|
|
$post->post_content = apply_filters( 'content_edit_pre', $post->post_content);
|
|
|
|
$post->post_excerpt = format_to_edit( $post->post_excerpt);
|
|
$post->post_excerpt = apply_filters( 'excerpt_edit_pre', $post->post_excerpt);
|
|
|
|
$post->post_title = format_to_edit( $post->post_title );
|
|
$post->post_title = apply_filters( 'title_edit_pre', $post->post_title );
|
|
|
|
$post->post_password = format_to_edit( $post->post_password );
|
|
|
|
$post->menu_order = (int) $post->menu_order;
|
|
|
|
if ( $post->post_type == 'page' )
|
|
$post->page_template = get_post_meta( $id, '_wp_page_template', true );
|
|
|
|
return $post;
|
|
}
|
|
|
|
function post_exists($title, $content = '', $post_date = '') {
|
|
global $wpdb;
|
|
|
|
if (!empty ($post_date))
|
|
$post_date = "AND post_date = '$post_date'";
|
|
|
|
if (!empty ($title))
|
|
return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
|
|
else
|
|
if (!empty ($content))
|
|
return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
|
|
|
|
return 0;
|
|
}
|
|
|
|
// Creates a new post from the "Write Post" form using $_POST information.
|
|
function wp_write_post() {
|
|
global $user_ID;
|
|
|
|
if ( 'page' == $_POST['post_type'] ) {
|
|
if ( !current_user_can( 'edit_pages' ) )
|
|
return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) );
|
|
} else {
|
|
if ( !current_user_can( 'edit_posts' ) )
|
|
return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) );
|
|
}
|
|
|
|
|
|
// Check for autosave collisions
|
|
$temp_id = false;
|
|
if ( isset($_POST['temp_ID']) ) {
|
|
$temp_id = (int) $_POST['temp_ID'];
|
|
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
|
|
$draft_ids = array();
|
|
foreach ( $draft_ids as $temp => $real )
|
|
if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then )
|
|
unset($draft_ids[$temp]);
|
|
|
|
if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write
|
|
$_POST['post_ID'] = $draft_ids[$temp_id];
|
|
unset($_POST['temp_ID']);
|
|
update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
|
|
return edit_post();
|
|
}
|
|
}
|
|
|
|
// Rename.
|
|
$_POST['post_content'] = $_POST['content'];
|
|
$_POST['post_excerpt'] = $_POST['excerpt'];
|
|
$_POST['post_parent'] = $_POST['parent_id'];
|
|
$_POST['to_ping'] = $_POST['trackback_url'];
|
|
|
|
if (!empty ( $_POST['post_author_override'] ) ) {
|
|
$_POST['post_author'] = (int) $_POST['post_author_override'];
|
|
} else {
|
|
if (!empty ( $_POST['post_author'] ) ) {
|
|
$_POST['post_author'] = (int) $_POST['post_author'];
|
|
} else {
|
|
$_POST['post_author'] = (int) $_POST['user_ID'];
|
|
}
|
|
|
|
}
|
|
|
|
if ( $_POST['post_author'] != $_POST['user_ID'] ) {
|
|
if ( 'page' == $_POST['post_type'] ) {
|
|
if ( !current_user_can( 'edit_others_pages' ) )
|
|
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
|
|
} else {
|
|
if ( !current_user_can( 'edit_others_posts' ) )
|
|
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) );
|
|
|
|
}
|
|
}
|
|
|
|
// What to do based on which button they pressed
|
|
if ('' != $_POST['saveasdraft'] )
|
|
$_POST['post_status'] = 'draft';
|
|
if ('' != $_POST['saveasprivate'] )
|
|
$_POST['post_status'] = 'private';
|
|
if ('' != $_POST['publish'] )
|
|
$_POST['post_status'] = 'publish';
|
|
if ('' != $_POST['advanced'] )
|
|
$_POST['post_status'] = 'draft';
|
|
|
|
if ( 'page' == $_POST['post_type'] ) {
|
|
if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) )
|
|
$_POST['post_status'] = 'pending';
|
|
} else {
|
|
if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) )
|
|
$_POST['post_status'] = 'pending';
|
|
}
|
|
|
|
if (!isset( $_POST['comment_status'] ))
|
|
$_POST['comment_status'] = 'closed';
|
|
|
|
if (!isset( $_POST['ping_status'] ))
|
|
$_POST['ping_status'] = 'closed';
|
|
|
|
if (!empty ( $_POST['edit_date'] ) ) {
|
|
$aa = $_POST['aa'];
|
|
$mm = $_POST['mm'];
|
|
$jj = $_POST['jj'];
|
|
$hh = $_POST['hh'];
|
|
$mn = $_POST['mn'];
|
|
$ss = $_POST['ss'];
|
|
$jj = ($jj > 31 ) ? 31 : $jj;
|
|
$hh = ($hh > 23 ) ? $hh -24 : $hh;
|
|
$mn = ($mn > 59 ) ? $mn -60 : $mn;
|
|
$ss = ($ss > 59 ) ? $ss -60 : $ss;
|
|
$_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
|
|
$_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
|
|
}
|
|
|
|
// Create the post.
