PageRenderTime 61ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 1ms

/wp-admin/includes/class-wp-press-this.php

https://github.com/markjaquith/WordPress
PHP | 1535 lines | 954 code | 227 blank | 354 comment | 212 complexity | 9dddd080fc9aa47d3a9735aef81944ec MD5 | raw file
Possible License(s): GPL-2.0, AGPL-1.0, LGPL-2.1
  1. <?php
  2. /**
  3. * Press This class and display functionality
  4. *
  5. * @package WordPress
  6. * @subpackage Press_This
  7. * @since 4.2.0
  8. */
  9. /**
  10. * Press This class.
  11. *
  12. * @since 4.2.0
  13. */
  14. class WP_Press_This {
  15. // Used to trigger the bookmarklet update notice.
  16. public $version = 8;
  17. private $images = array();
  18. private $embeds = array();
  19. private $domain = '';
  20. /**
  21. * Constructor.
  22. *
  23. * @since 4.2.0
  24. * @access public
  25. */
  26. public function __construct() {}
  27. /**
  28. * App and site settings data, including i18n strings for the client-side.
  29. *
  30. * @since 4.2.0
  31. * @access public
  32. *
  33. * @return array Site settings.
  34. */
  35. public function site_settings() {
  36. return array(
  37. /**
  38. * Filter whether or not Press This should redirect the user in the parent window upon save.
  39. *
  40. * @since 4.2.0
  41. *
  42. * @param bool $redirect Whether to redirect in parent window or not. Default false.
  43. */
  44. 'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),
  45. );
  46. }
  47. /**
  48. * Get the source's images and save them locally, for posterity, unless we can't.
  49. *
  50. * @since 4.2.0
  51. * @access public
  52. *
  53. * @param int $post_id Post ID.
  54. * @param string $content Optional. Current expected markup for Press This. Expects slashed. Default empty.
  55. * @return string New markup with old image URLs replaced with the local attachment ones if swapped.
  56. */
  57. public function side_load_images( $post_id, $content = '' ) {
  58. $content = wp_unslash( $content );
  59. if ( preg_match_all( '/<img [^>]+>/', $content, $matches ) && current_user_can( 'upload_files' ) ) {
  60. foreach ( (array) $matches[0] as $image ) {
  61. // This is inserted from our JS so HTML attributes should always be in double quotes.
  62. if ( ! preg_match( '/src="([^"]+)"/', $image, $url_matches ) ) {
  63. continue;
  64. }
  65. $image_src = $url_matches[1];
  66. // Don't try to sideload a file without a file extension, leads to WP upload error.
  67. if ( ! preg_match( '/[^\?]+\.(?:jpe?g|jpe|gif|png)(?:\?|$)/i', $image_src ) ) {
  68. continue;
  69. }
  70. // Sideload image, which gives us a new image src.
  71. $new_src = media_sideload_image( $image_src, $post_id, null, 'src' );
  72. if ( ! is_wp_error( $new_src ) ) {
  73. // Replace the POSTED content <img> with correct uploaded ones.
  74. // Need to do it in two steps so we don't replace links to the original image if any.
  75. $new_image = str_replace( $image_src, $new_src, $image );
  76. $content = str_replace( $image, $new_image, $content );
  77. }
  78. }
  79. }
  80. // Edxpected slashed
  81. return wp_slash( $content );
  82. }
  83. /**
  84. * AJAX handler for saving the post as draft or published.
  85. *
  86. * @since 4.2.0
  87. * @access public
  88. */
  89. public function save_post() {
  90. if ( empty( $_POST['post_ID'] ) || ! $post_id = (int) $_POST['post_ID'] ) {
  91. wp_send_json_error( array( 'errorMessage' => __( 'Missing post ID.' ) ) );
  92. }
  93. if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-post_' . $post_id ) ||
  94. ! current_user_can( 'edit_post', $post_id ) ) {
  95. wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) );
  96. }
  97. $post = array(
  98. 'ID' => $post_id,
  99. 'post_title' => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',
  100. 'post_content' => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',
  101. 'post_type' => 'post',
  102. 'post_status' => 'draft',
  103. 'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
  104. 'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
  105. 'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
  106. );
  107. if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
  108. if ( current_user_can( 'publish_posts' ) ) {
  109. $post['post_status'] = 'publish';
  110. } else {
  111. $post['post_status'] = 'pending';
  112. }
  113. }
  114. $post['post_content'] = $this->side_load_images( $post_id, $post['post_content'] );
  115. $updated = wp_update_post( $post, true );
  116. if ( is_wp_error( $updated ) ) {
  117. wp_send_json_error( array( 'errorMessage' => $updated->get_error_message() ) );
  118. } else {
  119. if ( isset( $post['post_format'] ) ) {
  120. if ( current_theme_supports( 'post-formats', $post['post_format'] ) ) {
  121. set_post_format( $post_id, $post['post_format'] );
  122. } elseif ( $post['post_format'] ) {
  123. set_post_format( $post_id, false );
  124. }
  125. }
  126. $forceRedirect = false;
  127. if ( 'publish' === get_post_status( $post_id ) ) {
  128. $redirect = get_post_permalink( $post_id );
  129. } elseif ( isset( $_POST['pt-force-redirect'] ) && $_POST['pt-force-redirect'] === 'true' ) {
  130. $forceRedirect = true;
  131. $redirect = get_edit_post_link( $post_id, 'js' );
  132. } else {
  133. $redirect = false;
  134. }
  135. /**
  136. * Filter the URL to redirect to when Press This saves.
  137. *
  138. * @since 4.2.0
  139. *
  140. * @param string $url Redirect URL. If `$status` is 'publish', this will be the post permalink.
  141. * Otherwise, the default is false resulting in no redirect.
  142. * @param int $post_id Post ID.
  143. * @param string $status Post status.
  144. */
  145. $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post['post_status'] );
  146. if ( $redirect ) {
  147. wp_send_json_success( array( 'redirect' => $redirect, 'force' => $forceRedirect ) );
  148. } else {
  149. wp_send_json_success( array( 'postSaved' => true ) );
  150. }
  151. }
  152. }
  153. /**
  154. * AJAX handler for adding a new category.
  155. *
  156. * @since 4.2.0
  157. * @access public
  158. */
  159. public function add_category() {
  160. if ( false === wp_verify_nonce( $_POST['new_cat_nonce'], 'add-category' ) ) {
  161. wp_send_json_error();
  162. }
  163. $taxonomy = get_taxonomy( 'category' );
  164. if ( ! current_user_can( $taxonomy->cap->edit_terms ) || empty( $_POST['name'] ) ) {
  165. wp_send_json_error();
  166. }
  167. $parent = isset( $_POST['parent'] ) && (int) $_POST['parent'] > 0 ? (int) $_POST['parent'] : 0;
  168. $names = explode( ',', $_POST['name'] );
  169. $added = $data = array();
  170. foreach ( $names as $cat_name ) {
  171. $cat_name = trim( $cat_name );
  172. $cat_nicename = sanitize_title( $cat_name );
  173. if ( empty( $cat_nicename ) ) {
  174. continue;
  175. }
  176. // @todo Find a more performant way to check existence, maybe get_term() with a separate parent check.
