| [ Index ] |
WordPress Source Cross Reference |
[Summary view] [Print] [Text view]
1 <?php 2 3 // Creates a new post from the "Write Post" form using $_POST information. 4 function write_post() { 5 global $user_ID; 6 7 if ( 'page' == $_POST['post_type'] ) { 8 if ( !current_user_can('edit_pages') ) 9 wp_die(__('You are not allowed to create pages on this blog.')); 10 } else { 11 if ( !current_user_can('edit_posts') ) 12 wp_die(__('You are not allowed to create posts or drafts on this blog.')); 13 } 14 15 // Rename. 16 $_POST['post_content'] = $_POST['content']; 17 $_POST['post_excerpt'] = $_POST['excerpt']; 18 $_POST['post_parent'] = $_POST['parent_id']; 19 $_POST['to_ping'] = $_POST['trackback_url']; 20 21 if (!empty ($_POST['post_author_override'])) { 22 $_POST['post_author'] = (int) $_POST['post_author_override']; 23 } else { 24 if (!empty ($_POST['post_author'])) { 25 $_POST['post_author'] = (int) $_POST['post_author']; 26 } else { 27 $_POST['post_author'] = (int) $_POST['user_ID']; 28 } 29 30 } 31 32 if ($_POST['post_author'] != $_POST['user_ID']) { 33 if ( 'page' == $_POST['post_type'] ) { 34 if ( !current_user_can('edit_others_pages') ) 35 wp_die(__('You cannot create pages as this user.')); 36 } else { 37 if ( !current_user_can('edit_others_posts') ) 38 wp_die(__('You cannot post as this user.')); 39 40 } 41 } 42 43 // What to do based on which button they pressed 44 if ('' != $_POST['saveasdraft']) 45 $_POST['post_status'] = 'draft'; 46 if ('' != $_POST['saveasprivate']) 47 $_POST['post_status'] = 'private'; 48 if ('' != $_POST['publish']) 49 $_POST['post_status'] = 'publish'; 50 if ('' != $_POST['advanced']) 51 $_POST['post_status'] = 'draft'; 52 53 if ( 'page' == $_POST['post_type'] ) { 54 if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages')) 55 $_POST['post_status'] = 'draft'; 56 } else { 57 if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) 58 $_POST['post_status'] = 'draft'; 59 } 60 61 if (!isset ($_POST['comment_status'])) 62 $_POST['comment_status'] = 'closed'; 63 64 if (!isset ($_POST['ping_status'])) 65 $_POST['ping_status'] = 'closed'; 66 67 if (!empty ($_POST['edit_date'])) { 68 $aa = $_POST['aa']; 69 $mm = $_POST['mm']; 70 $jj = $_POST['jj']; 71 $hh = $_POST['hh']; 72 $mn = $_POST['mn']; 73 $ss = $_POST['ss']; 74 $jj = ($jj > 31) ? 31 : $jj; 75 $hh = ($hh > 23) ? $hh -24 : $hh; 76 $mn = ($mn > 59) ? $mn -60 : $mn; 77 $ss = ($ss > 59) ? $ss -60 : $ss; 78 $_POST['post_date'] = sprintf("%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss); 79 $_POST['post_date_gmt'] = get_gmt_from_date($_POST['post_date']); 80 } 81 82 // Create the post. 83 $post_ID = wp_insert_post($_POST); 84 add_meta($post_ID); 85 86 // Reunite any orphaned attachments with their parent 87 if ( $_POST['temp_ID'] ) 88 relocate_children($_POST['temp_ID'], $post_ID); 89 90 // Now that we have an ID we can fix any attachment anchor hrefs 91 fix_attachment_links($post_ID); 92 93 return $post_ID; 94 } 95 96 // Move child posts to a new parent 97 function relocate_children($old_ID, $new_ID) { 98 global $wpdb; 99 $old_ID = (int) $old_ID; 100 $new_ID = (int) $new_ID; 101 return $wpdb->query("UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID"); 102 } 103 104 // Replace hrefs of attachment anchors with up-to-date permalinks. 