PHPXRef 0.6 : WordPress Source : /wp-admin/admin-ajax.php source

[Summary view] [Print] [Text view]
   1  <?php
   2  require_once('../wp-config.php');
   3  require_once ('admin-functions.php');
   4  require_once ('admin-db.php');
   5  
   6  define('DOING_AJAX', true);
   7  
   8  
   9  check_ajax_referer();
  10  if ( !is_user_logged_in() )
  11      die('-1');
  12  
  13  function get_out_now() { exit; }
  14  add_action( 'shutdown', 'get_out_now', -1 );
  15  
  16  function wp_clean_ajax_input( $i ) {
  17      global $wpdb;
  18      $i = is_array($i) ? array_map('wp_clean_ajax_input', $i) : $wpdb->escape( rawurldecode(stripslashes($i)) );
  19      return $i;
  20  }
  21  
  22  function wp_ajax_echo_meta( $pid, $mid, $key, $value ) {
  23      $value = wp_specialchars($value, true);
  24      $key_js = addslashes(wp_specialchars($key, 'double'));
  25      $key = wp_specialchars($key, true);
  26      $r  = "<meta><id>$mid</id><postid>$pid</postid><newitem><![CDATA[<table><tbody>";
  27      $r .= "<tr id='meta-$mid'><td valign='top'>";
  28      $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);\",event);' type='text' size='20' value='$key' />";
  29      $r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
  30      $r .= "<input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='Update' onclick='return theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);' /><br />";
  31      $r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";
  32      $r .= sprintf(__("You are about to delete the &quot;%s&quot; custom field on this post.\\n&quot;OK&quot; to delete, &quot;Cancel&quot; to stop."), $key_js);
  33      $r .= "' );\" class='deletemeta' tabindex='6' value='Delete' />";
  34      $r .= "</td></tr></tbody></table>]]></newitem></meta>";
  35      return $r;
  36  }
  37  
  38  $_POST = wp_clean_ajax_input( $_POST );
  39  $id = (int) $_POST['id'];
  40  switch ( $_POST['action'] ) :
  41  case 'delete-comment' :
  42      if ( !$comment = get_comment( $id ) )
  43          die('0');
  44      if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
  45          die('-1');
  46  
  47      if ( wp_delete_comment( $comment->comment_ID ) )
  48          die('1');
  49      else    die('0');
  50      break;
  51  case 'delete-comment-as-spam' :
  52      if ( !$comment = get_comment( $id ) )
  53          die('0');
  54      if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
  55          die('-1');
  56  
  57      if ( wp_set_comment_status( $comment->comment_ID, 'spam' ) )
  58          die('1');
  59      else    die('0');
  60      break;
  61  case 'delete-cat' :
  62      if ( !current_user_can( 'manage_categories' ) )
  63          die('-1');
  64  
  65      if ( wp_delete_category( $id ) )
  66          die('1');
  67      else    die('0');
  68      break;
  69  case 'delete-link' :
  70      if ( !current_user_can( 'manage_links' ) )
  71          die('-1');
  72  
  73      if ( wp_delete_link( $id ) )
  74          die('1');
  75      else    die('0');
  76      break;
  77  case 'delete-meta' :
  78      if ( !$meta = get_post_meta_by_id( $id ) )
  79          die('0');
  80      if ( !current_user_can( 'edit_post', $meta->post_id ) )
  81          die('-1');
  82      if ( delete_meta( $meta->meta_id ) )
  83          die('1');
  84      die('0');
  85      break;
  86  case 'delete-post' :
  87      if ( !current_user_can( 'delete_post', $id ) )
  88          die('-1');
  89  
  90      if ( wp_delete_post( $id ) )
  91          die('1');
  92      else    die('0');
  93      break;
  94  case 'delete-page' :
  95      if ( !current_user_can( 'delete_page', $id ) )
  96          die('-1');
  97  
  98      if ( wp_delete_post( $id ) )
  99          die('1');
 100      else    die('0');
 101      break;
 102  case 'dim-comment' :
 103      if ( !$comment = get_comment( $id ) )
 104          die('0');
 105      if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
 106          die('-1');
 107      if ( !current_user_can( 'moderate_comments' ) )
 108          die('-1');
 109  
 110      if ( 'unapproved' == wp_get_comment_status($comment->comment_ID) ) {
 111          if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
 112              die('1');
 113      } else {
 114          if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
 115              die('1');
 116      }
 117      die('0');
 118      break;
 119  case 'add-category' : // On the Fly
 120      if ( !current_user_can( 'manage_categories' ) )
 121          die('-1');
 122      $names = explode(',', $_POST['newcat']);
 123      $r = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
 124      foreach ( $names as $cat_name ) {
 125          $cat_name = trim($cat_name);
 126          if ( !$category_nicename = sanitize_title($cat_name) )