  177. if ( term_exists( $cat_name, $taxonomy->name, $parent ) ) {
  178. if ( count( $names ) === 1 ) {
  179. wp_send_json_error( array( 'errorMessage' => __( 'This category already exists.' ) ) );
  180. } else {
  181. continue;
  182. }
  183. }
  184. $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
  185. if ( is_wp_error( $cat_id ) ) {
  186. continue;
  187. } elseif ( is_array( $cat_id ) ) {
  188. $cat_id = $cat_id['term_id'];
  189. }
  190. $added[] = $cat_id;
  191. }
  192. if ( empty( $added ) ) {
  193. wp_send_json_error( array( 'errorMessage' => __( 'This category cannot be added. Please change the name and try again.' ) ) );
  194. }
  195. foreach ( $added as $new_cat_id ) {
  196. $new_cat = get_category( $new_cat_id );
  197. if ( is_wp_error( $new_cat ) ) {
  198. wp_send_json_error( array( 'errorMessage' => __( 'Error while adding the category. Please try again later.' ) ) );
  199. }
  200. $data[] = array(
  201. 'term_id' => $new_cat->term_id,
  202. 'name' => $new_cat->name,
  203. 'parent' => $new_cat->parent,
  204. );
  205. }
  206. wp_send_json_success( $data );
  207. }
  208. /**
  209. * Downloads the source's HTML via server-side call for the given URL.
  210. *
  211. * @since 4.2.0
  212. * @access public
  213. *
  214. * @param string $url URL to scan.
  215. * @return string Source's HTML sanitized markup
  216. */
  217. public function fetch_source_html( $url ) {
  218. global $wp_version;
  219. if ( empty( $url ) ) {
  220. return new WP_Error( 'invalid-url', __( 'A valid URL was not provided.' ) );
  221. }
  222. $remote_url = wp_safe_remote_get( $url, array(
  223. 'timeout' => 30,
  224. // Use an explicit user-agent for Press This
  225. 'user-agent' => 'Press This (WordPress/' . $wp_version . '); ' . get_bloginfo( 'url' )
  226. ) );
  227. if ( is_wp_error( $remote_url ) ) {
  228. return $remote_url;
  229. }
  230. $useful_html_elements = array(
  231. 'img' => array(
  232. 'src' => true,
  233. 'width' => true,
  234. 'height' => true,
  235. ),
  236. 'iframe' => array(
  237. 'src' => true,
  238. ),
  239. 'link' => array(
  240. 'rel' => true,
  241. 'itemprop' => true,
  242. 'href' => true,
  243. ),
  244. 'meta' => array(
  245. 'property' => true,
  246. 'name' => true,
  247. 'content' => true,
  248. )
  249. );
  250. $source_content = wp_remote_retrieve_body( $remote_url );
  251. $source_content = wp_kses( $source_content, $useful_html_elements );
  252. return $source_content;
  253. }
  254. /**
  255. * Utility method to limit an array to 50 values.
  256. *
  257. * @ignore
  258. * @since 4.2.0
  259. *
  260. * @param array $value Array to limit.
  261. * @return array Original array if fewer than 50 values, limited array, empty array otherwise.
  262. */
  263. private function _limit_array( $value ) {
  264. if ( is_array( $value ) ) {
  265. if ( count( $value ) > 50 ) {
  266. return array_slice( $value, 0, 50 );
  267. }
  268. return $value;
  269. }
  270. return array();
  271. }
  272. /**
  273. * Utility method to limit the length of a given string to 5,000 characters.
  274. *
  275. * @ignore
  276. * @since 4.2.0
  277. *
  278. * @param string $value String to limit.
  279. * @return bool|int|string If boolean or integer, that value. If a string, the original value
  280. * if fewer than 5,000 characters, a truncated version, otherwise an
  281. * empty string.
  282. */
  283. private function _limit_string( $value ) {
  284. $return = '';
  285. if ( is_numeric( $value ) || is_bool( $value ) ) {
  286. $return = $value;
  287. } else if ( is_string( $value ) ) {
  288. if ( mb_strlen( $value ) > 5000 ) {
  289. $return = mb_substr( $value, 0, 5000 );
  290. } else {
  291. $return = $value;
  292. }
  293. $return = html_entity_decode( $return, ENT_QUOTES, 'UTF-8' );
  294. $return = sanitize_text_field( trim( $return ) );
  295. }
  296. return $return;
  297. }
  298. /**
  299. * Utility method to limit a given URL to 2,048 characters.
  300. *
  301. * @ignore
  302. * @since 4.2.0
  303. *
  304. * @param string $url URL to check for length and validity.
  305. * @return string Escaped URL if of valid length (< 2048) and makeup. Empty string otherwise.
  306. */
  307. private function _limit_url( $url ) {
  308. if ( ! is_string( $url ) ) {
  309. return '';
  310. }
  311. // HTTP 1.1 allows 8000 chars but the "de-facto" standard supported in all current browsers is 2048.
  312. if ( strlen( $url ) > 2048 ) {
  313. return ''; // Return empty rather than a truncated/invalid URL
  314. }
  315. // Does not look like an URL.
  316. if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) {
  317. return '';
  318. }
  319. // If the URL is root-relative, prepend the protocol and domain name
  320. if ( $url && $this->domain && preg_match( '%^/[^/]+%', $url ) ) {
  321. $url = $this->domain . $url;
  322. }
  323. // Not absolute or protocol-relative URL.
  324. if ( ! preg_match( '%^(?:https?:)?//[^/]+%', $url ) ) {
  325. return '';
  326. }
  327. return esc_url_raw( $url, array( 'http', 'https' ) );
  328. }
  329. /**
  330. * Utility method to limit image source URLs.
  331. *
  332. * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WordPress interface images,
  333. * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WordPress.com stats gif.
  334. *
  335. * @ignore
  336. * @since 4.2.0
  337. *
  338. * @param string $src Image source URL.
  339. * @return string If not matched an excluded URL type, the original URL, empty string otherwise.
  340. */
  341. private function _limit_img( $src ) {
  342. $src = $this->_limit_url( $src );
  343. if ( preg_match( '!/ad[sx]?/!i', $src ) ) {
  344. // Ads
  345. return '';
  346. } else if ( preg_match( '!(/share-?this[^.]+?\.[a-z0-9]{3,4})(\?.*)?$!i', $src ) ) {
  347. // Share-this type button
  348. return '';
  349. } else if ( preg_match( '!/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)!i', $src ) ) {
  350. // Loaders, spinners, spacers
  351. return '';
  352. } else if ( preg_match( '!/([^./]+[-_])?(spinner|loading|spacer|blank)s?([-_][^./]+)?\.[a-z0-9]{3,4}!i', $src ) ) {
  353. // Fancy loaders, spinners, spacers
  354. return '';
  355. } else if ( preg_match( '!([^./]+[-_])?thumb[^.]*\.(gif|jpg|png)$!i', $src ) ) {
  356. // Thumbnails, too small, usually irrelevant to context
  357. return '';
  358. } else if ( false !== stripos( $src, '/wp-includes/' ) ) {
  359. // Classic WordPress interface images
  360. return '';
  361. } else if ( preg_match( '![^\d]\d{1,2}x\d+\.(gif|jpg|png)$!i', $src ) ) {
  362. // Most often tiny buttons/thumbs (< 100px wide)
  363. return '';
  364. } else if ( preg_match( '!/pixel\.(mathtag|quantserve)\.com!i', $src ) ) {
  365. // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/
  366. return '';
  367. } else if ( preg_match( '!/[gb]\.gif(\?.+)?$!i', $src ) ) {
  368. // WordPress.com stats gif
  369. return '';
  370. }
  371. return $src;
  372. }
  373. /**
  374. * Limit embed source URLs to specific providers.
