WordPress/wp-admin/includes/post.php

568 lines
17 KiB
PHP

<?php
// Update an existing post with values provided in $_POST.
function edit_post() {
$post_ID = (int) $_POST['post_ID'];
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_page', $post_ID ) )
wp_die( __('You are not allowed to edit this page.' ));
} else {
if ( !current_user_can( 'edit_post', $post_ID ) )
wp_die( __('You are not allowed to edit this post.' ));
}
// Autosave shouldn't save too soon after a real save
if ( 'autosave' == $_POST['action'] ) {
$post =& get_post( $post_ID );
$now = time();
$then = strtotime($post->post_date_gmt . ' +0000');
// Keep autosave_interval in sync with autosave-js.php.
$delta = apply_filters( 'autosave_interval', 120 ) / 2;
if ( ($now - $then) < $delta )
return $post_ID;
}
// Rename.
$_POST['ID'] = (int) $_POST['post_ID'];
$_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_parent'] = $_POST['parent_id'];
$_POST['to_ping'] = $_POST['trackback_url'];
if (!empty ( $_POST['post_author_override'] ) ) {
$_POST['post_author'] = (int) $_POST['post_author_override'];
} else
if (!empty ( $_POST['post_author'] ) ) {
$_POST['post_author'] = (int) $_POST['post_author'];
} else {
$_POST['post_author'] = (int) $_POST['user_ID'];
}
if ( $_POST['post_author'] != $_POST['user_ID'] ) {
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_others_pages' ) )
wp_die( __('You are not allowed to edit pages as this user.' ));
} else {
if ( !current_user_can( 'edit_others_posts' ) )
wp_die( __('You are not allowed to edit posts as this user.' ));
}
}
// What to do based on which button they pressed
if ('' != $_POST['saveasdraft'] )
$_POST['post_status'] = 'draft';
if ('' != $_POST['saveasprivate'] )
$_POST['post_status'] = 'private';
if ('' != $_POST['publish'] )
$_POST['post_status'] = 'publish';
if ('' != $_POST['advanced'] )
$_POST['post_status'] = 'draft';
if ( 'page' == $_POST['post_type'] ) {
if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ))
$_POST['post_status'] = 'pending';
} else {
if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ))
$_POST['post_status'] = 'pending';
}
if (!isset( $_POST['comment_status'] ))
$_POST['comment_status'] = 'closed';
if (!isset( $_POST['ping_status'] ))
$_POST['ping_status'] = 'closed';
if (!empty ( $_POST['edit_date'] ) ) {
$aa = $_POST['aa'];
$mm = $_POST['mm'];
$jj = $_POST['jj'];
$hh = $_POST['hh'];
$mn = $_POST['mn'];
$ss = $_POST['ss'];
$jj = ($jj > 31 ) ? 31 : $jj;
$hh = ($hh > 23 ) ? $hh -24 : $hh;
$mn = ($mn > 59 ) ? $mn -60 : $mn;
$ss = ($ss > 59 ) ? $ss -60 : $ss;
$_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
$_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" );
}
// Meta Stuff
if ( $_POST['meta'] ) {
foreach ( $_POST['meta'] as $key => $value )
update_meta( $key, $value['key'], $value['value'] );
}
if ( $_POST['deletemeta'] ) {
foreach ( $_POST['deletemeta'] as $key => $value )
delete_meta( $key );
}
add_meta( $post_ID );
wp_update_post( $_POST );
// Reunite any orphaned attachments with their parent
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
$draft_ids = array();
if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
_relocate_children( $draft_temp_id, $post_ID );
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links( $post_ID );
return $post_ID;
}
// Default post information to use when populating the "Write Post" form.
