PageRenderTime 62ms CodeModel.GetById 25ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-admin/includes/post.php

https://bitbucket.org/Wallynm/iptb
PHP | 1340 lines | 800 code | 216 blank | 324 comment | 263 complexity | 75c9b6edb6d3e4f410457375d63d4a2d MD5 | raw file
Possible License(s): LGPL-2.1, AGPL-1.0, GPL-2.0, GPL-3.0
  1. <?php
  2. /**
  3. * WordPress Post Administration API.
  4. *
  5. * @package WordPress
  6. * @subpackage Administration
  7. */
  8. /**
  9. * Rename $_POST data from form names to DB post columns.
  10. *
  11. * Manipulates $_POST directly.
  12. *
  13. * @package WordPress
  14. * @since 2.6.0
  15. *
  16. * @param bool $update Are we updating a pre-existing post?
  17. * @param array $post_data Array of post data. Defaults to the contents of $_POST.
  18. * @return object|bool WP_Error on failure, true on success.
  19. */
  20. function _wp_translate_postdata( $update = false, $post_data = null ) {
  21. if ( empty($post_data) )
  22. $post_data = &$_POST;
  23. if ( $update )
  24. $post_data['ID'] = (int) $post_data['post_ID'];
  25. if ( isset( $post_data['content'] ) )
  26. $post_data['post_content'] = $post_data['content'];
  27. if ( isset( $post_data['excerpt'] ) )
  28. $post_data['post_excerpt'] = $post_data['excerpt'];
  29. if ( isset( $post_data['parent_id'] ) )
  30. $post_data['post_parent'] = (int) $post_data['parent_id'];
  31. if ( isset($post_data['trackback_url']) )
  32. $post_data['to_ping'] = $post_data['trackback_url'];
  33. if ( !isset($post_data['user_ID']) )
  34. $post_data['user_ID'] = $GLOBALS['user_ID'];
  35. if (!empty ( $post_data['post_author_override'] ) ) {
  36. $post_data['post_author'] = (int) $post_data['post_author_override'];
  37. } else {
  38. if (!empty ( $post_data['post_author'] ) ) {
  39. $post_data['post_author'] = (int) $post_data['post_author'];
  40. } else {
  41. $post_data['post_author'] = (int) $post_data['user_ID'];
  42. }
  43. }
  44. $ptype = get_post_type_object( $post_data['post_type'] );
  45. if ( isset($post_data['user_ID']) && ($post_data['post_author'] != $post_data['user_ID']) ) {
  46. if ( !current_user_can( $ptype->cap->edit_others_posts ) ) {
  47. if ( 'page' == $post_data['post_type'] ) {
  48. return new WP_Error( 'edit_others_pages', $update ?
  49. __( 'You are not allowed to edit pages as this user.' ) :
  50. __( 'You are not allowed to create pages as this user.' )
  51. );
  52. } else {
  53. return new WP_Error( 'edit_others_posts', $update ?
  54. __( 'You are not allowed to edit posts as this user.' ) :
  55. __( 'You are not allowed to post as this user.' )
  56. );
  57. }
  58. }
  59. }
  60. // What to do based on which button they pressed
  61. if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] )
  62. $post_data['post_status'] = 'draft';
  63. if ( isset($post_data['saveasprivate']) && '' != $post_data['saveasprivate'] )
  64. $post_data['post_status'] = 'private';
  65. if ( isset($post_data['publish']) && ( '' != $post_data['publish'] ) && ( !isset($post_data['post_status']) || $post_data['post_status'] != 'private' ) )
  66. $post_data['post_status'] = 'publish';
  67. if ( isset($post_data['advanced']) && '' != $post_data['advanced'] )
  68. $post_data['post_status'] = 'draft';
  69. if ( isset($post_data['pending']) && '' != $post_data['pending'] )
  70. $post_data['post_status'] = 'pending';
  71. if ( isset( $post_data['ID'] ) )
  72. $post_id = $post_data['ID'];
  73. else
  74. $post_id = false;
  75. $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
  76. // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
  77. // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
  78. if ( isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can( $ptype->cap->publish_posts )) )
  79. if ( $previous_status != 'publish' || !current_user_can( 'edit_post', $post_id ) )
  80. $post_data['post_status'] = 'pending';
  81. if ( ! isset($post_data['post_status']) )
  82. $post_data['post_status'] = $previous_status;
  83. if (!isset( $post_data['comment_status'] ))
  84. $post_data['comment_status'] = 'closed';
  85. if (!isset( $post_data['ping_status'] ))
  86. $post_data['ping_status'] = 'closed';
  87. foreach ( array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
  88. if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
  89. $post_data['edit_date'] = '1';
  90. break;
  91. }
  92. }
  93. if ( !empty( $post_data['edit_date'] ) ) {
  94. $aa = $post_data['aa'];
  95. $mm = $post_data['mm'];
  96. $jj = $post_data['jj'];
  97. $hh = $post_data['hh'];
  98. $mn = $post_data['mn'];
  99. $ss = $post_data['ss'];
  100. $aa = ($aa <= 0 ) ? date('Y') : $aa;
  101. $mm = ($mm <= 0 ) ? date('n') : $mm;
  102. $jj = ($jj > 31 ) ? 31 : $jj;
  103. $jj = ($jj <= 0 ) ? date('j') : $jj;
  104. $hh = ($hh > 23 ) ? $hh -24 : $hh;
  105. $mn = ($mn > 59 ) ? $mn -60 : $mn;
  106. $ss = ($ss > 59 ) ? $ss -60 : $ss;
  107. $post_data['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
  108. $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
  109. }
  110. return $post_data;
  111. }
  112. /**
  113. * Update an existing post with values provided in $_POST.
  114. *
  115. * @since 1.5.0
  116. *
  117. * @param array $post_data Optional.
  118. * @return int Post ID.