  375. *
  376. * Not all core oEmbed providers are supported. Supported providers include YouTube, Vimeo,
  377. * Vine, Daily Motion, SoundCloud, and Twitter.
  378. *
  379. * @ignore
  380. * @since 4.2.0
  381. *
  382. * @param string $src Embed source URL.
  383. * @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL.
  384. */
  385. private function _limit_embed( $src ) {
  386. $src = $this->_limit_url( $src );
  387. if ( empty( $src ) )
  388. return '';
  389. if ( preg_match( '!//(m|www)\.youtube\.com/(embed|v)/([^?]+)\?.+$!i', $src, $src_matches ) ) {
  390. // Embedded Youtube videos (www or mobile)
  391. $src = 'https://www.youtube.com/watch?v=' . $src_matches[3];
  392. } else if ( preg_match( '!//player\.vimeo\.com/video/([\d]+)([?/].*)?$!i', $src, $src_matches ) ) {
  393. // Embedded Vimeo iframe videos
  394. $src = 'https://vimeo.com/' . (int) $src_matches[1];
  395. } else if ( preg_match( '!//vimeo\.com/moogaloop\.swf\?clip_id=([\d]+)$!i', $src, $src_matches ) ) {
  396. // Embedded Vimeo Flash videos
  397. $src = 'https://vimeo.com/' . (int) $src_matches[1];
  398. } else if ( preg_match( '!//vine\.co/v/([^/]+)/embed!i', $src, $src_matches ) ) {
  399. // Embedded Vine videos
  400. $src = 'https://vine.co/v/' . $src_matches[1];
  401. } else if ( preg_match( '!//(www\.)?dailymotion\.com/embed/video/([^/?]+)([/?].+)?!i', $src, $src_matches ) ) {
  402. // Embedded Daily Motion videos
  403. $src = 'https://www.dailymotion.com/video/' . $src_matches[2];
  404. } else {
  405. require_once( ABSPATH . WPINC . '/class-oembed.php' );
  406. $oembed = _wp_oembed_get_object();
  407. if ( ! $oembed->get_provider( $src, array( 'discover' => false ) ) ) {
  408. $src = '';
  409. }
  410. }
  411. return $src;
  412. }
  413. /**
  414. * Process a meta data entry from the source.
  415. *
  416. * @ignore
  417. * @since 4.2.0
  418. *
  419. * @param string $meta_name Meta key name.
  420. * @param mixed $meta_value Meta value.
  421. * @param array $data Associative array of source data.
  422. * @return array Processed data array.
  423. */
  424. private function _process_meta_entry( $meta_name, $meta_value, $data ) {
  425. if ( preg_match( '/:?(title|description|keywords|site_name)$/', $meta_name ) ) {
  426. $data['_meta'][ $meta_name ] = $meta_value;
  427. } else {
  428. switch ( $meta_name ) {
  429. case 'og:url':
  430. case 'og:video':
  431. case 'og:video:secure_url':
  432. $meta_value = $this->_limit_embed( $meta_value );
  433. if ( ! isset( $data['_embeds'] ) ) {
  434. $data['_embeds'] = array();
  435. }
  436. if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_embeds'] ) ) {
  437. $data['_embeds'][] = $meta_value;
  438. }
  439. break;
  440. case 'og:image':
  441. case 'og:image:secure_url':
  442. case 'twitter:image0:src':
  443. case 'twitter:image0':
  444. case 'twitter:image:src':
  445. case 'twitter:image':
  446. $meta_value = $this->_limit_img( $meta_value );
  447. if ( ! isset( $data['_images'] ) ) {
  448. $data['_images'] = array();
  449. }
  450. if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_images'] ) ) {
  451. $data['_images'][] = $meta_value;
  452. }
  453. break;
  454. }
  455. }
  456. return $data;
  457. }
  458. /**
  459. * Fetches and parses _meta, _images, and _links data from the source.
  460. *
  461. * @since 4.2.0
  462. * @access public
  463. *
  464. * @param string $url URL to scan.
  465. * @param array $data Optional. Existing data array if you have one. Default empty array.
  466. * @return array New data array.
  467. */
  468. public function source_data_fetch_fallback( $url, $data = array() ) {
  469. if ( empty( $url ) ) {
  470. return array();
  471. }
  472. // Download source page to tmp file.
  473. $source_content = $this->fetch_source_html( $url );
  474. if ( is_wp_error( $source_content ) ) {
  475. return array( 'errors' => $source_content->get_error_messages() );
  476. }
  477. // Fetch and gather <meta> data first, so discovered media is offered 1st to user.
  478. if ( empty( $data['_meta'] ) ) {
  479. $data['_meta'] = array();
  480. }
  481. if ( preg_match_all( '/<meta [^>]+>/', $source_content, $matches ) ) {
  482. $items = $this->_limit_array( $matches[0] );
  483. foreach ( $items as $value ) {
  484. if ( preg_match( '/(property|name)="([^"]+)"[^>]+content="([^"]+)"/', $value, $new_matches ) ) {
  485. $meta_name = $this->_limit_string( $new_matches[2] );
  486. $meta_value = $this->_limit_string( $new_matches[3] );
  487. // Sanity check. $key is usually things like 'title', 'description', 'keywords', etc.
  488. if ( strlen( $meta_name ) > 100 ) {
  489. continue;
  490. }
  491. $data = $this->_process_meta_entry( $meta_name, $meta_value, $data );
  492. }
  493. }
  494. }
  495. // Fetch and gather <img> data.
  496. if ( empty( $data['_images'] ) ) {
  497. $data['_images'] = array();
  498. }
  499. if ( preg_match_all( '/<img [^>]+>/', $source_content, $matches ) ) {
  500. $items = $this->_limit_array( $matches[0] );
  501. foreach ( $items as $value ) {
  502. if ( ( preg_match( '/width=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 256 ) ||
  503. ( preg_match( '/height=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 128 ) ) {
  504. continue;
  505. }
  506. if ( preg_match( '/src=(\'|")([^\'"]+)\\1/i', $value, $new_matches ) ) {
  507. $src = $this->_limit_img( $new_matches[2] );
  508. if ( ! empty( $src ) && ! in_array( $src, $data['_images'] ) ) {
  509. $data['_images'][] = $src;
  510. }
  511. }
  512. }
  513. }
  514. // Fetch and gather <iframe> data.
  515. if ( empty( $data['_embeds'] ) ) {
  516. $data['_embeds'] = array();
  517. }
  518. if ( preg_match_all( '/<iframe [^>]+>/', $source_content, $matches ) ) {
  519. $items = $this->_limit_array( $matches[0] );
  520. foreach ( $items as $value ) {
  521. if ( preg_match( '/src=(\'|")([^\'"]+)\\1/', $value, $new_matches ) ) {
  522. $src = $this->_limit_embed( $new_matches[2] );
  523. if ( ! empty( $src ) && ! in_array( $src, $data['_embeds'] ) ) {
  524. $data['_embeds'][] = $src;
  525. }
  526. }
  527. }
  528. }
  529. // Fetch and gather <link> data.
