PageRenderTime 55ms CodeModel.GetById 17ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-admin/admin-ajax.php

https://github.com/schr/wordpress
PHP | 1237 lines | 1035 code | 173 blank | 29 comment | 261 complexity | c8d6f063396bdf3df0bdee513dcdb297 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3.  * WordPress AJAX Process Execution.
    4. 

  4.  *
    5. 

  5.  * @package WordPress
    6. 

  6.  * @subpackage Administration
    7. 

  7.  */
    8. 

  8. 

  9. /**
    10. 

  10.  * Executing AJAX process.
    11. 

  11.  *
    12. 

  12.  * @since unknown
    13. 

  13.  */
    14. 

  14. define('DOING_AJAX', true);
    15. 

  15. define('WP_ADMIN', true);
    16. 

  16. 

  17. require_once('../wp-load.php');
    18. 

  18. require_once('includes/admin.php');
    19. 

  19. @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
    20. 

  20. 

  21. do_action('admin_init');
    22. 

  22. 

  23. if ( ! is_user_logged_in() ) {
    24. 

  24. 

  25. 	if ( $_POST['action'] == 'autosave' ) {
    26. 

  26. 		$id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
    27. 

  27. 

  28. 		if ( ! $id )
    29. 

  29. 			die('-1');
    30. 

  30. 

  31. 		$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() );
    32. 

  32. 			$x = new WP_Ajax_Response( array(
    33. 

  33. 				'what' => 'autosave',
    34. 

  34. 				'id' => $id,
    35. 

  35. 				'data' => $message
    36. 

  36. 			) );
    37. 

  37. 			$x->send();
    38. 

  38. 	}
    39. 

  39. 

  40. 	if ( !empty( $_POST['action']) )
    41. 

  41. 		do_action( 'wp_ajax_nopriv_' . $_POST['action'] );
    42. 

  42. 

  43. 	die('-1');
    44. 

  44. }
    45. 

  45. 

  46. if ( isset( $_GET['action'] ) ) :
    47. 

  47. switch ( $action = $_GET['action'] ) :
    48. 

  48. case 'ajax-tag-search' :
    49. 

  49. 	if ( !current_user_can( 'edit_posts' ) )
    50. 

  50. 		die('-1');
    51. 

  51. 

  52. 	$s = $_GET['q']; // is this slashed already?
    53. 

  53. 

  54. 	if ( isset($_GET['tax']) )
    55. 

  55. 		$taxonomy = sanitize_title($_GET['tax']);
    56. 

  56. 	else
    57. 

  57. 		die('0');
    58. 

  58. 

  59. 	if ( false !== strpos( $s, ',' ) ) {
    60. 

  60. 		$s = explode( ',', $s );
    61. 

  61. 		$s = $s[count( $s ) - 1];
    62. 

  62. 	}
    63. 

  63. 	$s = trim( $s );
    64. 

  64. 	if ( strlen( $s ) < 2 )
    65. 

  65. 		die; // require 2 chars for matching
    66. 

  66. 

  67. 	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
    68. 

  68. 

  69. 	echo join( $results, "\n" );
    70. 

  70. 	die;
    71. 

  71. 	break;
    72. 

  72. case 'wp-compression-test' :
    73. 

  73. 	if ( !current_user_can( 'manage_options' ) )
    74. 

  74. 		die('-1');
    75. 

  75. 

  76. 	if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
    77. 

  77. 		update_site_option('can_compress_scripts', 0);
    78. 

  78. 		die('0');
    79. 

  79. 	}
    80. 

  80. 

  81. 	if ( isset($_GET['test']) ) {
    82. 

  82. 		header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
    83. 

  83. 		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
    84. 

  84. 		header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
    85. 

  85. 		header( 'Pragma: no-cache' );
    86. 

  86. 		header('Content-Type: application/x-javascript; charset=UTF-8');
    87. 

  87. 		$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
    88. 

  88. 		$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
    89. 

  89. 

  90. 		 if ( 1 == $_GET['test'] ) {
    91. 

  91. 		 	echo $test_str;
    92. 

  92. 		 	die;
    93. 

  93. 		 } elseif ( 2 == $_GET['test'] ) {
    94. 

  94. 			if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
    95. 

  95. 				header('Content-Encoding: deflate');
    96. 

  96. 				$out = gzdeflate( $test_str, 1 );
    97. 

  97. 			} elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
    98. 

  98. 				header('Content-Encoding: gzip');
    99. 

  99. 				$out = gzencode( $test_str, 1 );
    100. 

  100. 			} else {
    101. 

  101. 				die('-1');
    102. 

  102. 			}
    103. 

  103. 			echo $out;
    104. 

  104. 			die;
    105. 

  105. 		} elseif ( 'no' == $_GET['test'] ) {
    106. 

  106. 			update_site_option('can_compress_scripts', 0);
    107. 

  107. 		} elseif ( 'yes' == $_GET['test'] ) {
    108. 

  108. 			update_site_option('can_compress_scripts', 1);
    109. 

  109. 		}
    110. 

  110. 	}
    111. 

  111. 

  112. 	die('0');
    113. 

  113. 	break;
    114. 

  114. default :
    115. 

  115. 	do_action( 'wp_ajax_' . $_GET['action'] );
    116. 

  116. 	die('0');
    117. 

  117. 	break;
    118. 

  118. endswitch;
    119. 

  119. endif;
    120. 

  120. 

  121. /**
    122. 

  122.  * Sends back current comment total and new page links if they need to be updated.
    123. 

  123.  *
    124. 

  124.  * Contrary to normal success AJAX response ("1"), die with time() on success.
    125. 

  125.  *
    126. 

  126.  * @since 2.7
    127. 

  127.  *
    128. 

  128.  * @param int $comment_id
    129. 

  129.  * @return die
    130. 

  130.  */
    131. 

  131. function _wp_ajax_delete_comment_response( $comment_id ) {
    132. 

  132. 	$total = (int) @$_POST['_total'];
    133. 

  133. 	$per_page = (int) @$_POST['_per_page'];
    134. 

  134. 	$page = (int) @$_POST['_page'];
    135. 

  135. 	$url = clean_url( @$_POST['_url'], null, 'url' );
    136. 

  136. 	// JS didn't send us everything we need to know.  Just die with success message
    137. 

  137. 	if ( !$total || !$per_page || !$page || !$url )
    138. 

  138. 		die( (string) time() );
    139. 

  139. 

  140. 	if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
    141. 

  141. 		$total = 0;
    142. 

  142. 

  143. 	if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
    144. 

  144. 		die( (string) time() );
    145. 

  145. 

  146. 	$status = 'total_comments'; // What type of comment count are we looking for?
    147. 

  147. 	$parsed = parse_url( $url );
    148. 

  148. 	if ( isset( $parsed['query'] ) ) {
    149. 

  149. 		parse_str( $parsed['query'], $query_vars );
    150. 

  150. 		if ( !empty( $query_vars['comment_status'] ) )
    151. 

  151. 			$status = $query_vars['comment_status'];
    152. 

  152. 	}
    153. 

  153. 

  154. 	$comment_count = wp_count_comments();
    155. 

  155. 	$time = time(); // The time since the last comment count
    156. 

  156. 

  157. 	if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
    158. 

  158. 		$total = $comment_count->$status;
    159. 

  159. 	// else use the decremented value from above
    160. 

  160. 

  161. 	$page_links = paginate_links( array(
    162. 

  162. 		'base' => add_query_arg( 'apage', '%#%', $url ),
    163. 

