7 * @package WordPress |
7 * @package WordPress |
8 * @subpackage Administration |
8 * @subpackage Administration |
9 */ |
9 */ |
10 |
10 |
11 /** WordPress Administration Bootstrap */ |
11 /** WordPress Administration Bootstrap */ |
12 require_once( dirname( __FILE__ ) . '/admin.php' ); |
12 require_once __DIR__ . '/admin.php'; |
13 |
13 |
14 $parent_file = 'edit.php'; |
14 $parent_file = 'edit.php'; |
15 $submenu_file = 'edit.php'; |
15 $submenu_file = 'edit.php'; |
16 |
16 |
17 wp_reset_vars( array( 'action' ) ); |
17 wp_reset_vars( array( 'action' ) ); |
18 |
18 |
19 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) { |
19 if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) { |
20 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); |
20 wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); |
21 } elseif ( isset( $_GET['post'] ) ) { |
21 } elseif ( isset( $_GET['post'] ) ) { |
22 $post_id = $post_ID = (int) $_GET['post']; |
22 $post_id = (int) $_GET['post']; |
23 } elseif ( isset( $_POST['post_ID'] ) ) { |
23 } elseif ( isset( $_POST['post_ID'] ) ) { |
24 $post_id = $post_ID = (int) $_POST['post_ID']; |
24 $post_id = (int) $_POST['post_ID']; |
25 } else { |
25 } else { |
26 $post_id = $post_ID = 0; |
26 $post_id = 0; |
27 } |
27 } |
|
28 $post_ID = $post_id; |
28 |
29 |
29 /** |
30 /** |
30 * @global string $post_type |
31 * @global string $post_type |
31 * @global object $post_type_object |
32 * @global object $post_type_object |
32 * @global WP_Post $post |
33 * @global WP_Post $post Global post object. |
33 */ |
34 */ |
34 global $post_type, $post_type_object, $post; |
35 global $post_type, $post_type_object, $post; |
35 |
36 |
36 if ( $post_id ) { |
37 if ( $post_id ) { |
37 $post = get_post( $post_id ); |
38 $post = get_post( $post_id ); |
46 wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); |
47 wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 ); |
47 } |
48 } |
48 |
49 |
49 if ( isset( $_POST['deletepost'] ) ) { |
50 if ( isset( $_POST['deletepost'] ) ) { |
50 $action = 'delete'; |
51 $action = 'delete'; |
51 } elseif ( isset( $_POST['wp-preview'] ) && 'dopreview' == $_POST['wp-preview'] ) { |
52 } elseif ( isset( $_POST['wp-preview'] ) && 'dopreview' === $_POST['wp-preview'] ) { |
52 $action = 'preview'; |
53 $action = 'preview'; |
53 } |
54 } |
54 |
55 |
55 $sendback = wp_get_referer(); |
56 $sendback = wp_get_referer(); |
56 if ( ! $sendback || |
57 if ( ! $sendback || |
57 strpos( $sendback, 'post.php' ) !== false || |
58 false !== strpos( $sendback, 'post.php' ) || |
58 strpos( $sendback, 'post-new.php' ) !== false ) { |
59 false !== strpos( $sendback, 'post-new.php' ) ) { |
59 if ( 'attachment' == $post_type ) { |
60 if ( 'attachment' === $post_type ) { |
60 $sendback = admin_url( 'upload.php' ); |
61 $sendback = admin_url( 'upload.php' ); |
61 } else { |
62 } else { |
62 $sendback = admin_url( 'edit.php' ); |
63 $sendback = admin_url( 'edit.php' ); |
63 if ( ! empty( $post_type ) ) { |
64 if ( ! empty( $post_type ) ) { |
64 $sendback = add_query_arg( 'post_type', $post_type, $sendback ); |
65 $sendback = add_query_arg( 'post_type', $post_type, $sendback ); |
68 $sendback = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'ids' ), $sendback ); |
69 $sendback = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'ids' ), $sendback ); |
69 } |
70 } |
70 |
71 |
71 switch ( $action ) { |
72 switch ( $action ) { |
72 case 'post-quickdraft-save': |
73 case 'post-quickdraft-save': |
73 // Check nonce and capabilities |
74 // Check nonce and capabilities. |
74 $nonce = $_REQUEST['_wpnonce']; |
75 $nonce = $_REQUEST['_wpnonce']; |
75 $error_msg = false; |
76 $error_msg = false; |
76 |
77 |
77 // For output of the quickdraft dashboard widget |
78 // For output of the Quick Draft dashboard widget. |
