PageRenderTime 56ms CodeModel.GetById 18ms RepoModel.GetById 1ms app.codeStats 0ms

/htdocs/wp-admin/includes/post.php

https://bitbucket.org/dkrzos/phc
PHP | 1320 lines | 804 code | 214 blank | 302 comment | 284 complexity | d873ec53b7e975c48e2d9d9877abb692 MD5 | raw file
Possible License(s): GPL-2.0
  1. <?php
  2. /**
  3. * WordPress Post Administration API.
  4. *
  5. * @package WordPress
  6. * @subpackage Administration
  7. */
  8. /**
  9. * Rename $_POST data from form names to DB post columns.
  10. *
  11. * Manipulates $_POST directly.
  12. *
  13. * @package WordPress
  14. * @since 2.6.0
  15. *
  16. * @param bool $update Are we updating a pre-existing post?
  17. * @param array $post_data Array of post data. Defaults to the contents of $_POST.
  18. * @return object|bool WP_Error on failure, true on success.
  19. */
  20. function _wp_translate_postdata( $update = false, $post_data = null ) {
  21. if ( empty($post_data) )
  22. $post_data = &$_POST;
  23. if ( $update )
  24. $post_data['ID'] = (int) $post_data['post_ID'];
  25. $ptype = get_post_type_object( $post_data['post_type'] );
  26. if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
  27. if ( 'page' == $post_data['post_type'] )
  28. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
  29. else
  30. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
  31. } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
  32. if ( 'page' == $post_data['post_type'] )
  33. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
  34. else
  35. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
  36. }
  37. if ( isset( $post_data['content'] ) )
  38. $post_data['post_content'] = $post_data['content'];
  39. if ( isset( $post_data['excerpt'] ) )
  40. $post_data['post_excerpt'] = $post_data['excerpt'];
  41. if ( isset( $post_data['parent_id'] ) )
  42. $post_data['post_parent'] = (int) $post_data['parent_id'];
  43. if ( isset($post_data['trackback_url']) )
  44. $post_data['to_ping'] = $post_data['trackback_url'];
  45. if ( !isset($post_data['user_ID']) )
  46. $post_data['user_ID'] = $GLOBALS['user_ID'];
  47. if (!empty ( $post_data['post_author_override'] ) ) {
  48. $post_data['post_author'] = (int) $post_data['post_author_override'];
  49. } else {
  50. if (!empty ( $post_data['post_author'] ) ) {
  51. $post_data['post_author'] = (int) $post_data['post_author'];
  52. } else {
  53. $post_data['post_author'] = (int) $post_data['user_ID'];
  54. }
  55. }
  56. if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
  57. && ! current_user_can( $ptype->cap->edit_others_posts ) ) {
  58. if ( $update ) {
  59. if ( 'page' == $post_data['post_type'] )
  60. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
  61. else
  62. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
  63. } else {
  64. if ( 'page' == $post_data['post_type'] )
  65. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
  66. else
  67. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
  68. }
  69. }
  70. if ( ! empty( $post_data['post_status'] ) )
  71. $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
  72. // What to do based on which button they pressed
  73. if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] )
  74. $post_data['post_status'] = 'draft';
  75. if ( isset($post_data['saveasprivate']) && '' != $post_data['saveasprivate'] )
  76. $post_data['post_status'] = 'private';
  77. if ( isset($post_data['publish']) && ( '' != $post_data['publish'] ) && ( !isset($post_data['post_status']) || $post_data['post_status'] != 'private' ) )
  78. $post_data['post_status'] = 'publish';
  79. if ( isset($post_data['advanced']) && '' != $post_data['advanced'] )
  80. $post_data['post_status'] = 'draft';
  81. if ( isset($post_data['pending']) && '' != $post_data['pending'] )
  82. $post_data['post_status'] = 'pending';
  83. if ( isset( $post_data['ID'] ) )
  84. $post_id = $post_data['ID'];
  85. else
  86. $post_id = false;
  87. $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
  88. $published_statuses = array( 'publish', 'future' );
  89. // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
  90. // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
  91. if ( isset($post_data['post_status']) && (in_array( $post_data['post_status'], $published_statuses ) && !current_user_can( $ptype->cap->publish_posts )) )