 127              die('0');
 128          if ( !$cat_id = category_exists( $cat_name ) )
 129              $cat_id = wp_create_category( $cat_name );
 130          $cat_name = wp_specialchars(stripslashes($cat_name));
 131          $r .= "<category><id>$cat_id</id><newitem><![CDATA[";
 132          $r .= "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'>";
 133          $r .= "<input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>";
 134          $r .= "]]></newitem></category>";
 135      }
 136      $r .= '</ajaxresponse>';
 137      header('Content-type: text/xml');
 138      die($r);
 139      break;
 140  case 'add-cat' : // From Manage->Categories
 141      if ( !current_user_can( 'manage_categories' ) )
 142                  die('-1');
 143      if ( !$cat = wp_insert_category( $_POST ) )
 144          die('0');
 145      if ( !$cat = get_category( $cat ) )
 146          die('0');
 147      $pad = 0;
 148      $_cat = $cat;
 149      while ( $_cat->category_parent ) {
 150          $_cat = get_category( $_cat->category_parent );
 151          $pad++;
 152      }
 153      $pad = str_repeat('&#8212; ', $pad);
 154  
 155      $r  = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
 156      $r .= "<cat><id>$cat->cat_ID</id><newitem><![CDATA[<table><tbody>";
 157      $r .= "<tr id='cat-$cat->cat_ID'><th scope='row'>$cat->cat_ID</th><td>$pad $cat->cat_name</td>";
 158      $r .= "<td>$cat->category_description</td><td>$cat->category_count</td><td>$cat->link_count</td>";
 159      $r .= "<td><a href='categories.php?action=edit&amp;cat_ID=$cat->cat_ID' class='edit'>" . __('Edit') . "</a></td>";
 160      $r .= "<td><a href='categories.php?action=delete&amp;cat_ID=$cat->cat_ID' onclick='return deleteSomething( \"cat\", $cat->cat_ID, \"";
 161      $r .= sprintf(__('You are about to delete the category \"%s\".  All of its posts and bookmarks will go to the default categories.\\n\"OK\" to delete, \"Cancel\" to stop.'), addslashes($cat->cat_name));
 162      $r .= "\" );' class='delete'>".__('Delete')."</a></td></tr>";
 163      $r .= "</tbody></table>]]></newitem></cat></ajaxresponse>";
 164      header('Content-type: text/xml');
 165      die($r);
 166  
 167      break;
 168  case 'add-meta' :
 169      if ( !current_user_can( 'edit_post', $id ) )
 170          die('-1');
 171      if ( $id < 0 ) {
 172          if ( $pid = write_post() )
 173              $meta = has_meta( $pid );
 174          else
 175              die('0');
 176          $key = $meta[0]['meta_key'];
 177          $value = $meta[0]['meta_value'];
 178          $mid = (int) $meta[0]['meta_id'];
 179      } else {
 180          if ( $mid = add_meta( $id ) )
 181              $meta = get_post_meta_by_id( $mid );
 182          else
 183              die('0');
 184          $key = $meta->meta_key;
 185          $value = $meta->meta_value;
 186          $pid = (int) $meta->post_id;
 187      }
 188      $r = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
 189      $r .= wp_ajax_echo_meta( $pid, $mid, $key, $value );
 190      $r .= '</ajaxresponse>';
 191      header('Content-type: text/xml');
 192      die($r);
 193      break;
 194  case 'update-meta' :
 195      $mid = (int) array_pop(array_keys($_POST['meta']));
 196      $key = $_POST['meta'][$mid]['key'];
 197      $value = $_POST['meta'][$mid]['value'];
 198      if ( !$meta = get_post_meta_by_id( $mid ) )
 199          die('0');
 200      if ( !current_user_can( 'edit_post', $meta->post_id ) )
 201          die('-1');
 202      $r = "<?xml version='1.0' standalone='yes'?><ajaxresponse>";
 203      if ( $u = update_meta( $mid, $key, $value ) ) {
 204          $key = stripslashes($key);
 205          $value = stripslashes($value);
 206          $r .= wp_ajax_echo_meta( $meta->post_id, $mid, $key, $value );
 207      }
 208      $r .= '</ajaxresponse>';
 209      header('Content-type: text/xml');
 210      die($r);
 211      break;
 212  case 'add-user' :
 213      if ( !current_user_can('edit_users') )
 214          die('-1');
 215      require_once(ABSPATH . WPINC . '/registration.php');
 216      $user_id = add_user();
 217      if ( is_wp_error( $user_id ) ) {
 218          foreach( $user_id->get_error_messages() as $message )
 219              echo "$message<br />";
 220      exit;
 221      } elseif ( !$user_id ) {
 222          die('0');
 223      }
 224      $r  = "<?xml version='1.0' standalone='yes'?><ajaxresponse><user><id>$user_id</id><newitem><![CDATA[<table><tbody>";
 225      $r .= user_row( $user_id );
 226      $r .= "</tbody></table>]]></newitem></user></ajaxresponse>";
 227      header('Content-type: text/xml');
 228      die($r);
 229      break;
 230  default :
 231      die('0');
 232      break;
 233  endswitch;
 234  ?>
WordPress Source Cross Reference

/wp-admin/ -> admin-ajax.php (source)

Your comment here...