function get_default_post_to_edit() {
if ( !empty( $_REQUEST['post_title'] ) )
$post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
else if ( !empty( $_REQUEST['popuptitle'] ) ) {
$post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
$post_title = funky_javascript_fix( $post_title );
} else {
$post_title = '';
}
if ( !empty( $_REQUEST['content'] ) )
$post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
else if ( !empty( $post_title ) ) {
$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
$text = funky_javascript_fix( $text);
$popupurl = clean_url($_REQUEST['popupurl']);
$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
}
if ( !empty( $_REQUEST['excerpt'] ) )
$post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
else
$post_excerpt = '';
$post->post_status = 'draft';
$post->post_type = 'post';
$post->comment_status = get_option( 'default_comment_status' );
$post->ping_status = get_option( 'default_ping_status' );
$post->post_pingback = get_option( 'default_pingback_flag' );
$post->post_category = get_option( 'default_category' );
$post->post_content = apply_filters( 'default_content', $post_content);
$post->post_title = apply_filters( 'default_title', $post_title );
$post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt);
$post->page_template = 'default';
$post->post_parent = 0;
$post->menu_order = 0;
return $post;
}
function get_default_page_to_edit() {
$page = get_default_post_to_edit();
$page->post_type = 'page';
return $page;
}
// Get an existing post and format it for editing.
function get_post_to_edit( $id ) {
$post = get_post( $id, OBJECT, 'edit' );
if ( $post->post_type == 'page' )
$post->page_template = get_post_meta( $id, '_wp_page_template', true );
return $post;
}
function post_exists($title, $content = '', $post_date = '') {
global $wpdb;
if (!empty ($post_date))
$post_date = "AND post_date = '$post_date'";
if (!empty ($title))
return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
else
if (!empty ($content))
return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
return 0;
}
// Creates a new post from the "Write Post" form using $_POST information.
function wp_write_post() {
global $user_ID;
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_pages' ) )
return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) );
} else {
if ( !current_user_can( 'edit_posts' ) )
return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) );
}
// Check for autosave collisions
$temp_id = false;
if ( isset($_POST['temp_ID']) ) {
$temp_id = (int) $_POST['temp_ID'];
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
$draft_ids = array();
foreach ( $draft_ids as $temp => $real )
if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then )
unset($draft_ids[$temp]);
if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write
$_POST['post_ID'] = $draft_ids[$temp_id];
unset($_POST['temp_ID']);
update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
return edit_post();
}
}
// Rename.
$_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_parent'] = $_POST['parent_id'];
$_POST['to_ping'] = $_POST['trackback_url'];
if (!empty ( $_POST['post_author_override'] ) ) {
$_POST['post_author'] = (int) $_POST['post_author_override'];
} else {
if (!empty ( $_POST['post_author'] ) ) {
$_POST['post_author'] = (int) $_POST['post_author'];
} else {
$_POST['post_author'] = (int) $_POST['user_ID'];
}
}
if ( $_POST['post_author'] != $_POST['user_ID'] ) {
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_others_pages' ) )
return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
} else {
if ( !current_user_can( 'edit_others_posts' ) )
return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) );
}
}
// What to do based on which button they pressed
if ('' != $_POST['saveasdraft'] )
$_POST['post_status'] = 'draft';
if ('' != $_POST['saveasprivate'] )
$_POST['post_status'] = 'private';
if ('' != $_POST['publish'] )
$_POST['post_status'] = 'publish';
if ('' != $_POST['advanced'] )
$_POST['post_status'] = 'draft';
if ( 'page' == $_POST['post_type'] ) {
if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) )
$_POST['post_status'] = 'pending';
} else {
if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) )
$_POST['post_status'] = 'pending';
}
if (!isset( $_POST['comment_status'] ))
$_POST['comment_status'] = 'closed';
if (!isset( $_POST['ping_status'] ))
$_POST['ping_status'] = 'closed';
if (!empty ( $_POST['edit_date'] ) ) {
$aa = $_POST['aa'];
$mm = $_POST['mm'];
$jj = $_POST['jj'];
$hh = $_POST['hh'];
$mn = $_POST['mn'];
$ss = $_POST['ss'];
$jj = ($jj > 31 ) ? 31 : $jj;
$hh = ($hh > 23 ) ? $hh -24 : $hh;
$mn = ($mn > 59 ) ? $mn -60 : $mn;
$ss = ($ss > 59 ) ? $ss -60 : $ss;
$_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
$_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
}
// Create the post.
