site_iri: comparison web/wp-admin/admin-ajax.php

equal deleted inserted replaced

-:a4642baaf829
+:4d4862461b8d
 				'data' => $message
 			) );
 			$x->send();
 	}
-	if ( !empty( $_POST['action']) )
+	if ( !empty( $_REQUEST['action']) )
-		do_action( 'wp_ajax_nopriv_' . $_POST['action'] );
+		do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
 	die('-1');
 }
 if ( isset( $_GET['action'] ) ) :
 		 if ( 1 == $_GET['test'] ) {
 		 	echo $test_str;
 		 	die;
 		 } elseif ( 2 == $_GET['test'] ) {
+			if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
+				die('-1');
 			if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
 				header('Content-Encoding: deflate');
 				$out = gzdeflate( $test_str, 1 );
 			} elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
 				header('Content-Encoding: gzip');
 			update_site_option('can_compress_scripts', 1);
 		}
 	}
 	die('0');
+	break;
+case 'imgedit-preview' :
+	$post_id = intval($_GET['postid']);
+	if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
+		die('-1');
+	check_ajax_referer( "image_editor-$post_id" );
+	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
+	if ( !stream_preview_image($post_id) )
+		die('-1');
+	die();
+	break;
+case 'oembed-cache' :
+	$return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
+	die( $return );
 	break;
 default :
 	do_action( 'wp_ajax_' . $_GET['action'] );
 	die('0');
 	break;
 		$total = 0;
 	if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
 		die( (string) time() );
+	$post_id = 0;
 	$status = 'total_comments'; // What type of comment count are we looking for?
 	$parsed = parse_url( $url );
 	if ( isset( $parsed['query'] ) ) {
 		parse_str( $parsed['query'], $query_vars );
 		if ( !empty( $query_vars['comment_status'] ) )
 			$status = $query_vars['comment_status'];
-	}
+		if ( !empty( $query_vars['p'] ) )
+			$post_id = (int) $query_vars['p'];
-	$comment_count = wp_count_comments();
+	}
+	$comment_count = wp_count_comments($post_id);
 	$time = time(); // The time since the last comment count
 	if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
 		$total = $comment_count->$status;
 	// else use the decremented value from above
 }
 $id = isset($_POST['id'])? (int) $_POST['id'] : 0;
 switch ( $action = $_POST['action'] ) :
 case 'delete-comment' : // On success, die with time() instead of 1
-	check_ajax_referer( "delete-comment_$id" );
 	if ( !$comment = get_comment( $id ) )
 		die( (string) time() );
 	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
 		die('-1');
-	if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
+	check_ajax_referer( "delete-comment_$id" );
-		if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
+	$status = wp_get_comment_status( $comment->comment_ID );
+	if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
+		if ( 'trash' == $status )
 			die( (string) time() );
-		$r = wp_set_comment_status( $comment->comment_ID, 'spam' );
+		$r = wp_trash_comment( $comment->comment_ID );
+	} elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
+		if ( 'trash' != $status )
+			die( (string) time() );
+		$r = wp_untrash_comment( $comment->comment_ID );
+	} elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
+		if ( 'spam' == $status )
+			die( (string) time() );
+		$r = wp_spam_comment( $comment->comment_ID );
+	} elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
+		if ( 'spam' != $status )
+			die( (string) time() );
+		$r = wp_unspam_comment( $comment->comment_ID );
+	} elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
+		$r = wp_delete_comment( $comment->comment_ID );
 	} else {
-		$r = wp_delete_comment( $comment->comment_ID );
+		die('-1');
 	}
 	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
 		_wp_ajax_delete_comment_response( $comment->comment_ID );
 	die( '0' );
 	break;
 case 'delete-cat' :
 		die('1');
 	else
 		die('0');
 	break;
 case 'delete-tag' :
-	check_ajax_referer( "delete-tag_$id" );