  119. */
  120. function edit_post( $post_data = null ) {
  121. if ( empty($post_data) )
  122. $post_data = &$_POST;
  123. // Clear out any data in internal vars.
  124. unset( $post_data['filter'] );
  125. $post_ID = (int) $post_data['post_ID'];
  126. $post = get_post( $post_ID );
  127. $post_data['post_type'] = $post->post_type;
  128. $post_data['post_mime_type'] = $post->post_mime_type;
  129. $ptype = get_post_type_object($post_data['post_type']);
  130. if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
  131. if ( 'page' == $post_data['post_type'] )
  132. wp_die( __('You are not allowed to edit this page.' ));
  133. else
  134. wp_die( __('You are not allowed to edit this post.' ));
  135. }
  136. // Autosave shouldn't save too soon after a real save
  137. if ( 'autosave' == $post_data['action'] ) {
  138. $post =& get_post( $post_ID );
  139. $now = time();
  140. $then = strtotime($post->post_date_gmt . ' +0000');
  141. $delta = AUTOSAVE_INTERVAL / 2;
  142. if ( ($now - $then) < $delta )
  143. return $post_ID;
  144. }
  145. $post_data = _wp_translate_postdata( true, $post_data );
  146. if ( is_wp_error($post_data) )
  147. wp_die( $post_data->get_error_message() );
  148. if ( 'autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status'] )
  149. $post_data['post_status'] = 'draft';
  150. if ( isset($post_data['visibility']) ) {
  151. switch ( $post_data['visibility'] ) {
  152. case 'public' :
  153. $post_data['post_password'] = '';
  154. break;
  155. case 'password' :
  156. unset( $post_data['sticky'] );
  157. break;
  158. case 'private' :
  159. $post_data['post_status'] = 'private';
  160. $post_data['post_password'] = '';
  161. unset( $post_data['sticky'] );
  162. break;
  163. }
  164. }
  165. // Post Formats
  166. if ( isset( $post_data['post_format'] ) ) {
  167. if ( current_theme_supports( 'post-formats', $post_data['post_format'] ) )
  168. set_post_format( $post_ID, $post_data['post_format'] );
  169. elseif ( '0' == $post_data['post_format'] )
  170. set_post_format( $post_ID, false );
  171. }
  172. // Meta Stuff
  173. if ( isset($post_data['meta']) && $post_data['meta'] ) {
  174. foreach ( $post_data['meta'] as $key => $value ) {
  175. if ( !$meta = get_post_meta_by_id( $key ) )
  176. continue;
  177. if ( $meta->post_id != $post_ID )
  178. continue;
  179. if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) )
  180. continue;
  181. update_meta( $key, $value['key'], $value['value'] );
  182. }
  183. }
  184. if ( isset($post_data['deletemeta']) && $post_data['deletemeta'] ) {
  185. foreach ( $post_data['deletemeta'] as $key => $value ) {
  186. if ( !$meta = get_post_meta_by_id( $key ) )
  187. continue;
  188. if ( $meta->post_id != $post_ID )
  189. continue;
  190. if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) )
  191. continue;
  192. delete_meta( $key );
  193. }
  194. }
  195. add_meta( $post_ID );
  196. update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
  197. wp_update_post( $post_data );
  198. // Now that we have an ID we can fix any attachment anchor hrefs
  199. _fix_attachment_links( $post_ID );
  200. wp_set_post_lock( $post_ID );
  201. if ( current_user_can( $ptype->cap->edit_others_posts ) ) {
  202. if ( ! empty( $post_data['sticky'] ) )
  203. stick_post( $post_ID );
  204. else
  205. unstick_post( $post_ID );
  206. }
  207. return $post_ID;
  208. }
  209. /**
  210. * Process the post data for the bulk editing of posts.
  211. *
  212. * Updates all bulk edited posts/pages, adding (but not removing) tags and
  213. * categories. Skips pages when they would be their own parent or child.
  214. *
  215. * @since 2.7.0
  216. *
  217. * @param array $post_data Optional, the array of post data to process if not provided will use $_POST superglobal.
  218. * @return array
  219. */
  220. function bulk_edit_posts( $post_data = null ) {
  221. global $wpdb;
  222. if ( empty($post_data) )
  223. $post_data = &$_POST;
  224. if ( isset($post_data['post_type']) )
  225. $ptype = get_post_type_object($post_data['post_type']);
  226. else
  227. $ptype = get_post_type_object('post');
  228. if ( !current_user_can( $ptype->cap->edit_posts ) ) {
  229. if ( 'page' == $ptype->name )
  230. wp_die( __('You are not allowed to edit pages.'));
  231. else
  232. wp_die( __('You are not allowed to edit posts.'));
  233. }
  234. if ( -1 == $post_data['_status'] ) {
  235. $post_data['post_status'] = null;
  236. unset($post_data['post_status']);
  237. } else {
  238. $post_data['post_status'] = $post_data['_status'];
  239. }
  240. unset($post_data['_status']);
  241. $post_IDs = array_map( 'intval', (array) $post_data['post'] );
  242. $reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tax_input', 'post_category', 'sticky' );
  243. foreach ( $reset as $field ) {
  244. if ( isset($post_data[$field]) && ( '' == $post_data[$field] || -1 == $post_data[$field] ) )
  245. unset($post_data[$field]);
  246. }
  247. if ( isset($post_data['post_category']) ) {
  248. if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
  249. $new_cats = array_map( 'absint', $post_data['post_category'] );
  250. else
  251. unset($post_data['post_category']);
  252. }
  253. $tax_input = array();
  254. if ( isset($post_data['tax_input'])) {
  255. foreach ( $post_data['tax_input'] as $tax_name => $terms ) {
  256. if ( empty($terms) )
  257. continue;
  258. if ( is_taxonomy_hierarchical( $tax_name ) ) {
  259. $tax_input[$tax_name] = array_map( 'absint', $terms );
  260. } else {
  261. $tax_input[$tax_name] = preg_replace( '/\s*,\s*/', ',', rtrim( trim($terms), ' ,' ) );