|
|
$post_ID = wp_insert_post( $_POST );
|
|
|
|
add_meta( $post_ID );
|
|
|
|
// Reunite any orphaned attachments with their parent
|
|
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
|
|
$draft_ids = array();
|
|
if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
|
|
_relocate_children( $draft_temp_id, $post_ID );
|
|
if ( $temp_id && $temp_id != $draft_temp_id )
|
|
_relocate_children( $temp_id, $post_ID );
|
|
|
|
// Update autosave collision detection
|
|
if ( $temp_id ) {
|
|
$draft_ids[$temp_id] = $post_ID;
|
|
update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
|
|
}
|
|
|
|
// Now that we have an ID we can fix any attachment anchor hrefs
|
|
_fix_attachment_links( $post_ID );
|
|
|
|
return $post_ID;
|
|
}
|
|
|
|
function write_post() {
|
|
$result = wp_write_post();
|
|
if( is_wp_error( $result ) )
|
|
wp_die( $result->get_error_message() );
|
|
else
|
|
return $result;
|
|
}
|
|
|
|
//
|
|
// Post Meta
|
|
//
|
|
|
|
function add_meta( $post_ID ) {
|
|
global $wpdb;
|
|
$post_ID = (int) $post_ID;
|
|
|
|
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
|
|
|
|
$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
|
|
$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
|
|
$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
|
|
$metavalue = $wpdb->escape( $metavalue );
|
|
|
|
if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
|
|
// We have a key/value pair. If both the select and the
|
|
// input for the key have data, the input takes precedence:
|
|
|
|
if ('#NONE#' != $metakeyselect)
|
|
$metakey = $metakeyselect;
|
|
|
|
if ( $metakeyinput)
|
|
$metakey = $metakeyinput; // default
|
|
|
|
if ( in_array($metakey, $protected) )
|
|
return false;
|
|
|
|
$result = $wpdb->query( "
|
|
INSERT INTO $wpdb->postmeta
|
|
(post_id,meta_key,meta_value )
|
|
VALUES ('$post_ID','$metakey','$metavalue' )
|
|
" );
|
|
return $wpdb->insert_id;
|
|
}
|
|
return false;
|
|
} // add_meta
|
|
|
|
function delete_meta( $mid ) {
|
|
global $wpdb;
|
|
$mid = (int) $mid;
|
|
|
|
return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
|
|
}
|
|
|
|
// Get a list of previously defined keys
|
|
function get_meta_keys() {
|
|
global $wpdb;
|
|
|
|
$keys = $wpdb->get_col( "
|
|
SELECT meta_key
|
|
FROM $wpdb->postmeta
|
|
GROUP BY meta_key
|
|
ORDER BY meta_key" );
|
|
|
|
return $keys;
|
|
}
|
|
|
|
function get_post_meta_by_id( $mid ) {
|
|
global $wpdb;
|
|
$mid = (int) $mid;
|
|
|
|
$meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
|
|
if ( is_serialized_string( $meta->meta_value ) )
|
|
$meta->meta_value = maybe_unserialize( $meta->meta_value );
|
|
return $meta;
|
|
}
|
|
|
|
// Some postmeta stuff
|
|
function has_meta( $postid ) {
|
|
global $wpdb;
|
|
|
|
return $wpdb->get_results( "
|
|
SELECT meta_key, meta_value, meta_id, post_id
|
|
FROM $wpdb->postmeta
|
|
WHERE post_id = '$postid'
|
|
ORDER BY meta_key,meta_id", ARRAY_A );
|
|
|
|
}
|
|
|
|
function update_meta( $mid, $mkey, $mvalue ) {
|
|
global $wpdb;
|
|
|
|
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
|
|
|
|
if ( in_array($mkey, $protected) )
|
|
return false;
|
|
|
|
$mvalue = maybe_serialize( stripslashes( $mvalue ));
|
|
$mvalue = $wpdb->escape( $mvalue );
|
|
$mid = (int) $mid;
|
|
return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
|
|
}
|
|
|
|
//
|
|
// Private
|
|
//
|
|
|
|
// Replace hrefs of attachment anchors with up-to-date permalinks.
|
|
function _fix_attachment_links( $post_ID ) {
|
|
global $wp_rewrite;
|
|
|
|
$post = & get_post( $post_ID, ARRAY_A );
|
|
|
|
$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
|
|
|
|
// See if we have any rel="attachment" links
|
|
if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) )
|
|
return;
|
|
|
|
$i = 0;
|
|
$search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i";
|
|
foreach ( $anchor_matches[0] as $anchor ) {
|
|
if ( 0 == preg_match( $search, $anchor, $id_matches ) )
|
|
continue;
|
|
|
|
$id = (int) $id_matches[3];
|
|
|
|
// While we have the attachment ID, let's adopt any orphans.
|
|
$attachment = & get_post( $id, ARRAY_A );
|
|
if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) {
|
|
$attachment['post_parent'] = $post_ID;
|
|
// Escape data pulled from DB.
|
|
$attachment = add_magic_quotes( $attachment);
|
|
wp_update_post( $attachment);
|
|
}
|
|
|
|
$post_search[$i] = $anchor;
|
|
$post_replace[$i] = preg_replace( "#href=(\"|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor );
|
|
++$i;
|
|
}
|
|
|
|
$post['post_content'] = str_replace( $post_search, $post_replace, $post['post_content'] );
|
|
|
|
// Escape data pulled from DB.
|
|
$post = add_magic_quotes( $post);
|
|
|
|
return wp_update_post( $post);
|
|
}
|
|
|
|
// Move child posts to a new parent
|
|
function _relocate_children( $old_ID, $new_ID ) {
|
|
global $wpdb;
|
|
$old_ID = (int) $old_ID;
|
|
$new_ID = (int) $new_ID;
|
|
return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
|
|
}
|
|
|
|
?>
|