105 function fix_attachment_links($post_ID) { 106 global $wp_rewrite; 107 108 $post = & get_post($post_ID, ARRAY_A); 109 110 $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; 111 112 // See if we have any rel="attachment" links 113 if ( 0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER) ) 114 return; 115 116 $i = 0; 117 $search = "# id=(\"|')p(\d+)\\1#i"; 118 foreach ( $anchor_matches[0] as $anchor ) { 119 if ( 0 == preg_match($search, $anchor, $id_matches) ) 120 continue; 121 122 $id = $id_matches[2]; 123 124 // While we have the attachment ID, let's adopt any orphans. 125 $attachment = & get_post($id, ARRAY_A); 126 if ( ! empty($attachment) && ! is_object(get_post($attachment['post_parent'])) ) { 127 $attachment['post_parent'] = $post_ID; 128 // Escape data pulled from DB. 129 $attachment = add_magic_quotes($attachment); 130 wp_update_post($attachment); 131 } 132 133 $post_search[$i] = $anchor; 134 $post_replace[$i] = preg_replace("#href=(\"|')[^'\"]*\\1#e", "stripslashes('href=\\1').get_attachment_link($id).stripslashes('\\1')", $anchor); 135 ++$i; 136 } 137 138 $post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']); 139 140 // Escape data pulled from DB. 141 $post = add_magic_quotes($post); 142 143 return wp_update_post($post); 144 } 145 146 // Update an existing post with values provided in $_POST. 147 function edit_post() { 148 global $user_ID; 149 150 $post_ID = (int) $_POST['post_ID']; 151 152 if ( 'page' == $_POST['post_type'] ) { 153 if ( !current_user_can('edit_page', $post_ID) ) 154 wp_die(__('You are not allowed to edit this page.')); 155 } else { 156 if ( !current_user_can('edit_post', $post_ID) ) 157 wp_die(__('You are not allowed to edit this post.')); 158 } 159 160 // Rename. 161 $_POST['ID'] = (int) $_POST['post_ID']; 162 $_POST['post_content'] = $_POST['content']; 163 $_POST['post_excerpt'] = $_POST['excerpt']; 164 $_POST['post_parent'] = $_POST['parent_id']; 165 $_POST['to_ping'] = $_POST['trackback_url']; 166 167 if (!empty ($_POST['post_author_override'])) { 168 $_POST['post_author'] = (int) $_POST['post_author_override']; 169 } else 170 if (!empty ($_POST['post_author'])) { 171 $_POST['post_author'] = (int) $_POST['post_author']; 172 } else { 173 $_POST['post_author'] = (int) $_POST['user_ID']; 174 } 175 176 if ($_POST['post_author'] != $_POST['user_ID']) { 177 if ( 'page' == $_POST['post_type'] ) { 178 if ( !current_user_can('edit_others_pages') ) 179 wp_die(__('You cannot edit pages as this user.')); 180 } else { 181 if ( !current_user_can('edit_others_posts') ) 182 wp_die(__('You cannot edit posts as this user.')); 183 184 } 185 } 186 187 // What to do based on which button they pressed 188 if ('' != $_POST['saveasdraft']) 189 $_POST['post_status'] = 'draft'; 190 if ('' != $_POST['saveasprivate']) 191 $_POST['post_status'] = 'private'; 192 if ('' != $_POST['publish']) 193 $_POST['post_status'] = 'publish'; 194 if ('' != $_POST['advanced']) 195 $_POST['post_status'] = 'draft'; 196 197 if ( 'page' == $_POST['post_type'] ) { 198 if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_pages')) 199 $_POST['post_status'] = 'draft'; 200 } else { 201 if ('publish' == $_POST['post_status'] && !current_user_can('edit_published_posts')) 202 $_POST['post_status'] = 'draft'; 203 } 204 205 if (!isset ($_POST['comment_status'])) 206 $_POST['comment_status'] = 'closed'; 207 208 if (!isset ($_POST['ping_status'])) 209 $_POST['ping_status'] = 'closed'; 210 211 if (!empty ($_POST['edit_date'])) { 212 $aa = $_POST['aa']; 213 $mm = $_POST['mm']; 214 $jj = $_POST['jj']; 215 $hh = $_POST['hh']; 216 $mn = $_POST['mn']; 217 $ss = $_POST['ss']; 218 $jj = ($jj > 31) ? 