  163. 		'format' => '',
    164. 

  164. 		'prev_text' => __('&laquo;'),
    165. 

  165. 		'next_text' => __('&raquo;'),
    166. 

  166. 		'total' => ceil($total / $per_page),
    167. 

  167. 		'current' => $page
    168. 

  168. 	) );
    169. 

  169. 	$x = new WP_Ajax_Response( array(
    170. 

  170. 		'what' => 'comment',
    171. 

  171. 		'id' => $comment_id, // here for completeness - not used
    172. 

  172. 		'supplemental' => array(
    173. 

  173. 			'pageLinks' => $page_links,
    174. 

  174. 			'total' => $total,
    175. 

  175. 			'time' => $time
    176. 

  176. 		)
    177. 

  177. 	) );
    178. 

  178. 	$x->send();
    179. 

  179. }
    180. 

  180. 

  181. $id = isset($_POST['id'])? (int) $_POST['id'] : 0;
    182. 

  182. switch ( $action = $_POST['action'] ) :
    183. 

  183. case 'delete-comment' : // On success, die with time() instead of 1
    184. 

  184. 	check_ajax_referer( "delete-comment_$id" );
    185. 

  185. 	if ( !$comment = get_comment( $id ) )
    186. 

  186. 		die( (string) time() );
    187. 

  187. 	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
    188. 

  188. 		die('-1');
    189. 

  189. 

  190. 	if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
    191. 

  191. 		if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
    192. 

  192. 			die( (string) time() );
    193. 

  193. 		$r = wp_set_comment_status( $comment->comment_ID, 'spam' );
    194. 

  194. 	} else {
    195. 

  195. 		$r = wp_delete_comment( $comment->comment_ID );
    196. 

  196. 	}
    197. 

  197. 	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
    198. 

  198. 		_wp_ajax_delete_comment_response( $comment->comment_ID );
    199. 

  199. 	die( '0' );
    200. 

  200. 	break;
    201. 

  201. case 'delete-cat' :
    202. 

  202. 	check_ajax_referer( "delete-category_$id" );
    203. 

  203. 	if ( !current_user_can( 'manage_categories' ) )
    204. 

  204. 		die('-1');
    205. 

  205. 

  206. 	$cat = get_category( $id );
    207. 

  207. 	if ( !$cat || is_wp_error( $cat ) )
    208. 

  208. 		die('1');
    209. 

  209. 

  210. 	if ( wp_delete_category( $id ) )
    211. 

  211. 		die('1');
    212. 

  212. 	else
    213. 

  213. 		die('0');
    214. 

  214. 	break;
    215. 

  215. case 'delete-tag' :
    216. 

  216. 	check_ajax_referer( "delete-tag_$id" );
    217. 

  217. 	if ( !current_user_can( 'manage_categories' ) )
    218. 

  218. 		die('-1');
    219. 

  219. 

  220. 	if ( !empty($_POST['taxonomy']) )
    221. 

  221. 		$taxonomy = $_POST['taxonomy'];
    222. 

  222. 	else
    223. 

  223. 		$taxonomy = 'post_tag';
    224. 

  224. 

  225. 	$tag = get_term( $id, $taxonomy );
    226. 

  226. 	if ( !$tag || is_wp_error( $tag ) )
    227. 

  227. 		die('1');
    228. 

  228. 

  229. 	if ( wp_delete_term($id, $taxonomy))
    230. 

  230. 		die('1');
    231. 

  231. 	else
    232. 

  232. 		die('0');
    233. 

  233. 	break;
    234. 

  234. case 'delete-link-cat' :
    235. 

  235. 	check_ajax_referer( "delete-link-category_$id" );
    236. 

  236. 	if ( !current_user_can( 'manage_categories' ) )
    237. 

  237. 		die('-1');
    238. 

  238. 

  239. 	$cat = get_term( $id, 'link_category' );
    240. 

  240. 	if ( !$cat || is_wp_error( $cat ) )
    241. 

  241. 		die('1');
    242. 

  242. 

  243. 	$cat_name = get_term_field('name', $id, 'link_category');
    244. 

  244. 

  245. 	// Don't delete the default cats.
    246. 

  246. 	if ( $id == get_option('default_link_category') ) {
    247. 

  247. 		$x = new WP_AJAX_Response( array(
    248. 

  248. 			'what' => 'link-cat',
    249. 

  249. 			'id' => $id,
    250. 

  250. 			'data' => new WP_Error( 'default-link-cat', sprintf(__("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
    251. 

  251. 		) );
    252. 

  252. 		$x->send();
    253. 

  253. 	}
    254. 

  254. 

  255. 	$r = wp_delete_term($id, 'link_category');
    256. 

  256. 	if ( !$r )
    257. 

  257. 		die('0');
    258. 

  258. 	if ( is_wp_error($r) ) {
    259. 

  259. 		$x = new WP_AJAX_Response( array(
    260. 

  260. 			'what' => 'link-cat',
    261. 

  261. 			'id' => $id,
    262. 

  262. 			'data' => $r
    263. 

  263. 		) );
    264. 

  264. 		$x->send();
    265. 

  265. 	}
    266. 

  266. 	die('1');
    267. 

  267. 	break;
    268. 

  268. case 'delete-link' :
    269. 

  269. 	check_ajax_referer( "delete-bookmark_$id" );
    270. 

  270. 	if ( !current_user_can( 'manage_links' ) )
    271. 

  271. 		die('-1');
    272. 

  272. 

  273. 	$link = get_bookmark( $id );
    274. 

  274. 	if ( !$link || is_wp_error( $link ) )
    275. 

  275. 		die('1');
    276. 

  276. 

  277. 	if ( wp_delete_link( $id ) )
    278. 

  278. 		die('1');
    279. 

  279. 	else
    280. 

  280. 		die('0');
    281. 

  281. 	break;
    282. 

  282. case 'delete-meta' :
    283. 

  283. 	check_ajax_referer( "delete-meta_$id" );
    284. 

  284. 	if ( !$meta = get_post_meta_by_id( $id ) )
    285. 

  285. 		die('1');
    286. 

  286. 

  287. 	if ( !current_user_can( 'edit_post', $meta->post_id ) )
    288. 

  288. 		die('-1');
    289. 

  289. 	if ( delete_meta( $meta->meta_id ) )
    290. 

  290. 		die('1');
    291. 

  291. 	die('0');
    292. 

  292. 	break;
    293. 

  293. case 'delete-post' :
    294. 

  294. 	check_ajax_referer( "{$action}_$id" );
    295. 

  295. 	if ( !current_user_can( 'delete_post', $id ) )
    296. 

  296. 		die('-1');
    297. 

  297. 

  298. 	if ( !get_post( $id ) )
    299. 

  299. 		die('1');
    300. 

  300. 

  301. 	if ( wp_delete_post( $id ) )
    302. 

  302. 		die('1');
    303. 

  303. 	else
    304. 

  304. 		die('0');
    305. 

  305. 	break;
    306. 

  306. case 'delete-page' :
    307. 

  307. 	check_ajax_referer( "{$action}_$id" );
    308. 

  308. 	if ( !current_user_can( 'delete_page', $id ) )
    309. 

  309. 		die('-1');
    310. 

  310. 

  311. 	if ( !get_page( $id ) )
    312. 

  312. 		die('1');
    313. 

  313. 

  314. 	if ( wp_delete_post( $id ) )
    315. 

  315. 		die('1');
    316. 

  316. 	else
    317. 

  317. 		die('0');
    318. 

