PHP Cross Reference of WordPress Subversion HEAD |
| [ Index ] [ Classes ] [ Functions ] [ Variables ] [ Constants ] |
[Summary view] [Print] [Text view]
1 <?php 2 3 // Update an existing post with values provided in $_POST. 4 function edit_post() { 5 6 $post_ID = (int) $_POST['post_ID']; 7 8 if ( 'page' == $_POST['post_type'] ) { 9 if ( !current_user_can( 'edit_page', $post_ID ) ) 10 wp_die( __('You are not allowed to edit this page.' )); 11 } else { 12 if ( !current_user_can( 'edit_post', $post_ID ) ) 13 wp_die( __('You are not allowed to edit this post.' )); 14 } 15 16 // Autosave shouldn't save too soon after a real save 17 if ( 'autosave' == $_POST['action'] ) { 18 $post =& get_post( $post_ID ); 19 $now = time(); 20 $then = strtotime($post->post_date_gmt . ' +0000'); 21 // Keep autosave_interval in sync with autosave-js.php. 22 $delta = apply_filters( 'autosave_interval', 120 ) / 2; 23 if ( ($now - $then) < $delta ) 24 return $post_ID; 25 } 26 27 // Rename. 28 $_POST['ID'] = (int) $_POST['post_ID']; 29 $_POST['post_content'] = $_POST['content']; 30 $_POST['post_excerpt'] = $_POST['excerpt']; 31 $_POST['post_parent'] = $_POST['parent_id']; 32 $_POST['to_ping'] = $_POST['trackback_url']; 33 34 if (!empty ( $_POST['post_author_override'] ) ) { 35 $_POST['post_author'] = (int) $_POST['post_author_override']; 36 } else 37 if (!empty ( $_POST['post_author'] ) ) { 38 $_POST['post_author'] = (int) $_POST['post_author']; 39 } else { 40 $_POST['post_author'] = (int) $_POST['user_ID']; 41 } 42 43 if ( $_POST['post_author'] != $_POST['user_ID'] ) { 44 if ( 'page' == $_POST['post_type'] ) { 45 if ( !current_user_can( 'edit_others_pages' ) ) 46 wp_die( __('You are not allowed to edit pages as this user.' )); 47 } else { 48 if ( !current_user_can( 'edit_others_posts' ) ) 49 wp_die( __('You are not allowed to edit posts as this user.' )); 50 51 } 52 } 53 54 // What to do based on which button they pressed 55 if ('' != $_POST['saveasdraft'] ) 56 $_POST['post_status'] = 'draft'; 57 if ('' != $_POST['saveasprivate'] ) 58 $_POST['post_status'] = 'private'; 59 if ('' != $_POST['publish'] ) 60 $_POST['post_status'] = 'publish'; 61 if ('' != $_POST['advanced'] ) 62 $_POST['post_status'] = 'draft'; 63 64 if ( 'page' == $_POST['post_type'] ) { 65 if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' )) 66 $_POST['post_status'] = 'pending'; 67 } else { 68 if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' )) 69 $_POST['post_status'] = 'pending'; 70 } 71 72 if (!isset( $_POST['comment_status'] )) 73 $_POST['comment_status'] = 'closed'; 74 75 if (!isset( $_POST['ping_status'] )) 76 $_POST['ping_status'] = 'closed'; 77 78 if (!empty ( $_POST['edit_date'] ) ) { 79 $aa = $_POST['aa']; 80 $mm = $_POST['mm']; 81 $jj = $_POST['jj']; 82 $hh = $_POST['hh']; 83 $mn = $_POST['mn']; 84 $ss = $_POST['ss']; 85 $jj = ($jj > 31 ) ? 31 : $jj; 86 $hh = ($hh > 23 ) ? $hh -24 : $hh; 87 $mn = ($mn > 59 ) ? $mn -60 : $mn; 88 $ss = ($ss > 59 ) ? $ss -60 : $ss; 89 $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; 90 $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); 91 } 92 93 // Meta Stuff 94 if ( $_POST['meta'] ) { 95 foreach ( $_POST['meta'] as $key => $value ) 96 update_meta( $key, $value['key'], $value['value'] ); 97 } 98 99 if ( $_POST['deletemeta'] ) { 100 foreach ( $_POST['deletemeta'] as $key => $value ) 101 delete_meta( $key ); 102 } 103 104 add_meta( $post_ID ); 105 106 wp_update_post( $_POST ); 107 108 // Reunite any orphaned attachments with their parent 109 if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) 110 $draft_ids = array(); 111 if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) 112 _relocate_children( $draft_temp_id, $post_ID ); 113 114 // Now that we have an ID we can fix any attachment anchor hrefs 115 _fix_attachment_links( $post_ID ); 116 117 return $post_ID; 118 } 119 120 // Default post information to use when populating the "Write Post" form. 121 function get_default_post_to_edit() { 122 if ( !empty( $_REQUEST['post_title'] ) ) 123 $post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] )); 124 else if ( !empty( $_REQUEST['popuptitle'] ) ) { 125 $post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] )); 126 $post_title = funky_javascript_fix( $post_title ); 127 } else { 128 $post_title = ''; 129 } 130 131 if ( !empty( $_REQUEST['content'] ) ) 132 $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] )); 133 else if ( !empty( $post_title ) ) { 134 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); 135 $text = funky_javascript_fix( $text); 136 $popupurl = clean_url($_REQUEST['popupurl']); 137 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; 138 } 139 140 if ( !empty( $_REQUEST['excerpt'] ) ) 