+	$tag_id = (int) $_POST['tag_ID'];
+	check_ajax_referer( "delete-tag_$tag_id" );
 	if ( !current_user_can( 'manage_categories' ) )
 		die('-1');
-	if ( !empty($_POST['taxonomy']) )
+	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
-		$taxonomy = $_POST['taxonomy'];
-	else
+	$tag = get_term( $tag_id, $taxonomy );
-		$taxonomy = 'post_tag';
-	$tag = get_term( $id, $taxonomy );
 	if ( !$tag || is_wp_error( $tag ) )
 		die('1');
-	if ( wp_delete_term($id, $taxonomy))
+	if ( wp_delete_term($tag_id, $taxonomy))
 		die('1');
 	else
 		die('0');
 	break;
 case 'delete-link-cat' :
 	if ( wp_delete_post( $id ) )
 		die('1');
 	else
 		die('0');
 	break;
+case 'trash-post' :
+case 'untrash-post' :
+	check_ajax_referer( "{$action}_$id" );
+	if ( !current_user_can( 'delete_post', $id ) )
+		die('-1');
+	if ( !get_post( $id ) )
+		die('1');
+	if ( 'trash-post' == $action )
+		$done = wp_trash_post( $id );
+	else
+		$done = wp_untrash_post( $id );
+	if ( $done )
+		die('1');
+	die('0');
+	break;
 case 'delete-page' :
 	check_ajax_referer( "{$action}_$id" );
 	if ( !current_user_can( 'delete_page', $id ) )
 		die('-1');
 			'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
 		) );
 		$x->send();
 	}
-	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
+	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
-		die('-1');
-	if ( !current_user_can( 'moderate_comments' ) )
 		die('-1');
 	$current = wp_get_comment_status( $comment->comment_ID );
 	if ( $_POST['new'] == $current )
 		die( (string) time() );
-	$r = 0;
+	check_ajax_referer( "approve-comment_$id" );
-	if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
+	if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
-		check_ajax_referer( "approve-comment_$id" );
 		$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
-	} else {
+	else
-		check_ajax_referer( "unapprove-comment_$id" );
 		$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
-	}
 	if ( is_wp_error($result) ) {
 		$x = new WP_Ajax_Response( array(
 			'what' => 'comment',
 			'id' => $result
 		) );
 	$names = explode(',', $_POST['newcat']);
 	if ( 0 > $parent = (int) $_POST['newcat_parent'] )
 		$parent = 0;
 	$post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
 	$checked_categories = array_map( 'absint', (array) $post_category );
-	$popular_ids = isset( $_POST['popular_ids'] ) ?
+	$popular_ids = wp_popular_terms_checklist('category', 0, 10, false);
-			array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
-			false;
-	$x = new WP_Ajax_Response();
 	foreach ( $names as $cat_name ) {
 		$cat_name = trim($cat_name);
 		$category_nicename = sanitize_title($cat_name);
 		if ( '' === $category_nicename )
 			continue;
 		$category = get_category( $cat_id );
 		ob_start();
 			wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
 		$data = ob_get_contents();
 		ob_end_clean();
-		$x->add( array(
+		$add = array(
 			'what' => 'category',
 			'id' => $cat_id,
-			'data' => $data,
+			'data' => str_replace( array("\n", "\t"), '', $data),
 			'position' => -1
-		) );
+		);
 	}
 	if ( $parent ) { // Foncy - replace the parent and all its children
 		$parent = get_category( $parent );
+		$term_id = $parent->term_id;
+		while ( $parent->parent ) { // get the top parent
+			$parent = &get_category( $parent->parent );
+			if ( is_wp_error( $parent ) )
+				break;
+			$term_id = $parent->term_id;
+		}
 		ob_start();
-			dropdown_categories( 0, $parent );
+			wp_category_checklist( 0, $term_id, $checked_categories, $popular_ids, null, false );
 		$data = ob_get_contents();
 		ob_end_clean();
-		$x->add( array(
+		$add = array(
 			'what' => 'category',
-			'id' => $parent->term_id,
+			'id' => $term_id,
-			'old_id' => $parent->term_id,
+			'data' => str_replace( array("\n", "\t"), '', $data),
-			'data' => $data,
 			'position' => -1
-		) );
+		);
+	}
-	}
+	ob_start();
+		wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category') ) );
+	$sup = ob_get_contents();