  530. if ( empty( $data['_links'] ) ) {
  531. $data['_links'] = array();
  532. }
  533. if ( preg_match_all( '/<link [^>]+>/', $source_content, $matches ) ) {
  534. $items = $this->_limit_array( $matches[0] );
  535. foreach ( $items as $value ) {
  536. if ( preg_match( '/rel=["\'](canonical|shortlink|icon)["\']/i', $value, $matches_rel ) && preg_match( '/href=[\'"]([^\'" ]+)[\'"]/i', $value, $matches_url ) ) {
  537. $rel = $matches_rel[1];
  538. $url = $this->_limit_url( $matches_url[1] );
  539. if ( ! empty( $url ) && empty( $data['_links'][ $rel ] ) ) {
  540. $data['_links'][ $rel ] = $url;
  541. }
  542. }
  543. }
  544. }
  545. return $data;
  546. }
  547. /**
  548. * Handles backward-compat with the legacy version of Press This by supporting its query string params.
  549. *
  550. * @since 4.2.0
  551. * @access public
  552. *
  553. * @return array
  554. */
  555. public function merge_or_fetch_data() {
  556. // Get data from $_POST and $_GET, as appropriate ($_POST > $_GET), to remain backward compatible.
  557. $data = array();
  558. // Only instantiate the keys we want. Sanity check and sanitize each one.
  559. foreach ( array( 'u', 's', 't', 'v' ) as $key ) {
  560. if ( ! empty( $_POST[ $key ] ) ) {
  561. $value = wp_unslash( $_POST[ $key ] );
  562. } else if ( ! empty( $_GET[ $key ] ) ) {
  563. $value = wp_unslash( $_GET[ $key ] );
  564. } else {
  565. continue;
  566. }
  567. if ( 'u' === $key ) {
  568. $value = $this->_limit_url( $value );
  569. if ( preg_match( '%^(?:https?:)?//[^/]+%i', $value, $domain_match ) ) {
  570. $this->domain = $domain_match[0];
  571. }
  572. } else {
  573. $value = $this->_limit_string( $value );
  574. }
  575. if ( ! empty( $value ) ) {
  576. $data[ $key ] = $value;
  577. }
  578. }
  579. /**
  580. * Filter whether to enable in-source media discovery in Press This.
  581. *
  582. * @since 4.2.0
  583. *
  584. * @param bool $enable Whether to enable media discovery.
  585. */
  586. if ( apply_filters( 'enable_press_this_media_discovery', true ) ) {
  587. /*
  588. * If no title, _images, _embed, and _meta was passed via $_POST, fetch data from source as fallback,
  589. * making PT fully backward compatible with the older bookmarklet.
  590. */
  591. if ( empty( $_POST ) && ! empty( $data['u'] ) ) {
  592. $data = $this->source_data_fetch_fallback( $data['u'], $data );
  593. } else {
  594. foreach ( array( '_images', '_embeds' ) as $type ) {
  595. if ( empty( $_POST[ $type ] ) ) {
  596. continue;
  597. }
  598. $data[ $type ] = array();
  599. $items = $this->_limit_array( $_POST[ $type ] );
  600. foreach ( $items as $key => $value ) {
  601. if ( $type === '_images' ) {
  602. $value = $this->_limit_img( wp_unslash( $value ) );
  603. } else {
  604. $value = $this->_limit_embed( wp_unslash( $value ) );
  605. }
  606. if ( ! empty( $value ) ) {
  607. $data[ $type ][] = $value;
  608. }
  609. }
  610. }
  611. foreach ( array( '_meta', '_links' ) as $type ) {
  612. if ( empty( $_POST[ $type ] ) ) {
  613. continue;
  614. }
  615. $data[ $type ] = array();
  616. $items = $this->_limit_array( $_POST[ $type ] );
  617. foreach ( $items as $key => $value ) {
  618. // Sanity check. These are associative arrays, $key is usually things like 'title', 'description', 'keywords', etc.
  619. if ( empty( $key ) || strlen( $key ) > 100 ) {
  620. continue;
  621. }
  622. if ( $type === '_meta' ) {
  623. $value = $this->_limit_string( wp_unslash( $value ) );
  624. if ( ! empty( $value ) ) {
  625. $data = $this->_process_meta_entry( $key, $value, $data );
  626. }
  627. } else {
  628. if ( in_array( $key, array( 'canonical', 'shortlink', 'icon' ), true ) ) {
  629. $data[ $type ][ $key ] = $this->_limit_url( wp_unslash( $value ) );
  630. }
  631. }
  632. }
  633. }
  634. }
  635. // Support passing a single image src as `i`
  636. if ( ! empty( $_REQUEST['i'] ) && ( $img_src = $this->_limit_img( wp_unslash( $_REQUEST['i'] ) ) ) ) {
  637. if ( empty( $data['_images'] ) ) {
  638. $data['_images'] = array( $img_src );
  639. } elseif ( ! in_array( $img_src, $data['_images'], true ) ) {
  640. array_unshift( $data['_images'], $img_src );
  641. }
  642. }
  643. }
  644. /**
  645. * Filter the Press This data array.
  646. *
  647. * @since 4.2.0
  648. *
  649. * @param array $data Press This Data array.
  650. */
  651. return apply_filters( 'press_this_data', $data );
  652. }
  653. /**
  654. * Adds another stylesheet inside TinyMCE.
  655. *
  656. * @since 4.2.0
  657. * @access public
  658. *
  659. * @param string $styles URL to editor stylesheet.
  660. * @return string Possibly modified stylesheets list.
  661. */
  662. public function add_editor_style( $styles ) {
  663. if ( ! empty( $styles ) ) {
  664. $styles .= ',';
  665. }
  666. $press_this = admin_url( 'css/press-this-editor.css' );
  667. if ( is_rtl() ) {
  668. $press_this = str_replace( '.css', '-rtl.css', $press_this );
  669. }
  670. $open_sans_font_url = '';
  671. /* translators: If there are characters in your language that are not supported
  672. * by Open Sans, translate this to 'off'. Do not translate into your own language.
  673. */
  674. if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) {
  675. $subsets = 'latin,latin-ext';
  676. /* translators: To add an additional Open Sans character subset specific to your language,
  677. * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language.
  678. */
  679. $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' );
  680. if ( 'cyrillic' == $subset ) {
  681. $subsets .= ',cyrillic,cyrillic-ext';
  682. } elseif ( 'greek' == $subset ) {
  683. $subsets .= ',greek,greek-ext';
  684. } elseif ( 'vietnamese' == $subset ) {
  685. $subsets .= ',vietnamese';
  686. }
  687. $query_args = array(
  688. 'family' => urlencode( 'Open Sans:400italic,700italic,400,600,700' ),
  689. 'subset' => urlencode( $subsets ),
  690. );
  691. $open_sans_font_url = ',' . add_query_arg( $query_args, 'https://fonts.googleapis.com/css' );
  692. }
  693. return $styles . $press_this . $open_sans_font_url;
  694. }
  695. /**
  696. * Outputs the post format selection HTML.