  318. 	break;
    319. 

  319. case 'dim-comment' : // On success, die with time() instead of 1
    320. 

  320. 

  321. 	if ( !$comment = get_comment( $id ) ) {
    322. 

  322. 		$x = new WP_Ajax_Response( array(
    323. 

  323. 			'what' => 'comment',
    324. 

  324. 			'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
    325. 

  325. 		) );
    326. 

  326. 		$x->send();
    327. 

  327. 	}
    328. 

  328. 

  329. 	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
    330. 

  330. 		die('-1');
    331. 

  331. 	if ( !current_user_can( 'moderate_comments' ) )
    332. 

  332. 		die('-1');
    333. 

  333. 

  334. 	$current = wp_get_comment_status( $comment->comment_ID );
    335. 

  335. 	if ( $_POST['new'] == $current )
    336. 

  336. 		die( (string) time() );
    337. 

  337. 

  338. 	$r = 0;
    339. 

  339. 	if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
    340. 

  340. 		check_ajax_referer( "approve-comment_$id" );
    341. 

  341. 		$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
    342. 

  342. 	} else {
    343. 

  343. 		check_ajax_referer( "unapprove-comment_$id" );
    344. 

  344. 		$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
    345. 

  345. 	}
    346. 

  346. 	if ( is_wp_error($result) ) {
    347. 

  347. 		$x = new WP_Ajax_Response( array(
    348. 

  348. 			'what' => 'comment',
    349. 

  349. 			'id' => $result
    350. 

  350. 		) );
    351. 

  351. 		$x->send();
    352. 

  352. 	}
    353. 

  353. 

  354. 	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
    355. 

  355. 	_wp_ajax_delete_comment_response( $comment->comment_ID );
    356. 

  356. 	die( '0' );
    357. 

  357. 	break;
    358. 

  358. case 'add-category' : // On the Fly
    359. 

  359. 	check_ajax_referer( $action );
    360. 

  360. 	if ( !current_user_can( 'manage_categories' ) )
    361. 

  361. 		die('-1');
    362. 

  362. 	$names = explode(',', $_POST['newcat']);
    363. 

  363. 	if ( 0 > $parent = (int) $_POST['newcat_parent'] )
    364. 

  364. 		$parent = 0;
    365. 

  365. 	$post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
    366. 

  366. 	$checked_categories = array_map( 'absint', (array) $post_category );
    367. 

  367. 	$popular_ids = isset( $_POST['popular_ids'] ) ?
    368. 

  368. 			array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
    369. 

  369. 			false;
    370. 

  370. 

  371. 	$x = new WP_Ajax_Response();
    372. 

  372. 	foreach ( $names as $cat_name ) {
    373. 

  373. 		$cat_name = trim($cat_name);
    374. 

  374. 		$category_nicename = sanitize_title($cat_name);
    375. 

  375. 		if ( '' === $category_nicename )
    376. 

  376. 			continue;
    377. 

  377. 		$cat_id = wp_create_category( $cat_name, $parent );
    378. 

  378. 		$checked_categories[] = $cat_id;
    379. 

  379. 		if ( $parent ) // Do these all at once in a second
    380. 

  380. 			continue;
    381. 

  381. 		$category = get_category( $cat_id );
    382. 

  382. 		ob_start();
    383. 

  383. 			wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
    384. 

  384. 		$data = ob_get_contents();
    385. 

  385. 		ob_end_clean();
    386. 

  386. 		$x->add( array(
    387. 

  387. 			'what' => 'category',
    388. 

  388. 			'id' => $cat_id,
    389. 

  389. 			'data' => $data,
    390. 

  390. 			'position' => -1
    391. 

  391. 		) );
    392. 

  392. 	}
    393. 

  393. 	if ( $parent ) { // Foncy - replace the parent and all its children
    394. 

  394. 		$parent = get_category( $parent );
    395. 

  395. 		ob_start();
    396. 

  396. 			dropdown_categories( 0, $parent );
    397. 

  397. 		$data = ob_get_contents();
    398. 

  398. 		ob_end_clean();
    399. 

  399. 		$x->add( array(
    400. 

  400. 			'what' => 'category',
    401. 

  401. 			'id' => $parent->term_id,
    402. 

  402. 			'old_id' => $parent->term_id,
    403. 

  403. 			'data' => $data,
    404. 

  404. 			'position' => -1
    405. 

  405. 		) );
    406. 

  406. 

  407. 	}
    408. 

  408. 	$x->send();
    409. 

  409. 	break;
    410. 

  410. case 'add-link-category' : // On the Fly
    411. 

  411. 	check_ajax_referer( $action );
    412. 

  412. 	if ( !current_user_can( 'manage_categories' ) )
    413. 

  413. 		die('-1');
    414. 

  414. 	$names = explode(',', $_POST['newcat']);
    415. 

  415. 	$x = new WP_Ajax_Response();
    416. 

  416. 	foreach ( $names as $cat_name ) {
    417. 

  417. 		$cat_name = trim($cat_name);
    418. 

  418. 		$slug = sanitize_title($cat_name);
    419. 

  419. 		if ( '' === $slug )
    420. 

  420. 			continue;
    421. 

  421. 		if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
    422. 

  422. 			$cat_id = wp_insert_term( $cat_name, 'link_category' );
    423. 

  423. 		}
    424. 

  424. 		$cat_id = $cat_id['term_id'];
    425. 

  425. 		$cat_name = wp_specialchars(stripslashes($cat_name));
    426. 

  426. 		$x->add( array(
    427. 

  427. 			'what' => 'link-category',
    428. 

  428. 			'id' => $cat_id,
    429. 

  429. 			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
    430. 

  430. 			'position' => -1
    431. 

  431. 		) );
    432. 

  432. 	}
    433. 

  433. 	$x->send();
    434. 

  434. 	break;
    435. 

  435. case 'add-cat' : // From Manage->Categories
    436. 

  436. 	check_ajax_referer( 'add-category' );
    437. 

  437. 	if ( !current_user_can( 'manage_categories' ) )
    438. 

  438. 		die('-1');
    439. 

  439. 

  440. 	if ( '' === trim($_POST['cat_name']) ) {
    441. 

  441. 		$x = new WP_Ajax_Response( array(
    442. 

  442. 			'what' => 'cat',
    443. 

  443. 			'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') )
    444. 

  444. 		) );
    445. 

  445. 		$x->send();
    446. 

  446. 	}
    447. 

  447. 

  448. 	if ( category_exists( trim( $_POST['cat_name'] ) ) ) {
    449. 

  449. 		$x = new WP_Ajax_Response( array(
    450. 

  450. 			'what' => 'cat',
    451. 

  451. 			'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
    452. 

  452. 		) );
    453. 

  453. 		$x->send();
    454. 

  454. 	}
    455. 

  455. 

  456. 	$cat = wp_insert_category( $_POST, true );
    457. 

  457. 

  458. 	if ( is_wp_error($cat) ) {
    459. 

  459. 		$x = new WP_Ajax_Response( array(
    460. 

  460. 			'what' => 'cat',
    461. 

  461. 			'id' => $cat
    462. 

  462. 		) );
    463. 

  463. 		$x->send();
    464. 

  464. 	}
    465. 

  465. 

  466. 	if ( !$cat || (!$cat = get_category( $cat )) )
    467. 

  467. 		die('0');
    468. 

  468. 

  469. 	$level = 0;
    470. 

  470. 	$cat_full_name = $cat->name;
    471. 

  471. 	$_cat = $cat;
    472. 