  92. if ( ! in_array( $previous_status, $published_statuses ) || !current_user_can( 'edit_post', $post_id ) )
  93. $post_data['post_status'] = 'pending';
  94. if ( ! isset($post_data['post_status']) )
  95. $post_data['post_status'] = $previous_status;
  96. if (!isset( $post_data['comment_status'] ))
  97. $post_data['comment_status'] = 'closed';
  98. if (!isset( $post_data['ping_status'] ))
  99. $post_data['ping_status'] = 'closed';
  100. foreach ( array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
  101. if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
  102. $post_data['edit_date'] = '1';
  103. break;
  104. }
  105. }
  106. if ( !empty( $post_data['edit_date'] ) ) {
  107. $aa = $post_data['aa'];
  108. $mm = $post_data['mm'];
  109. $jj = $post_data['jj'];
  110. $hh = $post_data['hh'];
  111. $mn = $post_data['mn'];
  112. $ss = $post_data['ss'];
  113. $aa = ($aa <= 0 ) ? date('Y') : $aa;
  114. $mm = ($mm <= 0 ) ? date('n') : $mm;
  115. $jj = ($jj > 31 ) ? 31 : $jj;
  116. $jj = ($jj <= 0 ) ? date('j') : $jj;
  117. $hh = ($hh > 23 ) ? $hh -24 : $hh;
  118. $mn = ($mn > 59 ) ? $mn -60 : $mn;
  119. $ss = ($ss > 59 ) ? $ss -60 : $ss;
  120. $post_data['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
  121. $valid_date = wp_checkdate( $mm, $jj, $aa, $post_data['post_date'] );
  122. if ( !$valid_date ) {
  123. return new WP_Error( 'invalid_date', __( 'Whoops, the provided date is invalid.' ) );
  124. }
  125. $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
  126. }
  127. return $post_data;
  128. }
  129. /**
  130. * Update an existing post with values provided in $_POST.
  131. *
  132. * @since 1.5.0
  133. *
  134. * @param array $post_data Optional.
  135. * @return int Post ID.
  136. */
  137. function edit_post( $post_data = null ) {
  138. if ( empty($post_data) )
  139. $post_data = &$_POST;
  140. // Clear out any data in internal vars.
  141. unset( $post_data['filter'] );
  142. $post_ID = (int) $post_data['post_ID'];
  143. $post = get_post( $post_ID );
  144. $post_data['post_type'] = $post->post_type;
  145. $post_data['post_mime_type'] = $post->post_mime_type;
  146. $ptype = get_post_type_object($post_data['post_type']);
  147. if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
  148. if ( 'page' == $post_data['post_type'] )
  149. wp_die( __('You are not allowed to edit this page.' ));
  150. else
  151. wp_die( __('You are not allowed to edit this post.' ));
  152. }
  153. $post_data = _wp_translate_postdata( true, $post_data );
  154. if ( is_wp_error($post_data) )
  155. wp_die( $post_data->get_error_message() );
  156. if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
  157. $post_data['post_status'] = 'draft';
  158. }
  159. if ( isset($post_data['visibility']) ) {
  160. switch ( $post_data['visibility'] ) {
  161. case 'public' :
  162. $post_data['post_password'] = '';
  163. break;
  164. case 'password' :
  165. unset( $post_data['sticky'] );
  166. break;
  167. case 'private' :
  168. $post_data['post_status'] = 'private';
  169. $post_data['post_password'] = '';
  170. unset( $post_data['sticky'] );
  171. break;
  172. }
  173. }
  174. // Post Formats
  175. if ( isset( $post_data['post_format'] ) ) {
  176. if ( current_theme_supports( 'post-formats', $post_data['post_format'] ) )
  177. set_post_format( $post_ID, $post_data['post_format'] );
  178. elseif ( '0' == $post_data['post_format'] )
  179. set_post_format( $post_ID, false );
  180. }
  181. // Meta Stuff
  182. if ( isset($post_data['meta']) && $post_data['meta'] ) {
  183. foreach ( $post_data['meta'] as $key => $value ) {
  184. if ( !$meta = get_post_meta_by_id( $key ) )
  185. continue;
  186. if ( $meta->post_id != $post_ID )
  187. continue;
  188. if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) )
  189. continue;
  190. update_meta( $key, $value['key'], $value['value'] );
  191. }
  192. }
  193. if ( isset($post_data['deletemeta']) && $post_data['deletemeta'] ) {
  194. foreach ( $post_data['deletemeta'] as $key => $value ) {
  195. if ( !$meta = get_post_meta_by_id( $key ) )
  196. continue;
  197. if ( $meta->post_id != $post_ID )
  198. continue;
  199. if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) )
  200. continue;
  201. delete_meta( $key );
  202. }
  203. }
  204. // Attachment stuff