141 $post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] )); 142 else 143 $post_excerpt = ''; 144 145 $post->post_status = 'draft'; 146 $post->comment_status = get_option( 'default_comment_status' ); 147 $post->ping_status = get_option( 'default_ping_status' ); 148 $post->post_pingback = get_option( 'default_pingback_flag' ); 149 $post->post_category = get_option( 'default_category' ); 150 $post->post_content = apply_filters( 'default_content', $post_content); 151 $post->post_title = apply_filters( 'default_title', $post_title ); 152 $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt); 153 $post->page_template = 'default'; 154 $post->post_parent = 0; 155 $post->menu_order = 0; 156 157 return $post; 158 } 159 160 // Get an existing post and format it for editing. 161 function get_post_to_edit( $id ) { 162 163 $post = get_post( $id, OBJECT, 'edit' ); 164 165 if ( $post->post_type == 'page' ) 166 $post->page_template = get_post_meta( $id, '_wp_page_template', true ); 167 168 return $post; 169 } 170 171 function post_exists($title, $content = '', $post_date = '') { 172 global $wpdb; 173 174 if (!empty ($post_date)) 175 $post_date = "AND post_date = '$post_date'"; 176 177 if (!empty ($title)) 178 return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date"); 179 else 180 if (!empty ($content)) 181 return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date"); 182 183 return 0; 184 } 185 186 // Creates a new post from the "Write Post" form using $_POST information. 187 function wp_write_post() { 188 global $user_ID; 189 190 if ( 'page' == $_POST['post_type'] ) { 191 if ( !current_user_can( 'edit_pages' ) ) 192 return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) ); 193 } else { 194 if ( !current_user_can( 'edit_posts' ) ) 195 return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) ); 196 } 197 198 199 // Check for autosave collisions 200 $temp_id = false; 201 if ( isset($_POST['temp_ID']) ) { 202 $temp_id = (int) $_POST['temp_ID']; 203 if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) 204 $draft_ids = array(); 205 foreach ( $draft_ids as $temp => $real ) 206 if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then ) 207 unset($draft_ids[$temp]); 208 209 if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write 210 $_POST['post_ID'] = $draft_ids[$temp_id]; 211 unset($_POST['temp_ID']); 212 update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids ); 213 return edit_post(); 214 } 215 } 216 217 // Rename. 218 $_POST['post_content'] = $_POST['content']; 219 $_POST['post_excerpt'] = $_POST['excerpt']; 220 $_POST['post_parent'] = $_POST['parent_id']; 221 $_POST['to_ping'] = $_POST['trackback_url']; 222 223 if (!empty ( $_POST['post_author_override'] ) ) { 224 $_POST['post_author'] = (int) $_POST['post_author_override']; 225 } else { 226 if (!empty ( $_POST['post_author'] ) ) { 227 $_POST['post_author'] = (int) $_POST['post_author']; 228 } else { 229 $_POST['post_author'] = (int) $_POST['user_ID']; 230 } 231 232 } 233 234 if ( $_POST['post_author'] != $_POST['user_ID'] ) { 235 if ( 'page' == $_POST['post_type'] ) { 236 if ( !current_user_can( 'edit_others_pages' ) ) 237 return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); 238 } else { 239 if ( !current_user_can( 'edit_others_posts' ) ) 240 return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) ); 241 242 } 243 } 244 245 // What to do based on which button they pressed 246 if ('' != $_POST['saveasdraft'] ) 247 $_POST['post_status'] = 'draft'; 248 if ('' != $_POST['saveasprivate'] ) 249 $_POST['post_status'] = 'private'; 250 if ('' != $_POST['publish'] ) 251 $_POST['post_status'] = 'publish'; 252 if ('' != $_POST['advanced'] ) 253 $_POST['post_status'] = 'draft'; 254 255 if ( 'page' == $_POST['post_type'] ) { 256 if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) 257 $_POST['post_status'] = 'pending'; 258 } else { 259 if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) 260 $_POST['post_status'] = 'pending'; 261 } 262 263 if (!isset( $_POST['comment_status'] )) 264 $_POST['comment_status'] = 'closed'; 265 266 if (!isset( $_POST['ping_status'] )) 267 $_POST['ping_status'] = 'closed'; 268 269 if (!empty ( $_POST['edit_date'] ) ) { 270 $aa = $_POST['aa']; 271 $mm = $_POST['mm']; 272 $jj = $_POST['jj']; 273 $hh = $_POST['hh']; 274 $mn = $_POST['mn']; 275 $ss = $_POST['ss']; 276 $jj = ($jj > 31 ) ? 