$post_ID = wp_insert_post( $_POST );
if ( is_wp_error( $post_ID ) )
return $post_ID;
if ( empty($post_ID) )
return 0;
add_meta( $post_ID );
// Reunite any orphaned attachments with their parent
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
$draft_ids = array();
if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
_relocate_children( $draft_temp_id, $post_ID );
if ( $temp_id && $temp_id != $draft_temp_id )
_relocate_children( $temp_id, $post_ID );
// Update autosave collision detection
if ( $temp_id ) {
$draft_ids[$temp_id] = $post_ID;
update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links( $post_ID );
return $post_ID;
}
function write_post() {
$result = wp_write_post();
if( is_wp_error( $result ) )
wp_die( $result->get_error_message() );
else
return $result;
}
//
// Post Meta
//
function add_meta( $post_ID ) {
global $wpdb;
$post_ID = (int) $post_ID;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
$metavalue = $wpdb->escape( $metavalue );
if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
// We have a key/value pair. If both the select and the
// input for the key have data, the input takes precedence:
if ('#NONE#' != $metakeyselect)
$metakey = $metakeyselect;
if ( $metakeyinput)
$metakey = $metakeyinput; // default
if ( in_array($metakey, $protected) )
return false;
wp_cache_delete($post_ID, 'post_meta');
$wpdb->query( "
INSERT INTO $wpdb->postmeta
(post_id,meta_key,meta_value )
VALUES ('$post_ID','$metakey','$metavalue' )
" );
return $wpdb->insert_id;
}
return false;
} // add_meta
function delete_meta( $mid ) {
global $wpdb;
$mid = (int) $mid;
$post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
wp_cache_delete($post_id, 'post_meta');
return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
}
// Get a list of previously defined keys
function get_meta_keys() {
global $wpdb;
$keys = $wpdb->get_col( "
SELECT meta_key
FROM $wpdb->postmeta
GROUP BY meta_key
ORDER BY meta_key" );
return $keys;
}
function get_post_meta_by_id( $mid ) {
global $wpdb;
$mid = (int) $mid;
$meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
if ( is_serialized_string( $meta->meta_value ) )
$meta->meta_value = maybe_unserialize( $meta->meta_value );
return $meta;
}
// Some postmeta stuff
function has_meta( $postid ) {
global $wpdb;
return $wpdb->get_results( "
SELECT meta_key, meta_value, meta_id, post_id
FROM $wpdb->postmeta
WHERE post_id = '$postid'
ORDER BY meta_key,meta_id", ARRAY_A );
}
function update_meta( $mid, $mkey, $mvalue ) {
global $wpdb;
$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
if ( in_array($mkey, $protected) )
return false;
$post_id = $wpdb->get_var("SELECT post_id FROM $wpdb->postmeta WHERE meta_id = '$mid'");
wp_cache_delete($post_id, 'post_meta');
$mvalue = maybe_serialize( stripslashes( $mvalue ));
$mvalue = $wpdb->escape( $mvalue );
$mid = (int) $mid;
return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
}
//
// Private
//
// Replace hrefs of attachment anchors with up-to-date permalinks.
function _fix_attachment_links( $post_ID ) {
$post = & get_post( $post_ID, ARRAY_A );
$search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
// See if we have any rel="attachment" links
if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) )
return;
$i = 0;
$search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i";
foreach ( $anchor_matches[0] as $anchor ) {
if ( 0 == preg_match( $search, $anchor, $id_matches ) )
continue;
$id = (int) $id_matches[3];
// While we have the attachment ID, let's adopt any orphans.
$attachment = & get_post( $id, ARRAY_A );
if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) {
$attachment['post_parent'] = $post_ID;
// Escape data pulled from DB.