  472. 	while ( $_cat->parent ) {
    473. 

  473. 		$_cat = get_category( $_cat->parent );
    474. 

  474. 		$cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
    475. 

  475. 		$level++;
    476. 

  476. 	}
    477. 

  477. 	$cat_full_name = attribute_escape($cat_full_name);
    478. 

  478. 

  479. 	$x = new WP_Ajax_Response( array(
    480. 

  480. 		'what' => 'cat',
    481. 

  481. 		'id' => $cat->term_id,
    482. 

  482. 		'position' => -1,
    483. 

  483. 		'data' => _cat_row( $cat, $level, $cat_full_name ),
    484. 

  484. 		'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name))
    485. 

  485. 	) );
    486. 

  486. 	$x->send();
    487. 

  487. 	break;
    488. 

  488. case 'add-link-cat' : // From Blogroll -> Categories
    489. 

  489. 	check_ajax_referer( 'add-link-category' );
    490. 

  490. 	if ( !current_user_can( 'manage_categories' ) )
    491. 

  491. 		die('-1');
    492. 

  492. 

  493. 	if ( '' === trim($_POST['name']) ) {
    494. 

  494. 		$x = new WP_Ajax_Response( array(
    495. 

  495. 			'what' => 'link-cat',
    496. 

  496. 			'id' => new WP_Error( 'name', __('You did not enter a category name.') )
    497. 

  497. 		) );
    498. 

  498. 		$x->send();
    499. 

  499. 	}
    500. 

  500. 

  501. 	$r = wp_insert_term($_POST['name'], 'link_category', $_POST );
    502. 

  502. 	if ( is_wp_error( $r ) ) {
    503. 

  503. 		$x = new WP_AJAX_Response( array(
    504. 

  504. 			'what' => 'link-cat',
    505. 

  505. 			'id' => $r
    506. 

  506. 		) );
    507. 

  507. 		$x->send();
    508. 

  508. 	}
    509. 

  509. 

  510. 	extract($r, EXTR_SKIP);
    511. 

  511. 

  512. 	if ( !$link_cat = link_cat_row( $term_id ) )
    513. 

  513. 		die('0');
    514. 

  514. 

  515. 	$x = new WP_Ajax_Response( array(
    516. 

  516. 		'what' => 'link-cat',
    517. 

  517. 		'id' => $term_id,
    518. 

  518. 		'position' => -1,
    519. 

  519. 		'data' => $link_cat
    520. 

  520. 	) );
    521. 

  521. 	$x->send();
    522. 

  522. 	break;
    523. 

  523. case 'add-tag' : // From Manage->Tags
    524. 

  524. 	check_ajax_referer( 'add-tag' );
    525. 

  525. 	if ( !current_user_can( 'manage_categories' ) )
    526. 

  526. 		die('-1');
    527. 

  527. 

  528. 	if ( '' === trim($_POST['name']) ) {
    529. 

  529. 		$x = new WP_Ajax_Response( array(
    530. 

  530. 			'what' => 'tag',
    531. 

  531. 			'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
    532. 

  532. 		) );
    533. 

  533. 		$x->send();
    534. 

  534. 	}
    535. 

  535. 

  536. 	if ( !empty($_POST['taxonomy']) )
    537. 

  537. 		$taxonomy = $_POST['taxonomy'];
    538. 

  538. 	else
    539. 

  539. 		$taxonomy = 'post_tag';
    540. 

  540. 

  541. 	$tag = wp_insert_term($_POST['name'], $taxonomy, $_POST );
    542. 

  542. 

  543. 	if ( is_wp_error($tag) ) {
    544. 

  544. 		$x = new WP_Ajax_Response( array(
    545. 

  545. 			'what' => 'tag',
    546. 

  546. 			'id' => $tag
    547. 

  547. 		) );
    548. 

  548. 		$x->send();
    549. 

  549. 	}
    550. 

  550. 

  551. 	if ( !$tag || (!$tag = get_term( $tag['term_id'], $taxonomy )) )
    552. 

  552. 		die('0');
    553. 

  553. 

  554. 	$tag_full_name = $tag->name;
    555. 

  555. 	$tag_full_name = attribute_escape($tag_full_name);
    556. 

  556. 

  557. 	$x = new WP_Ajax_Response( array(
    558. 

  558. 		'what' => 'tag',
    559. 

  559. 		'id' => $tag->term_id,
    560. 

  560. 		'position' => '-1',
    561. 

  561. 		'data' => _tag_row( $tag ),
    562. 

  562. 		'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
    563. 

  563. 	) );
    564. 

  564. 	$x->send();
    565. 

  565. 	break;
    566. 

  566. case 'get-tagcloud' :
    567. 

  567. 	if ( !current_user_can( 'manage_categories' ) )
    568. 

  568. 		die('-1');
    569. 

  569. 

  570. 	if ( isset($_POST['tax']) )
    571. 

  571. 		$taxonomy = sanitize_title($_POST['tax']);
    572. 

  572. 	else
    573. 

  573. 		die('0');
    574. 

  574. 

  575. 	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
    576. 

  576. 

  577. 	if ( empty( $tags ) )
    578. 

  578. 		die( __('No tags found!') );
    579. 

  579. 

  580. 	if ( is_wp_error($tags) )
    581. 

  581. 		die($tags->get_error_message());
    582. 

  582. 

  583. 	foreach ( $tags as $key => $tag ) {
    584. 

  584. 		$tags[ $key ]->link = '#';
    585. 

  585. 		$tags[ $key ]->id = $tag->term_id;
    586. 

  586. 	}
    587. 

  587. 

  588. 	$return = wp_generate_tag_cloud( $tags );
    589. 

  589. 

  590. 	if ( empty($return) )
    591. 

  591. 		die('0');
    592. 

  592. 

  593. 	echo $return;
    594. 

  594. 

  595. 	exit;
    596. 

  596. 	break;
    597. 

  597. case 'add-comment' :
    598. 

  598. 	check_ajax_referer( $action );
    599. 

  599. 	if ( !current_user_can( 'edit_post', $id ) )
    600. 

  600. 		die('-1');
    601. 

  601. 	$search = isset($_POST['s']) ? $_POST['s'] : false;
    602. 

  602. 	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
    603. 

  603. 	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false;
    604. 

  604. 	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
    605. 

  605. 	$p = isset($_POST['p']) ? $_POST['p'] : 0;
    606. 

  606. 	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
    607. 

  607. 	list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
    608. 

  608. 

  609. 	if ( get_option('show_avatars') )
    610. 

  610. 		add_filter( 'comment_author', 'floated_admin_avatar' );
    611. 

  611. 

  612. 	if ( !$comments )
    613. 

  613. 		die('1');
    614. 

  614. 	$x = new WP_Ajax_Response();
    615. 

  615. 	foreach ( (array) $comments as $comment ) {
    616. 

  616. 		get_comment( $comment );
    617. 

  617. 		ob_start();
    618. 

  618. 			_wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
    619. 

  619. 			$comment_list_item = ob_get_contents();
    620. 

  620. 		ob_end_clean();
    621. 

  621. 		$x->add( array(
    622. 

  622. 			'what' => 'comment',
    623. 

  623. 			'id' => $comment->comment_ID,
    624. 

  624. 			'data' => $comment_list_item
    625. 

  625. 		) );
    626. 

  626. 	}
    627. 

  627. 	$x->send();
    628. 

  628. 	break;
    629. 

  629. case 'get-comments' :
    630. 

  630. 	check_ajax_referer( $action );
    631. 

