2006-03-29 03:51:55 +02:00
< ? php
2008-08-11 22:26:31 +02:00
/**
* WordPress AJAX Process Execution .
*
* @ package WordPress
* @ subpackage Administration
*/
/**
* Executing AJAX process .
*
* @ since unknown
*/
2008-01-05 00:34:33 +01:00
define ( 'DOING_AJAX' , true );
2008-09-11 00:47:03 +02:00
define ( 'WP_ADMIN' , true );
2008-01-05 00:34:33 +01:00
2008-05-21 07:59:27 +02:00
require_once ( '../wp-load.php' );
2007-05-25 11:53:16 +02:00
require_once ( 'includes/admin.php' );
2009-01-18 06:40:40 +01:00
@ header ( 'Content-Type: text/html; charset=' . get_option ( 'blog_charset' ));
2006-03-29 03:51:55 +02:00
2009-02-22 07:58:26 +01:00
do_action ( 'admin_init' );
2008-10-16 23:59:06 +02:00
if ( ! is_user_logged_in () ) {
if ( $_POST [ 'action' ] == 'autosave' ) {
$id = isset ( $_POST [ 'post_ID' ]) ? ( int ) $_POST [ 'post_ID' ] : 0 ;
if ( ! $id )
die ( '-1' );
$message = sprintf ( __ ( '<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>' ), wp_login_url () );
$x = new WP_Ajax_Response ( array (
'what' => 'autosave' ,
'id' => $id ,
'data' => $message
) );
$x -> send ();
}
2009-03-05 22:43:35 +01:00
if ( ! empty ( $_POST [ 'action' ]) )
do_action ( 'wp_ajax_nopriv_' . $_POST [ 'action' ] );
2006-03-29 03:51:55 +02:00
die ( '-1' );
2008-10-16 23:59:06 +02:00
}
2006-03-29 03:51:55 +02:00
2008-10-22 19:15:19 +02:00
if ( isset ( $_GET [ 'action' ] ) ) :
switch ( $action = $_GET [ 'action' ] ) :
case 'ajax-tag-search' :
2009-03-05 21:30:56 +01:00
if ( ! current_user_can ( 'edit_posts' ) )
2008-01-03 02:34:11 +01:00
die ( '-1' );
$s = $_GET [ 'q' ]; // is this slashed already?
2009-02-01 10:45:24 +01:00
2008-12-18 20:12:26 +01:00
if ( isset ( $_GET [ 'tax' ]) )
$taxonomy = sanitize_title ( $_GET [ 'tax' ]);
else
die ( '0' );
2008-01-03 02:34:11 +01:00
2008-08-27 22:47:01 +02:00
if ( false !== strpos ( $s , ',' ) ) {
2008-08-09 07:36:14 +02:00
$s = explode ( ',' , $s );
$s = $s [ count ( $s ) - 1 ];
2008-06-30 02:04:22 +02:00
}
$s = trim ( $s );
if ( strlen ( $s ) < 2 )
2008-11-12 06:02:58 +01:00
die ; // require 2 chars for matching
2008-12-18 20:12:26 +01:00
$results = $wpdb -> get_col ( " SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = ' $taxonomy ' AND t.name LIKE ('% " . $s . " %') " );
2008-01-03 02:34:11 +01:00
echo join ( $results , " \n " );
die ;
2008-10-22 19:15:19 +02:00
break ;
2009-01-14 15:18:51 +01:00
case 'wp-compression-test' :
if ( ! current_user_can ( 'manage_options' ) )
die ( '-1' );
2009-02-01 10:45:24 +01:00
if ( ini_get ( 'zlib.output_compression' ) || 'ob_gzhandler' == ini_get ( 'output_handler' ) ) {
2009-02-19 00:38:11 +01:00
update_site_option ( 'can_compress_scripts' , 0 );
2009-02-01 10:45:24 +01:00
die ( '0' );
}
if ( isset ( $_GET [ 'test' ]) ) {
header ( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
header ( 'Last-Modified: ' . gmdate ( 'D, d M Y H:i:s' ) . ' GMT' );
header ( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
header ( 'Pragma: no-cache' );
header ( 'Content-Type: application/x-javascript; charset=UTF-8' );
$force_gzip = ( defined ( 'ENFORCE_GZIP' ) && ENFORCE_GZIP );
$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."' ;
if ( 1 == $_GET [ 'test' ] ) {
echo $test_str ;
die ;
} elseif ( 2 == $_GET [ 'test' ] ) {
if ( false !== strpos ( strtolower ( $_SERVER [ 'HTTP_ACCEPT_ENCODING' ]), 'deflate' ) && function_exists ( 'gzdeflate' ) && ! $force_gzip ) {
header ( 'Content-Encoding: deflate' );
$out = gzdeflate ( $test_str , 1 );
} elseif ( false !== strpos ( strtolower ( $_SERVER [ 'HTTP_ACCEPT_ENCODING' ]), 'gzip' ) && function_exists ( 'gzencode' ) ) {
header ( 'Content-Encoding: gzip' );
$out = gzencode ( $test_str , 1 );
} else {
die ( '-1' );
}
echo $out ;
die ;
} elseif ( 'no' == $_GET [ 'test' ] ) {
2009-02-19 00:38:11 +01:00
update_site_option ( 'can_compress_scripts' , 0 );
2009-02-01 10:45:24 +01:00
} elseif ( 'yes' == $_GET [ 'test' ] ) {
2009-02-19 00:38:11 +01:00
update_site_option ( 'can_compress_scripts' , 1 );
2009-02-01 10:45:24 +01:00
}
2009-01-14 15:18:51 +01:00
}
2009-02-01 10:45:24 +01:00
2009-01-14 15:18:51 +01:00
die ( '0' );
break ;
2008-10-22 19:15:19 +02:00
default :
do_action ( 'wp_ajax_' . $_GET [ 'action' ] );
die ( '0' );
break ;
endswitch ;
endif ;
2008-01-03 02:34:11 +01:00
2008-12-14 13:13:30 +01:00
/**
* Sends back current comment total and new page links if they need to be updated .
*
* Contrary to normal success AJAX response ( " 1 " ), die with time () on success .
*
* @ since 2.7
*
* @ param int $comment_id
* @ return die
*/
function _wp_ajax_delete_comment_response ( $comment_id ) {
$total = ( int ) @ $_POST [ '_total' ];
$per_page = ( int ) @ $_POST [ '_per_page' ];
$page = ( int ) @ $_POST [ '_page' ];
2009-05-18 18:00:33 +02:00
$url = esc_url_raw ( @ $_POST [ '_url' ] );
2009-04-27 20:36:27 +02:00
// JS didn't send us everything we need to know. Just die with success message
2008-12-14 13:13:30 +01:00
if ( ! $total || ! $per_page || ! $page || ! $url )
die ( ( string ) time () );
if ( -- $total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
$total = 0 ;
if ( 0 != $total % $per_page && 1 != mt_rand ( 1 , $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
die ( ( string ) time () );
$status = 'total_comments' ; // What type of comment count are we looking for?
