PHP Cross Reference of WordPress Subversion HEAD |
| [ Index ] [ Classes ] [ Functions ] [ Variables ] [ Constants ] |
[Summary view] [Print] [Text view]
1 <?php 2 require_once('../wp-config.php'); 3 require_once ('includes/admin.php'); 4 5 define('DOING_AJAX', true); 6 7 if ( !is_user_logged_in() ) 8 die('-1'); 9 10 function get_out_now() { exit; } 11 add_action( 'shutdown', 'get_out_now', -1 ); 12 13 $id = (int) $_POST['id']; 14 switch ( $action = $_POST['action'] ) : 15 case 'add-post' : 16 check_ajax_referer( 'add-post' ); 17 add_filter( 'post_limits', $limit_filter = create_function( '$a', '$b = split(" ",$a); if ( !isset($b[2]) ) return $a; $start = intval(trim($b[1])) / 20 * 15; if ( !is_int($start) ) return $a; $start += intval(trim($b[2])) - 1; return "LIMIT $start, 1";' ) ); 18 wp_edit_posts_query( $_POST ); 19 if ( !have_posts() ) 20 die('1'); 21 $posts_columns = wp_manage_posts_columns(); 22 ob_start(); 23 include ( 'edit-post-rows.php' ); 24 $data = ob_get_contents(); 25 ob_end_clean(); 26 if ( !preg_match('|<tbody.+?>(.+)</tbody>|s', $data, $matches) ) 27 my_dump($data); 28 $data = trim($matches[1]); 29 $x = new WP_Ajax_Response( array( 'what' => 'post', 'id' => $id, 'data' => $data ) ); 30 $x->send(); 31 break; 32 case 'delete-comment' : 33 check_ajax_referer( "delete-comment_$id" ); 34 if ( !$comment = get_comment( $id ) ) 35 die('0'); 36 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 37 die('-1'); 38 39 if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) 40 $r = wp_set_comment_status( $comment->comment_ID, 'spam' ); 41 else 42 $r = wp_delete_comment( $comment->comment_ID ); 43 44 die( $r ? '1' : '0' ); 45 break; 46 case 'delete-cat' : 47 check_ajax_referer( "delete-category_$id" ); 48 if ( !current_user_can( 'manage_categories' ) ) 49 die('-1'); 50 51 if ( wp_delete_category( $id ) ) 52 die('1'); 53 else die('0'); 54 break; 55 case 'delete-link-cat' : 56 check_ajax_referer( "delete-link-category_$id" ); 57 if ( !current_user_can( 'manage_categories' ) ) 58 die('-1'); 59 60 $cat_name = get_term_field('name', $id, 'link_category'); 61 62 // Don't delete the default cats. 63 if ( $id == get_option('default_link_category') ) { 64 $x = new WP_AJAX_Response( array( 65 'what' => 'link-cat', 66 'id' => $id, 67 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) ) 68 ) ); 69 $x->send(); 70 } 71 72 $r = wp_delete_term($id, 'link_category'); 73 if ( !$r ) 74 die('0'); 75 if ( is_wp_error($r) ) { 76 $x = new WP_AJAX_Response( array( 77 'what' => 'link-cat', 78 'id' => $id, 79 'data' => $r 80 ) ); 81 $x->send(); 82 } 83 die('1'); 84 break; 85 case 'delete-link' : 86 check_ajax_referer( "delete-bookmark_$id" ); 87 if ( !current_user_can( 'manage_links' ) ) 88 die('-1'); 89 90 if ( wp_delete_link( $id ) ) 91 die('1'); 92 else die('0'); 93 break; 94 case 'delete-meta' : 95 check_ajax_referer( 'change_meta' ); 96 if ( !$meta = get_post_meta_by_id( $id ) ) 97 die('0'); 98 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 99 die('-1'); 100 if ( delete_meta( $meta->meta_id ) ) 101 die('1'); 102 die('0'); 103 break; 104 case 'delete-post' : 105 check_ajax_referer( "{$action}_$id" ); 106 if ( !current_user_can( 'delete_post', $id ) ) 107 die('-1'); 108 109 if ( wp_delete_post( $id ) ) 110 die('1'); 111 else 112 die('0'); 113 break; 114 case 'delete-page' : 115 check_ajax_referer( "{$action}_$id" ); 116 if ( !current_user_can( 'delete_page', $id ) ) 117 die('-1'); 118 119 if ( wp_delete_post( $id ) ) 120 die('1'); 121 else die('0'); 122 break; 123 case 'dim-comment' : 124 if ( !$comment = get_comment( $id ) ) 125 die('0'); 126 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 127 die('-1'); 128 if ( !current_user_can( 'moderate_comments' ) ) 129 die('-1'); 130 131 if ( 'unapproved' == wp_get_comment_status($comment->comment_ID) ) { 132 check_ajax_referer( "approve-comment_$id" ); 133 if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) ) 134 die('1'); 135 } else { 136 check_ajax_referer( "unapprove-comment_$id" ); 137 if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) ) 138 die('1'); 139 } 140 die('0'); 141 break; 142 case 'add-category' : // On the Fly 143 check_ajax_referer( $action ); 144 if ( !current_user_can( 