7 * @package WordPress |
7 * @package WordPress |
8 * @subpackage Administration |
8 * @subpackage Administration |
9 */ |
9 */ |
10 |
10 |
11 /** WordPress Administration Bootstrap */ |
11 /** WordPress Administration Bootstrap */ |
12 require_once('admin.php'); |
12 require_once('./admin.php'); |
13 |
13 |
14 $parent_file = 'edit.php'; |
14 $parent_file = 'edit.php'; |
15 $submenu_file = 'edit.php'; |
15 $submenu_file = 'edit.php'; |
16 |
16 |
17 wp_reset_vars(array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder')); |
17 wp_reset_vars(array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder')); |
|
18 |
|
19 if ( isset( $_GET['post'] ) ) |
|
20 $post_id = $post_ID = (int) $_GET['post']; |
|
21 elseif ( isset( $_POST['post_ID'] ) ) |
|
22 $post_id = $post_ID = (int) $_POST['post_ID']; |
|
23 else |
|
24 $post_id = $post_ID = 0; |
|
25 |
|
26 $post = $post_type = $post_type_object = null; |
|
27 |
|
28 if ( $post_id ) |
|
29 $post = get_post( $post_id ); |
|
30 |
|
31 if ( $post ) { |
|
32 $post_type = $post->post_type; |
|
33 $post_type_object = get_post_type_object( $post_type ); |
|
34 } |
18 |
35 |
19 /** |
36 /** |
20 * Redirect to previous page. |
37 * Redirect to previous page. |
21 * |
38 * |
22 * @param int $post_ID Optional. Post ID. |
39 * @param int $post_id Optional. Post ID. |
23 */ |
40 */ |
24 function redirect_post($post_ID = '') { |
41 function redirect_post($post_id = '') { |
25 global $action; |
42 if ( isset($_POST['save']) || isset($_POST['publish']) ) { |
26 |
43 $status = get_post_status( $post_id ); |
27 $referredby = ''; |
|
28 if ( !empty($_POST['referredby']) ) { |
|
29 $referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']); |
|
30 $referredby = remove_query_arg('_wp_original_http_referer', $referredby); |
|
31 } |
|
32 $referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer()); |
|
33 |
|
34 if ( !empty($_POST['mode']) && 'sidebar' == $_POST['mode'] ) { |
|
35 if ( isset($_POST['saveasdraft']) ) |
|
36 $location = 'sidebar.php?a=c'; |
|
37 elseif ( isset($_POST['publish']) ) |
|
38 $location = 'sidebar.php?a=b'; |
|
39 } elseif ( isset($_POST['save']) || isset($_POST['publish']) ) { |
|
40 $status = get_post_status( $post_ID ); |
|
41 |
44 |
42 if ( isset( $_POST['publish'] ) ) { |
45 if ( isset( $_POST['publish'] ) ) { |
43 switch ( $status ) { |
46 switch ( $status ) { |
44 case 'pending': |
47 case 'pending': |
45 $message = 8; |
48 $message = 8; |
52 } |
55 } |
53 } else { |
56 } else { |
54 $message = 'draft' == $status ? 10 : 1; |
57 $message = 'draft' == $status ? 10 : 1; |
55 } |
58 } |
56 |
59 |
57 $location = add_query_arg( 'message', $message, get_edit_post_link( $post_ID, 'url' ) ); |
60 $location = add_query_arg( 'message', $message, get_edit_post_link( $post_id, 'url' ) ); |
58 } elseif ( isset($_POST['addmeta']) && $_POST['addmeta'] ) { |
61 } elseif ( isset($_POST['addmeta']) && $_POST['addmeta'] ) { |
59 $location = add_query_arg( 'message', 2, wp_get_referer() ); |
62 $location = add_query_arg( 'message', 2, wp_get_referer() ); |
60 $location = explode('#', $location); |
63 $location = explode('#', $location); |
61 $location = $location[0] . '#postcustom'; |
64 $location = $location[0] . '#postcustom'; |
62 } elseif ( isset($_POST['deletemeta']) && $_POST['deletemeta'] ) { |
65 } elseif ( isset($_POST['deletemeta']) && $_POST['deletemeta'] ) { |
63 $location = add_query_arg( 'message', 3, wp_get_referer() ); |
66 $location = add_query_arg( 'message', 3, wp_get_referer() ); |
64 $location = explode('#', $location); |
67 $location = explode('#', $location); |
65 $location = $location[0] . '#postcustom'; |
68 $location = $location[0] . '#postcustom'; |
66 } elseif ( 'post-quickpress-save-cont' == $_POST['action'] ) { |
69 } elseif ( 'post-quickpress-save-cont' == $_POST['action'] ) { |