  697. *
  698. * @since 4.2.0
  699. * @access public
  700. *
  701. * @param WP_Post $post Post object.
  702. */
  703. public function post_formats_html( $post ) {
  704. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) ) {
  705. $post_formats = get_theme_support( 'post-formats' );
  706. if ( is_array( $post_formats[0] ) ) {
  707. $post_format = get_post_format( $post->ID );
  708. if ( ! $post_format ) {
  709. $post_format = '0';
  710. }
  711. // Add in the current one if it isn't there yet, in case the current theme doesn't support it.
  712. if ( $post_format && ! in_array( $post_format, $post_formats[0] ) ) {
  713. $post_formats[0][] = $post_format;
  714. }
  715. ?>
  716. <div id="post-formats-select">
  717. <fieldset><legend class="screen-reader-text"><?php _e( 'Post Formats' ); ?></legend>
  718. <input type="radio" name="post_format" class="post-format" id="post-format-0" value="0" <?php checked( $post_format, '0' ); ?> />
  719. <label for="post-format-0" class="post-format-icon post-format-standard"><?php echo get_post_format_string( 'standard' ); ?></label>
  720. <?php
  721. foreach ( $post_formats[0] as $format ) {
  722. $attr_format = esc_attr( $format );
  723. ?>
  724. <br />
  725. <input type="radio" name="post_format" class="post-format" id="post-format-<?php echo $attr_format; ?>" value="<?php echo $attr_format; ?>" <?php checked( $post_format, $format ); ?> />
  726. <label for="post-format-<?php echo $attr_format ?>" class="post-format-icon post-format-<?php echo $attr_format; ?>"><?php echo esc_html( get_post_format_string( $format ) ); ?></label>
  727. <?php
  728. }
  729. ?>
  730. </fieldset>
  731. </div>
  732. <?php
  733. }
  734. }
  735. }
  736. /**
  737. * Outputs the categories HTML.
  738. *
  739. * @since 4.2.0
  740. * @access public
  741. *
  742. * @param WP_Post $post Post object.
  743. */
  744. public function categories_html( $post ) {
  745. $taxonomy = get_taxonomy( 'category' );
  746. if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
  747. ?>
  748. <button type="button" class="add-cat-toggle button-link" aria-expanded="false">
  749. <span class="dashicons dashicons-plus"></span><span class="screen-reader-text"><?php _e( 'Toggle add category' ); ?></span>
  750. </button>
  751. <div class="add-category is-hidden">
  752. <label class="screen-reader-text" for="new-category"><?php echo $taxonomy->labels->add_new_item; ?></label>
  753. <input type="text" id="new-category" class="add-category-name" placeholder="<?php echo esc_attr( $taxonomy->labels->new_item_name ); ?>" value="" aria-required="true">
  754. <label class="screen-reader-text" for="new-category-parent"><?php echo $taxonomy->labels->parent_item_colon; ?></label>
  755. <div class="postform-wrapper">
  756. <?php
  757. wp_dropdown_categories( array(
  758. 'taxonomy' => 'category',
  759. 'hide_empty' => 0,
  760. 'name' => 'new-category-parent',
  761. 'orderby' => 'name',
  762. 'hierarchical' => 1,
  763. 'show_option_none' => '&mdash; ' . $taxonomy->labels->parent_item . ' &mdash;'
  764. ) );
  765. ?>
  766. </div>
  767. <button type="button" class="add-cat-submit"><?php _e( 'Add' ); ?></button>
  768. </div>
  769. <?php
  770. }
  771. ?>
  772. <div class="categories-search-wrapper">
  773. <input id="categories-search" type="search" class="categories-search" placeholder="<?php esc_attr_e( 'Search categories by name' ) ?>">
  774. <label for="categories-search">
  775. <span class="dashicons dashicons-search"></span><span class="screen-reader-text"><?php _e( 'Search categories' ); ?></span>
  776. </label>
  777. </div>
  778. <div aria-label="<?php esc_attr_e( 'Categories' ); ?>">
  779. <ul class="categories-select">
  780. <?php wp_terms_checklist( $post->ID, array( 'taxonomy' => 'category', 'list_only' => true ) ); ?>
  781. </ul>
  782. </div>
  783. <?php
  784. }
  785. /**
  786. * Outputs the tags HTML.
  787. *
  788. * @since 4.2.0
  789. * @access public
  790. *
  791. * @param WP_Post $post Post object.
  792. */
  793. public function tags_html( $post ) {
  794. $taxonomy = get_taxonomy( 'post_tag' );
  795. $user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms );
  796. $esc_tags = get_terms_to_edit( $post->ID, 'post_tag' );
  797. if ( ! $esc_tags || is_wp_error( $esc_tags ) ) {
  798. $esc_tags = '';
  799. }
  800. ?>
  801. <div class="tagsdiv" id="post_tag">
  802. <div class="jaxtag">
  803. <input type="hidden" name="tax_input[post_tag]" class="the-tags" value="<?php echo $esc_tags; // escaped in get_terms_to_edit() ?>">
  804. <?php
  805. if ( $user_can_assign_terms ) {
  806. ?>
  807. <div class="ajaxtag hide-if-no-js">
  808. <label class="screen-reader-text" for="new-tag-post_tag"><?php _e( 'Tags' ); ?></label>
  809. <p>
  810. <input type="text" id="new-tag-post_tag" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="" aria-describedby="new-tag-desc" />
  811. <button type="button" class="tagadd"><?php _e( 'Add' ); ?></button>
  812. </p>
  813. </div>
  814. <p class="howto" id="new-tag-desc">
  815. <?php echo $taxonomy->labels->separate_items_with_commas; ?>
  816. </p>
  817. <?php
  818. }
  819. ?>
  820. </div>
  821. <div class="tagchecklist"></div>
  822. </div>
  823. <?php
  824. if ( $user_can_assign_terms ) {
  825. ?>
  826. <button type="button" class="button-link tagcloud-link" id="link-post_tag"><?php echo $taxonomy->labels->choose_from_most_used; ?></button>
  827. <?php
  828. }
  829. }
  830. /**
  831. * Get a list of embeds with no duplicates.
  832. *
  833. * @since 4.2.0
  834. * @access public
  835. *
  836. * @param array $data The site's data.
  837. * @return array Embeds selected to be available.
  838. */
  839. public function get_embeds( $data ) {
  840. $selected_embeds = array();
  841. // Make sure to add the Pressed page if it's a valid oembed itself
  842. if ( ! empty ( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) {
  843. $data['_embeds'][] = $data['u'];
  844. }
  845. if ( ! empty( $data['_embeds'] ) ) {
  846. foreach ( $data['_embeds'] as $src ) {
  847. $prot_relative_src = preg_replace( '/^https?:/', '', $src );
  848. if ( in_array( $prot_relative_src, $this->embeds ) ) {
  849. continue;
  850. }
  851. $selected_embeds[] = $src;
  852. $this->embeds[] = $prot_relative_src;
  853. }
  854. }
  855. return $selected_embeds;
  856. }
  857. /**
  858. * Get a list of images with no duplicates.