'manage_categories' ) ) 145 die('-1'); 146 $names = explode(',', $_POST['newcat']); 147 $x = new WP_Ajax_Response(); 148 foreach ( $names as $cat_name ) { 149 $cat_name = trim($cat_name); 150 $category_nicename = sanitize_title($cat_name); 151 if ( '' === $category_nicename ) 152 continue; 153 $cat_id = wp_create_category( $cat_name ); 154 $cat_name = wp_specialchars(stripslashes($cat_name)); 155 $x->add( array( 156 'what' => 'category', 157 'id' => $cat_id, 158 'data' => "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>", 159 'position' => -1 160 ) ); 161 } 162 $x->send(); 163 break; 164 case 'add-link-category' : // On the Fly 165 check_ajax_referer( $action ); 166 if ( !current_user_can( 'manage_categories' ) ) 167 die('-1'); 168 $names = explode(',', $_POST['newcat']); 169 $x = new WP_Ajax_Response(); 170 foreach ( $names as $cat_name ) { 171 $cat_name = trim($cat_name); 172 $slug = sanitize_title($cat_name); 173 if ( '' === $slug ) 174 continue; 175 if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) { 176 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 177 } 178 $cat_id = $cat_id['term_id']; 179 $cat_name = wp_specialchars(stripslashes($cat_name)); 180 $x->add( array( 181 'what' => 'link-category', 182 'id' => $cat_id, 183 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 184 'position' => -1 185 ) ); 186 } 187 $x->send(); 188 break; 189 case 'add-cat' : // From Manage->Categories 190 check_ajax_referer( 'add-category' ); 191 if ( !current_user_can( 'manage_categories' ) ) 192 die('-1'); 193 194 if ( '' === trim($_POST['cat_name']) ) { 195 $x = new WP_Ajax_Response( array( 196 'what' => 'cat', 197 'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') ) 198 ) ); 199 $x->send(); 200 } 201 202 $cat = wp_insert_category( $_POST, true ); 203 204 if ( is_wp_error($cat) ) { 205 $x = new WP_Ajax_Response( array( 206 'what' => 'cat', 207 'id' => $cat 208 ) ); 209 $x->send(); 210 } 211 212 if ( !$cat || (!$cat = get_category( $cat )) ) 213 die('0'); 214 215 $level = 0; 216 $cat_full_name = $cat->name; 217 $_cat = $cat; 218 while ( $_cat->parent ) { 219 $_cat = get_category( $_cat->parent ); 220 $cat_full_name = $_cat->name . ' — ' . $cat_full_name; 221 $level++; 222 } 223 $cat_full_name = attribute_escape($cat_full_name); 224 225 $x = new WP_Ajax_Response( array( 226 'what' => 'cat', 227 'id' => $cat->term_id, 228 'data' => _cat_row( $cat, $level, $cat_full_name ), 229 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name)) 230 ) ); 231 $x->send(); 232 break; 233 case 'add-link-cat' : // From Blogroll -> Categories 234 check_ajax_referer( 'add-link-category' ); 235 if ( !current_user_can( 'manage_categories' ) ) 236 die('-1'); 237 238 if ( '' === trim($_POST['name']) ) { 239 $x = new WP_Ajax_Response( array( 240 'what' => 'link-cat', 241 'id' => new WP_Error( 'name', __('You did not enter a category name.') ) 242 ) ); 243 $x->send(); 244 } 245 246 $r = wp_insert_term($_POST['name'], 'link_category', $_POST ); 247 if ( is_wp_error( $r ) ) { 248 $x = new WP_AJAX_Response( array( 249 'what' => 'link-cat', 250 'id' => $r 251 ) ); 252 $x->send(); 253 } 254 255 extract($r, EXTR_SKIP); 256 257 if ( !$link_cat = link_cat_row( $term_id ) ) 258 die('0'); 259 260 $x = new WP_Ajax_Response( array( 261 'what' => 'link-cat', 262 'id' => $term_id, 263 'data' => $link_cat 264 ) ); 265 $x->send(); 266 break; 267 case 'add-comment' : 268 check_ajax_referer( $action ); 269 if ( !current_user_can( 'edit_post', $id ) ) 270 die('-1'); 271 $search = isset($_POST['s']) ? $_POST['s'] : false; 272 $start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24; 273 274 list($comments, $total) = _wp_get_comment_list( $search, $start, 1 ); 275 276 if ( !