$parsed = parse_url ( $url );
if ( isset ( $parsed [ 'query' ] ) ) {
parse_str ( $parsed [ 'query' ], $query_vars );
if ( ! empty ( $query_vars [ 'comment_status' ] ) )
$status = $query_vars [ 'comment_status' ];
}
$comment_count = wp_count_comments ();
$time = time (); // The time since the last comment count
if ( isset ( $comment_count -> $status ) ) // We're looking for a known type of comment count
$total = $comment_count -> $status ;
// else use the decremented value from above
$page_links = paginate_links ( array (
'base' => add_query_arg ( 'apage' , '%#%' , $url ),
'format' => '' ,
'prev_text' => __ ( '«' ),
'next_text' => __ ( '»' ),
'total' => ceil ( $total / $per_page ),
'current' => $page
) );
$x = new WP_Ajax_Response ( array (
'what' => 'comment' ,
'id' => $comment_id , // here for completeness - not used
'supplemental' => array (
'pageLinks' => $page_links ,
'total' => $total ,
'time' => $time
)
) );
$x -> send ();
}
2008-02-22 18:43:56 +01:00
$id = isset ( $_POST [ 'id' ]) ? ( int ) $_POST [ 'id' ] : 0 ;
2007-10-10 00:49:42 +02:00
switch ( $action = $_POST [ 'action' ] ) :
2008-12-14 13:13:30 +01:00
case 'delete-comment' : // On success, die with time() instead of 1
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " delete-comment_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! $comment = get_comment ( $id ) )
2008-12-14 13:13:30 +01:00
die ( ( string ) time () );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
if ( isset ( $_POST [ 'spam' ]) && 1 == $_POST [ 'spam' ] ) {
if ( 'spam' == wp_get_comment_status ( $comment -> comment_ID ) )
2008-12-14 13:13:30 +01:00
die ( ( string ) time () );
2007-10-10 00:49:42 +02:00
$r = wp_set_comment_status ( $comment -> comment_ID , 'spam' );
2008-07-09 04:00:21 +02:00
} else {
2007-10-10 00:49:42 +02:00
$r = wp_delete_comment ( $comment -> comment_ID );
2008-07-09 04:00:21 +02:00
}
2008-12-14 13:13:30 +01:00
if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
_wp_ajax_delete_comment_response ( $comment -> comment_ID );
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'delete-cat' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " delete-category_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$cat = get_category ( $id );
if ( ! $cat || is_wp_error ( $cat ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_category ( $id ) )
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
2008-01-25 20:29:01 +01:00
case 'delete-tag' :
check_ajax_referer ( " delete-tag_ $id " );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2009-02-12 01:00:01 +01:00
if ( ! empty ( $_POST [ 'taxonomy' ]) )
$taxonomy = $_POST [ 'taxonomy' ];
else
$taxonomy = 'post_tag' ;
$tag = get_term ( $id , $taxonomy );
2008-07-09 04:00:21 +02:00
if ( ! $tag || is_wp_error ( $tag ) )
die ( '1' );
2009-02-12 01:00:01 +01:00
if ( wp_delete_term ( $id , $taxonomy ))
2008-01-25 20:29:01 +01:00
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2008-01-25 20:29:01 +01:00
break ;
2007-10-31 04:53:32 +01:00
case 'delete-link-cat' :
check_ajax_referer ( " delete-link-category_ $id " );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$cat = get_term ( $id , 'link_category' );
if ( ! $cat || is_wp_error ( $cat ) )
die ( '1' );
2007-10-31 04:53:32 +01:00
$cat_name = get_term_field ( 'name' , $id , 'link_category' );
2009-05-19 20:08:15 +02:00
$default = get_option ( 'default_link_category' );
2007-10-31 04:53:32 +01:00
// Don't delete the default cats.
2009-05-19 20:08:15 +02:00
if ( $id == $default ) {
2007-10-31 04:53:32 +01:00
$x = new WP_AJAX_Response ( array (
'what' => 'link-cat' ,
'id' => $id ,
'data' => new WP_Error ( 'default-link-cat' , sprintf ( __ ( " Can’t delete the <strong>%s</strong> category: this is the default one " ), $cat_name ) )
) );
$x -> send ();
}
2009-05-19 20:08:15 +02:00
$r = wp_delete_term ( $id , 'link_category' , array ( 'default' => $default ));
2007-10-31 04:53:32 +01:00
if ( ! $r )
die ( '0' );
if ( is_wp_error ( $r ) ) {
$x = new WP_AJAX_Response ( array (
'what' => 'link-cat' ,
'id' => $id ,
'data' => $r
) );
$x -> send ();
}
die ( '1' );
break ;
2006-03-29 03:51:55 +02:00
case 'delete-link' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " delete-bookmark_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_links' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$link = get_bookmark ( $id );
if ( ! $link || is_wp_error ( $link ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_link ( $id ) )
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'delete-meta' :
2008-03-22 09:15:48 +01:00
check_ajax_referer ( " delete-meta_ $id " );
2006-03-29 03:51:55 +02:00
if ( ! $meta = get_post_meta_by_id ( $id ) )
2008-07-09 04:00:21 +02:00
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'edit_post' , $meta -> post_id ) )
die ( '-1' );
if ( delete_meta ( $meta -> meta_id ) )
die ( '1' );
die ( '0' );
break ;
case 'delete-post' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " { $action } _ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'delete_post' , $id ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
if ( ! get_post ( $id ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_post ( $id ) )
die ( '1' );
2007-10-10 00:49:42 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'delete-page' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " { $action } _ $id " );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'delete_page' , $id ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
if ( ! get_page ( $id ) )
die ( '1' );
2006-03-29 03:51:55 +02:00
if ( wp_delete_post ( $id ) )
die ( '1' );
2008-07-09 04:00:21 +02:00
else
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
2008-12-14 13:13:30 +01:00
case 'dim-comment' : // On success, die with time() instead of 1
2009-03-02 22:48:37 +01:00
if ( ! $comment = get_comment ( $id ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'comment' ,
'id' => new WP_Error ( 'invalid_comment' , sprintf ( __ ( 'Comment %d does not exist' ), $id ))
) );
$x -> send ();
}
2008-07-09 04:00:21 +02:00
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
if ( ! current_user_can ( 'moderate_comments' ) )
die ( '-1' );
2008-07-09 04:00:21 +02:00
$current = wp_get_comment_status ( $comment -> comment_ID );
if ( $_POST [ 'new' ] == $current )
2008-12-14 13:13:30 +01:00
die ( ( string ) time () );
2008-07-09 04:00:21 +02:00
2008-12-14 13:13:30 +01:00
$r = 0 ;
2008-08-20 23:42:31 +02:00
if ( in_array ( $current , array ( 'unapproved' , 'spam' ) ) ) {
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " approve-comment_ $id " );
2009-03-02 22:48:37 +01:00
$result = wp_set_comment_status ( $comment -> comment_ID , 'approve' , true );
2006-03-29 03:51:55 +02:00
} else {
2007-10-10 00:49:42 +02:00
check_ajax_referer ( " unapprove-comment_ $id " );
2009-03-02 22:48:37 +01:00
$result = wp_set_comment_status ( $comment -> comment_ID , 'hold' , true );
2006-03-29 03:51:55 +02:00
}
2009-03-02 22:48:37 +01:00
if ( is_wp_error ( $result ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'comment' ,
'id' => $result
) );
$x -> send ();
}
// Decide if we need to send back '1' or a more complicated response including page links and comment counts
_wp_ajax_delete_comment_response ( $comment -> comment_ID );
2008-12-14 13:13:30 +01:00
die ( '0' );
2006-03-29 03:51:55 +02:00
break ;
case 'add-category' : // On the Fly
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
$names = explode ( ',' , $_POST [ 'newcat' ]);
2008-01-10 10:39:35 +01:00
if ( 0 > $parent = ( int ) $_POST [ 'newcat_parent' ] )
$parent = 0 ;
2008-02-22 18:43:56 +01:00
$post_category = isset ( $_POST [ 'post_category' ]) ? ( array ) $_POST [ 'post_category' ] : array ();
$checked_categories = array_map ( 'absint' , ( array ) $post_category );
2008-05-19 23:35:18 +02:00
$popular_ids = isset ( $_POST [ 'popular_ids' ] ) ?