  205. if ( 'attachment' == $post_data['post_type'] ) {
  206. if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
  207. $image_alt = get_post_meta( $post_ID, '_wp_attachment_image_alt', true );
  208. if ( $image_alt != stripslashes( $post_data['_wp_attachment_image_alt'] ) ) {
  209. $image_alt = wp_strip_all_tags( stripslashes( $post_data['_wp_attachment_image_alt'] ), true );
  210. // update_meta expects slashed
  211. update_post_meta( $post_ID, '_wp_attachment_image_alt', addslashes( $image_alt ) );
  212. }
  213. }
  214. $attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
  215. $post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
  216. }
  217. add_meta( $post_ID );
  218. update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
  219. wp_update_post( $post_data );
  220. // Now that we have an ID we can fix any attachment anchor hrefs
  221. _fix_attachment_links( $post_ID );
  222. wp_set_post_lock( $post_ID );
  223. if ( current_user_can( $ptype->cap->edit_others_posts ) ) {
  224. if ( ! empty( $post_data['sticky'] ) )
  225. stick_post( $post_ID );
  226. else
  227. unstick_post( $post_ID );
  228. }
  229. return $post_ID;
  230. }
  231. /**
  232. * Process the post data for the bulk editing of posts.
  233. *
  234. * Updates all bulk edited posts/pages, adding (but not removing) tags and
  235. * categories. Skips pages when they would be their own parent or child.
  236. *
  237. * @since 2.7.0
  238. *
  239. * @param array $post_data Optional, the array of post data to process if not provided will use $_POST superglobal.
  240. * @return array
  241. */
  242. function bulk_edit_posts( $post_data = null ) {
  243. global $wpdb;
  244. if ( empty($post_data) )
  245. $post_data = &$_POST;
  246. if ( isset($post_data['post_type']) )
  247. $ptype = get_post_type_object($post_data['post_type']);
  248. else
  249. $ptype = get_post_type_object('post');
  250. if ( !current_user_can( $ptype->cap->edit_posts ) ) {
  251. if ( 'page' == $ptype->name )
  252. wp_die( __('You are not allowed to edit pages.'));
  253. else
  254. wp_die( __('You are not allowed to edit posts.'));
  255. }
  256. if ( -1 == $post_data['_status'] ) {
  257. $post_data['post_status'] = null;
  258. unset($post_data['post_status']);
  259. } else {
  260. $post_data['post_status'] = $post_data['_status'];
  261. }
  262. unset($post_data['_status']);
  263. $post_IDs = array_map( 'intval', (array) $post_data['post'] );
  264. $reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tax_input', 'post_category', 'sticky' );
  265. foreach ( $reset as $field ) {
  266. if ( isset($post_data[$field]) && ( '' == $post_data[$field] || -1 == $post_data[$field] ) )
  267. unset($post_data[$field]);
  268. }
  269. if ( isset($post_data['post_category']) ) {
  270. if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
  271. $new_cats = array_map( 'absint', $post_data['post_category'] );
  272. else
  273. unset($post_data['post_category']);
  274. }
  275. $tax_input = array();
  276. if ( isset($post_data['tax_input'])) {
  277. foreach ( $post_data['tax_input'] as $tax_name => $terms ) {
  278. if ( empty($terms) )
  279. continue;
  280. if ( is_taxonomy_hierarchical( $tax_name ) ) {
  281. $tax_input[ $tax_name ] = array_map( 'absint', $terms );
  282. } else {
  283. $comma = _x( ',', 'tag delimiter' );
  284. if ( ',' !== $comma )
  285. $terms = str_replace( $comma, ',', $terms );
  286. $tax_input[ $tax_name ] = explode( ',', trim( $terms, " \n\t\r\0\x0B," ) );
  287. }
  288. }
  289. }
  290. if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) {
  291. $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'");
  292. $children = array();
  293. for ( $i = 0; $i < 50 && $parent > 0; $i++ ) {
  294. $children[] = $parent;
  295. foreach ( $pages as $page ) {
  296. if ( $page->ID == $parent ) {
  297. $parent = $page->post_parent;
  298. break;
  299. }
  300. }
  301. }
  302. }
  303. if ( isset( $post_data['post_format'] ) ) {
  304. if ( '0' == $post_data['post_format'] )
  305. $post_data['post_format'] = false;
  306. // don't change the post format if it's not supported or not '0' (standard)
  307. elseif ( ! current_theme_supports( 'post-formats', $post_data['post_format'] ) )
  308. unset( $post_data['post_format'] );
  309. }