31 : $jj; 219 $hh = ($hh > 23) ? $hh -24 : $hh; 220 $mn = ($mn > 59) ? $mn -60 : $mn; 221 $ss = ($ss > 59) ? $ss -60 : $ss; 222 $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 223 $_POST['post_date_gmt'] = get_gmt_from_date("$aa-$mm-$jj $hh:$mn:$ss"); 224 } 225 226 // Meta Stuff 227 if ($_POST['meta']) { 228 foreach ($_POST['meta'] as $key => $value) 229 update_meta($key, $value['key'], $value['value']); 230 } 231 232 if ($_POST['deletemeta']) { 233 foreach ($_POST['deletemeta'] as $key => $value) 234 delete_meta($key); 235 } 236 237 add_meta($post_ID); 238 239 wp_update_post($_POST); 240 241 // Now that we have an ID we can fix any attachment anchor hrefs 242 fix_attachment_links($post_ID); 243 244 return $post_ID; 245 } 246 247 function edit_comment() { 248 global $user_ID; 249 250 $comment_ID = (int) $_POST['comment_ID']; 251 $comment_post_ID = (int) $_POST['comment_post_ID']; 252 253 if (!current_user_can('edit_post', $comment_post_ID)) 254 wp_die(__('You are not allowed to edit comments on this post, so you cannot edit this comment.')); 255 256 $_POST['comment_author'] = $_POST['newcomment_author']; 257 $_POST['comment_author_email'] = $_POST['newcomment_author_email']; 258 $_POST['comment_author_url'] = $_POST['newcomment_author_url']; 259 $_POST['comment_approved'] = $_POST['comment_status']; 260 $_POST['comment_content'] = $_POST['content']; 261 $_POST['comment_ID'] = (int) $_POST['comment_ID']; 262 263 if (!empty ($_POST['edit_date'])) { 264 $aa = $_POST['aa']; 265 $mm = $_POST['mm']; 266 $jj = $_POST['jj']; 267 $hh = $_POST['hh']; 268 $mn = $_POST['mn']; 269 $ss = $_POST['ss']; 270 $jj = ($jj > 31) ? 31 : $jj; 271 $hh = ($hh > 23) ? $hh -24 : $hh; 272 $mn = ($mn > 59) ? $mn -60 : $mn; 273 $ss = ($ss > 59) ? $ss -60 : $ss; 274 $_POST['comment_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 275 } 276 277 wp_update_comment($_POST); 278 } 279 280 // Get an existing post and format it for editing. 281 function get_post_to_edit($id) { 282 global $richedit; 283 $richedit = ( 'true' == get_user_option('rich_editing') ) ? true : false; 284 285 $post = get_post($id); 286 287 $post->post_content = format_to_edit($post->post_content, $richedit); 288 $post->post_content = apply_filters('content_edit_pre', $post->post_content); 289 290 $post->post_excerpt = format_to_edit($post->post_excerpt); 291 $post->post_excerpt = apply_filters('excerpt_edit_pre', $post->post_excerpt); 292 293 $post->post_title = format_to_edit($post->post_title); 294 $post->post_title = apply_filters('title_edit_pre', $post->post_title); 295 296 if ($post->post_type == 'page') 297 $post->page_template = get_post_meta($id, '_wp_page_template', true); 298 299 return $post; 300 } 301 302 // Default post information to use when populating the "Write Post" form. 303 function get_default_post_to_edit() { 304 if ( !empty($_REQUEST['post_title']) ) 305 $post_title = wp_specialchars(stripslashes($_REQUEST['post_title'])); 306 else if ( !empty($_REQUEST['popuptitle']) ) { 307 $post_title = wp_specialchars(stripslashes($_REQUEST['popuptitle'])); 308 $post_title = funky_javascript_fix($post_title); 309 } else { 310 $post_title = ''; 311 } 312 313 if ( !empty($_REQUEST['content']) ) 314 $post_content = wp_specialchars(stripslashes($_REQUEST['content'])); 315 else if ( !empty($post_title) ) { 316 $text = wp_specialchars(stripslashes(urldecode($_REQUEST['text']))); 317 $text = funky_javascript_fix($text); 318 $popupurl = wp_specialchars($_REQUEST['popupurl']); 319 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 320 } 321 322 if ( !empty($_REQUEST['excerpt']) ) 