+	ob_end_clean();
+	$add['supplemental'] = array( 'newcat_parent' => $sup );
+	$x = new WP_Ajax_Response( $add );
 	$x->send();
 	break;
 case 'add-link-category' : // On the Fly
 	check_ajax_referer( $action );
 	if ( !current_user_can( 'manage_categories' ) )
 case 'add-tag' : // From Manage->Tags
 	check_ajax_referer( 'add-tag' );
 	if ( !current_user_can( 'manage_categories' ) )
 		die('-1');
-	if ( '' === trim($_POST['name']) ) {
+	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
-		$x = new WP_Ajax_Response( array(
+	$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
-			'what' => 'tag',
-			'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
+	if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
-		) );
+		echo '<div class="error"><p>' . __('An error has occured. Please reload the page and try again.') . '</p></div>';
-		$x->send();
+		exit;
 	}
-	if ( !empty($_POST['taxonomy']) )
+	echo _tag_row( $tag, '', $taxonomy );
-		$taxonomy = $_POST['taxonomy'];
+	exit;
-	else
-		$taxonomy = 'post_tag';
-	$tag = wp_insert_term($_POST['name'], $taxonomy, $_POST );
-	if ( is_wp_error($tag) ) {
-		$x = new WP_Ajax_Response( array(
-			'what' => 'tag',
-			'id' => $tag
-		) );
-		$x->send();
-	}
-	if ( !$tag || (!$tag = get_term( $tag['term_id'], $taxonomy )) )
-		die('0');
-	$tag_full_name = $tag->name;
-	$tag_full_name = esc_attr($tag_full_name);
-	$x = new WP_Ajax_Response( array(
-		'what' => 'tag',
-		'id' => $tag->term_id,
-		'position' => '-1',
-		'data' => _tag_row( $tag, '', $taxonomy ),
-		'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
-	) );
-	$x->send();
 	break;
 case 'get-tagcloud' :
 	if ( !current_user_can( 'edit_posts' ) )
 		die('-1');
 	exit;
 	break;
 case 'add-comment' :
 	check_ajax_referer( $action );
-	if ( !current_user_can( 'edit_post', $id ) )
+	if ( !current_user_can( 'edit_posts' ) )
 		die('-1');
 	$search = isset($_POST['s']) ? $_POST['s'] : false;
 	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
 	$per_page = isset($_POST['per_page']) ?  (int) $_POST['per_page'] + 8 : 28;
 	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
 	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
 	if ( empty($status) )
 		die('1');
-	elseif ( in_array($status, array('draft', 'pending') ) )
+	elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
 		die( __('Error: you are replying to a comment on a draft post.') );
 	$user = wp_get_current_user();
 	if ( $user->ID ) {
 		$comment_author       = $wpdb->escape($user->display_name);
 	/* translators: draft saved date format, see http://php.net/date */
 	$draft_saved_date_format = __('g:i:s a');
 	$message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );
 	$supplemental = array();
+	if ( isset($login_grace_period) )
+		$supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
 	$id = $revision_id = 0;
 	if($_POST['post_ID'] < 0) {
 		$_POST['post_status'] = 'draft';
 		$_POST['temp_ID'] = $_POST['post_ID'];
 	$x->send();
 	break;
 case 'autosave-generate-nonces' :
 	check_ajax_referer( 'autosave', 'autosavenonce' );
 	$ID = (int) $_POST['post_ID'];
-	if($_POST['post_type'] == 'post') {
+	$post_type = ( 'page' == $_POST['post_type'] ) ? 'page' : 'post';
-		if(current_user_can('edit_post', $ID))
+	if ( current_user_can( "edit_{$post_type}", $ID ) )
-			die(wp_create_nonce('update-post_' . $ID));
+		die( json_encode( array( 'updateNonce' => wp_create_nonce( "update-{$post_type}_{$ID}" ), 'deleteURL' => str_replace( '&amp;', '&', wp_nonce_url( admin_url( $post_type . '.php?action=trash&post=' . $ID ), "trash-{$post_type}_{$ID}" ) ) ) ) );
-	}
+	do_action('autosave_generate_nonces');
-	if($_POST['post_type'] == 'page') {
-		if(current_user_can('edit_page', $ID)) {
-			die(wp_create_nonce('update-page_' . $ID));
-		}
-	}
 	die('0');
 break;
 case 'closed-postboxes' :
 	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
 	$closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