  310. $updated = $skipped = $locked = array();
  311. foreach ( $post_IDs as $post_ID ) {
  312. $post_type_object = get_post_type_object( get_post_type( $post_ID ) );
  313. if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
  314. $skipped[] = $post_ID;
  315. continue;
  316. }
  317. if ( wp_check_post_lock( $post_ID ) ) {
  318. $locked[] = $post_ID;
  319. continue;
  320. }
  321. $post = get_post( $post_ID );
  322. $tax_names = get_object_taxonomies( $post );
  323. foreach ( $tax_names as $tax_name ) {
  324. $taxonomy_obj = get_taxonomy($tax_name);
  325. if ( isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) )
  326. $new_terms = $tax_input[$tax_name];
  327. else
  328. $new_terms = array();
  329. if ( $taxonomy_obj->hierarchical )
  330. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'ids') );
  331. else
  332. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'names') );
  333. $post_data['tax_input'][$tax_name] = array_merge( $current_terms, $new_terms );
  334. }
  335. if ( isset($new_cats) && in_array( 'category', $tax_names ) ) {
  336. $cats = (array) wp_get_post_categories($post_ID);
  337. $post_data['post_category'] = array_unique( array_merge($cats, $new_cats) );
  338. unset( $post_data['tax_input']['category'] );
  339. }
  340. $post_data['post_mime_type'] = $post->post_mime_type;
  341. $post_data['guid'] = $post->guid;
  342. $post_data['ID'] = $post_ID;
  343. $updated[] = wp_update_post( $post_data );
  344. if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) {
  345. if ( 'sticky' == $post_data['sticky'] )
  346. stick_post( $post_ID );
  347. else
  348. unstick_post( $post_ID );
  349. }
  350. if ( isset( $post_data['post_format'] ) )
  351. set_post_format( $post_ID, $post_data['post_format'] );
  352. }
  353. return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
  354. }
  355. /**
  356. * Default post information to use when populating the "Write Post" form.
  357. *
  358. * @since 2.0.0
  359. *
  360. * @param string $post_type A post type string, defaults to 'post'.
  361. * @return WP_Post Post object containing all the default post data as attributes
  362. */
  363. function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) {
  364. global $wpdb;
  365. $post_title = '';
  366. if ( !empty( $_REQUEST['post_title'] ) )
  367. $post_title = esc_html( stripslashes( $_REQUEST['post_title'] ));
  368. $post_content = '';
  369. if ( !empty( $_REQUEST['content'] ) )
  370. $post_content = esc_html( stripslashes( $_REQUEST['content'] ));
  371. $post_excerpt = '';
  372. if ( !empty( $_REQUEST['excerpt'] ) )
  373. $post_excerpt = esc_html( stripslashes( $_REQUEST['excerpt'] ));
  374. if ( $create_in_db ) {
  375. $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) );
  376. $post = get_post( $post_id );
  377. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) && get_option( 'default_post_format' ) )
  378. set_post_format( $post, get_option( 'default_post_format' ) );
  379. } else {
  380. $post = new stdClass;
  381. $post->ID = 0;
  382. $post->post_author = '';
  383. $post->post_date = '';
  384. $post->post_date_gmt = '';
  385. $post->post_password = '';
  386. $post->post_type = $post_type;
  387. $post->post_status = 'draft';
  388. $post->to_ping = '';
  389. $post->pinged = '';
  390. $post->comment_status = get_option( 'default_comment_status' );
  391. $post->ping_status = get_option( 'default_ping_status' );
  392. $post->post_pingback = get_option( 'default_pingback_flag' );
  393. $post->post_category = get_option( 'default_category' );
  394. $post->page_template = 'default';
  395. $post->post_parent = 0;
  396. $post->menu_order = 0;
  397. $post = new WP_Post( $post );
  398. }
  399. $post->post_content = apply_filters( 'default_content', $post_content, $post );
  400. $post->post_title = apply_filters( 'default_title', $post_title, $post );
  401. $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt, $post );
  402. $post->post_name = '';
  403. return $post;
  404. }
  405. /**
  406. * Determine if a post exists based on title, content, and date
  407. *
  408. * @since 2.0.0
  409. *
  410. * @param string $title Post title
  411. * @param string $content Optional post content
  412. * @param string $date Optional post date
  413. * @return int Post ID if post exists, 0 otherwise.