  262. $tax_input[$tax_name] = explode(',', $tax_input[$tax_name]);
  263. }
  264. }
  265. }
  266. if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) {
  267. $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'");
  268. $children = array();
  269. for ( $i = 0; $i < 50 && $parent > 0; $i++ ) {
  270. $children[] = $parent;
  271. foreach ( $pages as $page ) {
  272. if ( $page->ID == $parent ) {
  273. $parent = $page->post_parent;
  274. break;
  275. }
  276. }
  277. }
  278. }
  279. if ( isset( $post_data['post_format'] ) ) {
  280. if ( '0' == $post_data['post_format'] )
  281. $post_data['post_format'] = false;
  282. // don't change the post format if it's not supported or not '0' (standard)
  283. elseif ( ! current_theme_supports( 'post-formats', $post_data['post_format'] ) )
  284. unset( $post_data['post_format'] );
  285. }
  286. $updated = $skipped = $locked = array();
  287. foreach ( $post_IDs as $post_ID ) {
  288. $post_type_object = get_post_type_object( get_post_type( $post_ID ) );
  289. if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
  290. $skipped[] = $post_ID;
  291. continue;
  292. }
  293. if ( wp_check_post_lock( $post_ID ) ) {
  294. $locked[] = $post_ID;
  295. continue;
  296. }
  297. $post = get_post( $post_ID );
  298. $tax_names = get_object_taxonomies( $post );
  299. foreach ( $tax_names as $tax_name ) {
  300. $taxonomy_obj = get_taxonomy($tax_name);
  301. if ( isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) )
  302. $new_terms = $tax_input[$tax_name];
  303. else
  304. $new_terms = array();
  305. if ( $taxonomy_obj->hierarchical )
  306. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'ids') );
  307. else
  308. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'names') );
  309. $post_data['tax_input'][$tax_name] = array_merge( $current_terms, $new_terms );
  310. }
  311. if ( isset($new_cats) && in_array( 'category', $tax_names ) ) {
  312. $cats = (array) wp_get_post_categories($post_ID);
  313. $post_data['post_category'] = array_unique( array_merge($cats, $new_cats) );
  314. unset( $post_data['tax_input']['category'] );
  315. }
  316. $post_data['post_mime_type'] = $post->post_mime_type;
  317. $post_data['guid'] = $post->guid;
  318. $post_data['ID'] = $post_ID;
  319. $updated[] = wp_update_post( $post_data );
  320. if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) {
  321. if ( 'sticky' == $post_data['sticky'] )
  322. stick_post( $post_ID );
  323. else
  324. unstick_post( $post_ID );
  325. }
  326. if ( isset( $post_data['post_format'] ) )
  327. set_post_format( $post_ID, $post_data['post_format'] );
  328. }
  329. return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
  330. }
  331. /**
  332. * Default post information to use when populating the "Write Post" form.
  333. *
  334. * @since 2.0.0
  335. *
  336. * @param string $post_type A post type string, defaults to 'post'.
  337. * @return object stdClass object containing all the default post data as attributes
  338. */
  339. function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) {
  340. global $wpdb;
  341. $post_title = '';
  342. if ( !empty( $_REQUEST['post_title'] ) )
  343. $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
  344. $post_content = '';
  345. if ( !empty( $_REQUEST['content'] ) )
  346. $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
  347. $post_excerpt = '';
  348. if ( !empty( $_REQUEST['excerpt'] ) )
  349. $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
  350. if ( $create_in_db ) {
  351. // Cleanup old auto-drafts more than 7 days old
  352. $old_posts = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_status = 'auto-draft' AND DATE_SUB( NOW(), INTERVAL 7 DAY ) > post_date" );
  353. foreach ( (array) $old_posts as $delete )
  354. wp_delete_post( $delete, true ); // Force delete
  355. $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) );
  356. $post = get_post( $post_id );
  357. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) && get_option( 'default_post_format' ) )
  358. set_post_format( $post, get_option( 'default_post_format' ) );
  359. } else {
  360. $post = new stdClass;
  361. $post->ID = 0;
  362. $post->post_author = '';
  363. $post->post_date = '';
  364. $post->post_date_gmt = '';
  365. $post->post_password = '';
  366. $post->post_type = $post_type;
  367. $post->post_status = 'draft';
  368. $post->to_ping = '';
  369. $post->pinged = '';
  370. $post->comment_status = get_option( 'default_comment_status' );
  371. $post->ping_status = get_option( 'default_ping_status' );
  372. $post->post_pingback = get_option( 'default_pingback_flag' );
  373. $post->post_category = get_option( 'default_category' );
  374. $post->page_template = 'default';
  375. $post->post_parent = 0;
  376. $post->menu_order = 0;
  377. }
  378. $post->post_content = apply_filters( 'default_content', $post_content, $post );
  379. $post->post_title = apply_filters( 'default_title', $post_title, $post );
  380. $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt, $post );
  381. $post->post_name = '';
  382. return $post;
  383. }
  384. /**
  385. * Get the default page information to use.
  386. *
  387. * @since 2.5.0
  388. *
  389. * @return object stdClass object containing all the default post data as attributes
  390. */
  391. function get_default_page_to_edit() {
  392. $page = get_default_post_to_edit();
  393. $page->post_type = 'page';
  394. return $page;
  395. }
  396. /**
  397. * Get an existing post and format it for editing.