67 $location = "post.php?action=edit&post=$post_ID&message=7"; |
70 $location = "post.php?action=edit&post=$post_id&message=7"; |
68 } else { |
71 } else { |
69 $location = add_query_arg( 'message', 4, get_edit_post_link( $post_ID, 'url' ) ); |
72 $location = add_query_arg( 'message', 4, get_edit_post_link( $post_id, 'url' ) ); |
70 } |
73 } |
71 |
74 |
72 wp_redirect( apply_filters( 'redirect_post_location', $location, $post_ID ) ); |
75 wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) ); |
|
76 exit; |
73 } |
77 } |
74 |
78 |
75 if ( isset( $_POST['deletepost'] ) ) |
79 if ( isset( $_POST['deletepost'] ) ) |
76 $action = 'delete'; |
80 $action = 'delete'; |
77 elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] ) |
81 elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] ) |
78 $action = 'preview'; |
82 $action = 'preview'; |
79 |
83 |
80 $sendback = wp_get_referer(); |
84 $sendback = wp_get_referer(); |
81 if ( strpos($sendback, 'post.php') !== false || strpos($sendback, 'post-new.php') !== false ) |
85 if ( ! $sendback || |
82 $sendback = admin_url('edit.php'); |
86 strpos( $sendback, 'post.php' ) !== false || |
83 else |
87 strpos( $sendback, 'post-new.php' ) !== false ) { |
|
88 $sendback = admin_url( 'edit.php' ); |
|
89 $sendback .= ( ! empty( $post_type ) ) ? '?post_type=' . $post_type : ''; |
|
90 } else { |
84 $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), $sendback ); |
91 $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), $sendback ); |
|
92 } |
85 |
93 |
86 switch($action) { |
94 switch($action) { |
87 case 'postajaxpost': |
95 case 'postajaxpost': |
88 case 'post': |
96 case 'post': |
89 case 'post-quickpress-publish': |
97 case 'post-quickpress-publish': |
90 case 'post-quickpress-save': |
98 case 'post-quickpress-save': |
91 check_admin_referer('add-post'); |
99 check_admin_referer('add-' . $post_type); |
92 |
100 |
93 if ( 'post-quickpress-publish' == $action ) |
101 if ( 'post-quickpress-publish' == $action ) |
94 $_POST['publish'] = 'publish'; // tell write_post() to publish |
102 $_POST['publish'] = 'publish'; // tell write_post() to publish |
95 |
103 |
96 if ( 'post-quickpress-publish' == $action || 'post-quickpress-save' == $action ) { |
104 if ( 'post-quickpress-publish' == $action || 'post-quickpress-save' == $action ) { |
97 $_POST['comment_status'] = get_option('default_comment_status'); |
105 $_POST['comment_status'] = get_option('default_comment_status'); |
98 $_POST['ping_status'] = get_option('default_ping_status'); |
106 $_POST['ping_status'] = get_option('default_ping_status'); |
99 } |
107 $post_id = edit_post(); |
100 |
108 } else { |
101 if ( !empty( $_POST['quickpress_post_ID'] ) ) { |
109 $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); |
102 $_POST['post_ID'] = (int) $_POST['quickpress_post_ID']; |
|
103 $post_ID = edit_post(); |
|
104 } else { |
|
105 $post_ID = 'postajaxpost' == $action ? edit_post() : write_post(); |
|
106 } |
110 } |
107 |
111 |
108 if ( 0 === strpos( $action, 'post-quickpress' ) ) { |
112 if ( 0 === strpos( $action, 'post-quickpress' ) ) { |
109 $_POST['post_ID'] = $post_ID; |
113 $_POST['post_ID'] = $post_id; |
110 // output the quickpress dashboard widget |
114 // output the quickpress dashboard widget |
111 require_once(ABSPATH . 'wp-admin/includes/dashboard.php'); |
115 require_once(ABSPATH . 'wp-admin/includes/dashboard.php'); |
112 wp_dashboard_quick_press(); |
116 wp_dashboard_quick_press(); |
113 exit; |
117 exit; |
114 } |
118 } |
115 |
119 |
116 redirect_post($post_ID); |
120 redirect_post($post_id); |
117 exit(); |
121 exit(); |
118 break; |
122 break; |
119 |
123 |
120 case 'edit': |
124 case 'edit': |
121 $editing = true; |
125 $editing = true; |
122 |
126 |
123 if ( empty( $_GET['post'] ) ) { |
127 if ( empty( $post_id ) ) { |
124 wp_redirect("post.php"); |
128 wp_redirect( admin_url('post.php') ); |