  414. */
  415. function post_exists($title, $content = '', $date = '') {
  416. global $wpdb;
  417. $post_title = stripslashes( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
  418. $post_content = stripslashes( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
  419. $post_date = stripslashes( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
  420. $query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
  421. $args = array();
  422. if ( !empty ( $date ) ) {
  423. $query .= ' AND post_date = %s';
  424. $args[] = $post_date;
  425. }
  426. if ( !empty ( $title ) ) {
  427. $query .= ' AND post_title = %s';
  428. $args[] = $post_title;
  429. }
  430. if ( !empty ( $content ) ) {
  431. $query .= 'AND post_content = %s';
  432. $args[] = $post_content;
  433. }
  434. if ( !empty ( $args ) )
  435. return (int) $wpdb->get_var( $wpdb->prepare($query, $args) );
  436. return 0;
  437. }
  438. /**
  439. * Creates a new post from the "Write Post" form using $_POST information.
  440. *
  441. * @since 2.1.0
  442. *
  443. * @return unknown
  444. */
  445. function wp_write_post() {
  446. global $user_ID;
  447. if ( isset($_POST['post_type']) )
  448. $ptype = get_post_type_object($_POST['post_type']);
  449. else
  450. $ptype = get_post_type_object('post');
  451. if ( !current_user_can( $ptype->cap->edit_posts ) ) {
  452. if ( 'page' == $ptype->name )
  453. return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this site.' ) );
  454. else
  455. return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this site.' ) );
  456. }
  457. $_POST['post_mime_type'] = '';
  458. // Clear out any data in internal vars.
  459. unset( $_POST['filter'] );
  460. // Edit don't write if we have a post id.
  461. if ( isset( $_POST['post_ID'] ) )
  462. return edit_post();
  463. $translated = _wp_translate_postdata( false );
  464. if ( is_wp_error($translated) )
  465. return $translated;
  466. if ( isset($_POST['visibility']) ) {
  467. switch ( $_POST['visibility'] ) {
  468. case 'public' :
  469. $_POST['post_password'] = '';
  470. break;
  471. case 'password' :
  472. unset( $_POST['sticky'] );
  473. break;
  474. case 'private' :
  475. $_POST['post_status'] = 'private';
  476. $_POST['post_password'] = '';
  477. unset( $_POST['sticky'] );
  478. break;
  479. }
  480. }
  481. // Create the post.
  482. $post_ID = wp_insert_post( $_POST );
  483. if ( is_wp_error( $post_ID ) )
  484. return $post_ID;
  485. if ( empty($post_ID) )
  486. return 0;
  487. add_meta( $post_ID );
  488. add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
  489. // Now that we have an ID we can fix any attachment anchor hrefs
  490. _fix_attachment_links( $post_ID );
  491. wp_set_post_lock( $post_ID );
  492. return $post_ID;
  493. }
  494. /**
  495. * Calls wp_write_post() and handles the errors.
  496. *
  497. * @since 2.0.0
  498. * @uses wp_write_post()
  499. * @uses is_wp_error()
  500. * @uses wp_die()
  501. * @return unknown
  502. */
  503. function write_post() {
  504. $result = wp_write_post();
  505. if ( is_wp_error( $result ) )
  506. wp_die( $result->get_error_message() );
  507. else
  508. return $result;
  509. }
  510. //
  511. // Post Meta
  512. //
  513. /**
  514. * {@internal Missing Short Description}}
  515. *
  516. * @since 1.2.0
  517. *
  518. * @param unknown_type $post_ID
  519. * @return unknown
  520. */
  521. function add_meta( $post_ID ) {
  522. global $wpdb;
  523. $post_ID = (int) $post_ID;
  524. $metakeyselect = isset($_POST['metakeyselect']) ? stripslashes( trim( $_POST['metakeyselect'] ) ) : '';
  525. $metakeyinput = isset($_POST['metakeyinput']) ? stripslashes( trim( $_POST['metakeyinput'] ) ) : '';
  526. $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
  527. if ( is_string( $metavalue ) )
  528. $metavalue = trim( $metavalue );
  529. if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( ( ( '#NONE#' != $metakeyselect ) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput ) ) ) {
  530. // We have a key/value pair. If both the select and the
  531. // input for the key have data, the input takes precedence:
  532. if ( '#NONE#' != $metakeyselect )
  533. $metakey = $metakeyselect;
  534. if ( $metakeyinput )
  535. $metakey = $metakeyinput; // default
  536. if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
  537. return false;
  538. $metakey = esc_sql( $metakey );
  539. return add_post_meta( $post_ID, $metakey, $metavalue );
  540. }
  541. return false;
  542. } // add_meta
  543. /**
  544. * {@internal Missing Short Description}}
  545. *
  546. * @since 1.2.0
  547. *
  548. * @param unknown_type $mid
  549. * @return unknown
  550. */
  551. function delete_meta( $mid ) {
  552. return delete_metadata_by_mid( 'post' , $mid );
  553. }
  554. /**
  555. * Get a list of previously defined keys.