78 require_once ABSPATH . 'wp-admin/includes/dashboard.php'; |
79 require_once ABSPATH . 'wp-admin/includes/dashboard.php'; |
79 |
80 |
80 if ( ! wp_verify_nonce( $nonce, 'add-post' ) ) { |
81 if ( ! wp_verify_nonce( $nonce, 'add-post' ) ) { |
81 $error_msg = __( 'Unable to submit this form, please refresh and try again.' ); |
82 $error_msg = __( 'Unable to submit this form, please refresh and try again.' ); |
82 } |
83 } |
92 $post = get_post( $_REQUEST['post_ID'] ); |
93 $post = get_post( $_REQUEST['post_ID'] ); |
93 check_admin_referer( 'add-' . $post->post_type ); |
94 check_admin_referer( 'add-' . $post->post_type ); |
94 |
95 |
95 $_POST['comment_status'] = get_default_comment_status( $post->post_type ); |
96 $_POST['comment_status'] = get_default_comment_status( $post->post_type ); |
96 $_POST['ping_status'] = get_default_comment_status( $post->post_type, 'pingback' ); |
97 $_POST['ping_status'] = get_default_comment_status( $post->post_type, 'pingback' ); |
|
98 |
|
99 // Wrap Quick Draft content in the Paragraph block. |
|
100 if ( false === strpos( $_POST['content'], '<!-- wp:paragraph -->' ) ) { |
|
101 $_POST['content'] = sprintf( |
|
102 '<!-- wp:paragraph -->%s<!-- /wp:paragraph -->', |
|
103 str_replace( array( "\r\n", "\r", "\n" ), '<br />', $_POST['content'] ) |
|
104 ); |
|
105 } |
97 |
106 |
98 edit_post(); |
107 edit_post(); |
99 wp_dashboard_quick_press(); |
108 wp_dashboard_quick_press(); |
100 exit; |
109 exit; |
101 |
110 |
102 case 'postajaxpost': |
111 case 'postajaxpost': |
103 case 'post': |
112 case 'post': |
104 check_admin_referer( 'add-' . $post_type ); |
113 check_admin_referer( 'add-' . $post_type ); |
105 $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); |
114 $post_id = 'postajaxpost' === $action ? edit_post() : write_post(); |
106 redirect_post( $post_id ); |
115 redirect_post( $post_id ); |
107 exit(); |
116 exit; |
108 |
117 |
109 case 'edit': |
118 case 'edit': |
110 $editing = true; |
119 $editing = true; |
111 |
120 |
112 if ( empty( $post_id ) ) { |
121 if ( empty( $post_id ) ) { |
113 wp_redirect( admin_url( 'post.php' ) ); |
122 wp_redirect( admin_url( 'post.php' ) ); |
114 exit(); |
123 exit; |
115 } |
124 } |
116 |
125 |
117 if ( ! $post ) { |
126 if ( ! $post ) { |
118 wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); |
127 wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); |
119 } |
128 } |
120 |
129 |
121 if ( ! $post_type_object ) { |
130 if ( ! $post_type_object ) { |
122 wp_die( __( 'Invalid post type.' ) ); |
131 wp_die( __( 'Invalid post type.' ) ); |
123 } |
132 } |
124 |
133 |
125 if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) { |
134 if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ), true ) ) { |
126 wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); |
135 wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); |
127 } |
136 } |
128 |
137 |
129 if ( ! current_user_can( 'edit_post', $post_id ) ) { |
138 if ( ! current_user_can( 'edit_post', $post_id ) ) { |
130 wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); |
139 wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); |
131 } |
140 } |
132 |
141 |
133 if ( 'trash' == $post->post_status ) { |
142 if ( 'trash' === $post->post_status ) { |
134 wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) ); |
143 wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) ); |
135 } |
144 } |
136 |
145 |
137 if ( ! empty( $_GET['get-post-lock'] ) ) { |
146 if ( ! empty( $_GET['get-post-lock'] ) ) { |
138 check_admin_referer( 'lock-post_' . $post_id ); |
147 check_admin_referer( 'lock-post_' . $post_id ); |
139 wp_set_post_lock( $post_id ); |
148 wp_set_post_lock( $post_id ); |
140 wp_redirect( get_edit_post_link( $post_id, 'url' ) ); |
149 wp_redirect( get_edit_post_link( $post_id, 'url' ) ); |
141 exit(); |
150 exit; |
142 } |
151 } |