$comments ) 277 die('1'); 278 $x = new WP_Ajax_Response(); 279 foreach ( (array) $comments as $comment ) { 280 get_comment( $comment ); 281 ob_start(); 282 _wp_comment_list_item( $comment->comment_ID ); 283 $comment_list_item = ob_get_contents(); 284 ob_end_clean(); 285 $x->add( array( 286 'what' => 'comment', 287 'id' => $comment->comment_ID, 288 'data' => $comment_list_item 289 ) ); 290 } 291 $x->send(); 292 break; 293 case 'add-meta' : 294 check_ajax_referer( 'change_meta' ); 295 $c = 0; 296 $pid = (int) $_POST['post_id']; 297 if ( isset($_POST['addmeta']) ) { 298 if ( !current_user_can( 'edit_post', $pid ) ) 299 die('-1'); 300 if ( '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 301 die('1'); 302 if ( $pid < 0 ) { 303 $now = current_time('timestamp', 1); 304 if ( $pid = wp_insert_post( array( 305 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)) 306 ) ) ) { 307 if ( is_wp_error( $pid ) ) { 308 $x = new WP_Ajax_Response( array( 309 'what' => 'meta', 310 'data' => $pid 311 ) ); 312 $x->send(); 313 } 314 $mid = add_meta( $pid ); 315 } else { 316 die('0'); 317 } 318 } else if ( !$mid = add_meta( $pid ) ) { 319 die('0'); 320 } 321 322 $meta = get_post_meta_by_id( $mid ); 323 $pid = (int) $meta->post_id; 324 $meta = get_object_vars( $meta ); 325 $x = new WP_Ajax_Response( array( 326 'what' => 'meta', 327 'id' => $mid, 328 'data' => _list_meta_row( $meta, $c ), 329 'position' => 1, 330 'supplemental' => array('postid' => $pid) 331 ) ); 332 } else { 333 $mid = (int) array_pop(array_keys($_POST['meta'])); 334 $key = $_POST['meta'][$mid]['key']; 335 $value = $_POST['meta'][$mid]['value']; 336 if ( !$meta = get_post_meta_by_id( $mid ) ) 337 die('0'); // if meta doesn't exist 338 if ( !current_user_can( 'edit_post', $meta->post_id ) ) 339 die('-1'); 340 if ( !$u = update_meta( $mid, $key, $value ) ) 341 die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 342 $key = stripslashes($key); 343 $value = stripslashes($value); 344 $x = new WP_Ajax_Response( array( 345 'what' => 'meta', 346 'id' => $mid, 'old_id' => $mid, 347 'data' => _list_meta_row( array( 348 'meta_key' => $key, 349 'meta_value' => $value, 350 'meta_id' => $mid 351 ), $c ), 352 'position' => 0, 353 'supplemental' => array('postid' => $meta->post_id) 354 ) ); 355 } 356 $x->send(); 357 break; 358 case 'add-user' : 359 check_ajax_referer( $action ); 360 if ( !current_user_can('edit_users') ) 361 die('-1'); 362 require_once(ABSPATH . WPINC . '/registration.php'); 363 if ( !$user_id = add_user() ) 364 die('0'); 365 elseif ( is_wp_error( $user_id ) ) { 366 $x = new WP_Ajax_Response( array( 367 'what' => 'user', 368 'id' => $user_id 369 ) ); 370 $x->send(); 371 } 372 $user_object = new WP_User( $user_id ); 373 374 $x = new WP_Ajax_Response( array( 375 'what' => 'user', 376 'id' => $user_id, 377 'data' => user_row( $user_object ), 378 'supplemental' => array( 379 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 380 'role' => $user_object->roles[0] 381 ) 382 ) ); 383 $x->send(); 384 break; 385 case 'autosave' : // The name of this action is hardcoded in edit_post() 386 check_ajax_referer( $action ); 387 $_POST['post_content'] = $_POST['content']; 388 $_POST['post_excerpt'] = $_POST['excerpt']; 389 $_POST['post_status'] = 'draft'; 390 $_POST['post_category'] = explode(",", $_POST['catslist']); 391 if($_POST['post_type'] == 'page' || empty($_POST['post_category'])) 392 unset($_POST['post_category']); 393 394 if($_POST['post_ID'] < 0) { 395 $_POST['temp_ID'] = $_POST['post_ID']; 396 $id = wp_write_post(); 397 if( is_wp_error($id) ) 398 die($id->get_error_message()); 399 else 400 die("$id"); 401 } else { 402 $post_ID = (int) $_POST['post_ID']; 403 $_POST['ID'] = $post_ID; 404 $post = get_post($post_ID); 405 if ( 'page' == $post->post_type ) { 406 if ( !current_user_can('edit_page', $post_ID) ) 407 die(__('You are not allowed to edit this page.')); 408 } else { 409 if ( !current_user_can('edit_post', $post_ID) ) 410 die(__('You are not allowed to edit this post.')); 411 } 412 wp_update_post($_POST); 413 } 414 die('0'); 415 break; 416 case 'autosave-generate-nonces' : 417 check_ajax_referer( $action ); 418 $ID = (int) $_POST['post_ID']; 419 if($_POST['post_type'] == 'post') { 420 if(current_user_can('edit_post', $ID)) 421 die(wp_create_nonce('update-post_' . $ID)); 422 } 423 if($_POST['post_type'] == 'page') { 424 if(current_user_can('edit_page', $ID)) { 425 die(wp_create_nonce('update-page_' . $ID)); 426 } 427 } 428 die('0'); 429 break; 430 default : 431 do_action( 'wp_ajax_' . $_POST['action'] ); 432 die('0'); 433 break; 434 endswitch; 435 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated Thu Dec 6 06:47:08 2007 for RedAlt XRefs | Cross-referenced by PHPXref 0.6 and RedAlt |