  631. 

  632. 	$post_ID = (int) $_POST['post_ID'];
    633. 

  633. 	if ( !current_user_can( 'edit_post', $post_ID ) )
    634. 

  634. 		die('-1');
    635. 

  635. 

  636. 	$start = isset($_POST['start']) ? intval($_POST['start']) : 0;
    637. 

  637. 	$num = isset($_POST['num']) ? intval($_POST['num']) : 10;
    638. 

  638. 

  639. 	list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
    640. 

  640. 

  641. 	if ( !$comments )
    642. 

  642. 		die('1');
    643. 

  643. 

  644. 	$comment_list_item = '';
    645. 

  645. 	$x = new WP_Ajax_Response();
    646. 

  646. 	foreach ( (array) $comments as $comment ) {
    647. 

  647. 		get_comment( $comment );
    648. 

  648. 		ob_start();
    649. 

  649. 			_wp_comment_row( $comment->comment_ID, 'single', false, false );
    650. 

  650. 			$comment_list_item .= ob_get_contents();
    651. 

  651. 		ob_end_clean();
    652. 

  652. 	}
    653. 

  653. 	$x->add( array(
    654. 

  654. 		'what' => 'comments',
    655. 

  655. 		'data' => $comment_list_item
    656. 

  656. 	) );
    657. 

  657. 	$x->send();
    658. 

  658. 	break;
    659. 

  659. case 'replyto-comment' :
    660. 

  660. 	check_ajax_referer( $action );
    661. 

  661. 

  662. 	$comment_post_ID = (int) $_POST['comment_post_ID'];
    663. 

  663. 	if ( !current_user_can( 'edit_post', $comment_post_ID ) )
    664. 

  664. 		die('-1');
    665. 

  665. 

  666. 	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
    667. 

  667. 

  668. 	if ( empty($status) )
    669. 

  669. 		die('1');
    670. 

  670. 	elseif ( in_array($status, array('draft', 'pending') ) )
    671. 

  671. 		die( __('Error: you are replying to a comment on a draft post.') );
    672. 

  672. 

  673. 	$user = wp_get_current_user();
    674. 

  674. 	if ( $user->ID ) {
    675. 

  675. 		$comment_author       = $wpdb->escape($user->display_name);
    676. 

  676. 		$comment_author_email = $wpdb->escape($user->user_email);
    677. 

  677. 		$comment_author_url   = $wpdb->escape($user->user_url);
    678. 

  678. 		$comment_content      = trim($_POST['content']);
    679. 

  679. 		if ( current_user_can('unfiltered_html') ) {
    680. 

  680. 			if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
    681. 

  681. 				kses_remove_filters(); // start with a clean slate
    682. 

  682. 				kses_init_filters(); // set up the filters
    683. 

  683. 			}
    684. 

  684. 		}
    685. 

  685. 	} else {
    686. 

  686. 		die( __('Sorry, you must be logged in to reply to a comment.') );
    687. 

  687. 	}
    688. 

  688. 

  689. 	if ( '' == $comment_content )
    690. 

  690. 		die( __('Error: please type a comment.') );
    691. 

  691. 

  692. 	$comment_parent = absint($_POST['comment_ID']);
    693. 

  693. 	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
    694. 

  694. 

  695. 	$comment_id = wp_new_comment( $commentdata );
    696. 

  696. 	$comment = get_comment($comment_id);
    697. 

  697. 	if ( ! $comment ) die('1');
    698. 

  698. 

  699. 	$modes = array( 'single', 'detail', 'dashboard' );
    700. 

  700. 	$mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
    701. 

  701. 	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
    702. 

  702. 	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
    703. 

  703. 

  704. 	if ( get_option('show_avatars') && 'single' != $mode )
    705. 

  705. 		add_filter( 'comment_author', 'floated_admin_avatar' );
    706. 

  706. 

  707. 	$x = new WP_Ajax_Response();
    708. 

  708. 

  709. 	ob_start();
    710. 

  710. 		if ( 'dashboard' == $mode ) {
    711. 

  711. 			require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
    712. 

  712. 			_wp_dashboard_recent_comments_row( $comment, false );
    713. 

  713. 		} else {
    714. 

  714. 			_wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
    715. 

  715. 		}
    716. 

  716. 		$comment_list_item = ob_get_contents();
    717. 

  717. 	ob_end_clean();
    718. 

  718. 

  719. 	$x->add( array(
    720. 

  720. 		'what' => 'comment',
    721. 

  721. 		'id' => $comment->comment_ID,
    722. 

  722. 		'data' => $comment_list_item,
    723. 

  723. 		'position' => $position
    724. 

  724. 	));
    725. 

  725. 

  726. 	$x->send();
    727. 

  727. 	break;
    728. 

  728. case 'edit-comment' :
    729. 

  729. 	check_ajax_referer( 'replyto-comment' );
    730. 

  730. 

  731. 	$comment_post_ID = (int) $_POST['comment_post_ID'];
    732. 

  732. 	if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
    733. 

  733. 		die('-1');
    734. 

  734. 

  735. 	if ( '' == $_POST['content'] )
    736. 

  736. 		die( __('Error: please type a comment.') );
    737. 

  737. 

  738. 	$comment_id = (int) $_POST['comment_ID'];
    739. 

  739. 	$_POST['comment_status'] = $_POST['status'];
    740. 

  740. 	edit_comment();
    741. 

  741. 

  742. 	$mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
    743. 

  743. 	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
    744. 

  744. 	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
    745. 

  745. 	$comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
    746. 

  746. 

  747. 	if ( get_option('show_avatars') && 'single' != $mode )
    748. 

  748. 		add_filter( 'comment_author', 'floated_admin_avatar' );
    749. 

  749. 

  750. 	$x = new WP_Ajax_Response();
    751. 

  751. 

  752. 	ob_start();
    753. 

  753. 		_wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
    754. 

  754. 		$comment_list_item = ob_get_contents();
    755. 

  755. 	ob_end_clean();
    756. 

  756. 

  757. 	$x->add( array(
    758. 

  758. 		'what' => 'edit_comment',
    759. 

  759. 		'id' => $comment->comment_ID,
    760. 

  760. 		'data' => $comment_list_item,
    761. 

  761. 		'position' => $position
    762. 

  762. 	));
    763. 

  763. 

  764. 	$x->send();
    765. 

  765. 	break;
    766. 

  766. case 'add-meta' :
    767. 

  767. 	check_ajax_referer( 'add-meta' );
    768. 

  768. 	$c = 0;
    769. 

  769. 	$pid = (int) $_POST['post_id'];
    770. 

  770. 	if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
    771. 

  771. 		if ( !current_user_can( 'edit_post', $pid ) )
    772. 

  772. 			die('-1');
    773. 

  773. 		if ( '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
    774. 

  774. 			die('1');
    775. 

  775. 		if ( $pid < 0 ) {
    776. 

  776. 			$now = current_time('timestamp', 1);
    777. 

  777. 			if ( $pid = wp_insert_post( array(
    778. 

  778. 				'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
    779. 

  779. 			) ) ) {
    780. 

  780. 				if ( is_wp_error( $pid ) ) {
    781. 

  781. 					$x = new WP_Ajax_Response( array(
    782. 

  782. 						'what' => 'meta',
    783. 

  783. 						'data' => $pid
    784. 

  784. 					) );
    785. 

  785. 					$x->send();
    786. 

  786. 				}
    787. 

  787. 				$mid = add_meta( $pid );
    788. 