323 $post_excerpt = wp_specialchars(stripslashes($_REQUEST['excerpt'])); 324 else 325 $post_excerpt = ''; 326 327 $post->post_status = 'draft'; 328 $post->comment_status = get_settings('default_comment_status'); 329 $post->ping_status = get_settings('default_ping_status'); 330 $post->post_pingback = get_settings('default_pingback_flag'); 331 $post->post_category = get_settings('default_category'); 332 $post->post_content = apply_filters('default_content', $post_content); 333 $post->post_title = apply_filters('default_title', $post_title); 334 $post->post_excerpt = apply_filters('default_excerpt', $post_excerpt); 335 $post->page_template = 'default'; 336 $post->post_parent = 0; 337 $post->menu_order = 0; 338 339 return $post; 340 } 341 342 function get_comment_to_edit($id) { 343 global $richedit; 344 $richedit = ( 'true' == get_user_option('rich_editing') ) ? true : false; 345 346 $comment = get_comment($id); 347 348 $comment->comment_content = format_to_edit($comment->comment_content, $richedit); 349 $comment->comment_content = apply_filters('comment_edit_pre', $comment->comment_content); 350 351 $comment->comment_author = format_to_edit($comment->comment_author); 352 $comment->comment_author_email = format_to_edit($comment->comment_author_email); 353 $comment->comment_author_url = format_to_edit($comment->comment_author_url); 354 355 return $comment; 356 } 357 358 function get_category_to_edit($id) { 359 $category = get_category($id); 360 361 return $category; 362 } 363 364 function wp_dropdown_roles( $default = false ) { 365 global $wp_roles; 366 $r = ''; 367 foreach($wp_roles->role_names as $role => $name) 368 if ( $default == $role ) // Make default first in list 369 $p = "\n\t<option selected='selected' value='$role'>$name</option>"; 370 else 371 $r .= "\n\t<option value='$role'>$name</option>"; 372 echo $p . $r; 373 } 374 375 376 // Creates a new user from the "Users" form using $_POST information. 377 378 function add_user() { 379 if ( func_num_args() ) { // The hackiest hack that ever did hack 380 global $current_user, $wp_roles; 381 $user_id = func_get_arg(0); 382 if (isset ($_POST['role'])) { 383 if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) { 384 $user = new WP_User($user_id); 385 $user->set_role($_POST['role']); 386 } 387 } 388 } else { 389 add_action('user_register', 'add_user'); // See above 390 return edit_user(); 391 } 392 } 393 394 function edit_user($user_id = 0) { 395 global $current_user, $wp_roles, $wpdb; 396 if ($user_id != 0) { 397 $update = true; 398 $user->ID = $user_id; 399 $userdata = get_userdata($user_id); 400 $user->user_login = $wpdb->escape($userdata->user_login); 401 } else { 402 $update = false; 403 $user = ''; 404 } 405 406 if (isset ($_POST['user_login'])) 407 $user->user_login = wp_specialchars(trim($_POST['user_login'])); 408 409 $pass1 = $pass2 = ''; 410 if (isset ($_POST['pass1'])) 411 $pass1 = $_POST['pass1']; 412 if (isset ($_POST['pass2'])) 413 $pass2 = $_POST['pass2']; 414 415 if (isset ($_POST['role'])) { 416 if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) 417 $user->role = $_POST['role']; 418 } 419 420 if (isset ($_POST['email'])) 421 $user->user_email = wp_specialchars(trim($_POST['email'])); 422 if (isset ($_POST['url'])) { 423 $user->user_url = wp_specialchars(trim($_POST['url'])); 424 $user->user_url = preg_match('/^(https?|ftps?|mailto|news|gopher):/is', $user->user_url) ? $user->user_url : 'http://'.$user->user_url; 425 } 426 if (isset ($_POST['first_name'])) 427