125 exit(); |
129 exit(); |
126 } |
130 } |
127 $post_ID = $p = (int) $_GET['post']; |
131 |
128 $post = get_post($post_ID); |
132 $p = $post_id; |
129 |
133 |
130 if ( empty($post->ID) ) |
134 if ( empty($post->ID) ) |
131 wp_die( __('You attempted to edit a post that doesn’t exist. Perhaps it was deleted?') ); |
135 wp_die( __('You attempted to edit an item that doesn’t exist. Perhaps it was deleted?') ); |
132 |
136 |
133 if ( !current_user_can('edit_post', $post_ID) ) |
137 if ( null == $post_type_object ) |
134 wp_die( __('You are not allowed to edit this post.') ); |
138 wp_die( __('Unknown post type.') ); |
|
139 |
|
140 if ( !current_user_can($post_type_object->cap->edit_post, $post_id) ) |
|
141 wp_die( __('You are not allowed to edit this item.') ); |
135 |
142 |
136 if ( 'trash' == $post->post_status ) |
143 if ( 'trash' == $post->post_status ) |
137 wp_die( __('You can’t edit this post because it is in the Trash. Please restore it and try again.') ); |
144 wp_die( __('You can’t edit this item because it is in the Trash. Please restore it and try again.') ); |
138 |
145 |
139 if ( 'post' != $post->post_type ) { |
146 $post_type = $post->post_type; |
140 wp_redirect( get_edit_post_link( $post->ID, 'url' ) ); |
147 if ( 'post' == $post_type ) { |
141 exit(); |
148 $parent_file = "edit.php"; |
142 } |
149 $submenu_file = "edit.php"; |
143 |
150 $post_new_file = "post-new.php"; |
144 wp_enqueue_script('post'); |
151 } else { |
145 if ( user_can_richedit() ) |
152 if ( isset( $post_type_object ) && $post_type_object->show_in_menu && $post_type_object->show_in_menu !== true ) |
146 wp_enqueue_script('editor'); |
153 $parent_file = $post_type_object->show_in_menu; |
147 add_thickbox(); |
154 else |
148 wp_enqueue_script('media-upload'); |
155 $parent_file = "edit.php?post_type=$post_type"; |
149 wp_enqueue_script('word-count'); |
156 $submenu_file = "edit.php?post_type=$post_type"; |
150 wp_enqueue_script( 'admin-comments' ); |
157 $post_new_file = "post-new.php?post_type=$post_type"; |
151 enqueue_comment_hotkeys_js(); |
158 } |
152 |
159 |
153 if ( $last = wp_check_post_lock( $post->ID ) ) { |
160 if ( $last = wp_check_post_lock( $post->ID ) ) { |
154 add_action('admin_notices', '_admin_notice_post_locked' ); |
161 add_action('admin_notices', '_admin_notice_post_locked' ); |
155 } else { |
162 } else { |
156 wp_set_post_lock( $post->ID ); |
163 $active_post_lock = wp_set_post_lock( $post->ID ); |
157 wp_enqueue_script('autosave'); |
164 wp_enqueue_script('autosave'); |
158 } |
165 } |
159 |
166 |
160 $title = __('Edit Post'); |
167 $title = $post_type_object->labels->edit_item; |
161 $post = get_post_to_edit($post_ID); |
168 $post = get_post_to_edit($post_id); |
162 |
169 |
163 include('edit-form-advanced.php'); |
170 if ( post_type_supports($post_type, 'comments') ) { |
|
171 wp_enqueue_script('admin-comments'); |
|
172 enqueue_comment_hotkeys_js(); |
|
173 } |
|
174 |
|
175 include('./edit-form-advanced.php'); |
164 |
176 |
165 break; |
177 break; |
166 |
178 |
167 case 'editattachment': |
179 case 'editattachment': |
168 $post_id = (int) $_POST['post_ID']; |
|
169 |
|
170 check_admin_referer('update-attachment_' . $post_id); |
180 check_admin_referer('update-attachment_' . $post_id); |
171 |
181 |
172 // Don't let these be changed |
182 // Don't let these be changed |
173 unset($_POST['guid']); |
183 unset($_POST['guid']); |
174 $_POST['post_type'] = 'attachment'; |
184 $_POST['post_type'] = 'attachment'; |
178 $newmeta['thumb'] = $_POST['thumb']; |
188 $newmeta['thumb'] = $_POST['thumb']; |
179 |
189 |
180 wp_update_attachment_metadata( $post_id, $newmeta ); |
190 wp_update_attachment_metadata( $post_id, $newmeta ); |
181 |
191 |
182 case 'editpost': |
192 case 'editpost': |
183 $post_ID = (int) $_POST['post_ID']; |
193 check_admin_referer('update-' . $post_type . '_' . $post_id); |