143 |
152 |
144 $post_type = $post->post_type; |
153 $post_type = $post->post_type; |
145 if ( 'post' == $post_type ) { |
154 if ( 'post' === $post_type ) { |
146 $parent_file = 'edit.php'; |
155 $parent_file = 'edit.php'; |
147 $submenu_file = 'edit.php'; |
156 $submenu_file = 'edit.php'; |
148 $post_new_file = 'post-new.php'; |
157 $post_new_file = 'post-new.php'; |
149 } elseif ( 'attachment' == $post_type ) { |
158 } elseif ( 'attachment' === $post_type ) { |
150 $parent_file = 'upload.php'; |
159 $parent_file = 'upload.php'; |
151 $submenu_file = 'upload.php'; |
160 $submenu_file = 'upload.php'; |
152 $post_new_file = 'media-new.php'; |
161 $post_new_file = 'media-new.php'; |
153 } else { |
162 } else { |
154 if ( isset( $post_type_object ) && $post_type_object->show_in_menu && $post_type_object->show_in_menu !== true ) { |
163 if ( isset( $post_type_object ) && $post_type_object->show_in_menu && true !== $post_type_object->show_in_menu ) { |
155 $parent_file = $post_type_object->show_in_menu; |
164 $parent_file = $post_type_object->show_in_menu; |
156 } else { |
165 } else { |
157 $parent_file = "edit.php?post_type=$post_type"; |
166 $parent_file = "edit.php?post_type=$post_type"; |
158 } |
167 } |
159 $submenu_file = "edit.php?post_type=$post_type"; |
168 $submenu_file = "edit.php?post_type=$post_type"; |
165 /** |
174 /** |
166 * Allows replacement of the editor. |
175 * Allows replacement of the editor. |
167 * |
176 * |
168 * @since 4.9.0 |
177 * @since 4.9.0 |
169 * |
178 * |
170 * @param boolean Whether to replace the editor. Default false. |
179 * @param bool $replace Whether to replace the editor. Default false. |
171 * @param object $post Post object. |
180 * @param WP_Post $post Post object. |
172 */ |
181 */ |
173 if ( apply_filters( 'replace_editor', false, $post ) === true ) { |
182 if ( true === apply_filters( 'replace_editor', false, $post ) ) { |
174 break; |
183 break; |
175 } |
184 } |
176 |
185 |
177 if ( use_block_editor_for_post( $post ) ) { |
186 if ( use_block_editor_for_post( $post ) ) { |
178 include( ABSPATH . 'wp-admin/edit-form-blocks.php' ); |
187 require ABSPATH . 'wp-admin/edit-form-blocks.php'; |
179 break; |
188 break; |
180 } |
189 } |
181 |
190 |
182 if ( ! wp_check_post_lock( $post->ID ) ) { |
191 if ( ! wp_check_post_lock( $post->ID ) ) { |
183 $active_post_lock = wp_set_post_lock( $post->ID ); |
192 $active_post_lock = wp_set_post_lock( $post->ID ); |
192 if ( post_type_supports( $post_type, 'comments' ) ) { |
201 if ( post_type_supports( $post_type, 'comments' ) ) { |
193 wp_enqueue_script( 'admin-comments' ); |
202 wp_enqueue_script( 'admin-comments' ); |
194 enqueue_comment_hotkeys_js(); |
203 enqueue_comment_hotkeys_js(); |
195 } |
204 } |
196 |
205 |
197 include( ABSPATH . 'wp-admin/edit-form-advanced.php' ); |
206 require ABSPATH . 'wp-admin/edit-form-advanced.php'; |
198 |
207 |
199 break; |
208 break; |
200 |
209 |
201 case 'editattachment': |
210 case 'editattachment': |
202 check_admin_referer( 'update-post_' . $post_id ); |
211 check_admin_referer( 'update-post_' . $post_id ); |
203 |
212 |
204 // Don't let these be changed |
213 // Don't let these be changed. |
205 unset( $_POST['guid'] ); |
214 unset( $_POST['guid'] ); |
206 $_POST['post_type'] = 'attachment'; |
215 $_POST['post_type'] = 'attachment'; |
207 |
216 |
208 // Update the thumbnail filename |
217 // Update the thumbnail filename. |
209 $newmeta = wp_get_attachment_metadata( $post_id, true ); |
218 $newmeta = wp_get_attachment_metadata( $post_id, true ); |
210 $newmeta['thumb'] = wp_basename( $_POST['thumb'] ); |
219 $newmeta['thumb'] = wp_basename( $_POST['thumb'] ); |
211 |
220 |
212 wp_update_attachment_metadata( $post_id, $newmeta ); |
221 wp_update_attachment_metadata( $post_id, $newmeta ); |
213 |
222 |
215 case 'editpost': |
224 case 'editpost': |