31 : $jj; 277 $hh = ($hh > 23 ) ? $hh -24 : $hh; 278 $mn = ($mn > 59 ) ? $mn -60 : $mn; 279 $ss = ($ss > 59 ) ? $ss -60 : $ss; 280 $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); 281 $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); 282 } 283 284 // Create the post. 285 $post_ID = wp_insert_post( $_POST ); 286 if ( is_wp_error( $post_ID ) ) 287 return $post_ID; 288 289 if ( empty($post_ID) ) 290 return 0; 291 292 add_meta( $post_ID ); 293 294 // Reunite any orphaned attachments with their parent 295 if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) 296 $draft_ids = array(); 297 if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) 298 _relocate_children( $draft_temp_id, $post_ID ); 299 if ( $temp_id && $temp_id != $draft_temp_id ) 300 _relocate_children( $temp_id, $post_ID ); 301 302 // Update autosave collision detection 303 if ( $temp_id ) { 304 $draft_ids[$temp_id] = $post_ID; 305 update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids ); 306 } 307 308 // Now that we have an ID we can fix any attachment anchor hrefs 309 _fix_attachment_links( $post_ID ); 310 311 return $post_ID; 312 } 313 314 function write_post() { 315 $result = wp_write_post(); 316 if( is_wp_error( $result ) ) 317 wp_die( $result->get_error_message() ); 318 else 319 return $result; 320 } 321 322 // 323 // Post Meta 324 // 325 326 function add_meta( $post_ID ) { 327 global $wpdb; 328 $post_ID = (int) $post_ID; 329 330 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); 331 332 $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); 333 $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); 334 $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) )); 335 $metavalue = $wpdb->escape( $metavalue ); 336 337 if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) { 338 // We have a key/value pair. If both the select and the 339 // input for the key have data, the input takes precedence: 340 341 if ('#NONE#' != $metakeyselect) 342 $metakey = $metakeyselect; 343 344 if ( $metakeyinput) 345 $metakey = $metakeyinput; // default 346 347 if ( in_array($metakey, $protected) ) 348 return false; 349 350 wp_cache_delete($post_ID, 'post_meta'); 351 352 $wpdb->query( " 353 INSERT INTO $wpdb->postmeta 354 (post_id,meta_key,meta_value ) 355 VALUES ('$post_ID','$metakey','$metavalue' ) 356 " ); 357 return $wpdb->insert_id; 358 } 359 return false; 360 } // add_meta 361 362 function delete_meta( $mid ) { 363 global $wpdb; 364 $mid = (int) $mid; 365 366 $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'"); 367 wp_cache_delete($post_id, 'post_meta'); 368 369 return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); 370 } 371 372 // Get a list of previously defined keys 373 function get_meta_keys() { 374 global $wpdb; 375 376 $keys = $wpdb->get_col( " 377 SELECT meta_key 378 FROM $wpdb->postmeta 379 GROUP BY meta_key 380 ORDER BY meta_key" ); 381 382 return $keys; 383 } 384 385 function get_post_meta_by_id( $mid ) { 386 global $wpdb; 387 $mid = (int) $mid; 388 389 $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); 390 if ( is_serialized_string( $meta->meta_value ) ) 391 $meta->meta_value = maybe_unserialize( $meta->meta_value ); 392 return $meta; 393 } 394 395 // Some postmeta stuff 396 function has_meta( $postid ) { 397 global $wpdb; 398 399 return $wpdb->get_results( " 400 SELECT meta_key, meta_value, meta_id, post_id 401 FROM $wpdb->postmeta 402 WHERE post_id = '$postid' 403 ORDER BY meta_key,meta_id", ARRAY_A ); 404 405 } 406 407 function update_meta( $mid, $mkey, $mvalue ) { 408 global $wpdb; 409 410 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); 411 412 if ( in_array($mkey, $protected) ) 413 return false; 414 415 $post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'"); 416 wp_cache_delete($post_id, 'post_meta'); 417 418 $mvalue = maybe_serialize( stripslashes( $mvalue )); 419 $mvalue = $wpdb->escape( $mvalue ); 420 $mid = (int) $mid; 421 return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" ); 422 } 423 424 // 425 // Private 426 // 427 428 // Replace hrefs of attachment anchors with up-to-date permalinks. 429 function _fix_attachment_links( $post_ID ) { 430 431 $post = & get_post( $post_ID, ARRAY_A ); 432 433 $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; 434 435 // See if we have any rel="attachment" links 436 if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) ) 437 return; 438 439 $i = 0; 440 $search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i"; 441 foreach ( $anchor_matches[0] as $anchor ) { 442 if ( 0 == preg_match( $search, $anchor, $id_matches ) ) 443 continue; 444 445 $id = (int) $id_matches[3]; 446 447 // While we have the attachment ID, let's adopt any orphans. 448 $attachment = & get_post( $id, ARRAY_A ); 449 if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) { 450 $attachment['post_parent'] = $post_ID; 451 // Escape data pulled from DB. 452 $attachment = add_magic_quotes( $attachment); 453 wp_update_post( $attachment); 454 } 455 456 $post_search[$i] = $anchor; 457