array_map ( 'absint' , explode ( ',' , $_POST [ 'popular_ids' ] ) ) :
false ;
2008-01-10 10:39:35 +01:00
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ();
2006-03-29 03:51:55 +02:00
foreach ( $names as $cat_name ) {
$cat_name = trim ( $cat_name );
2007-11-01 07:23:16 +01:00
$category_nicename = sanitize_title ( $cat_name );
if ( '' === $category_nicename )
continue ;
2008-01-10 10:39:35 +01:00
$cat_id = wp_create_category ( $cat_name , $parent );
$checked_categories [] = $cat_id ;
if ( $parent ) // Do these all at once in a second
continue ;
$category = get_category ( $cat_id );
ob_start ();
2008-05-19 23:35:18 +02:00
wp_category_checklist ( 0 , $cat_id , $checked_categories , $popular_ids );
2008-01-10 10:39:35 +01:00
$data = ob_get_contents ();
ob_end_clean ();
2006-09-13 23:39:53 +02:00
$x -> add ( array (
'what' => 'category' ,
'id' => $cat_id ,
2008-01-10 10:39:35 +01:00
'data' => $data ,
'position' => - 1
) );
}
if ( $parent ) { // Foncy - replace the parent and all its children
$parent = get_category ( $parent );
ob_start ();
dropdown_categories ( 0 , $parent );
$data = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'category' ,
'id' => $parent -> term_id ,
'old_id' => $parent -> term_id ,
'data' => $data ,
2007-10-10 00:49:42 +02:00
'position' => - 1
2006-09-13 23:39:53 +02:00
) );
2008-01-10 10:39:35 +01:00
2006-03-29 03:51:55 +02:00
}
2006-09-13 23:39:53 +02:00
$x -> send ();
2006-03-29 03:51:55 +02:00
break ;
2007-06-02 04:53:09 +02:00
case 'add-link-category' : // On the Fly
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2007-06-02 04:53:09 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
$names = explode ( ',' , $_POST [ 'newcat' ]);
$x = new WP_Ajax_Response ();
foreach ( $names as $cat_name ) {
$cat_name = trim ( $cat_name );
2007-11-01 07:23:16 +01:00
$slug = sanitize_title ( $cat_name );
if ( '' === $slug )
continue ;
2007-06-05 07:08:27 +02:00
if ( ! $cat_id = is_term ( $cat_name , 'link_category' ) ) {
2007-06-02 04:53:09 +02:00
$cat_id = wp_insert_term ( $cat_name , 'link_category' );
}
2007-10-10 00:49:42 +02:00
$cat_id = $cat_id [ 'term_id' ];
2009-05-18 17:11:07 +02:00
$cat_name = esc_html ( stripslashes ( $cat_name ));
2007-06-02 04:53:09 +02:00
$x -> add ( array (
'what' => 'link-category' ,
'id' => $cat_id ,
2009-05-05 21:43:53 +02:00
'data' => " <li id='link-category- $cat_id '><label for='in-link-category- $cat_id ' class='selectit'><input value=' " . esc_attr ( $cat_id ) . " ' type='checkbox' checked='checked' name='link_category[]' id='in-link-category- $cat_id '/> $cat_name </label></li> " ,
2007-10-10 00:49:42 +02:00
'position' => - 1
2007-06-02 04:53:09 +02:00
) );
}
$x -> send ();
break ;
2006-03-29 03:51:55 +02:00
case 'add-cat' : // From Manage->Categories
2007-10-10 00:49:42 +02:00
check_ajax_referer ( 'add-category' );
2006-03-29 03:51:55 +02:00
if ( ! current_user_can ( 'manage_categories' ) )
2006-11-19 08:56:05 +01:00
die ( '-1' );
2007-11-01 07:23:16 +01:00
if ( '' === trim ( $_POST [ 'cat_name' ]) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
'id' => new WP_Error ( 'cat_name' , __ ( 'You did not enter a category name.' ) )
) );
$x -> send ();
}
2009-04-10 22:58:25 +02:00
if ( category_exists ( trim ( $_POST [ 'cat_name' ] ), $_POST [ 'category_parent' ] ) ) {
2008-03-16 21:37:02 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
'id' => new WP_Error ( 'cat_exists' , __ ( 'The category you are trying to create already exists.' ), array ( 'form-field' => 'cat_name' ) ),
) );
$x -> send ();
}
2008-08-09 07:36:14 +02:00
2007-11-12 20:12:49 +01:00
$cat = wp_insert_category ( $_POST , true );
if ( is_wp_error ( $cat ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
'id' => $cat
) );
$x -> send ();
}
if ( ! $cat || ( ! $cat = get_category ( $cat )) )
2006-03-29 03:51:55 +02:00
die ( '0' );
2007-11-12 20:12:49 +01:00
2006-07-25 08:36:10 +02:00
$level = 0 ;
2007-10-10 00:49:42 +02:00
$cat_full_name = $cat -> name ;
2006-03-29 03:51:55 +02:00
$_cat = $cat ;
2007-10-10 00:49:42 +02:00
while ( $_cat -> parent ) {
$_cat = get_category ( $_cat -> parent );
$cat_full_name = $_cat -> name . ' — ' . $cat_full_name ;
2006-07-25 08:36:10 +02:00
$level ++ ;
2006-03-29 03:51:55 +02:00
}
2009-05-05 21:43:53 +02:00
$cat_full_name = esc_attr ( $cat_full_name );
2006-03-29 03:51:55 +02:00
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ( array (
'what' => 'cat' ,
2007-10-10 00:49:42 +02:00
'id' => $cat -> term_id ,
2008-10-26 10:08:52 +01:00
'position' => - 1 ,
2006-09-13 23:39:53 +02:00
'data' => _cat_row ( $cat , $level , $cat_full_name ),
2007-10-10 00:49:42 +02:00
'supplemental' => array ( 'name' => $cat_full_name , 'show-link' => sprintf ( __ ( 'Category <a href="#%s">%s</a> added' ), " cat- $cat->term_id " , $cat_full_name ))
2006-09-13 23:39:53 +02:00
) );
$x -> send ();
2006-03-29 03:51:55 +02:00
break ;
2007-10-31 04:53:32 +01:00
case 'add-link-cat' : // From Blogroll -> Categories
check_ajax_referer ( 'add-link-category' );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
2007-11-01 07:23:16 +01:00
if ( '' === trim ( $_POST [ 'name' ]) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'link-cat' ,
'id' => new WP_Error ( 'name' , __ ( 'You did not enter a category name.' ) )
) );
$x -> send ();
}
2007-10-31 04:53:32 +01:00
$r = wp_insert_term ( $_POST [ 'name' ], 'link_category' , $_POST );
if ( is_wp_error ( $r ) ) {
$x = new WP_AJAX_Response ( array (
'what' => 'link-cat' ,
'id' => $r
) );
$x -> send ();
}
extract ( $r , EXTR_SKIP );
if ( ! $link_cat = link_cat_row ( $term_id ) )
die ( '0' );
2008-02-05 07:47:27 +01:00
2007-10-31 04:53:32 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'link-cat' ,
'id' => $term_id ,
2008-10-26 10:08:52 +01:00
'position' => - 1 ,
2007-10-31 04:53:32 +01:00
'data' => $link_cat
) );
$x -> send ();
break ;
2008-01-25 20:29:01 +01:00
case 'add-tag' : // From Manage->Tags
check_ajax_referer ( 'add-tag' );
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
if ( '' === trim ( $_POST [ 'name' ]) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'tag' ,
'id' => new WP_Error ( 'name' , __ ( 'You did not enter a tag name.' ) )
) );
$x -> send ();
}
2009-02-12 01:00:01 +01:00
if ( ! empty ( $_POST [ 'taxonomy' ]) )
$taxonomy = $_POST [ 'taxonomy' ];
else
$taxonomy = 'post_tag' ;
$tag = wp_insert_term ( $_POST [ 'name' ], $taxonomy , $_POST );