  859. *
  860. * @since 4.2.0
  861. * @access public
  862. *
  863. * @param array $data The site's data.
  864. * @return array
  865. */
  866. public function get_images( $data ) {
  867. $selected_images = array();
  868. if ( ! empty( $data['_images'] ) ) {
  869. foreach ( $data['_images'] as $src ) {
  870. if ( false !== strpos( $src, 'gravatar.com' ) ) {
  871. $src = preg_replace( '%http://[\d]+\.gravatar\.com/%', 'https://secure.gravatar.com/', $src );
  872. }
  873. $prot_relative_src = preg_replace( '/^https?:/', '', $src );
  874. if ( in_array( $prot_relative_src, $this->images ) ||
  875. ( false !== strpos( $src, 'avatar' ) && count( $this->images ) > 15 ) ) {
  876. // Skip: already selected or some type of avatar and we've already gathered more than 15 images.
  877. continue;
  878. }
  879. $selected_images[] = $src;
  880. $this->images[] = $prot_relative_src;
  881. }
  882. }
  883. return $selected_images;
  884. }
  885. /**
  886. * Gets the source page's canonical link, based on passed location and meta data.
  887. *
  888. * @since 4.2.0
  889. * @access public
  890. *
  891. * @param array $data The site's data.
  892. * @return string Discovered canonical URL, or empty
  893. */
  894. public function get_canonical_link( $data ) {
  895. $link = '';
  896. if ( ! empty( $data['_links']['canonical'] ) ) {
  897. $link = $data['_links']['canonical'];
  898. } elseif ( ! empty( $data['u'] ) ) {
  899. $link = $data['u'];
  900. } elseif ( ! empty( $data['_meta'] ) ) {
  901. if ( ! empty( $data['_meta']['twitter:url'] ) ) {
  902. $link = $data['_meta']['twitter:url'];
  903. } else if ( ! empty( $data['_meta']['og:url'] ) ) {
  904. $link = $data['_meta']['og:url'];
  905. }
  906. }
  907. if ( empty( $link ) && ! empty( $data['_links']['shortlink'] ) ) {
  908. $link = $data['_links']['shortlink'];
  909. }
  910. return $link;
  911. }
  912. /**
  913. * Gets the source page's site name, based on passed meta data.
  914. *
  915. * @since 4.2.0
  916. * @access public
  917. *
  918. * @param array $data The site's data.
  919. * @return string Discovered site name, or empty
  920. */
  921. public function get_source_site_name( $data ) {
  922. $name = '';
  923. if ( ! empty( $data['_meta'] ) ) {
  924. if ( ! empty( $data['_meta']['og:site_name'] ) ) {
  925. $name = $data['_meta']['og:site_name'];
  926. } else if ( ! empty( $data['_meta']['application-name'] ) ) {
  927. $name = $data['_meta']['application-name'];
  928. }
  929. }
  930. return $name;
  931. }
  932. /**
  933. * Gets the source page's title, based on passed title and meta data.
  934. *
  935. * @since 4.2.0
  936. * @access public
  937. *
  938. * @param array $data The site's data.
  939. * @return string Discovered page title, or empty
  940. */
  941. public function get_suggested_title( $data ) {
  942. $title = '';
  943. if ( ! empty( $data['t'] ) ) {
  944. $title = $data['t'];
  945. } elseif ( ! empty( $data['_meta'] ) ) {
  946. if ( ! empty( $data['_meta']['twitter:title'] ) ) {
  947. $title = $data['_meta']['twitter:title'];
  948. } else if ( ! empty( $data['_meta']['og:title'] ) ) {
  949. $title = $data['_meta']['og:title'];
  950. } else if ( ! empty( $data['_meta']['title'] ) ) {
  951. $title = $data['_meta']['title'];
  952. }
  953. }
  954. return $title;
  955. }
  956. /**
  957. * Gets the source page's suggested content, based on passed data (description, selection, etc).
  958. *
  959. * Features a blockquoted excerpt, as well as content attribution, if any.
  960. *
  961. * @since 4.2.0
  962. * @access public
  963. *
  964. * @param array $data The site's data.
  965. * @return string Discovered content, or empty
  966. */
  967. public function get_suggested_content( $data ) {
  968. $content = $text = '';
  969. if ( ! empty( $data['s'] ) ) {
  970. $text = $data['s'];
  971. } else if ( ! empty( $data['_meta'] ) ) {
  972. if ( ! empty( $data['_meta']['twitter:description'] ) ) {
  973. $text = $data['_meta']['twitter:description'];
  974. } else if ( ! empty( $data['_meta']['og:description'] ) ) {
  975. $text = $data['_meta']['og:description'];
  976. } else if ( ! empty( $data['_meta']['description'] ) ) {
  977. $text = $data['_meta']['description'];
  978. }
  979. // If there is an ellipsis at the end, the description is very likely auto-generated. Better to ignore it.
  980. if ( $text && substr( $text, -3 ) === '...' ) {
  981. $text = '';
  982. }
  983. }
  984. $default_html = array( 'quote' => '', 'link' => '', 'embed' => '' );
  985. if ( ! empty( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) {
  986. $default_html['embed'] = '<p>[embed]' . $data['u'] . '[/embed]</p>';
  987. if ( ! empty( $data['s'] ) ) {
  988. // If the user has selected some text, do quote it.
  989. $default_html['quote'] = '<blockquote>%1$s</blockquote>';
  990. }
  991. } else {
  992. $default_html['quote'] = '<blockquote>%1$s</blockquote>';
  993. $default_html['link'] = '<p>' . _x( 'Source:', 'Used in Press This to indicate where the content comes from.' ) .
  994. ' <em><a href="%1$s">%2$s</a></em></p>';
  995. }
  996. /**
  997. * Filter the default HTML for the Press This editor.
  998. *
  999. * @since 4.2.0
  1000. *
  1001. * @param array $default_html Associative array with two keys: 'quote' where %1$s is replaced with the site description
  1002. * or the selected content, and 'link' there %1$s is link href, %2$s is link text.
  1003. */
  1004. $default_html = apply_filters( 'press_this_suggested_html', $default_html, $data );
  1005. if ( ! empty( $default_html['embed'] ) ) {
  1006. $content .= $default_html['embed'];
  1007. }
  1008. // Wrap suggested content in the specified HTML.
  1009. if ( ! empty( $default_html['quote'] ) && $text ) {
  1010. $content .= sprintf( $default_html['quote'], $text );
  1011. }
  1012. // Add source attribution if there is one available.
  1013. if ( ! empty( $default_html['link'] ) ) {
  1014. $title = $this->get_suggested_title( $data );
  1015. $url = $this->get_canonical_link( $data );
  1016. if ( ! $title ) {
  1017. $title = $this->get_source_site_name( $data );
  1018. }
  1019. if ( $url && $title ) {
  1020. $content .= sprintf( $default_html['link'], $url, $title );
  1021. }
  1022. }
  1023. return $content;
  1024. }
  1025. /**
  1026. * Serves the app's base HTML, which in turns calls the load script.
  1027. *
  1028. * @since 4.2.0
  1029. * @access public
  1030. *
  1031. * @global WP_Locale $wp_locale
  1032. * @global string $wp_version
  1033. * @global bool $is_IE
  1034. */
  1035. public function html() {
  1036. global $wp_locale, $wp_version;
  1037. // Get data, new (POST) and old (GET).