  788. 			} else {
    789. 

  789. 				die('0');
    790. 

  790. 			}
    791. 

  791. 		} else if ( !$mid = add_meta( $pid ) ) {
    792. 

  792. 			die('0');
    793. 

  793. 		}
    794. 

  794. 

  795. 		$meta = get_post_meta_by_id( $mid );
    796. 

  796. 		$pid = (int) $meta->post_id;
    797. 

  797. 		$meta = get_object_vars( $meta );
    798. 

  798. 		$x = new WP_Ajax_Response( array(
    799. 

  799. 			'what' => 'meta',
    800. 

  800. 			'id' => $mid,
    801. 

  801. 			'data' => _list_meta_row( $meta, $c ),
    802. 

  802. 			'position' => 1,
    803. 

  803. 			'supplemental' => array('postid' => $pid)
    804. 

  804. 		) );
    805. 

  805. 	} else {
    806. 

  806. 		$mid = (int) array_pop(array_keys($_POST['meta']));
    807. 

  807. 		$key = $_POST['meta'][$mid]['key'];
    808. 

  808. 		$value = $_POST['meta'][$mid]['value'];
    809. 

  809. 		if ( !$meta = get_post_meta_by_id( $mid ) )
    810. 

  810. 			die('0'); // if meta doesn't exist
    811. 

  811. 		if ( !current_user_can( 'edit_post', $meta->post_id ) )
    812. 

  812. 			die('-1');
    813. 

  813. 		if ( !$u = update_meta( $mid, $key, $value ) )
    814. 

  814. 			die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
    815. 

  815. 		$key = stripslashes($key);
    816. 

  816. 		$value = stripslashes($value);
    817. 

  817. 		$x = new WP_Ajax_Response( array(
    818. 

  818. 			'what' => 'meta',
    819. 

  819. 			'id' => $mid, 'old_id' => $mid,
    820. 

  820. 			'data' => _list_meta_row( array(
    821. 

  821. 				'meta_key' => $key,
    822. 

  822. 				'meta_value' => $value,
    823. 

  823. 				'meta_id' => $mid
    824. 

  824. 			), $c ),
    825. 

  825. 			'position' => 0,
    826. 

  826. 			'supplemental' => array('postid' => $meta->post_id)
    827. 

  827. 		) );
    828. 

  828. 	}
    829. 

  829. 	$x->send();
    830. 

  830. 	break;
    831. 

  831. case 'add-user' :
    832. 

  832. 	check_ajax_referer( $action );
    833. 

  833. 	if ( !current_user_can('create_users') )
    834. 

  834. 		die('-1');
    835. 

  835. 	require_once(ABSPATH . WPINC . '/registration.php');
    836. 

  836. 	if ( !$user_id = add_user() )
    837. 

  837. 		die('0');
    838. 

  838. 	elseif ( is_wp_error( $user_id ) ) {
    839. 

  839. 		$x = new WP_Ajax_Response( array(
    840. 

  840. 			'what' => 'user',
    841. 

  841. 			'id' => $user_id
    842. 

  842. 		) );
    843. 

  843. 		$x->send();
    844. 

  844. 	}
    845. 

  845. 	$user_object = new WP_User( $user_id );
    846. 

  846. 

  847. 	$x = new WP_Ajax_Response( array(
    848. 

  848. 		'what' => 'user',
    849. 

  849. 		'id' => $user_id,
    850. 

  850. 		'data' => user_row( $user_object, '', $user_object->roles[0] ),
    851. 

  851. 		'supplemental' => array(
    852. 

  852. 			'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
    853. 

  853. 			'role' => $user_object->roles[0]
    854. 

  854. 		)
    855. 

  855. 	) );
    856. 

  856. 	$x->send();
    857. 

  857. 	break;
    858. 

  858. case 'autosave' : // The name of this action is hardcoded in edit_post()
    859. 

  859. 	define( 'DOING_AUTOSAVE', true );
    860. 

  860. 

  861. 	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
    862. 

  862. 	global $current_user;
    863. 

  863. 

  864. 	$_POST['post_category'] = explode(",", $_POST['catslist']);
    865. 

  865. 	if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
    866. 

  866. 		unset($_POST['post_category']);
    867. 

  867. 

  868. 	$do_autosave = (bool) $_POST['autosave'];
    869. 

  869. 	$do_lock = true;
    870. 

  870. 

  871. 	$data = '';
    872. 

  872. 	$message = sprintf( __('Draft Saved at %s.'), date_i18n( __('g:i:s a') ) );
    873. 

  873. 

  874. 	$supplemental = array();
    875. 

  875. 

  876. 	$id = $revision_id = 0;
    877. 

  877. 	if($_POST['post_ID'] < 0) {
    878. 

  878. 		$_POST['post_status'] = 'draft';
    879. 

  879. 		$_POST['temp_ID'] = $_POST['post_ID'];
    880. 

  880. 		if ( $do_autosave ) {
    881. 

  881. 			$id = wp_write_post();
    882. 

  882. 			$data = $message;
    883. 

  883. 		}
    884. 

  884. 	} else {
    885. 

  885. 		$post_ID = (int) $_POST['post_ID'];
    886. 

  886. 		$_POST['ID'] = $post_ID;
    887. 

  887. 		$post = get_post($post_ID);
    888. 

  888. 

  889. 		if ( $last = wp_check_post_lock( $post->ID ) ) {
    890. 

  890. 			$do_autosave = $do_lock = false;
    891. 

  891. 

  892. 			$last_user = get_userdata( $last );
    893. 

  893. 			$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
    894. 

  894. 			$data = new WP_Error( 'locked', sprintf(
    895. 

  895. 				$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
    896. 

  896. 				wp_specialchars( $last_user_name )
    897. 

  897. 			) );
    898. 

  898. 

  899. 			$supplemental['disable_autosave'] = 'disable';
    900. 

  900. 		}
    901. 

  901. 

  902. 		if ( 'page' == $post->post_type ) {
    903. 

  903. 			if ( !current_user_can('edit_page', $post_ID) )
    904. 

  904. 				die(__('You are not allowed to edit this page.'));
    905. 

  905. 		} else {
    906. 

  906. 			if ( !current_user_can('edit_post', $post_ID) )
    907. 

  907. 				die(__('You are not allowed to edit this post.'));
    908. 

  908. 		}
    909. 

  909. 

  910. 		if ( $do_autosave ) {
    911. 

  911. 			// Drafts are just overwritten by autosave
    912. 

  912. 			if ( 'draft' == $post->post_status ) {
    913. 

  913. 				$id = edit_post();
    914. 

  914. 			} else { // Non drafts are not overwritten.  The autosave is stored in a special post revision.
    915. 

  915. 				$revision_id = wp_create_post_autosave( $post->ID );
    916. 

  916. 				if ( is_wp_error($revision_id) )
    917. 

  917. 					$id = $revision_id;
    918. 

  918. 				else
    919. 

  919. 					$id = $post->ID;
    920. 

  920. 			}
    921. 

  921. 			$data = $message;
    922. 

  922. 		} else {
    923. 

  923. 			$id = $post->ID;
    924. 

  924. 		}
    925. 

  925. 	}
    926. 

  926. 

  927. 	if ( $do_lock && $id && is_numeric($id) )
    928. 

  928. 		wp_set_post_lock( $id );
    929. 

  929. 

  930. 	if ( $nonce_age == 2 ) {
    931. 

  931. 		$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
    932. 

  932. 		$supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
    933. 

  933. 		$supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
    934. 