2008-01-25 20:29:01 +01:00
if ( is_wp_error ( $tag ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'tag' ,
'id' => $tag
) );
$x -> send ();
}
2009-02-12 01:00:01 +01:00
if ( ! $tag || ( ! $tag = get_term ( $tag [ 'term_id' ], $taxonomy )) )
2008-01-25 20:29:01 +01:00
die ( '0' );
$tag_full_name = $tag -> name ;
2009-05-05 21:43:53 +02:00
$tag_full_name = esc_attr ( $tag_full_name );
2008-01-25 20:29:01 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'tag' ,
'id' => $tag -> term_id ,
2008-10-25 22:55:40 +02:00
'position' => '-1' ,
2008-01-25 20:29:01 +01:00
'data' => _tag_row ( $tag ),
'supplemental' => array ( 'name' => $tag_full_name , 'show-link' => sprintf ( __ ( 'Tag <a href="#%s">%s</a> added' ), " tag- $tag->term_id " , $tag_full_name ))
) );
$x -> send ();
break ;
2008-11-05 00:15:59 +01:00
case 'get-tagcloud' :
2009-03-28 09:21:43 +01:00
if ( ! current_user_can ( 'edit_posts' ) )
2008-11-05 00:15:59 +01:00
die ( '-1' );
2008-12-18 20:12:26 +01:00
if ( isset ( $_POST [ 'tax' ]) )
$taxonomy = sanitize_title ( $_POST [ 'tax' ]);
else
die ( '0' );
2009-02-01 10:45:24 +01:00
2008-12-18 20:12:26 +01:00
$tags = get_terms ( $taxonomy , array ( 'number' => 45 , 'orderby' => 'count' , 'order' => 'DESC' ) );
2008-12-09 19:03:31 +01:00
2008-11-05 00:15:59 +01:00
if ( empty ( $tags ) )
2008-12-09 13:24:14 +01:00
die ( __ ( 'No tags found!' ) );
2008-12-09 19:03:31 +01:00
2008-12-30 19:04:52 +01:00
if ( is_wp_error ( $tags ) )
die ( $tags -> get_error_message ());
2008-11-05 00:15:59 +01:00
foreach ( $tags as $key => $tag ) {
$tags [ $key ] -> link = '#' ;
$tags [ $key ] -> id = $tag -> term_id ;
}
2009-05-02 20:43:04 +02:00
// We need raw tag names here, so don't filter the output
$return = wp_generate_tag_cloud ( $tags , array ( 'filter' => 0 ) );
2008-11-05 00:15:59 +01:00
if ( empty ( $return ) )
die ( '0' );
2008-12-09 19:03:31 +01:00
2008-11-05 00:15:59 +01:00
echo $return ;
2008-12-09 19:03:31 +01:00
2008-11-05 00:15:59 +01:00
exit ;
break ;
2007-03-27 23:20:16 +02:00
case 'add-comment' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2007-03-27 23:20:16 +02:00
if ( ! current_user_can ( 'edit_post' , $id ) )
die ( '-1' );
$search = isset ( $_POST [ 's' ]) ? $_POST [ 's' ] : false ;
2007-10-10 00:49:42 +02:00
$start = isset ( $_POST [ 'page' ]) ? intval ( $_POST [ 'page' ]) * 25 - 1 : 24 ;
2008-02-28 07:50:25 +01:00
$status = isset ( $_POST [ 'comment_status' ]) ? $_POST [ 'comment_status' ] : false ;
$mode = isset ( $_POST [ 'mode' ]) ? $_POST [ 'mode' ] : 'detail' ;
2008-12-07 08:31:27 +01:00
$p = isset ( $_POST [ 'p' ]) ? $_POST [ 'p' ] : 0 ;
$comment_type = isset ( $_POST [ 'comment_type' ]) ? $_POST [ 'comment_type' ] : '' ;
list ( $comments , $total ) = _wp_get_comment_list ( $status , $search , $start , 1 , $p , $comment_type );
2007-03-27 23:20:16 +02:00
2008-07-30 00:14:53 +02:00
if ( get_option ( 'show_avatars' ) )
add_filter ( 'comment_author' , 'floated_admin_avatar' );
2007-03-27 23:20:16 +02:00
if ( ! $comments )
die ( '1' );
$x = new WP_Ajax_Response ();
foreach ( ( array ) $comments as $comment ) {
get_comment ( $comment );
ob_start ();
2008-11-25 03:41:54 +01:00
_wp_comment_row ( $comment -> comment_ID , $mode , $status , true , true );
2007-03-27 23:20:16 +02:00
$comment_list_item = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'comment' ,
'id' => $comment -> comment_ID ,
'data' => $comment_list_item
) );
}
2008-08-24 08:56:22 +02:00
$x -> send ();
break ;
2008-10-17 11:44:22 +02:00
case 'get-comments' :
check_ajax_referer ( $action );
$post_ID = ( int ) $_POST [ 'post_ID' ];
if ( ! current_user_can ( 'edit_post' , $post_ID ) )
die ( '-1' );
$start = isset ( $_POST [ 'start' ]) ? intval ( $_POST [ 'start' ]) : 0 ;
$num = isset ( $_POST [ 'num' ]) ? intval ( $_POST [ 'num' ]) : 10 ;
list ( $comments , $total ) = _wp_get_comment_list ( false , false , $start , $num , $post_ID );
if ( ! $comments )
die ( '1' );
$comment_list_item = '' ;
$x = new WP_Ajax_Response ();
foreach ( ( array ) $comments as $comment ) {
get_comment ( $comment );
ob_start ();
_wp_comment_row ( $comment -> comment_ID , 'single' , false , false );
$comment_list_item .= ob_get_contents ();
ob_end_clean ();
}
$x -> add ( array (
'what' => 'comments' ,
'data' => $comment_list_item
) );
$x -> send ();
break ;
2008-08-24 08:56:22 +02:00
case 'replyto-comment' :
check_ajax_referer ( $action );
$comment_post_ID = ( int ) $_POST [ 'comment_post_ID' ];
if ( ! current_user_can ( 'edit_post' , $comment_post_ID ) )
die ( '-1' );
$status = $wpdb -> get_var ( $wpdb -> prepare ( " SELECT post_status FROM $wpdb->posts WHERE ID = %d " , $comment_post_ID ) );
if ( empty ( $status ) )
die ( '1' );
2008-11-06 03:05:59 +01:00
elseif ( in_array ( $status , array ( 'draft' , 'pending' ) ) )
die ( __ ( 'Error: you are replying to a comment on a draft post.' ) );
2008-08-24 08:56:22 +02:00
$user = wp_get_current_user ();
if ( $user -> ID ) {
$comment_author = $wpdb -> escape ( $user -> display_name );
$comment_author_email = $wpdb -> escape ( $user -> user_email );
$comment_author_url = $wpdb -> escape ( $user -> user_url );
2008-10-08 03:18:16 +02:00
$comment_content = trim ( $_POST [ 'content' ]);
2008-08-24 08:56:22 +02:00
if ( current_user_can ( 'unfiltered_html' ) ) {
if ( wp_create_nonce ( 'unfiltered-html-comment_' . $comment_post_ID ) != $_POST [ '_wp_unfiltered_html_comment' ] ) {
kses_remove_filters (); // start with a clean slate
kses_init_filters (); // set up the filters
}
}
} else {
die ( __ ( 'Sorry, you must be logged in to reply to a comment.' ) );
}
if ( '' == $comment_content )
die ( __ ( 'Error: please type a comment.' ) );
$comment_parent = absint ( $_POST [ 'comment_ID' ]);
$commentdata = compact ( 'comment_post_ID' , 'comment_author' , 'comment_author_email' , 'comment_author_url' , 'comment_content' , 'comment_type' , 'comment_parent' , 'user_ID' );
$comment_id = wp_new_comment ( $commentdata );
$comment = get_comment ( $comment_id );
if ( ! $comment ) die ( '1' );
2008-10-09 01:32:34 +02:00
$modes = array ( 'single' , 'detail' , 'dashboard' );
$mode = isset ( $_POST [ 'mode' ]) && in_array ( $_POST [ 'mode' ], $modes ) ? $_POST [ 'mode' ] : 'detail' ;
2008-08-24 08:56:22 +02:00
$position = ( isset ( $_POST [ 'position' ]) && ( int ) $_POST [ 'position' ]) ? ( int ) $_POST [ 'position' ] : '-1' ;
$checkbox = ( isset ( $_POST [ 'checkbox' ]) && true == $_POST [ 'checkbox' ] ) ? 1 : 0 ;