216 check_admin_referer( 'update-post_' . $post_id ); |
225 check_admin_referer( 'update-post_' . $post_id ); |
217 |
226 |
218 $post_id = edit_post(); |
227 $post_id = edit_post(); |
219 |
228 |
220 // Session cookie flag that the post was saved |
229 // Session cookie flag that the post was saved. |
221 if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) { |
230 if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) { |
222 setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() ); |
231 setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() ); |
223 } |
232 } |
224 |
233 |
225 redirect_post( $post_id ); // Send user on their way while we keep working |
234 redirect_post( $post_id ); // Send user on their way while we keep working. |
226 |
235 |
227 exit(); |
236 exit; |
228 |
237 |
229 case 'trash': |
238 case 'trash': |
230 check_admin_referer( 'trash-post_' . $post_id ); |
239 check_admin_referer( 'trash-post_' . $post_id ); |
231 |
240 |
232 if ( ! $post ) { |
241 if ( ! $post ) { |
239 |
248 |
240 if ( ! current_user_can( 'delete_post', $post_id ) ) { |
249 if ( ! current_user_can( 'delete_post', $post_id ) ) { |
241 wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) ); |
250 wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) ); |
242 } |
251 } |
243 |
252 |
244 if ( $user_id = wp_check_post_lock( $post_id ) ) { |
253 $user_id = wp_check_post_lock( $post_id ); |
|
254 if ( $user_id ) { |
245 $user = get_userdata( $user_id ); |
255 $user = get_userdata( $user_id ); |
|
256 /* translators: %s: User's display name. */ |
246 wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) ); |
257 wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) ); |
247 } |
258 } |
248 |
259 |
249 if ( ! wp_trash_post( $post_id ) ) { |
260 if ( ! wp_trash_post( $post_id ) ) { |
250 wp_die( __( 'Error in moving to Trash.' ) ); |
261 wp_die( __( 'Error in moving the item to Trash.' ) ); |
251 } |
262 } |
252 |
263 |
253 wp_redirect( |
264 wp_redirect( |
254 add_query_arg( |
265 add_query_arg( |
255 array( |
266 array( |
296 |
307 |
297 if ( ! current_user_can( 'delete_post', $post_id ) ) { |
308 if ( ! current_user_can( 'delete_post', $post_id ) ) { |
298 wp_die( __( 'Sorry, you are not allowed to delete this item.' ) ); |
309 wp_die( __( 'Sorry, you are not allowed to delete this item.' ) ); |
299 } |
310 } |
300 |
311 |
301 if ( $post->post_type == 'attachment' ) { |
312 if ( 'attachment' === $post->post_type ) { |
302 $force = ( ! MEDIA_TRASH ); |
313 $force = ( ! MEDIA_TRASH ); |
303 if ( ! wp_delete_attachment( $post_id, $force ) ) { |
314 if ( ! wp_delete_attachment( $post_id, $force ) ) { |
304 wp_die( __( 'Error in deleting.' ) ); |
315 wp_die( __( 'Error in deleting the attachment.' ) ); |
305 } |
316 } |
306 } else { |
317 } else { |
307 if ( ! wp_delete_post( $post_id, true ) ) { |
318 if ( ! wp_delete_post( $post_id, true ) ) { |
308 wp_die( __( 'Error in deleting.' ) ); |
319 wp_die( __( 'Error in deleting the item.' ) ); |
309 } |
320 } |
310 } |
321 } |
311 |
322 |
312 wp_redirect( add_query_arg( 'deleted', 1, $sendback ) ); |
323 wp_redirect( add_query_arg( 'deleted', 1, $sendback ) ); |
313 exit(); |
324 exit; |
314 |
325 |
315 case 'preview': |
326 case 'preview': |
316 check_admin_referer( 'update-post_' . $post_id ); |
327 check_admin_referer( 'update-post_' . $post_id ); |
317 |
328 |
318 $url = post_preview(); |
329 $url = post_preview(); |
319 |
330 |
320 wp_redirect( $url ); |
331 wp_redirect( $url ); |
321 exit(); |
332 exit; |
322 |
333 |
323 case 'toggle-custom-fields': |
334 case 'toggle-custom-fields': |
324 check_admin_referer( 'toggle-custom-fields' ); |
335 check_admin_referer( 'toggle-custom-fields' ); |
325 |
336 |
326 $current_user_id = get_current_user_id(); |
337 $current_user_id = get_current_user_id(); |