  556. *
  557. * @since 1.2.0
  558. *
  559. * @return unknown
  560. */
  561. function get_meta_keys() {
  562. global $wpdb;
  563. $keys = $wpdb->get_col( "
  564. SELECT meta_key
  565. FROM $wpdb->postmeta
  566. GROUP BY meta_key
  567. ORDER BY meta_key" );
  568. return $keys;
  569. }
  570. /**
  571. * {@internal Missing Short Description}}
  572. *
  573. * @since 2.1.0
  574. *
  575. * @param unknown_type $mid
  576. * @return unknown
  577. */
  578. function get_post_meta_by_id( $mid ) {
  579. return get_metadata_by_mid( 'post', $mid );
  580. }
  581. /**
  582. * {@internal Missing Short Description}}
  583. *
  584. * Some postmeta stuff.
  585. *
  586. * @since 1.2.0
  587. *
  588. * @param unknown_type $postid
  589. * @return unknown
  590. */
  591. function has_meta( $postid ) {
  592. global $wpdb;
  593. return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
  594. FROM $wpdb->postmeta WHERE post_id = %d
  595. ORDER BY meta_key,meta_id", $postid), ARRAY_A );
  596. }
  597. /**
  598. * {@internal Missing Short Description}}
  599. *
  600. * @since 1.2.0
  601. *
  602. * @param unknown_type $meta_id
  603. * @param unknown_type $meta_key Expect Slashed
  604. * @param unknown_type $meta_value Expect Slashed
  605. * @return unknown
  606. */
  607. function update_meta( $meta_id, $meta_key, $meta_value ) {
  608. $meta_key = stripslashes( $meta_key );
  609. $meta_value = stripslashes_deep( $meta_value );
  610. return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
  611. }
  612. //
  613. // Private
  614. //
  615. /**
  616. * Replace hrefs of attachment anchors with up-to-date permalinks.
  617. *
  618. * @since 2.3.0
  619. * @access private
  620. *
  621. * @param unknown_type $post_ID
  622. * @return unknown
  623. */
  624. function _fix_attachment_links( $post_ID ) {
  625. $post = get_post( $post_ID, ARRAY_A );
  626. $content = $post['post_content'];
  627. // quick sanity check, don't run if no pretty permalinks or post is not published
  628. if ( !get_option('permalink_structure') || $post['post_status'] != 'publish' )
  629. return;
  630. // Short if there aren't any links or no '?attachment_id=' strings (strpos cannot be zero)
  631. if ( !strpos($content, '?attachment_id=') || !preg_match_all( '/<a ([^>]+)>[\s\S]+?<\/a>/', $content, $link_matches ) )
  632. return;
  633. $site_url = get_bloginfo('url');
  634. $site_url = substr( $site_url, (int) strpos($site_url, '://') ); // remove the http(s)
  635. $replace = '';
  636. foreach ( $link_matches[1] as $key => $value ) {
  637. if ( !strpos($value, '?attachment_id=') || !strpos($value, 'wp-att-')
  638. || !preg_match( '/href=(["\'])[^"\']*\?attachment_id=(\d+)[^"\']*\\1/', $value, $url_match )
  639. || !preg_match( '/rel=["\'][^"\']*wp-att-(\d+)/', $value, $rel_match ) )
  640. continue;
  641. $quote = $url_match[1]; // the quote (single or double)
  642. $url_id = (int) $url_match[2];
  643. $rel_id = (int) $rel_match[1];
  644. if ( !$url_id || !$rel_id || $url_id != $rel_id || strpos($url_match[0], $site_url) === false )
  645. continue;
  646. $link = $link_matches[0][$key];
  647. $replace = str_replace( $url_match[0], 'href=' . $quote . get_attachment_link( $url_id ) . $quote, $link );
  648. $content = str_replace( $link, $replace, $content );
  649. }
  650. if ( $replace ) {
  651. $post['post_content'] = $content;
  652. // Escape data pulled from DB.