if ( get_option ( 'show_avatars' ) && 'single' != $mode )
add_filter ( 'comment_author' , 'floated_admin_avatar' );
$x = new WP_Ajax_Response ();
ob_start ();
2008-10-09 01:32:34 +02:00
if ( 'dashboard' == $mode ) {
require_once ( ABSPATH . 'wp-admin/includes/dashboard.php' );
_wp_dashboard_recent_comments_row ( $comment , false );
} else {
_wp_comment_row ( $comment -> comment_ID , $mode , false , $checkbox );
}
2008-08-24 08:56:22 +02:00
$comment_list_item = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'comment' ,
'id' => $comment -> comment_ID ,
'data' => $comment_list_item ,
'position' => $position
));
2008-10-08 03:18:16 +02:00
$x -> send ();
break ;
case 'edit-comment' :
check_ajax_referer ( 'replyto-comment' );
$comment_post_ID = ( int ) $_POST [ 'comment_post_ID' ];
if ( ! current_user_can ( 'edit_post' , $comment_post_ID ) )
die ( '-1' );
if ( '' == $_POST [ 'content' ] )
die ( __ ( 'Error: please type a comment.' ) );
$comment_id = ( int ) $_POST [ 'comment_ID' ];
$_POST [ 'comment_status' ] = $_POST [ 'status' ];
edit_comment ();
$mode = ( isset ( $_POST [ 'mode' ]) && 'single' == $_POST [ 'mode' ] ) ? 'single' : 'detail' ;
$position = ( isset ( $_POST [ 'position' ]) && ( int ) $_POST [ 'position' ]) ? ( int ) $_POST [ 'position' ] : '-1' ;
$checkbox = ( isset ( $_POST [ 'checkbox' ]) && true == $_POST [ 'checkbox' ] ) ? 1 : 0 ;
2009-01-13 02:31:19 +01:00
$comments_listing = isset ( $_POST [ 'comments_listing' ]) ? $_POST [ 'comments_listing' ] : '' ;
2008-10-08 03:18:16 +02:00
if ( get_option ( 'show_avatars' ) && 'single' != $mode )
add_filter ( 'comment_author' , 'floated_admin_avatar' );
$x = new WP_Ajax_Response ();
ob_start ();
2009-01-13 02:31:19 +01:00
_wp_comment_row ( $comment_id , $mode , $comments_listing , $checkbox );
2008-10-08 03:18:16 +02:00
$comment_list_item = ob_get_contents ();
ob_end_clean ();
$x -> add ( array (
'what' => 'edit_comment' ,
'id' => $comment -> comment_ID ,
'data' => $comment_list_item ,
'position' => $position
));
2007-03-27 23:20:16 +02:00
$x -> send ();
break ;
2006-03-29 03:51:55 +02:00
case 'add-meta' :
2008-03-22 09:15:48 +01:00
check_ajax_referer ( 'add-meta' );
2007-10-10 00:49:42 +02:00
$c = 0 ;
$pid = ( int ) $_POST [ 'post_id' ];
2008-03-25 02:42:38 +01:00
if ( isset ( $_POST [ 'metakeyselect' ]) || isset ( $_POST [ 'metakeyinput' ]) ) {
2007-10-10 00:49:42 +02:00
if ( ! current_user_can ( 'edit_post' , $pid ) )
die ( '-1' );
2009-04-16 23:55:35 +02:00
if ( isset ( $_POST [ 'metakeyselect' ]) && '#NONE#' == $_POST [ 'metakeyselect' ] && empty ( $_POST [ 'metakeyinput' ]) )
2007-11-01 07:23:16 +01:00
die ( '1' );
2007-10-10 00:49:42 +02:00
if ( $pid < 0 ) {
$now = current_time ( 'timestamp' , 1 );
if ( $pid = wp_insert_post ( array (
'post_title' => sprintf ( 'Draft created on %s at %s' , date ( get_option ( 'date_format' ), $now ), date ( get_option ( 'time_format' ), $now ))
) ) ) {
if ( is_wp_error ( $pid ) ) {
$x = new WP_Ajax_Response ( array (
'what' => 'meta' ,
'data' => $pid
) );
$x -> send ();
}
2009-04-20 12:58:50 +02:00
if ( ! $mid = add_meta ( $pid ) )
2009-04-16 23:55:35 +02:00
die ( __ ( 'Please provide a custom field value.' ));
2007-10-10 00:49:42 +02:00
} else {
die ( '0' );
}
} else if ( ! $mid = add_meta ( $pid ) ) {
2009-04-16 23:55:35 +02:00
die ( __ ( 'Please provide a custom field value.' ));
2007-10-10 00:49:42 +02:00
}
2006-09-02 19:03:57 +02:00
2007-10-10 00:49:42 +02:00
$meta = get_post_meta_by_id ( $mid );
$pid = ( int ) $meta -> post_id ;
$meta = get_object_vars ( $meta );
$x = new WP_Ajax_Response ( array (
'what' => 'meta' ,
'id' => $mid ,
'data' => _list_meta_row ( $meta , $c ),
'position' => 1 ,
'supplemental' => array ( 'postid' => $pid )
) );
} else {
$mid = ( int ) array_pop ( array_keys ( $_POST [ 'meta' ]));
$key = $_POST [ 'meta' ][ $mid ][ 'key' ];
$value = $_POST [ 'meta' ][ $mid ][ 'value' ];
if ( ! $meta = get_post_meta_by_id ( $mid ) )
die ( '0' ); // if meta doesn't exist
if ( ! current_user_can ( 'edit_post' , $meta -> post_id ) )
die ( '-1' );
if ( ! $u = update_meta ( $mid , $key , $value ) )
2009-04-16 23:55:35 +02:00
die ( '0' ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
2009-04-20 12:58:50 +02:00
2006-03-29 03:51:55 +02:00
$key = stripslashes ( $key );
$value = stripslashes ( $value );
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ( array (
'what' => 'meta' ,
2007-10-10 00:49:42 +02:00
'id' => $mid , 'old_id' => $mid ,
'data' => _list_meta_row ( array (
'meta_key' => $key ,
'meta_value' => $value ,
'meta_id' => $mid
), $c ),
'position' => 0 ,
2006-09-13 23:39:53 +02:00
'supplemental' => array ( 'postid' => $meta -> post_id )
) );
2006-03-29 03:51:55 +02:00
}
2007-10-10 00:49:42 +02:00
$x -> send ();
2006-03-29 03:51:55 +02:00
break ;
2006-04-02 02:31:26 +02:00
case 'add-user' :
2007-10-10 00:49:42 +02:00
check_ajax_referer ( $action );
2008-04-14 18:57:29 +02:00
if ( ! current_user_can ( 'create_users' ) )
2006-04-02 02:31:26 +02:00
die ( '-1' );
2006-06-11 19:55:18 +02:00
require_once ( ABSPATH . WPINC . '/registration.php' );
2007-03-23 03:05:29 +01:00
if ( ! $user_id = add_user () )
2006-04-02 02:31:26 +02:00
die ( '0' );
2006-09-13 23:39:53 +02:00
elseif ( is_wp_error ( $user_id ) ) {
2007-11-01 07:23:16 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'user' ,
'id' => $user_id
) );
$x -> send ();
2006-04-02 02:31:26 +02:00
}
2006-12-02 00:00:04 +01:00
$user_object = new WP_User ( $user_id );
2007-10-10 00:49:42 +02:00
2006-09-13 23:39:53 +02:00
$x = new WP_Ajax_Response ( array (
'what' => 'user' ,
'id' => $user_id ,
2008-01-07 21:38:49 +01:00
'data' => user_row ( $user_object , '' , $user_object -> roles [ 0 ] ),
2007-10-10 00:49:42 +02:00
'supplemental' => array (
'show-link' => sprintf ( __ ( 'User <a href="#%s">%s</a> added' ), " user- $user_id " , $user_object -> user_login ),
'role' => $user_object -> roles [ 0 ]
)
2006-09-13 23:39:53 +02:00
) );
$x -> send ();
2006-04-02 02:31:26 +02:00
break ;
2007-01-18 04:32:54 +01:00
case 'autosave' : // The name of this action is hardcoded in edit_post()
2008-04-19 01:38:21 +02:00
define ( 'DOING_AUTOSAVE' , true );
2008-05-08 19:25:07 +02:00
$nonce_age = check_ajax_referer ( 'autosave' , 'autosavenonce' );
2008-02-29 10:51:36 +01:00
global $current_user ;
2006-08-11 05:54:45 +02:00
$_POST [ 'post_category' ] = explode ( " , " , $_POST [ 'catslist' ]);