  398. *
  399. * @since 2.0.0
  400. *
  401. * @param unknown_type $id
  402. * @return unknown
  403. */
  404. function get_post_to_edit( $id ) {
  405. $post = get_post( $id, OBJECT, 'edit' );
  406. if ( $post->post_type == 'page' )
  407. $post->page_template = get_post_meta( $id, '_wp_page_template', true );
  408. return $post;
  409. }
  410. /**
  411. * Determine if a post exists based on title, content, and date
  412. *
  413. * @since 2.0.0
  414. *
  415. * @param string $title Post title
  416. * @param string $content Optional post content
  417. * @param string $date Optional post date
  418. * @return int Post ID if post exists, 0 otherwise.
  419. */
  420. function post_exists($title, $content = '', $date = '') {
  421. global $wpdb;
  422. $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
  423. $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
  424. $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
  425. $query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
  426. $args = array();
  427. if ( !empty ( $date ) ) {
  428. $query .= ' AND post_date = %s';
  429. $args[] = $post_date;
  430. }
  431. if ( !empty ( $title ) ) {
  432. $query .= ' AND post_title = %s';
  433. $args[] = $post_title;
  434. }
  435. if ( !empty ( $content ) ) {
  436. $query .= 'AND post_content = %s';
  437. $args[] = $post_content;
  438. }
  439. if ( !empty ( $args ) )
  440. return $wpdb->get_var( $wpdb->prepare($query, $args) );
  441. return 0;
  442. }
  443. /**
  444. * Creates a new post from the "Write Post" form using $_POST information.
  445. *
  446. * @since 2.1.0
  447. *
  448. * @return unknown
  449. */
  450. function wp_write_post() {
  451. global $user_ID;
  452. if ( isset($_POST['post_type']) )
  453. $ptype = get_post_type_object($_POST['post_type']);
  454. else
  455. $ptype = get_post_type_object('post');
  456. if ( !current_user_can( $ptype->cap->edit_posts ) ) {
  457. if ( 'page' == $ptype->name )
  458. return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this site.' ) );
  459. else
  460. return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this site.' ) );
  461. }
  462. $_POST['post_mime_type'] = '';
  463. // Clear out any data in internal vars.
  464. unset( $_POST['filter'] );
  465. // Edit don't write if we have a post id.
  466. if ( isset( $_POST['post_ID'] ) )
  467. return edit_post();
  468. $translated = _wp_translate_postdata( false );
  469. if ( is_wp_error($translated) )
  470. return $translated;
  471. if ( isset($_POST['visibility']) ) {
  472. switch ( $_POST['visibility'] ) {
  473. case 'public' :
  474. $_POST['post_password'] = '';
  475. break;
  476. case 'password' :
  477. unset( $_POST['sticky'] );
  478. break;
  479. case 'private' :
  480. $_POST['post_status'] = 'private';
  481. $_POST['post_password'] = '';
  482. unset( $_POST['sticky'] );
  483. break;
  484. }
  485. }
  486. // Create the post.
  487. $post_ID = wp_insert_post( $_POST );
  488. if ( is_wp_error( $post_ID ) )
  489. return $post_ID;
  490. if ( empty($post_ID) )
  491. return 0;
  492. add_meta( $post_ID );
  493. add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
  494. // Now that we have an ID we can fix any attachment anchor hrefs
  495. _fix_attachment_links( $post_ID );
  496. wp_set_post_lock( $post_ID );
  497. return $post_ID;
  498. }
  499. /**
  500. * Calls wp_write_post() and handles the errors.
  501. *
  502. * @since 2.0.0
  503. * @uses wp_write_post()
  504. * @uses is_wp_error()
  505. * @uses wp_die()
  506. * @return unknown
  507. */
  508. function write_post() {
  509. $result = wp_write_post();
  510. if ( is_wp_error( $result ) )
  511. wp_die( $result->get_error_message() );
  512. else
  513. return $result;
  514. }
  515. //
  516. // Post Meta
  517. //
  518. /**
  519. * {@internal Missing Short Description}}
  520. *
  521. * @since 1.2.0
  522. *
  523. * @param unknown_type $post_ID
  524. * @return unknown
  525. */
  526. function add_meta( $post_ID ) {
  527. global $wpdb;
  528. $post_ID = (int) $post_ID;
  529. $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
  530. $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
  531. $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
  532. if ( is_string( $metavalue ) )
  533. $metavalue = trim( $metavalue );
  534. if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( ( ( '#NONE#' != $metakeyselect ) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput ) ) ) {
  535. // We have a key/value pair. If both the select and the
  536. // input for the key have data, the input takes precedence:
  537. if ( '#NONE#' != $metakeyselect )
  538. $metakey = $metakeyselect;
  539. if ( $metakeyinput )
  540. $metakey = $metakeyinput; // default
  541. if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
  542. return false;
  543. $metakey = esc_sql( $metakey );
  544. return add_post_meta( $post_ID, $metakey, $metavalue );
  545. }
  546. return false;
  547. } // add_meta
  548. /**
  549. * {@internal Missing Short Description}}
  550. *
  551. * @since 1.2.0
  552. *
  553. * @param unknown_type $mid
  554. * @return unknown
  555. */
  556. function delete_meta( $mid ) {
  557. return delete_metadata_by_mid( 'post' , $mid );
  558. }
  559. /**
  560. * Get a list of previously defined keys.
  561. *
  562. * @since 1.2.0
  563. *
  564. * @return unknown
  565. */
  566. function get_meta_keys() {
  567. global $wpdb;
  568. $keys = $wpdb->get_col( "
  569. SELECT meta_key
  570. FROM $wpdb->postmeta
  571. GROUP BY meta_key
  572. ORDER BY meta_key" );
  573. return $keys;
  574. }
  575. /**
  576. * {@internal Missing Short Description}}
  577. *
  578. * @since 2.1.0
  579. *
  580. * @param unknown_type $mid
  581. * @return unknown
  582. */
  583. function get_post_meta_by_id( $mid ) {
  584. return get_metadata_by_mid( 'post', $mid );
  585. }
  586. /**
  587. * {@internal Missing Short Description}}
  588. *
  589. * Some postmeta stuff.