 	if ( is_array($closed) )
 		update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
 	if ( is_array($hidden) ) {
-		$hidden = array_diff( $hidden, array('submitdiv', 'pagesubmitdiv', 'linksubmitdiv') ); // postboxes that are always shown
+		$hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv') ); // postboxes that are always shown
 		update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
 	}
 	die('1');
 	break;
 			else
 				die( __('Category not updated.') );
 			break;
 		case 'tag' :
-			if ( !empty($_POST['taxonomy']) )
+			$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
-				$taxonomy = $_POST['taxonomy'];
-			else
-				$taxonomy = 'post_tag';
 			$tag = get_term( $id, $taxonomy );
 			$_POST['description'] = $tag->description;
 			$updated = wp_update_term($id, $taxonomy, $_POST);
 			if ( $updated && !is_wp_error($updated) ) {
 				$tag = get_term( $updated['term_id'], $taxonomy );
 				if ( !$tag || is_wp_error( $tag ) )
 					die( __('Tag not updated.') );
-				echo _tag_row($tag);
+				echo _tag_row($tag, '', $taxonomy);
 			} else {
 				die( __('Tag not updated.') );
 			}
 			break;
 		exit;
 	$what = isset($_POST['pages']) ? 'page' : 'post';
 	$s = stripslashes($_POST['ps']);
 	preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
-	$search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
+	$search_terms = array_map('_search_terms_tidy', $matches[0]);
 	$searchand = $search = '';
-	foreach( (array) $search_terms as $term) {
+	foreach ( (array) $search_terms as $term ) {
 		$term = addslashes_gpc($term);
 		$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
 		$searchand = ' AND ';
 	}
 	$term = $wpdb->escape($s);
 	if ( count($search_terms) > 1 && $search_terms[0] != $s )
 		$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
-	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
+	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
 	if ( ! $posts )
 		exit( __('No posts found.') );
-	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
+	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
 	foreach ( $posts as $post ) {
 		switch ( $post->post_status ) {
 			case 'publish' :
 			case 'private' :
 				break;
 			case 'pending' :
 				$stat = __('Pending Review');
 				break;
 			case 'draft' :
-				$stat = __('Unpublished');
+				$stat = __('Draft');
 				break;
 		}
 		if ( '0000-00-00 00:00:00' == $post->post_date ) {
 			$time = '';
 	if ( $form = $wp_registered_widget_controls[$widget_id] )
 		call_user_func_array( $form['callback'], $form['params'] );
 	die();
 	break;
+case 'image-editor':
+	$attachment_id = intval($_POST['postid']);
+	if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
+		die('-1');
+	check_ajax_referer( "image_editor-$attachment_id" );
+	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
+	$msg = false;
+	switch ( $_POST['do'] ) {
+		case 'save' :
+			$msg = wp_save_image($attachment_id);
+			$msg = json_encode($msg);
+			die($msg);
+			break;
+		case 'scale' :
+			$msg = wp_save_image($attachment_id);
+			break;
+		case 'restore' :
+			$msg = wp_restore_image($attachment_id);
+			break;
+	}
+	wp_image_editor($attachment_id, $msg);
+	die();
+	break;
+case 'set-post-thumbnail':
+	$post_id = intval( $_POST['post_id'] );
+	if ( !current_user_can( 'edit_post', $post_id ) )
+		die( '-1' );
+	$thumbnail_id = intval( $_POST['thumbnail_id'] );
+	if ( $thumbnail_id == '-1' ) {
+		delete_post_meta( $post_id, '_thumbnail_id' );
+		die( _wp_post_thumbnail_html() );
+	}
+	if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
+		$thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
+		if ( !empty( $thumbnail_html ) ) {
+			update_post_meta( $post_id, '_thumbnail_id', $thumbnail_id );
+			die( _wp_post_thumbnail_html( $thumbnail_id ) );
+		}
+	}
+	die( '0' );
 default :
 	do_action( 'wp_ajax_' . $_POST['action'] );
 	die('0');
 	break;
 endswitch;

branch	wordpress
changeset 132	4d4862461b8d
parent 109	03b0d1493584