if ( $_POST [ 'post_type' ] == 'page' || empty ( $_POST [ 'post_category' ]))
2007-02-27 16:24:54 +01:00
unset ( $_POST [ 'post_category' ]);
2008-02-29 10:51:36 +01:00
$do_autosave = ( bool ) $_POST [ 'autosave' ];
$do_lock = true ;
2008-03-03 21:58:06 +01:00
$data = '' ;
2009-03-13 04:53:39 +01:00
/* translators: draft saved date format, see http://php.net/date */
$draft_saved_date_format = __ ( 'g:i:s a' );
$message = sprintf ( __ ( 'Draft Saved at %s.' ), date_i18n ( $draft_saved_date_format ) );
2008-02-29 10:51:36 +01:00
$supplemental = array ();
2008-05-08 19:25:07 +02:00
$id = $revision_id = 0 ;
2006-08-11 05:54:45 +02:00
if ( $_POST [ 'post_ID' ] < 0 ) {
2008-05-08 19:25:07 +02:00
$_POST [ 'post_status' ] = 'draft' ;
2006-08-11 05:54:45 +02:00
$_POST [ 'temp_ID' ] = $_POST [ 'post_ID' ];
2008-03-03 21:58:06 +01:00
if ( $do_autosave ) {
2008-02-29 10:51:36 +01:00
$id = wp_write_post ();
2008-03-03 21:58:06 +01:00
$data = $message ;
}
2006-08-11 05:54:45 +02:00
} else {
$post_ID = ( int ) $_POST [ 'post_ID' ];
$_POST [ 'ID' ] = $post_ID ;
$post = get_post ( $post_ID );
2008-02-29 10:51:36 +01:00
if ( $last = wp_check_post_lock ( $post -> ID ) ) {
$do_autosave = $do_lock = false ;
$last_user = get_userdata ( $last );
$last_user_name = $last_user ? $last_user -> display_name : __ ( 'Someone' );
$data = new WP_Error ( 'locked' , sprintf (
$_POST [ 'post_type' ] == 'page' ? __ ( 'Autosave disabled: %s is currently editing this page.' ) : __ ( 'Autosave disabled: %s is currently editing this post.' ),
2009-05-18 17:11:07 +02:00
esc_html ( $last_user_name )
2008-02-29 10:51:36 +01:00
) );
$supplemental [ 'disable_autosave' ] = 'disable' ;
}
2006-08-11 05:54:45 +02:00
if ( 'page' == $post -> post_type ) {
if ( ! current_user_can ( 'edit_page' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this page.' ));
} else {
if ( ! current_user_can ( 'edit_post' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this post.' ));
}
2008-05-08 19:25:07 +02:00
2008-03-03 21:58:06 +01:00
if ( $do_autosave ) {
2008-05-08 19:25:07 +02:00
// Drafts are just overwritten by autosave
if ( 'draft' == $post -> post_status ) {
$id = edit_post ();
} else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
2008-05-30 00:21:36 +02:00
$revision_id = wp_create_post_autosave ( $post -> ID );
2008-05-08 19:25:07 +02:00
if ( is_wp_error ( $revision_id ) )
$id = $revision_id ;
else
$id = $post -> ID ;
}
2008-03-03 21:58:06 +01:00
$data = $message ;
} else {
2008-02-29 10:51:36 +01:00
$id = $post -> ID ;
2008-03-03 21:58:06 +01:00
}
2006-08-11 05:54:45 +02:00
}
2008-02-29 10:51:36 +01:00
if ( $do_lock && $id && is_numeric ( $id ) )
wp_set_post_lock ( $id );
2008-03-18 05:59:54 +01:00
if ( $nonce_age == 2 ) {
2008-03-18 03:43:20 +01:00
$supplemental [ 'replace-autosavenonce' ] = wp_create_nonce ( 'autosave' );
2008-03-18 05:59:54 +01:00
$supplemental [ 'replace-getpermalinknonce' ] = wp_create_nonce ( 'getpermalink' );
$supplemental [ 'replace-samplepermalinknonce' ] = wp_create_nonce ( 'samplepermalink' );
$supplemental [ 'replace-closedpostboxesnonce' ] = wp_create_nonce ( 'closedpostboxes' );
if ( $id ) {
if ( $_POST [ 'post_type' ] == 'post' )
$supplemental [ 'replace-_wpnonce' ] = wp_create_nonce ( 'update-post_' . $id );
elseif ( $_POST [ 'post_type' ] == 'page' )
$supplemental [ 'replace-_wpnonce' ] = wp_create_nonce ( 'update-page_' . $id );
}
}
2008-03-18 03:43:20 +01:00
2008-02-29 10:51:36 +01:00
$x = new WP_Ajax_Response ( array (
'what' => 'autosave' ,
'id' => $id ,
'data' => $id ? $data : '' ,
'supplemental' => $supplemental
) );
$x -> send ();
break ;
2006-08-11 20:50:28 +02:00
case 'autosave-generate-nonces' :
2008-02-06 22:19:47 +01:00
check_ajax_referer ( 'autosave' , 'autosavenonce' );
2006-08-11 20:50:28 +02:00
$ID = ( int ) $_POST [ 'post_ID' ];
if ( $_POST [ 'post_type' ] == 'post' ) {
if ( current_user_can ( 'edit_post' , $ID ))
die ( wp_create_nonce ( 'update-post_' . $ID ));
}
if ( $_POST [ 'post_type' ] == 'page' ) {
if ( current_user_can ( 'edit_page' , $ID )) {
die ( wp_create_nonce ( 'update-page_' . $ID ));
}
}
2007-08-23 17:53:25 +02:00
die ( '0' );
2006-08-11 20:50:28 +02:00
break ;
2008-01-09 18:46:13 +01:00
case 'closed-postboxes' :
2008-02-08 20:57:50 +01:00
check_ajax_referer ( 'closedpostboxes' , 'closedpostboxesnonce' );
2009-02-24 03:37:22 +01:00
$closed = isset ( $_POST [ 'closed' ] ) ? $_POST [ 'closed' ] : '' ;
2008-02-08 20:57:50 +01:00
$closed = explode ( ',' , $_POST [ 'closed' ] );
2009-02-24 03:37:22 +01:00
$hidden = isset ( $_POST [ 'hidden' ] ) ? $_POST [ 'hidden' ] : '' ;
2008-08-22 20:58:42 +02:00
$hidden = explode ( ',' , $_POST [ 'hidden' ] );
2009-02-24 03:37:22 +01:00
$page = isset ( $_POST [ 'page' ] ) ? $_POST [ 'page' ] : '' ;
if ( ! preg_match ( '/^[a-z_-]+$/' , $page ) )
2009-04-27 20:36:27 +02:00
die ( '-1' );
2009-02-24 03:37:22 +01:00
if ( ! $user = wp_get_current_user () )
2009-04-27 20:36:27 +02:00
die ( '-1' );
2009-02-24 03:37:22 +01:00
2008-08-22 20:58:42 +02:00
if ( is_array ( $closed ) )
2009-02-24 03:37:22 +01:00
update_usermeta ( $user -> ID , 'closedpostboxes_' . $page , $closed );
2009-04-13 05:39:46 +02:00
if ( is_array ( $hidden ) ) {
$hidden = array_diff ( $hidden , array ( 'submitdiv' , 'pagesubmitdiv' , 'linksubmitdiv' ) ); // postboxes that are always shown
2009-02-24 03:37:22 +01:00
update_usermeta ( $user -> ID , 'meta-box-hidden_' . $page , $hidden );
2009-04-13 05:39:46 +02:00
}
2009-02-24 03:37:22 +01:00
die ( '1' );
break ;
2008-09-11 03:46:30 +02:00
case 'hidden-columns' :
2009-04-05 10:25:10 +02:00
check_ajax_referer ( 'screen-options-nonce' , 'screenoptionnonce' );
2009-02-24 03:37:22 +01:00
$hidden = isset ( $_POST [ 'hidden' ] ) ? $_POST [ 'hidden' ] : '' ;
2008-09-11 03:46:30 +02:00
$hidden = explode ( ',' , $_POST [ 'hidden' ] );
2009-02-24 03:37:22 +01:00
$page = isset ( $_POST [ 'page' ] ) ? $_POST [ 'page' ] : '' ;
if ( ! preg_match ( '/^[a-z_-]+$/' , $page ) )
2009-04-27 20:36:27 +02:00
die ( '-1' );
2009-02-24 03:37:22 +01:00
if ( ! $user = wp_get_current_user () )
2009-04-27 20:36:27 +02:00
die ( '-1' );
2009-02-24 03:37:22 +01:00
2008-09-11 03:46:30 +02:00
if ( is_array ( $hidden ) )
2009-02-24 03:37:22 +01:00
update_usermeta ( $user -> ID , " manage- $page -columns-hidden " , $hidden );
die ( '1' );
break ;
case 'meta-box-order' :
check_ajax_referer ( 'meta-box-order' );