  1038. $data = $this->merge_or_fetch_data();
  1039. $post_title = $this->get_suggested_title( $data );
  1040. $post_content = $this->get_suggested_content( $data );
  1041. // Get site settings array/data.
  1042. $site_settings = $this->site_settings();
  1043. // Pass the images and embeds
  1044. $images = $this->get_images( $data );
  1045. $embeds = $this->get_embeds( $data );
  1046. $site_data = array(
  1047. 'v' => ! empty( $data['v'] ) ? $data['v'] : '',
  1048. 'u' => ! empty( $data['u'] ) ? $data['u'] : '',
  1049. 'hasData' => ! empty( $data ),
  1050. );
  1051. if ( ! empty( $images ) ) {
  1052. $site_data['_images'] = $images;
  1053. }
  1054. if ( ! empty( $embeds ) ) {
  1055. $site_data['_embeds'] = $embeds;
  1056. }
  1057. // Add press-this-editor.css and remove theme's editor-style.css, if any.
  1058. remove_editor_styles();
  1059. add_filter( 'mce_css', array( $this, 'add_editor_style' ) );
  1060. if ( ! empty( $GLOBALS['is_IE'] ) ) {
  1061. @header( 'X-UA-Compatible: IE=edge' );
  1062. }
  1063. @header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
  1064. ?>
  1065. <!DOCTYPE html>
  1066. <!--[if IE 7]> <html class="lt-ie9 lt-ie8" <?php language_attributes(); ?>> <![endif]-->
  1067. <!--[if IE 8]> <html class="lt-ie9" <?php language_attributes(); ?>> <![endif]-->
  1068. <!--[if gt IE 8]><!--> <html <?php language_attributes(); ?>> <!--<![endif]-->
  1069. <head>
  1070. <meta http-equiv="Content-Type" content="<?php echo esc_attr( get_bloginfo( 'html_type' ) ); ?>; charset=<?php echo esc_attr( get_option( 'blog_charset' ) ); ?>" />
  1071. <meta name="viewport" content="width=device-width">
  1072. <title><?php esc_html_e( 'Press This!' ) ?></title>
  1073. <script>
  1074. window.wpPressThisData = <?php echo wp_json_encode( $site_data ); ?>;
  1075. window.wpPressThisConfig = <?php echo wp_json_encode( $site_settings ); ?>;
  1076. </script>
  1077. <script type="text/javascript">
  1078. var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
  1079. pagenow = 'press-this',
  1080. typenow = 'post',
  1081. adminpage = 'press-this-php',
  1082. thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
  1083. decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
  1084. isRtl = <?php echo (int) is_rtl(); ?>;
  1085. </script>
  1086. <?php
  1087. /*
  1088. * $post->ID is needed for the embed shortcode so we can show oEmbed previews in the editor.
  1089. * Maybe find a way without it.
  1090. */
  1091. $post = get_default_post_to_edit( 'post', true );
  1092. $post_ID = (int) $post->ID;
  1093. wp_enqueue_media( array( 'post' => $post_ID ) );
  1094. wp_enqueue_style( 'press-this' );
  1095. wp_enqueue_script( 'press-this' );
  1096. wp_enqueue_script( 'json2' );
  1097. wp_enqueue_script( 'editor' );
  1098. $supports_formats = false;
  1099. $post_format = 0;
  1100. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) ) {
  1101. $supports_formats = true;
  1102. if ( ! ( $post_format = get_post_format( $post_ID ) ) ) {
  1103. $post_format = 0;
  1104. }
  1105. }
  1106. /** This action is documented in wp-admin/admin-header.php */
  1107. do_action( 'admin_enqueue_scripts', 'press-this.php' );
  1108. /** This action is documented in wp-admin/admin-header.php */
  1109. do_action( 'admin_print_styles-press-this.php' );
  1110. /** This action is documented in wp-admin/admin-header.php */
  1111. do_action( 'admin_print_styles' );
  1112. /** This action is documented in wp-admin/admin-header.php */
  1113. do_action( 'admin_print_scripts-press-this.php' );
  1114. /** This action is documented in wp-admin/admin-header.php */
  1115. do_action( 'admin_print_scripts' );
  1116. /** This action is documented in wp-admin/admin-header.php */
  1117. do_action( 'admin_head-press-this.php' );
  1118. /** This action is documented in wp-admin/admin-header.php */
  1119. do_action( 'admin_head' );
  1120. ?>
  1121. </head>
  1122. <?php
  1123. $admin_body_class = 'press-this';
  1124. $admin_body_class .= ( is_rtl() ) ? ' rtl' : '';
  1125. $admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( $wp_version ) );
  1126. $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) );
  1127. $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' );
  1128. $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
  1129. /** This filter is documented in wp-admin/admin-header.php */
  1130. $admin_body_classes = apply_filters( 'admin_body_class', '' );
  1131. ?>
  1132. <body class="wp-admin wp-core-ui <?php echo $admin_body_classes . ' ' . $admin_body_class; ?>">
  1133. <div id="adminbar" class="adminbar">
  1134. <h1 id="current-site" class="current-site">
  1135. <a class="current-site-link" href="<?php echo esc_url( home_url( '/' ) ); ?>" target="_blank" rel="home">
  1136. <span class="dashicons dashicons-wordpress"></span>
  1137. <span class="current-site-name"><?php bloginfo( 'name' ); ?></span>
  1138. </a>
  1139. </h1>
  1140. <button type="button" class="options button-link closed">
  1141. <span class="dashicons dashicons-tag on-closed"></span>
  1142. <span class="screen-reader-text on-closed"><?php _e( 'Show post options' ); ?></span>
  1143. <span aria-hidden="true" class="on-open"><?php _e( 'Done' ); ?></span>
  1144. <span class="screen-reader-text on-open"><?php _e( 'Hide post options' ); ?></span>
  1145. </button>
  1146. </div>
  1147. <div id="scanbar" class="scan">
  1148. <form method="GET">
  1149. <label for="url-scan" class="screen-reader-text"><?php _e( 'Scan site for content' ); ?></label>
  1150. <input type="url" name="u" id="url-scan" class="scan-url" value="" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" />
  1151. <input type="submit" name="url-scan-submit" id="url-scan-submit" class="scan-submit" value="<?php esc_attr_e( 'Scan' ) ?>" />
  1152. </form>
  1153. </div>
  1154. <form id="pressthis-form" method="post" action="post.php" autocomplete="off">
  1155. <input type="hidden" name="post_ID" id="post_ID" value="<?php echo $post_ID; ?>" />
  1156. <input type="hidden" name="action" value="press-this-save-post" />
  1157. <input type="hidden" name="post_status" id="post_status" value="draft" />
  1158. <input type="hidden" name="wp-preview" id="wp-preview" value="" />
  1159. <input type="hidden" name="post_title" id="post_title" value="" />
  1160. <input type="hidden" name="pt-force-redirect" id="pt-force-redirect" value="" />
  1161. <?php
  1162. wp_nonce_field( 'update-post_' . $post_ID, '_wpnonce', false );
  1163. wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false );
  1164. ?>
  1165. <div class="wrapper">
  1166. <div class="editor-wrapper">