  590. *
  591. * @since 1.2.0
  592. *
  593. * @param unknown_type $postid
  594. * @return unknown
  595. */
  596. function has_meta( $postid ) {
  597. global $wpdb;
  598. return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
  599. FROM $wpdb->postmeta WHERE post_id = %d
  600. ORDER BY meta_key,meta_id", $postid), ARRAY_A );
  601. }
  602. /**
  603. * {@internal Missing Short Description}}
  604. *
  605. * @since 1.2.0
  606. *
  607. * @param unknown_type $meta_id
  608. * @param unknown_type $meta_key Expect Slashed
  609. * @param unknown_type $meta_value Expect Slashed
  610. * @return unknown
  611. */
  612. function update_meta( $meta_id, $meta_key, $meta_value ) {
  613. $meta_key = stripslashes( $meta_key );
  614. $meta_value = stripslashes_deep( $meta_value );
  615. return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
  616. }
  617. //
  618. // Private
  619. //
  620. /**
  621. * Replace hrefs of attachment anchors with up-to-date permalinks.
  622. *
  623. * @since 2.3.0
  624. * @access private
  625. *
  626. * @param unknown_type $post_ID
  627. * @return unknown
  628. */
  629. function _fix_attachment_links( $post_ID ) {
  630. global $_fix_attachment_link_id;
  631. $post = & get_post( $post_ID, ARRAY_A );
  632. $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
  633. // See if we have any rel="attachment" links
  634. if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) )
  635. return;
  636. $i = 0;
  637. $search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i";
  638. foreach ( $anchor_matches[0] as $anchor ) {
  639. if ( 0 == preg_match( $search, $anchor, $id_matches ) )
  640. continue;
  641. $id = (int) $id_matches[3];
  642. // While we have the attachment ID, let's adopt any orphans.
  643. $attachment = & get_post( $id, ARRAY_A );
  644. if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) {
  645. $attachment['post_parent'] = $post_ID;
  646. // Escape data pulled from DB.
  647. $attachment = add_magic_quotes( $attachment );
  648. wp_update_post( $attachment );
  649. }
  650. $post_search[$i] = $anchor;
  651. $_fix_attachment_link_id = $id;
  652. $post_replace[$i] = preg_replace_callback( "#href=(\"|')[^'\"]*\\1#", '_fix_attachment_links_replace_cb', $anchor );
  653. ++$i;
  654. }
  655. $post['post_content'] = str_replace( $post_search, $post_replace, $post['post_content'] );
  656. // Escape data pulled from DB.
  657. $post = add_magic_quotes( $post);
  658. return wp_update_post( $post);
  659. }
  660. function _fix_attachment_links_replace_cb($match) {
  661. global $_fix_attachment_link_id;
  662. return stripslashes( 'href='.$match[1] ).get_attachment_link( $_fix_attachment_link_id ).stripslashes( $match[1] );
  663. }
  664. /**
  665. * Move child posts to a new parent.
  666. *
  667. * @since 2.3.0
  668. * @access private
  669. *
  670. * @param unknown_type $old_ID
  671. * @param unknown_type $new_ID
  672. * @return unknown
  673. */
  674. function _relocate_children( $old_ID, $new_ID ) {
  675. global $wpdb;
  676. $old_ID = (int) $old_ID;
  677. $new_ID = (int) $new_ID;
  678. $children = $wpdb->get_col( $wpdb->prepare("
  679. SELECT post_id
  680. FROM $wpdb->postmeta
  681. WHERE meta_key = '_wp_attachment_temp_parent'
  682. AND meta_value = %d", $old_ID) );
  683. foreach ( $children as $child_id ) {
  684. $wpdb->update($wpdb->posts, array('post_parent' => $new_ID), array('ID' => $child_id) );
  685. delete_post_meta($child_id, '_wp_attachment_temp_parent');
  686. }
  687. }
  688. /**
  689. * Get all the possible statuses for a post_type
  690. *
  691. * @since 2.5.0
  692. *
  693. * @param string $type The post_type you want the statuses for
  694. * @return array As array of all the statuses for the supplied post type
  695. */
  696. function get_available_post_statuses($type = 'post') {
  697. $stati = wp_count_posts($type);
  698. return array_keys(get_object_vars($stati));
  699. }
  700. /**
  701. * Run the wp query to fetch the posts for listing on the edit posts page
  702. *
  703. * @since 2.5.0
  704. *
  705. * @param array|bool $q Array of query variables to use to build the query or false to use $_GET superglobal.
  706. * @return array
  707. */
  708. function wp_edit_posts_query( $q = false ) {
  709. if ( false === $q )
  710. $q = $_GET;
  711. $q['m'] = isset($q['m']) ? (int) $q['m'] : 0;
  712. $q['cat'] = isset($q['cat']) ? (int) $q['cat'] : 0;
  713. $post_stati = get_post_stati();
  714. if ( isset($q['post_type']) && in_array( $q['post_type'], get_post_types() ) )
  715. $post_type = $q['post_type'];
  716. else
  717. $post_type = 'post';
  718. $avail_post_stati = get_available_post_statuses($post_type);
  719. if ( isset($q['post_status']) && in_array( $q['post_status'], $post_stati ) ) {
  720. $post_status = $q['post_status'];
  721. $perm = 'readable';
  722. }
  723. if ( isset($q['orderby']) )
  724. $orderby = $q['orderby'];
  725. elseif ( isset($q['post_status']) && in_array($q['post_status'], array('pending', 'draft')) )
  726. $orderby = 'modified';
  727. if ( isset($q['order']) )
  728. $order = $q['order'];
  729. elseif ( isset($q['post_status']) && 'pending' == $q['post_status'] )
  730. $order = 'ASC';
  731. $per_page = 'edit_' . $post_type . '_per_page';
  732. $posts_per_page = (int) get_user_option( $per_page );
  733. if ( empty( $posts_per_page ) || $posts_per_page < 1 )
  734. $posts_per_page = 20;
  735. $posts_per_page = apply_filters( $per_page, $posts_per_page );
  736. $posts_per_page = apply_filters( 'edit_posts_per_page', $posts_per_page, $post_type );
  737. $query = compact('post_type', 'post_status', 'perm', 'order', 'orderby', 'posts_per_page');
  738. // Hierarchical types require special args.