$order = isset ( $_POST [ 'order' ] ) ? ( array ) $_POST [ 'order' ] : false ;
$page_columns = isset ( $_POST [ 'page_columns' ] ) ? ( int ) $_POST [ 'page_columns' ] : 0 ;
$page = isset ( $_POST [ 'page' ] ) ? $_POST [ 'page' ] : '' ;
if ( ! preg_match ( '/^[a-z_-]+$/' , $page ) )
2009-04-27 20:36:27 +02:00
die ( '-1' );
2009-02-24 03:37:22 +01:00
if ( ! $user = wp_get_current_user () )
2009-04-27 20:36:27 +02:00
die ( '-1' );
2009-02-24 03:37:22 +01:00
if ( $order )
update_user_option ( $user -> ID , " meta-box-order_ $page " , $order );
if ( $page_columns )
update_usermeta ( $user -> ID , " screen_layout_ $page " , $page_columns );
die ( '1' );
break ;
2008-02-21 07:19:46 +01:00
case 'get-permalink' :
check_ajax_referer ( 'getpermalink' , 'getpermalinknonce' );
$post_id = isset ( $_POST [ 'post_id' ]) ? intval ( $_POST [ 'post_id' ]) : 0 ;
2008-02-21 18:08:06 +01:00
die ( add_query_arg ( array ( 'preview' => 'true' ), get_permalink ( $post_id )));
2008-02-21 07:19:46 +01:00
break ;
2008-01-17 17:51:32 +01:00
case 'sample-permalink' :
2008-02-11 18:40:16 +01:00
check_ajax_referer ( 'samplepermalink' , 'samplepermalinknonce' );
2008-01-17 17:51:32 +01:00
$post_id = isset ( $_POST [ 'post_id' ]) ? intval ( $_POST [ 'post_id' ]) : 0 ;
2008-03-05 23:09:28 +01:00
$title = isset ( $_POST [ 'new_title' ]) ? $_POST [ 'new_title' ] : '' ;
$slug = isset ( $_POST [ 'new_slug' ]) ? $_POST [ 'new_slug' ] : '' ;
die ( get_sample_permalink_html ( $post_id , $title , $slug ));
2008-01-17 17:51:32 +01:00
break ;
2008-09-11 00:47:03 +02:00
case 'inline-save' :
2008-09-21 21:45:45 +02:00
check_ajax_referer ( 'inlineeditnonce' , '_inline_edit' );
2008-10-05 06:43:52 +02:00
if ( ! isset ( $_POST [ 'post_ID' ]) || ! ( $post_ID = ( int ) $_POST [ 'post_ID' ] ) )
2008-09-17 13:32:33 +02:00
exit ;
2008-09-25 15:42:34 +02:00
2008-10-05 06:43:52 +02:00
if ( 'page' == $_POST [ 'post_type' ] ) {
if ( ! current_user_can ( 'edit_page' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this page.' ) );
} else {
if ( ! current_user_can ( 'edit_post' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this post.' ) );
}
if ( $last = wp_check_post_lock ( $post_ID ) ) {
2008-09-25 15:42:34 +02:00
$last_user = get_userdata ( $last );
$last_user_name = $last_user ? $last_user -> display_name : __ ( 'Someone' );
2009-05-18 17:11:07 +02:00
printf ( $_POST [ 'post_type' ] == 'page' ? __ ( 'Saving is disabled: %s is currently editing this page.' ) : __ ( 'Saving is disabled: %s is currently editing this post.' ), esc_html ( $last_user_name ) );
2008-09-25 15:42:34 +02:00
exit ;
}
2008-10-05 06:43:52 +02:00
$data = & $_POST ;
2009-05-15 22:05:52 +02:00
2008-10-05 06:43:52 +02:00
$post = get_post ( $post_ID , ARRAY_A );
2009-05-15 22:05:52 +02:00
$post = add_magic_quotes ( $post ); //since it is from db
2008-10-05 06:43:52 +02:00
$data [ 'content' ] = $post [ 'post_content' ];
$data [ 'excerpt' ] = $post [ 'post_excerpt' ];
// rename
$data [ 'user_ID' ] = $GLOBALS [ 'user_ID' ];
2008-11-15 13:04:38 +01:00
if ( isset ( $data [ 'post_parent' ]) )
$data [ 'parent_id' ] = $data [ 'post_parent' ];
2008-10-05 06:43:52 +02:00
// status
2008-11-15 13:04:38 +01:00
if ( isset ( $data [ 'keep_private' ]) && 'private' == $data [ 'keep_private' ] )
2008-10-05 06:43:52 +02:00
$data [ 'post_status' ] = 'private' ;
else
$data [ 'post_status' ] = $data [ '_status' ];
if ( empty ( $data [ 'comment_status' ]) )
$data [ 'comment_status' ] = 'closed' ;
if ( empty ( $data [ 'ping_status' ]) )
$data [ 'ping_status' ] = 'closed' ;
// update the post
edit_post ();
2008-09-17 13:32:33 +02:00
$post = array ();
2008-09-11 00:47:03 +02:00
if ( 'page' == $_POST [ 'post_type' ] ) {
$post [] = get_post ( $_POST [ 'post_ID' ]);
2008-09-17 13:32:33 +02:00
page_rows ( $post );
2008-09-11 00:47:03 +02:00
} elseif ( 'post' == $_POST [ 'post_type' ] ) {
$mode = $_POST [ 'post_view' ];
$post [] = get_post ( $_POST [ 'post_ID' ]);
post_rows ( $post );
}
2008-10-05 06:43:52 +02:00
exit ;
break ;
case 'inline-save-tax' :
check_ajax_referer ( 'taxinlineeditnonce' , '_inline_edit' );
if ( ! current_user_can ( 'manage_categories' ) )
2008-11-29 14:03:03 +01:00
die ( __ ( 'Cheatin’ uh?' ) );
2008-10-05 06:43:52 +02:00
if ( ! isset ( $_POST [ 'tax_ID' ]) || ! ( $id = ( int ) $_POST [ 'tax_ID' ] ) )
2008-11-29 14:03:03 +01:00
die ( - 1 );
2008-10-05 06:43:52 +02:00
switch ( $_POST [ 'tax_type' ]) {
case 'cat' :
$data = array ();
$data [ 'cat_ID' ] = $id ;
$data [ 'cat_name' ] = $_POST [ 'name' ];
$data [ 'category_nicename' ] = $_POST [ 'slug' ];
if ( isset ( $_POST [ 'parent' ]) && ( int ) $_POST [ 'parent' ] > 0 )
$data [ 'category_parent' ] = $_POST [ 'parent' ];
2008-11-29 14:03:03 +01:00
$cat = get_category ( $id , ARRAY_A );
$data [ 'category_description' ] = $cat [ 'category_description' ];
2008-10-05 06:43:52 +02:00
$updated = wp_update_category ( $data );
if ( $updated && ! is_wp_error ( $updated ) )
2008-12-05 05:08:20 +01:00
echo _cat_row ( $updated , 0 );
2008-10-05 06:43:52 +02:00
else
die ( __ ( 'Category not updated.' ) );
break ;
case 'link-cat' :
$updated = wp_update_term ( $id , 'link_category' , $_POST );
if ( $updated && ! is_wp_error ( $updated ) )
2008-12-05 05:08:20 +01:00
echo link_cat_row ( $updated [ 'term_id' ]);
2008-10-05 06:43:52 +02:00
else
die ( __ ( 'Category not updated.' ) );
break ;
case 'tag' :
2009-02-12 09:00:29 +01:00
if ( ! empty ( $_POST [ 'taxonomy' ]) )
$taxonomy = $_POST [ 'taxonomy' ];
else
$taxonomy = 'post_tag' ;
2009-04-09 18:00:40 +02:00
$tag = get_term ( $id , $taxonomy );
$_POST [ 'description' ] = $tag -> description ;
2009-02-12 09:00:29 +01:00
$updated = wp_update_term ( $id , $taxonomy , $_POST );
2008-10-05 06:43:52 +02:00
if ( $updated && ! is_wp_error ( $updated ) ) {
2009-02-12 09:00:29 +01:00
$tag = get_term ( $updated [ 'term_id' ], $taxonomy );
2008-10-05 06:43:52 +02:00
if ( ! $tag || is_wp_error ( $tag ) )
die ( __ ( 'Tag not updated.' ) );
echo _tag_row ( $tag );
} else {
die ( __ ( 'Tag not updated.' ) );
}
break ;
}
exit ;
2008-09-21 21:45:45 +02:00
break ;
2008-09-16 06:24:28 +02:00
case 'find_posts' :
check_ajax_referer ( 'find-posts' );
if ( empty ( $_POST [ 'ps' ]) )
exit ;
$what = isset ( $_POST [ 'pages' ]) ? 'page' : 'post' ;
$s = stripslashes ( $_POST [ 'ps' ]);
preg_match_all ( '/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/' , $s , $matches );