  1167. <div class="alerts" role="alert" aria-live="assertive" aria-relevant="all" aria-atomic="true">
  1168. <?php
  1169. if ( isset( $data['v'] ) && $this->version > $data['v'] ) {
  1170. ?>
  1171. <p class="alert is-notice">
  1172. <?php printf( __( 'You should upgrade <a href="%s" target="_blank">your bookmarklet</a> to the latest version!' ), admin_url( 'tools.php' ) ); ?>
  1173. </p>
  1174. <?php
  1175. }
  1176. ?>
  1177. </div>
  1178. <div id="app-container" class="editor">
  1179. <span id="title-container-label" class="post-title-placeholder" aria-hidden="true"><?php _e( 'Post title' ); ?></span>
  1180. <h2 id="title-container" class="post-title" contenteditable="true" spellcheck="true" aria-label="<?php esc_attr_e( 'Post title' ); ?>" tabindex="0"><?php echo esc_html( $post_title ); ?></h2>
  1181. <div class="media-list-container">
  1182. <div class="media-list-inner-container">
  1183. <h2 class="screen-reader-text"><?php _e( 'Suggested media' ); ?></h2>
  1184. <ul class="media-list"></ul>
  1185. </div>
  1186. </div>
  1187. <?php
  1188. wp_editor( $post_content, 'pressthis', array(
  1189. 'drag_drop_upload' => true,
  1190. 'editor_height' => 600,
  1191. 'media_buttons' => false,
  1192. 'textarea_name' => 'post_content',
  1193. 'teeny' => true,
  1194. 'tinymce' => array(
  1195. 'resize' => false,
  1196. 'wordpress_adv_hidden' => false,
  1197. 'add_unload_trigger' => false,
  1198. 'statusbar' => false,
  1199. 'autoresize_min_height' => 600,
  1200. 'wp_autoresize_on' => true,
  1201. 'plugins' => 'lists,media,paste,tabfocus,fullscreen,wordpress,wpautoresize,wpeditimage,wpgallery,wplink,wptextpattern,wpview',
  1202. 'toolbar1' => 'bold,italic,bullist,numlist,blockquote,link,unlink',
  1203. 'toolbar2' => 'undo,redo',
  1204. ),
  1205. 'quicktags' => array(
  1206. 'buttons' => 'strong,em,link,block,del,ins,img,ul,ol,li,code,more',
  1207. ),
  1208. ) );
  1209. ?>
  1210. </div>
  1211. </div>
  1212. <div class="options-panel-back is-hidden" tabindex="-1"></div>
  1213. <div class="options-panel is-off-screen is-hidden" tabindex="-1">
  1214. <div class="post-options">
  1215. <?php if ( $supports_formats ) : ?>
  1216. <button type="button" class="button-link post-option">
  1217. <span class="dashicons dashicons-admin-post"></span>
  1218. <span class="post-option-title"><?php _ex( 'Format', 'post format' ); ?></span>
  1219. <span class="post-option-contents" id="post-option-post-format"><?php echo esc_html( get_post_format_string( $post_format ) ); ?></span>
  1220. <span class="dashicons post-option-forward"></span>
  1221. </button>
  1222. <?php endif; ?>
  1223. <button type="button" class="button-link post-option">
  1224. <span class="dashicons dashicons-category"></span>
  1225. <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
  1226. <span class="dashicons post-option-forward"></span>
  1227. </button>
  1228. <button type="button" class="button-link post-option">
  1229. <span class="dashicons dashicons-tag"></span>
  1230. <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
  1231. <span class="dashicons post-option-forward"></span>
  1232. </button>
  1233. </div>
  1234. <?php if ( $supports_formats ) : ?>
  1235. <div class="setting-modal is-off-screen is-hidden">
  1236. <button type="button" class="button-link modal-close">
  1237. <span class="dashicons post-option-back"></span>
  1238. <span class="setting-title" aria-hidden="true"><?php _ex( 'Format', 'post format' ); ?></span>
  1239. <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
  1240. </button>
  1241. <?php $this->post_formats_html( $post ); ?>
  1242. </div>
  1243. <?php endif; ?>
  1244. <div class="setting-modal is-off-screen is-hidden">
  1245. <button type="button" class="button-link modal-close">
  1246. <span class="dashicons post-option-back"></span>
  1247. <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
  1248. <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
  1249. </button>
  1250. <?php $this->categories_html( $post ); ?>
  1251. </div>
  1252. <div class="setting-modal tags is-off-screen is-hidden">
  1253. <button type="button" class="button-link modal-close">
  1254. <span class="dashicons post-option-back"></span>
  1255. <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
  1256. <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
  1257. </button>
  1258. <?php $this->tags_html( $post ); ?>
  1259. </div>
  1260. </div><!-- .options-panel -->
  1261. </div><!-- .wrapper -->
  1262. <div class="press-this-actions">
  1263. <div class="pressthis-media-buttons">
  1264. <button type="button" class="insert-media button-link" data-editor="pressthis">
  1265. <span class="dashicons dashicons-admin-media"></span>
  1266. <span class="screen-reader-text"><?php _e( 'Add Media' ); ?></span>
  1267. </button>
  1268. </div>
  1269. <div class="post-actions">
  1270. <span class="spinner">&nbsp;</span>
  1271. <div class="split-button">
  1272. <div class="split-button-head">
  1273. <button type="button" class="publish-button split-button-primary" aria-live="polite">
  1274. <span class="publish"><?php echo ( current_user_can( 'publish_posts' ) ) ? __( 'Publish' ) : __( 'Submit for Review' ); ?></span>
  1275. <span class="saving-draft"><?php _e( 'Saving&hellip;' ); ?></span>
  1276. </button><button type="button" class="split-button-toggle" aria-haspopup="true" aria-expanded="false">
  1277. <i class="dashicons dashicons-arrow-down-alt2"></i>
  1278. <span class="screen-reader-text"><?php _e('More actions'); ?></span>
  1279. </button>
  1280. </div>
  1281. <ul class="split-button-body">
  1282. <li><button type="button" class="button-link draft-button split-button-option"><?php _e( 'Save Draft' ); ?></button></li>
  1283. <li><button type="button" class="button-link standard-editor-button split-button-option"><?php _e( 'Standard Editor' ); ?></button></li>
  1284. <li><button type="button" class="button-link preview-button split-button-option"><?php _e( 'Preview' ); ?></button></li>
  1285. </ul>
  1286. </div>
  1287. </div>
  1288. </div>
  1289. </form>
  1290. <?php
  1291. /** This action is documented in wp-admin/admin-footer.php */
  1292. do_action( 'admin_footer' );
  1293. /** This action is documented in wp-admin/admin-footer.php */
  1294. do_action( 'admin_print_footer_scripts' );
  1295. /** This action is documented in wp-admin/admin-footer.php */
  1296. do_action( 'admin_footer-press-this.php' );
  1297. ?>
  1298. </body>
  1299. </html>
  1300. <?php
  1301. die();
  1302. }
  1303. }
  1304. /**
  1305. *
  1306. * @global WP_Press_This $wp_press_this
  1307. */
  1308. $GLOBALS['wp_press_this'] = new WP_Press_This;