  739. if ( is_post_type_hierarchical( $post_type ) && !isset($orderby) ) {
  740. $query['orderby'] = 'menu_order title';
  741. $query['order'] = 'asc';
  742. $query['posts_per_page'] = -1;
  743. $query['posts_per_archive_page'] = -1;
  744. }
  745. if ( ! empty( $q['show_sticky'] ) )
  746. $query['post__in'] = (array) get_option( 'sticky_posts' );
  747. wp( $query );
  748. return $avail_post_stati;
  749. }
  750. /**
  751. * Get default post mime types
  752. *
  753. * @since 2.9.0
  754. *
  755. * @return array
  756. */
  757. function get_post_mime_types() {
  758. $post_mime_types = array( // array( adj, noun )
  759. 'image' => array(__('Images'), __('Manage Images'), _n_noop('Image <span class="count">(%s)</span>', 'Images <span class="count">(%s)</span>')),
  760. 'audio' => array(__('Audio'), __('Manage Audio'), _n_noop('Audio <span class="count">(%s)</span>', 'Audio <span class="count">(%s)</span>')),
  761. 'video' => array(__('Video'), __('Manage Video'), _n_noop('Video <span class="count">(%s)</span>', 'Video <span class="count">(%s)</span>')),
  762. );
  763. return apply_filters('post_mime_types', $post_mime_types);
  764. }
  765. /**
  766. * {@internal Missing Short Description}}
  767. *
  768. * @since 2.5.0
  769. *
  770. * @param unknown_type $type
  771. * @return unknown
  772. */
  773. function get_available_post_mime_types($type = 'attachment') {
  774. global $wpdb;
  775. $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type));
  776. return $types;
  777. }
  778. /**
  779. * {@internal Missing Short Description}}
  780. *
  781. * @since 2.5.0
  782. *
  783. * @param unknown_type $q
  784. * @return unknown
  785. */
  786. function wp_edit_attachments_query( $q = false ) {
  787. if ( false === $q )
  788. $q = $_GET;
  789. $q['m'] = isset( $q['m'] ) ? (int) $q['m'] : 0;
  790. $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
  791. $q['post_type'] = 'attachment';
  792. $post_type = get_post_type_object( 'attachment' );
  793. $states = 'inherit';
  794. if ( current_user_can( $post_type->cap->read_private_posts ) )
  795. $states .= ',private';
  796. $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
  797. $media_per_page = (int) get_user_option( 'upload_per_page' );
  798. if ( empty( $media_per_page ) || $media_per_page < 1 )
  799. $media_per_page = 20;
  800. $q['posts_per_page'] = apply_filters( 'upload_per_page', $media_per_page );
  801. $post_mime_types = get_post_mime_types();
  802. $avail_post_mime_types = get_available_post_mime_types('attachment');
  803. if ( isset($q['post_mime_type']) && !array_intersect( (array) $q['post_mime_type'], array_keys($post_mime_types) ) )
  804. unset($q['post_mime_type']);
  805. if ( isset($q['detached']) )
  806. add_filter('posts_where', '_edit_attachments_query_helper');
  807. wp( $q );
  808. if ( isset($q['detached']) )
  809. remove_filter('posts_where', '_edit_attachments_query_helper');
  810. return array($post_mime_types, $avail_post_mime_types);
  811. }
  812. function _edit_attachments_query_helper($where) {
  813. return $where .= ' AND post_parent < 1';
  814. }
  815. /**
  816. * Returns the list of classes to be used by a metabox
  817. *
  818. * @uses get_user_option()
  819. * @since 2.5.0
  820. *
  821. * @param unknown_type $id
  822. * @param unknown_type $page
  823. * @return unknown
  824. */
  825. function postbox_classes( $id, $page ) {
  826. if ( isset( $_GET['edit'] ) && $_GET['edit'] == $id ) {
  827. $classes = array( '' );
  828. } elseif ( $closed = get_user_option('closedpostboxes_'.$page ) ) {
  829. if ( !is_array( $closed ) ) {
  830. $classes = array( '' );
  831. } else {
  832. $classes = in_array( $id, $closed ) ? array( 'closed' ) : array( '' );
  833. }
  834. } else {
  835. $classes = array( '' );
  836. }
  837. $classes = apply_filters( "postbox_classes_{$page}_{$id}", $classes );
  838. return implode( ' ', $classes );
  839. }
  840. /**
  841. * {@internal Missing Short Description}}
  842. *
  843. * @since 2.5.0
  844. *
  845. * @param int|object $id Post ID or post object.
  846. * @param string $title (optional) Title
  847. * @param string $name (optional) Name
  848. * @return array With two entries of type string
  849. */
  850. function get_sample_permalink($id, $title = null, $name = null) {
  851. $post = &get_post($id);
  852. if ( !$post->ID )
  853. return array('', '');
  854. $ptype = get_post_type_object($post->post_type);
  855. $original_status = $post->post_status;
  856. $original_date = $post->post_date;
  857. $original_name = $post->post_name;
  858. // Hack: get_permalink would return ugly permalink for
  859. // drafts, so we will fake, that our post is published
  860. if ( in_array($post->post_status, array('draft', 'pending')) ) {
  861. $post->post_status = 'publish';
  862. $post->post_name = sanitize_title($post->post_name ? $post->post_name : $post->post_title, $post->ID);
  863. }
  864. // If the user wants to set a new name -- override the current one
  865. // Note: if empty name is supplied -- use the title instead, see #6072
  866. if ( !is_null($name) )
  867. $post->post_name = sanitize_title($name ? $name : $title, $post->ID);
  868. $post->post_name = wp_unique_post_slug($post->post_name, $post->ID, $post->post_status, $post->post_type, $post->post_parent);
  869. $post->filter = 'sample';
  870. $permalink = get_permalink($post, true);
  871. // Replace custom post_type Token with generic pagename token for ease of use.