  934. 		$supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
    935. 

  935. 		if ( $id ) {
    936. 

  936. 			if ( $_POST['post_type'] == 'post' )
    937. 

  937. 				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
    938. 

  938. 			elseif ( $_POST['post_type'] == 'page' )
    939. 

  939. 				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
    940. 

  940. 		}
    941. 

  941. 	}
    942. 

  942. 

  943. 	$x = new WP_Ajax_Response( array(
    944. 

  944. 		'what' => 'autosave',
    945. 

  945. 		'id' => $id,
    946. 

  946. 		'data' => $id ? $data : '',
    947. 

  947. 		'supplemental' => $supplemental
    948. 

  948. 	) );
    949. 

  949. 	$x->send();
    950. 

  950. 	break;
    951. 

  951. case 'autosave-generate-nonces' :
    952. 

  952. 	check_ajax_referer( 'autosave', 'autosavenonce' );
    953. 

  953. 	$ID = (int) $_POST['post_ID'];
    954. 

  954. 	if($_POST['post_type'] == 'post') {
    955. 

  955. 		if(current_user_can('edit_post', $ID))
    956. 

  956. 			die(wp_create_nonce('update-post_' . $ID));
    957. 

  957. 	}
    958. 

  958. 	if($_POST['post_type'] == 'page') {
    959. 

  959. 		if(current_user_can('edit_page', $ID)) {
    960. 

  960. 			die(wp_create_nonce('update-page_' . $ID));
    961. 

  961. 		}
    962. 

  962. 	}
    963. 

  963. 	die('0');
    964. 

  964. break;
    965. 

  965. case 'closed-postboxes' :
    966. 

  966. 	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
    967. 

  967. 	$closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
    968. 

  968. 	$closed = explode( ',', $_POST['closed'] );
    969. 

  969. 	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
    970. 

  970. 	$hidden = explode( ',', $_POST['hidden'] );
    971. 

  971. 	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    972. 

  972. 

  973. 	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
    974. 

  974. 		die(-1);
    975. 

  975. 

  976. 	if ( ! $user = wp_get_current_user() )
    977. 

  977. 		die(-1);
    978. 

  978. 

  979. 	if ( is_array($closed) )
    980. 

  980. 		update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
    981. 

  981. 

  982. 	if ( is_array($hidden) )
    983. 

  983. 		update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
    984. 

  984. 

  985. 	die('1');
    986. 

  986. 	break;
    987. 

  987. case 'hidden-columns' :
    988. 

  988. 	check_ajax_referer( 'hiddencolumns', 'hiddencolumnsnonce' );
    989. 

  989. 	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
    990. 

  990. 	$hidden = explode( ',', $_POST['hidden'] );
    991. 

  991. 	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    992. 

  992. 

  993. 	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
    994. 

  994. 		die(-1);
    995. 

  995. 

  996. 	if ( ! $user = wp_get_current_user() )
    997. 

  997. 		die(-1);
    998. 

  998. 

  999. 	if ( is_array($hidden) )
    1000. 

  1000. 		update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden);
    1001. 

  1001. 

  1002. 	die('1');
    1003. 

  1003. 	break;
    1004. 

  1004. case 'meta-box-order':
    1005. 

  1005. 	check_ajax_referer( 'meta-box-order' );
    1006. 

  1006. 	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
    1007. 

  1007. 	$page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
    1008. 

  1008. 	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
    1009. 

  1009. 

  1010. 	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
    1011. 

  1011. 		die(-1);
    1012. 

  1012. 

  1013. 	if ( ! $user = wp_get_current_user() )
    1014. 

  1014. 		die(-1);
    1015. 

  1015. 

  1016. 	if ( $order )
    1017. 

  1017. 		update_user_option($user->ID, "meta-box-order_$page", $order);
    1018. 

  1018. 

  1019. 	if ( $page_columns )
    1020. 

  1020. 		update_usermeta($user->ID, "screen_layout_$page", $page_columns);
    1021. 

  1021. 

  1022. 	die('1');
    1023. 

  1023. 	break;
    1024. 

  1024. case 'get-permalink':
    1025. 

  1025. 	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
    1026. 

  1026. 	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
    1027. 

  1027. 	die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
    1028. 

  1028. break;
    1029. 

  1029. case 'sample-permalink':
    1030. 

  1030. 	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
    1031. 

  1031. 	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
    1032. 

  1032. 	$title = isset($_POST['new_title'])? $_POST['new_title'] : '';
    1033. 

  1033. 	$slug = isset($_POST['new_slug'])? $_POST['new_slug'] : '';
    1034. 

  1034. 	die(get_sample_permalink_html($post_id, $title, $slug));
    1035. 

  1035. break;
    1036. 

  1036. case 'inline-save':
    1037. 

  1037. 	check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
    1038. 

  1038. 

  1039. 	if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
    1040. 

  1040. 		exit;
    1041. 

  1041. 

  1042. 	if ( 'page' == $_POST['post_type'] ) {
    1043. 

  1043. 		if ( ! current_user_can( 'edit_page', $post_ID ) )
    1044. 

  1044. 			die( __('You are not allowed to edit this page.') );
    1045. 

  1045. 	} else {
    1046. 

  1046. 		if ( ! current_user_can( 'edit_post', $post_ID ) )
    1047. 

  1047. 			die( __('You are not allowed to edit this post.') );
    1048. 

  1048. 	}
    1049. 

  1049. 

  1050. 	if ( $last = wp_check_post_lock( $post_ID ) ) {
    1051. 

  1051. 		$last_user = get_userdata( $last );
    1052. 

  1052. 		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
    1053. 

  1053. 		printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),	wp_specialchars( $last_user_name ) );
    1054. 

  1054. 		exit;
    1055. 

  1055. 	}
    1056. 

  1056. 

  1057. 	$data = &$_POST;
    1058. 

  1058. 	$post = get_post( $post_ID, ARRAY_A );
    1059. 

  1059. 	$data['content'] = $post['post_content'];
    1060. 

  1060. 	$data['excerpt'] = $post['post_excerpt'];
    1061. 

  1061. 

  1062. 	// rename
    1063. 

  1063. 	$data['user_ID'] = $GLOBALS['user_ID'];
    1064. 

  1064. 

  1065. 	if ( isset($data['post_parent']) )
    1066. 

  1066. 		$data['parent_id'] = $data['post_parent'];
    1067. 

  1067. 

  1068. 	// status
    1069. 

  1069. 	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
    1070. 

  1070. 		$data['post_status'] = 'private';
    1071. 

  1071. 	else
    1072. 

  1072. 		$data['post_status'] = $data['_status'];
    1073. 

  1073. 

  1074. 	if ( empty($data['comment_status']) )
    1075. 

  1075. 		$data['comment_status'] = 'closed';
    1076. 

  1076. 	if ( empty($data['ping_status']) )
    1077. 

  1077. 		$data['ping_status'] = 'closed';
    1078. 

  1078. 

  1079. 	// update the post
    1080. 

  1080. 	$_POST = $data;
    1081. 

  1081. 	edit_post();
    1082. 

  1082. 

  1083. 	$post = array();
    1084. 

  1084. 	if ( 'page' == $_POST['post_type'] ) {
    1085. 

  1085. 		$post[] = get_post($_POST['post_ID']);
    1086. 

  1086. 		page_rows($post);
    1087. 

  1087. 	} elseif ( 'post' == $_POST['post_type'] ) {
    1088. 

  1088. 		$mode = $_POST['post_view'];
    1089. 