184 check_admin_referer('update-post_' . $post_ID); |
194 |
185 |
195 $post_id = edit_post(); |
186 $post_ID = edit_post(); |
196 |
187 |
197 redirect_post($post_id); // Send user on their way while we keep working |
188 redirect_post($post_ID); // Send user on their way while we keep working |
|
189 |
198 |
190 exit(); |
199 exit(); |
191 break; |
200 break; |
192 |
201 |
193 case 'trash': |
202 case 'trash': |
194 $post_id = isset($_GET['post']) ? intval($_GET['post']) : intval($_POST['post_ID']); |
203 check_admin_referer('trash-' . $post_type . '_' . $post_id); |
195 check_admin_referer('trash-post_' . $post_id); |
|
196 |
204 |
197 $post = & get_post($post_id); |
205 $post = & get_post($post_id); |
198 |
206 |
199 if ( !current_user_can('delete_post', $post_id) ) |
207 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) |
200 wp_die( __('You are not allowed to move this post to the trash.') ); |
208 wp_die( __('You are not allowed to move this item to the Trash.') ); |
201 |
209 |
202 if ( ! wp_trash_post($post_id) ) |
210 if ( ! wp_trash_post($post_id) ) |
203 wp_die( __('Error in moving to trash...') ); |
211 wp_die( __('Error in moving to Trash.') ); |
204 |
212 |
205 wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) ); |
213 wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) ); |
206 exit(); |
214 exit(); |
207 break; |
215 break; |
208 |
216 |
209 case 'untrash': |
217 case 'untrash': |
210 $post_id = isset($_GET['post']) ? intval($_GET['post']) : intval($_POST['post_ID']); |
218 check_admin_referer('untrash-' . $post_type . '_' . $post_id); |
211 check_admin_referer('untrash-post_' . $post_id); |
219 |
212 |
220 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) |
213 $post = & get_post($post_id); |
221 wp_die( __('You are not allowed to move this item out of the Trash.') ); |
214 |
|
215 if ( !current_user_can('delete_post', $post_id) ) |
|
216 wp_die( __('You are not allowed to move this post out of the trash.') ); |
|
217 |
222 |
218 if ( ! wp_untrash_post($post_id) ) |
223 if ( ! wp_untrash_post($post_id) ) |
219 wp_die( __('Error in restoring from trash...') ); |
224 wp_die( __('Error in restoring from Trash.') ); |
220 |
225 |
221 wp_redirect( add_query_arg('untrashed', 1, $sendback) ); |
226 wp_redirect( add_query_arg('untrashed', 1, $sendback) ); |
222 exit(); |
227 exit(); |
223 break; |
228 break; |
224 |
229 |
225 case 'delete': |
230 case 'delete': |
226 $post_id = (isset($_GET['post'])) ? intval($_GET['post']) : intval($_POST['post_ID']); |
231 check_admin_referer('delete-' . $post_type . '_' . $post_id); |
227 check_admin_referer('delete-post_' . $post_id); |
232 |
228 |
233 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) |
229 $post = & get_post($post_id); |
234 wp_die( __('You are not allowed to delete this item.') ); |
230 |
|
231 if ( !current_user_can('delete_post', $post_id) ) |
|
232 wp_die( __('You are not allowed to delete this post.') ); |
|
233 |
235 |
234 $force = !EMPTY_TRASH_DAYS; |
236 $force = !EMPTY_TRASH_DAYS; |
235 if ( $post->post_type == 'attachment' ) { |
237 if ( $post->post_type == 'attachment' ) { |
236 $force = ( $force || !MEDIA_TRASH ); |
238 $force = ( $force || !MEDIA_TRASH ); |
237 if ( ! wp_delete_attachment($post_id, $force) ) |
239 if ( ! wp_delete_attachment($post_id, $force) ) |
238 wp_die( __('Error in deleting...') ); |
240 wp_die( __('Error in deleting.') ); |
239 } else { |
241 } else { |
240 if ( !wp_delete_post($post_id, $force) ) |
242 if ( !wp_delete_post($post_id, $force) ) |
241 wp_die( __('Error in deleting...') ); |
243 wp_die( __('Error in deleting.') ); |
242 } |
244 } |
243 |
245 |
244 wp_redirect( add_query_arg('deleted', 1, $sendback) ); |
246 wp_redirect( add_query_arg('deleted', 1, $sendback) ); |
245 exit(); |
247 exit(); |
246 break; |
248 break; |