  872. $permalink = str_replace("%$post->post_type%", '%pagename%', $permalink);
  873. // Handle page hierarchy
  874. if ( $ptype->hierarchical ) {
  875. $uri = get_page_uri($post);
  876. $uri = untrailingslashit($uri);
  877. $uri = strrev( stristr( strrev( $uri ), '/' ) );
  878. $uri = untrailingslashit($uri);
  879. $uri = apply_filters( 'editable_slug', $uri );
  880. if ( !empty($uri) )
  881. $uri .= '/';
  882. $permalink = str_replace('%pagename%', "{$uri}%pagename%", $permalink);
  883. }
  884. $permalink = array($permalink, apply_filters('editable_slug', $post->post_name));
  885. $post->post_status = $original_status;
  886. $post->post_date = $original_date;
  887. $post->post_name = $original_name;
  888. unset($post->filter);
  889. return $permalink;
  890. }
  891. /**
  892. * sample permalink html
  893. *
  894. * intended to be used for the inplace editor of the permalink post slug on in the post (and page?) editor.
  895. *
  896. * @since 2.5.0
  897. *
  898. * @param int|object $id Post ID or post object.
  899. * @param string $new_title (optional) New title
  900. * @param string $new_slug (optional) New slug
  901. * @return string intended to be used for the inplace editor of the permalink post slug on in the post (and page?) editor.
  902. */
  903. function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
  904. global $wpdb;
  905. $post = &get_post($id);
  906. list($permalink, $post_name) = get_sample_permalink($post->ID, $new_title, $new_slug);
  907. if ( 'publish' == $post->post_status ) {
  908. $ptype = get_post_type_object($post->post_type);
  909. $view_post = $ptype->labels->view_item;
  910. $title = __('Click to edit this part of the permalink');
  911. } else {
  912. $title = __('Temporary permalink. Click to edit this part.');
  913. }
  914. if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
  915. $return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink">' . $permalink . "</span>\n";
  916. if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) )
  917. $return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
  918. if ( isset($view_post) )
  919. $return .= "<span id='view-post-btn'><a href='$permalink' class='button' target='_blank'>$view_post</a></span>\n";
  920. $return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
  921. return $return;
  922. }
  923. if ( function_exists('mb_strlen') ) {
  924. if ( mb_strlen($post_name) > 30 ) {
  925. $post_name_abridged = mb_substr($post_name, 0, 14). '&hellip;' . mb_substr($post_name, -14);
  926. } else {
  927. $post_name_abridged = $post_name;
  928. }
  929. } else {
  930. if ( strlen($post_name) > 30 ) {
  931. $post_name_abridged = substr($post_name, 0, 14). '&hellip;' . substr($post_name, -14);
  932. } else {
  933. $post_name_abridged = $post_name;
  934. }
  935. }
  936. $post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>';
  937. $display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink);
  938. $view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink);
  939. $return = '<strong>' . __('Permalink:') . "</strong>\n";
  940. $return .= '<span id="sample-permalink">' . $display_link . "</span>\n";
  941. $return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
  942. $return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
  943. $return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
  944. if ( isset($view_post) )
  945. $return .= "<span id='view-post-btn'><a href='$view_link' class='button' target='_blank'>$view_post</a></span>\n";
  946. $return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
  947. return $return;
  948. }
  949. /**
  950. * Output HTML for the post thumbnail meta-box.
  951. *
  952. * @since 2.9.0
  953. *
  954. * @param int $thumbnail_id ID of the attachment used for thumbnail
  955. * @return string html
  956. */
  957. function _wp_post_thumbnail_html( $thumbnail_id = NULL ) {
  958. global $content_width, $_wp_additional_image_sizes, $post_ID;
  959. $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="' . esc_url( get_upload_iframe_src('image') ) . '" id="set-post-thumbnail" class="thickbox">%s</a></p>';
  960. $content = sprintf($set_thumbnail_link, esc_html__( 'Set featured image' ));
  961. if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
  962. $old_content_width = $content_width;
  963. $content_width = 266;
  964. if ( !isset( $_wp_additional_image_sizes['post-thumbnail'] ) )
  965. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, array( $content_width, $content_width ) );
  966. else
  967. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'post-thumbnail' );
  968. if ( !empty( $thumbnail_html ) ) {
  969. $ajax_nonce = wp_create_nonce( "set_post_thumbnail-$post_ID" );
  970. $content = sprintf($set_thumbnail_link, $thumbnail_html);
  971. $content .= '<p class="hide-if-no-js"><a href="#" id="remove-post-thumbnail" onclick="WPRemoveThumbnail(\'' . $ajax_nonce . '\');return false;">' . esc_html__( 'Remove featured image' ) . '</a></p>';
  972. }
  973. $content_width = $old_content_width;
  974. }
  975. return apply_filters( 'admin_post_thumbnail_html', $content );
  976. }
  977. /**
  978. * Check to see if the post is currently being edited by another user.
  979. *
  980. * @since 2.5.0
  981. *
  982. * @param int $post_id ID of the post to check for editing
  983. * @return bool|int False: not locked or locked by current user. Int: user ID of user with lock.