  1089. 		$post[] = get_post($_POST['post_ID']);
    1090. 

  1090. 		post_rows($post);
    1091. 

  1091. 	}
    1092. 

  1092. 

  1093. 	exit;
    1094. 

  1094. 	break;
    1095. 

  1095. case 'inline-save-tax':
    1096. 

  1096. 	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
    1097. 

  1097. 

  1098. 	if ( ! current_user_can('manage_categories') )
    1099. 

  1099. 		die( __('Cheatin&#8217; uh?') );
    1100. 

  1100. 

  1101. 	if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
    1102. 

  1102. 		die(-1);
    1103. 

  1103. 

  1104. 	switch ($_POST['tax_type']) {
    1105. 

  1105. 		case 'cat' :
    1106. 

  1106. 			$data = array();
    1107. 

  1107. 			$data['cat_ID'] = $id;
    1108. 

  1108. 			$data['cat_name'] = $_POST['name'];
    1109. 

  1109. 			$data['category_nicename'] = $_POST['slug'];
    1110. 

  1110. 			if ( isset($_POST['parent']) && (int) $_POST['parent'] > 0 )
    1111. 

  1111. 				$data['category_parent'] = $_POST['parent'];
    1112. 

  1112. 

  1113. 			$cat = get_category($id, ARRAY_A);
    1114. 

  1114. 			$data['category_description'] = $cat['category_description'];
    1115. 

  1115. 

  1116. 			$updated = wp_update_category($data);
    1117. 

  1117. 

  1118. 			if ( $updated && !is_wp_error($updated) )
    1119. 

  1119. 				echo _cat_row( $updated, 0 );
    1120. 

  1120. 			else
    1121. 

  1121. 				die( __('Category not updated.') );
    1122. 

  1122. 

  1123. 			break;
    1124. 

  1124. 		case 'link-cat' :
    1125. 

  1125. 			$updated = wp_update_term($id, 'link_category', $_POST);
    1126. 

  1126. 

  1127. 			if ( $updated && !is_wp_error($updated) )
    1128. 

  1128. 				echo link_cat_row($updated['term_id']);
    1129. 

  1129. 			else
    1130. 

  1130. 				die( __('Category not updated.') );
    1131. 

  1131. 

  1132. 			break;
    1133. 

  1133. 		case 'tag' :
    1134. 

  1134. 			if ( !empty($_POST['taxonomy']) )
    1135. 

  1135. 				$taxonomy = $_POST['taxonomy'];
    1136. 

  1136. 			else
    1137. 

  1137. 				$taxonomy = 'post_tag';
    1138. 

  1138. 

  1139. 			$updated = wp_update_term($id, $taxonomy, $_POST);
    1140. 

  1140. 			if ( $updated && !is_wp_error($updated) ) {
    1141. 

  1141. 				$tag = get_term( $updated['term_id'], $taxonomy );
    1142. 

  1142. 				if ( !$tag || is_wp_error( $tag ) )
    1143. 

  1143. 					die( __('Tag not updated.') );
    1144. 

  1144. 

  1145. 				echo _tag_row($tag);
    1146. 

  1146. 			} else {
    1147. 

  1147. 				die( __('Tag not updated.') );
    1148. 

  1148. 			}
    1149. 

  1149. 

  1150. 			break;
    1151. 

  1151. 	}
    1152. 

  1152. 

  1153. 	exit;
    1154. 

  1154. 	break;
    1155. 

  1155. case 'find_posts':
    1156. 

  1156. 	check_ajax_referer( 'find-posts' );
    1157. 

  1157. 

  1158. 	if ( empty($_POST['ps']) )
    1159. 

  1159. 		exit;
    1160. 

  1160. 

  1161. 	$what = isset($_POST['pages']) ? 'page' : 'post';
    1162. 

  1162. 	$s = stripslashes($_POST['ps']);
    1163. 

  1163. 	preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
    1164. 

  1164. 	$search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
    1165. 

  1165. 

  1166. 	$searchand = $search = '';
    1167. 

  1167. 	foreach( (array) $search_terms as $term) {
    1168. 

  1168. 		$term = addslashes_gpc($term);
    1169. 

  1169. 		$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
    1170. 

  1170. 		$searchand = ' AND ';
    1171. 

  1171. 	}
    1172. 

  1172. 	$term = $wpdb->escape($s);
    1173. 

  1173. 	if ( count($search_terms) > 1 && $search_terms[0] != $s )
    1174. 

  1174. 		$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
    1175. 

  1175. 

  1176. 	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
    1177. 

  1177. 

  1178. 	if ( ! $posts )
    1179. 

  1179. 		exit( __('No posts found.') );
    1180. 

  1180. 

  1181. 	$html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
    1182. 

  1182. 	foreach ( $posts as $post ) {
    1183. 

  1183. 

  1184. 		switch ( $post->post_status ) {
    1185. 

  1185. 			case 'publish' :
    1186. 

  1186. 			case 'private' :
    1187. 

  1187. 				$stat = __('Published');
    1188. 

  1188. 				break;
    1189. 

  1189. 			case 'future' :
    1190. 

  1190. 				$stat = __('Scheduled');
    1191. 

  1191. 				break;
    1192. 

  1192. 			case 'pending' :
    1193. 

  1193. 				$stat = __('Pending Review');
    1194. 

  1194. 				break;
    1195. 

  1195. 			case 'draft' :
    1196. 

  1196. 				$stat = __('Unpublished');
    1197. 

  1197. 				break;
    1198. 

  1198. 		}
    1199. 

  1199. 

  1200. 		if ( '0000-00-00 00:00:00' == $post->post_date ) {
    1201. 

  1201. 			$time = '';
    1202. 

  1202. 		} else {
    1203. 

  1203. 			$time = mysql2date(__('Y/m/d'), $post->post_date);
    1204. 

  1204. 		}
    1205. 

  1205. 

  1206. 		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="'.$post->ID.'"></td>';
    1207. 

  1207. 		$html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
    1208. 

  1208. 	}
    1209. 

  1209. 	$html .= '</tbody></table>';
    1210. 

  1210. 

  1211. 	$x = new WP_Ajax_Response();
    1212. 

  1212. 	$x->add( array(
    1213. 

  1213. 		'what' => $what,
    1214. 

  1214. 		'data' => $html
    1215. 

  1215. 	));
    1216. 

  1216. 	$x->send();
    1217. 

  1217. 

  1218. 	break;
    1219. 

  1219. case 'lj-importer' :
    1220. 

  1220. 	check_ajax_referer( 'lj-api-import' );
    1221. 

  1221. 	if ( !current_user_can( 'publish_posts' ) )
    1222. 

  1222. 		die('-1');
    1223. 

  1223. 	if ( empty( $_POST['step'] ) )
    1224. 

  1224. 		die( '-1' );
    1225. 

  1225. 	define('WP_IMPORTING', true);
    1226. 

  1226. 	include( ABSPATH . 'wp-admin/import/livejournal.php' );
    1227. 

  1227. 	$result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
    1228. 

  1228. 	if ( is_wp_error( $result ) )
    1229. 

  1229. 		echo $result->get_error_message();
    1230. 

  1230. 	die;
    1231. 

  1231. 	break;
    1232. 

  1232. default :
    1233. 

  1233. 	do_action( 'wp_ajax_' . $_POST['action'] );
    1234. 

  1234. 	die('0');
    1235. 

  1235. 	break;
    1236. 

  1236. endswitch;
    1237. 

  1237. ?>
    1238. 

  1238.