  653. $post = add_magic_quotes($post);
  654. return wp_update_post($post);
  655. }
  656. }
  657. /**
  658. * Move child posts to a new parent.
  659. *
  660. * @since 2.3.0
  661. * @access private
  662. *
  663. * @param unknown_type $old_ID
  664. * @param unknown_type $new_ID
  665. * @return unknown
  666. */
  667. function _relocate_children( $old_ID, $new_ID ) {
  668. global $wpdb;
  669. $old_ID = (int) $old_ID;
  670. $new_ID = (int) $new_ID;
  671. $children = $wpdb->get_col( $wpdb->prepare("
  672. SELECT post_id
  673. FROM $wpdb->postmeta
  674. WHERE meta_key = '_wp_attachment_temp_parent'
  675. AND meta_value = %d", $old_ID) );
  676. foreach ( $children as $child_id ) {
  677. $wpdb->update($wpdb->posts, array('post_parent' => $new_ID), array('ID' => $child_id) );
  678. delete_post_meta($child_id, '_wp_attachment_temp_parent');
  679. }
  680. }
  681. /**
  682. * Get all the possible statuses for a post_type
  683. *
  684. * @since 2.5.0
  685. *
  686. * @param string $type The post_type you want the statuses for
  687. * @return array As array of all the statuses for the supplied post type
  688. */
  689. function get_available_post_statuses($type = 'post') {
  690. $stati = wp_count_posts($type);
  691. return array_keys(get_object_vars($stati));
  692. }
  693. /**
  694. * Run the wp query to fetch the posts for listing on the edit posts page
  695. *
  696. * @since 2.5.0
  697. *
  698. * @param array|bool $q Array of query variables to use to build the query or false to use $_GET superglobal.
  699. * @return array
  700. */
  701. function wp_edit_posts_query( $q = false ) {
  702. if ( false === $q )
  703. $q = $_GET;
  704. $q['m'] = isset($q['m']) ? (int) $q['m'] : 0;
  705. $q['cat'] = isset($q['cat']) ? (int) $q['cat'] : 0;
  706. $post_stati = get_post_stati();
  707. if ( isset($q['post_type']) && in_array( $q['post_type'], get_post_types() ) )
  708. $post_type = $q['post_type'];
  709. else
  710. $post_type = 'post';
  711. $avail_post_stati = get_available_post_statuses($post_type);
  712. if ( isset($q['post_status']) && in_array( $q['post_status'], $post_stati ) ) {
  713. $post_status = $q['post_status'];
  714. $perm = 'readable';
  715. }
  716. if ( isset($q['orderby']) )
  717. $orderby = $q['orderby'];
  718. elseif ( isset($q['post_status']) && in_array($q['post_status'], array('pending', 'draft')) )
  719. $orderby = 'modified';
  720. if ( isset($q['order']) )
  721. $order = $q['order'];
  722. elseif ( isset($q['post_status']) && 'pending' == $q['post_status'] )
  723. $order = 'ASC';
  724. $per_page = 'edit_' . $post_type . '_per_page';
  725. $posts_per_page = (int) get_user_option( $per_page );
  726. if ( empty( $posts_per_page ) || $posts_per_page < 1 )
  727. $posts_per_page = 20;
  728. $posts_per_page = apply_filters( $per_page, $posts_per_page );
  729. $posts_per_page = apply_filters( 'edit_posts_per_page', $posts_per_page, $post_type );
  730. $query = compact('post_type', 'post_status', 'perm', 'order', 'orderby', 'posts_per_page');
  731. // Hierarchical types require special args.