  984. */
  985. function wp_check_post_lock( $post_id ) {
  986. if ( !$post = get_post( $post_id ) )
  987. return false;
  988. if ( !$lock = get_post_meta( $post->ID, '_edit_lock', true ) )
  989. return false;
  990. $lock = explode( ':', $lock );
  991. $time = $lock[0];
  992. $user = isset( $lock[1] ) ? $lock[1] : get_post_meta( $post->ID, '_edit_last', true );
  993. $time_window = apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 );
  994. if ( $time && $time > time() - $time_window && $user != get_current_user_id() )
  995. return $user;
  996. return false;
  997. }
  998. /**
  999. * Mark the post as currently being edited by the current user
  1000. *
  1001. * @since 2.5.0
  1002. *
  1003. * @param int $post_id ID of the post to being edited
  1004. * @return bool|array Returns false if the post doesn't exist of there is no current user, or
  1005. * an array of the lock time and the user ID.
  1006. */
  1007. function wp_set_post_lock( $post_id ) {
  1008. if ( !$post = get_post( $post_id ) )
  1009. return false;
  1010. if ( 0 == ($user_id = get_current_user_id()) )
  1011. return false;
  1012. $now = time();
  1013. $lock = "$now:$user_id";
  1014. update_post_meta( $post->ID, '_edit_lock', $lock );
  1015. return array( $now, $user_id );
  1016. }
  1017. /**
  1018. * Outputs the notice message to say that someone else is editing this post at the moment.
  1019. *
  1020. * @since 2.8.5
  1021. * @return none
  1022. */
  1023. function _admin_notice_post_locked() {
  1024. global $post;
  1025. $lock = explode( ':', get_post_meta( $post->ID, '_edit_lock', true ) );
  1026. $user = isset( $lock[1] ) ? $lock[1] : get_post_meta( $post->ID, '_edit_last', true );
  1027. $last_user = get_userdata( $user );
  1028. $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
  1029. switch ($post->post_type) {
  1030. case 'post':
  1031. $message = __( 'Warning: %s is currently editing this post' );
  1032. break;
  1033. case 'page':
  1034. $message = __( 'Warning: %s is currently editing this page' );
  1035. break;
  1036. default:
  1037. $message = __( 'Warning: %s is currently editing this.' );
  1038. }
  1039. $message = sprintf( $message, esc_html( $last_user_name ) );
  1040. echo "<div class='error'><p>$message</p></div>";
  1041. }
  1042. /**
  1043. * Creates autosave data for the specified post from $_POST data.
  1044. *
  1045. * @package WordPress
  1046. * @subpackage Post_Revisions
  1047. * @since 2.6.0
  1048. *
  1049. * @uses _wp_translate_postdata()
  1050. * @uses _wp_post_revision_fields()
  1051. *
  1052. * @return unknown
  1053. */
  1054. function wp_create_post_autosave( $post_id ) {
  1055. $translated = _wp_translate_postdata( true );
  1056. if ( is_wp_error( $translated ) )
  1057. return $translated;
  1058. // Only store one autosave. If there is already an autosave, overwrite it.
  1059. if ( $old_autosave = wp_get_post_autosave( $post_id ) ) {
  1060. $new_autosave = _wp_post_revision_fields( $_POST, true );
  1061. $new_autosave['ID'] = $old_autosave->ID;
  1062. $new_autosave['post_author'] = get_current_user_id();
  1063. return wp_update_post( $new_autosave );
  1064. }
  1065. // _wp_put_post_revision() expects unescaped.
  1066. $_POST = stripslashes_deep($_POST);
  1067. // Otherwise create the new autosave as a special post revision
  1068. return _wp_put_post_revision( $_POST, true );
  1069. }
  1070. /**
  1071. * Save draft or manually autosave for showing preview.
  1072. *
  1073. * @package WordPress
  1074. * @since 2.7.0
  1075. *
  1076. * @uses get_post_status()
  1077. * @uses edit_post()
  1078. * @uses get_post()
  1079. * @uses current_user_can()
  1080. * @uses wp_die()
  1081. * @uses wp_create_post_autosave()
  1082. * @uses add_query_arg()
  1083. * @uses wp_create_nonce()
  1084. *
  1085. * @return str URL to redirect to show the preview
  1086. */
  1087. function post_preview() {
  1088. $post_ID = (int) $_POST['post_ID'];
  1089. $status = get_post_status( $post_ID );
  1090. if ( 'auto-draft' == $status )
  1091. wp_die( __('Preview not available. Please save as a draft first.') );
  1092. if ( isset($_POST['catslist']) )
  1093. $_POST['post_category'] = explode(",", $_POST['catslist']);
  1094. if ( isset($_POST['tags_input']) )
  1095. $_POST['tags_input'] = explode(",", $_POST['tags_input']);
  1096. if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
  1097. unset($_POST['post_category']);
  1098. $_POST['ID'] = $post_ID;
  1099. $post = get_post($post_ID);
  1100. if ( 'page' == $post->post_type ) {
  1101. if ( !current_user_can('edit_page', $post_ID) )
  1102. wp_die(__('You are not allowed to edit this page.'));
  1103. } else {
  1104. if ( !current_user_can('edit_post', $post_ID) )
  1105. wp_die(__('You are not allowed to edit this post.'));
  1106. }
  1107. if ( 'draft' == $post->post_status ) {
  1108. $id = edit_post();
  1109. } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
  1110. $id = wp_create_post_autosave( $post->ID );
  1111. if ( ! is_wp_error($id) )
  1112. $id = $post->ID;
  1113. }
  1114. if ( is_wp_error($id) )
  1115. wp_die( $id->get_error_message() );
  1116. if ( $_POST['post_status'] == 'draft' ) {
  1117. $url = add_query_arg( 'preview', 'true', get_permalink($id) );
  1118. } else {
  1119. $nonce = wp_create_nonce('post_preview_' . $id);
  1120. $url = add_query_arg( array( 'preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce ), get_permalink($id) );
  1121. }
  1122. return $url;
  1123. }