$search_terms = array_map ( create_function ( '$a' , 'return trim($a, "\\"\'\\n\\r ");' ), $matches [ 0 ]);
$searchand = $search = '' ;
foreach ( ( array ) $search_terms as $term ) {
$term = addslashes_gpc ( $term );
$search .= " { $searchand } (( $wpdb->posts .post_title LIKE '% { $term } %') OR ( $wpdb->posts .post_content LIKE '% { $term } %')) " ;
$searchand = ' AND ' ;
}
$term = $wpdb -> escape ( $s );
if ( count ( $search_terms ) > 1 && $search_terms [ 0 ] != $s )
$search .= " OR ( $wpdb->posts .post_title LIKE '% { $term } %') OR ( $wpdb->posts .post_content LIKE '% { $term } %') " ;
$posts = $wpdb -> get_results ( " SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = ' $what ' AND $search ORDER BY post_date_gmt DESC LIMIT 50 " );
if ( ! $posts )
exit ( __ ( 'No posts found.' ) );
2009-04-16 06:41:05 +02:00
$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>' . __ ( 'Title' ) . '</th><th>' . __ ( 'Time' ) . '</th><th>' . __ ( 'Status' ) . '</th></tr></thead><tbody>' ;
2008-09-16 06:24:28 +02:00
foreach ( $posts as $post ) {
switch ( $post -> post_status ) {
case 'publish' :
case 'private' :
$stat = __ ( 'Published' );
break ;
case 'future' :
$stat = __ ( 'Scheduled' );
break ;
case 'pending' :
$stat = __ ( 'Pending Review' );
break ;
case 'draft' :
$stat = __ ( 'Unpublished' );
break ;
}
2008-10-05 06:43:52 +02:00
2008-09-16 06:24:28 +02:00
if ( '0000-00-00 00:00:00' == $post -> post_date ) {
$time = '' ;
} else {
2009-03-13 04:53:39 +01:00
/* translators: date format in table columns, see http://php.net/date */
2008-09-16 06:24:28 +02:00
$time = mysql2date ( __ ( 'Y/m/d' ), $post -> post_date );
}
2009-05-05 21:43:53 +02:00
$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-' . $post -> ID . '" name="found_post_id" value="' . esc_attr ( $post -> ID ) . '"></td>' ;
2009-05-18 17:11:07 +02:00
$html .= '<td><label for="found-' . $post -> ID . '">' . esc_html ( $post -> post_title ) . '</label></td><td>' . esc_html ( $time ) . '</td><td>' . esc_html ( $stat ) . '</td></tr>' . " \n \n " ;
2008-09-16 06:24:28 +02:00
}
$html .= '</tbody></table>' ;
$x = new WP_Ajax_Response ();
$x -> add ( array (
'what' => $what ,
'data' => $html
));
$x -> send ();
2009-02-04 19:24:02 +01:00
break ;
case 'lj-importer' :
check_ajax_referer ( 'lj-api-import' );
if ( ! current_user_can ( 'publish_posts' ) )
die ( '-1' );
if ( empty ( $_POST [ 'step' ] ) )
die ( '-1' );
2009-02-16 21:59:11 +01:00
define ( 'WP_IMPORTING' , true );
2009-02-04 19:24:02 +01:00
include ( ABSPATH . 'wp-admin/import/livejournal.php' );
$result = $lj_api_import -> { 'step' . ( ( int ) $_POST [ 'step' ] ) }();
if ( is_wp_error ( $result ) )
echo $result -> get_error_message ();
die ;
2008-08-20 23:42:31 +02:00
break ;
2009-04-11 16:37:24 +02:00
case 'widgets-order' :
check_ajax_referer ( 'save-sidebar-widgets' , 'savewidgets' );
if ( ! current_user_can ( 'switch_themes' ) )
die ( '-1' );
unset ( $_POST [ 'savewidgets' ], $_POST [ 'action' ] );
2009-04-13 18:20:58 +02:00
// save widgets order for all sidebars
if ( is_array ( $_POST [ 'sidebars' ]) ) {
$sidebars = array ();
foreach ( $_POST [ 'sidebars' ] as $key => $val ) {
$sb = array ();
if ( ! empty ( $val ) ) {
2009-04-11 16:37:24 +02:00
$val = explode ( ',' , $val );
foreach ( $val as $k => $v ) {
2009-04-13 18:20:58 +02:00
if ( strpos ( $v , 'widget-' ) === false )
continue ;
$sb [ $k ] = substr ( $v , strpos ( $v , '_' ) + 1 );
2009-04-11 16:37:24 +02:00
}
}
2009-04-13 18:20:58 +02:00
$sidebars [ $key ] = $sb ;
2009-04-11 16:37:24 +02:00
}
2009-04-13 18:20:58 +02:00
wp_set_sidebars_widgets ( $sidebars );
die ( '1' );
2009-04-11 16:37:24 +02:00
}
2009-04-13 18:20:58 +02:00
die ( '-1' );
2009-04-11 16:37:24 +02:00
break ;
case 'save-widget' :
check_ajax_referer ( 'save-sidebar-widgets' , 'savewidgets' );
2009-04-13 18:20:58 +02:00
if ( ! current_user_can ( 'switch_themes' ) || ! isset ( $_POST [ 'id_base' ]) )
2009-04-11 16:37:24 +02:00
die ( '-1' );
unset ( $_POST [ 'savewidgets' ], $_POST [ 'action' ] );
2009-04-13 18:20:58 +02:00
$id_base = $_POST [ 'id_base' ];
2009-04-11 16:37:24 +02:00
$number = isset ( $_POST [ 'widget_number' ]) ? $_POST [ 'widget_number' ] : '' ;
2009-04-13 18:20:58 +02:00
$sidebar_id = $_POST [ 'sidebar' ];
2009-04-11 16:37:24 +02:00
$sidebars = wp_get_sidebars_widgets ();
$sidebar = isset ( $sidebars [ $sidebar_id ]) ? $sidebars [ $sidebar_id ] : array ();
// delete
if ( isset ( $_POST [ 'delete_widget' ]) && $_POST [ 'delete_widget' ] ) {
$del_id = $_POST [ 'widget-id' ];
$widget = isset ( $wp_registered_widgets [ $del_id ]) ? $wp_registered_widgets [ $del_id ] : false ;
2009-04-20 12:58:50 +02:00
if ( ! in_array ( $del_id , $sidebar , true ) )
2009-04-11 16:37:24 +02:00
die ( '-1' );
2009-04-20 12:58:50 +02:00
if ( $widget ) {
$option = str_replace ( '-' , '_' , 'widget_' . $id_base );
$data = get_option ( $option );
2009-04-11 16:37:24 +02:00
2009-04-20 12:58:50 +02:00
if ( isset ( $widget [ 'params' ][ 0 ][ 'number' ]) ) {
$number = $widget [ 'params' ][ 0 ][ 'number' ];
if ( is_array ( $data ) && isset ( $data [ $number ]) ) {
unset ( $data [ $number ] );
update_option ( $option , $data );
}
} else {
if ( $data ) {
$data = array ();
update_option ( $option , $data );
}
2009-04-11 16:37:24 +02:00
}
}
$sidebar = array_diff ( $sidebar , array ( $del_id ) );
$sidebars [ $sidebar_id ] = $sidebar ;
wp_set_sidebars_widgets ( $sidebars );
echo " deleted: $del_id " ;
die ();
}
// save
foreach ( ( array ) $wp_registered_widget_updates as $name => $control ) {
if ( $name == $id_base ) {
if ( ! is_callable ( $control [ 'callback' ] ) )
continue ;
if ( $number ) {
// don't delete other instances of the same multi-widget
foreach ( $sidebar as $_widget_id ) {
2009-05-08 19:17:54 +02:00
$_widget = $wp_registered_widgets [ $_widget_id ];
if ( isset ( $_widget [ 'params' ]) &&
is_array ( $_widget [ 'params' ][ 0 ]) &&
array_key_exists ( 'number' , $_widget [ 'params' ][ 0 ]) )
unset ( $wp_registered_widgets [ $_widget_id ][ 'params' ][ 0 ][ 'number' ]);
2009-04-11 16:37:24 +02:00
}
}
ob_start ();
call_user_func_array ( $control [ 'callback' ], $control [ 'params' ] );
ob_end_clean ();
break ;
}
}
die ( '1' );
break ;
2006-03-29 03:51:55 +02:00
default :
2006-07-25 21:01:52 +02:00
do_action ( 'wp_ajax_' . $_POST [ 'action' ] );
2006-03-29 03:51:55 +02:00
die ( '0' );
break ;
endswitch ;
2008-10-16 23:59:06 +02:00
?>