$attachment = add_magic_quotes( $attachment);
wp_update_post( $attachment);
}
$post_search[$i] = $anchor;
$post_replace[$i] = preg_replace( "#href=(\"|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor );
++$i;
}
$post['post_content'] = str_replace( $post_search, $post_replace, $post['post_content'] );
// Escape data pulled from DB.
$post = add_magic_quotes( $post);
return wp_update_post( $post);
}
// Move child posts to a new parent
function _relocate_children( $old_ID, $new_ID ) {
global $wpdb;
$old_ID = (int) $old_ID;
$new_ID = (int) $new_ID;
return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
}
function wp_edit_posts_query( $q = false ) {
global $wpdb;
if ( false === $q )
$q = $_GET;
$q['m'] = (int) $q['m'];
$q['cat'] = (int) $q['cat'];
$post_stati = array( // array( adj, noun )
'publish' => array(__('Published'), __('Published posts'), __('Published (%s)')),
'future' => array(__('Scheduled'), __('Scheduled posts'), __('Scheduled (%s)')),
'pending' => array(__('Pending Review'), __('Pending posts'), __('Pending Review (%s)')),
'draft' => array(__('Draft'), _c('Drafts|manage posts header'), _c('Draft (%s)|manage posts header')),
'private' => array(__('Private'), __('Private posts'), __('Private (%s)'))
);
$avail_post_stati = $wpdb->get_col("SELECT DISTINCT post_status FROM $wpdb->posts WHERE post_type = 'post'");
$post_status_q = '';
if ( isset($q['post_status']) && in_array( $q['post_status'], array_keys($post_stati) ) )
$post_status_q = '&post_status=' . $q['post_status'];
if ( 'pending' === $q['post_status'] ) {
$order = 'ASC';
$orderby = 'modified';
} elseif ( 'draft' === $q['post_status'] ) {
$order = 'DESC';
$orderby = 'modified';
} else {
$order = 'DESC';
$orderby = 'date';
}
wp("what_to_show=posts$post_status_q&posts_per_page=20&order=$order&orderby=$orderby");
return array($post_stati, $avail_post_stati);
}
function postbox_classes( $id, $page ) {
$current_user = wp_get_current_user();
if ( $closed = get_usermeta( $current_user->ID, 'closedpostboxes_'.$page ) ) {
if ( !is_array( $closed ) ) return '';
return in_array( $id, $closed )? 'closed' : '';
} else {
if ( 'tagsdiv' == $id || 'categorydiv' == $id ) return '';
else return 'closed';
}
}
function get_sample_permalink($id, $name = null) {
$post = &get_post($id);
$original_status = $post->post_status;
$original_date = $post->post_date;
$original_name = $post->post_name;
if (in_array($post->post_status, array('draft', 'pending'))) {
$post->post_status = 'publish';
$post->post_date = date('Y-m-d H:i:s');
$post->post_name = sanitize_title($post->post_name? $post->post_name : $post->post_title, $post->ID);
}
if (!is_null($name)) {
$post->post_name = sanitize_title($name, $post->ID);
}
$permalink = get_permalink($post, true);
$permalink = array($permalink, $post->post_name);
$post->post_status = $original_status;
$post->post_date = $original_date;
$post->post_name = $original_name;
return $permalink;
}
function get_sample_permalink_html($id, $new_slug=null) {
$post = &get_post($id);
list($permalink, $post_name) = get_sample_permalink($post->ID, $new_slug);
if (false === strpos($permalink, '%postname%')) {
return '';
}
$title = __('You can edit this part of the permalink using the Edit button on the right');
if (strlen($post_name) > 30) {
$post_name = substr($post_name, 0, 14). '&hellip;' . substr($post_name, -14);
}
$post_name_html = '<span id="editable-post-name" title="'.$title.'">'.$post_name.'</span>';
$display_link = str_replace('%postname%', $post_name_html, $permalink);
return $display_link;
}
?>