  732. if ( is_post_type_hierarchical( $post_type ) && !isset($orderby) ) {
  733. $query['orderby'] = 'menu_order title';
  734. $query['order'] = 'asc';
  735. $query['posts_per_page'] = -1;
  736. $query['posts_per_archive_page'] = -1;
  737. }
  738. if ( ! empty( $q['show_sticky'] ) )
  739. $query['post__in'] = (array) get_option( 'sticky_posts' );
  740. wp( $query );
  741. return $avail_post_stati;
  742. }
  743. /**
  744. * {@internal Missing Short Description}}
  745. *
  746. * @since 2.5.0
  747. *
  748. * @param unknown_type $type
  749. * @return unknown
  750. */
  751. function get_available_post_mime_types($type = 'attachment') {
  752. global $wpdb;
  753. $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type));
  754. return $types;
  755. }
  756. /**
  757. * Executes a query for attachments. An array of WP_Query arguments
  758. * can be passed in, which will override the arguments set by this function.
  759. *
  760. * @since 2.5.0
  761. * @uses apply_filters() Calls 'upload_per_page' on posts_per_page argument
  762. *
  763. * @param array|bool $q Array of query variables to use to build the query or false to use $_GET superglobal.
  764. * @return array
  765. */
  766. function wp_edit_attachments_query( $q = false ) {
  767. if ( false === $q )
  768. $q = $_GET;
  769. $q['m'] = isset( $q['m'] ) ? (int) $q['m'] : 0;
  770. $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
  771. $q['post_type'] = 'attachment';
  772. $post_type = get_post_type_object( 'attachment' );
  773. $states = 'inherit';
  774. if ( current_user_can( $post_type->cap->read_private_posts ) )
  775. $states .= ',private';
  776. $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
  777. $media_per_page = (int) get_user_option( 'upload_per_page' );
  778. if ( empty( $media_per_page ) || $media_per_page < 1 )
  779. $media_per_page = 20;
  780. $q['posts_per_page'] = apply_filters( 'upload_per_page', $media_per_page );
  781. $post_mime_types = get_post_mime_types();
  782. $avail_post_mime_types = get_available_post_mime_types('attachment');
  783. if ( isset($q['post_mime_type']) && !array_intersect( (array) $q['post_mime_type'], array_keys($post_mime_types) ) )
  784. unset($q['post_mime_type']);
  785. if ( isset($q['detached']) )
  786. add_filter('posts_where', '_edit_attachments_query_helper');
  787. wp( $q );
  788. if ( isset($q['detached']) )
  789. remove_filter('posts_where', '_edit_attachments_query_helper');
  790. return array($post_mime_types, $avail_post_mime_types);
  791. }
  792. function _edit_attachments_query_helper($where) {
  793. global $wpdb;
  794. return $where .= " AND {$wpdb->posts}.post_parent < 1";
  795. }
  796. /**
  797. * Returns the list of classes to be used by a metabox
  798. *
  799. * @uses get_user_option()
  800. * @since 2.5.0
  801. *
  802. * @param unknown_type $id
  803. * @param unknown_type $page
  804. * @return unknown
  805. */
  806. function postbox_classes( $id, $page ) {
  807. if ( isset( $_GET['edit'] ) && $_GET['edit'] == $id ) {
  808. $classes = array( '' );
  809. } elseif ( $closed = get_user_option('closedpostboxes_'.$page ) ) {
  810. if ( !is_array( $closed ) ) {
  811. $classes = array( '' );
  812. } else {
  813. $classes = in_array( $id, $closed ) ? array( 'closed' ) : array( '' );
  814. }
  815. } else {
  816. $classes = array( '' );
  817. }
  818. $classes = apply_filters( "postbox_classes_{$page}_{$id}", $classes );
  819. return implode( ' ', $classes );
  820. }
  821. /**
  822. * {@internal Missing Short Description}}
  823. *
  824. * @since 2.5.0
  825. *
  826. * @param int|object $id Post ID or post object.
  827. * @param string $title (optional) Title
  828. * @param string $name (optional) Name
  829. * @return array With two entries of type string
  830. */
  831. function get_sample_permalink($id, $title = null, $name = null) {
  832. $post = get_post($id);
  833. if ( !$post->ID )
  834. return array('', '');
  835. $ptype = get_post_type_object($post->post_type);
  836. $original_status = $post->post_status;
  837. $original_date = $post->post_date;
  838. $original_name = $post->post_name;
  839. // Hack: get_permalink would return ugly permalink for
  840. // drafts, so we will fake, that our post is published
  841. if ( in_array($post->post_status, array('draft', 'pending')) ) {
  842. $post->post_status = 'publish';
  843. $post->post_name = sanitize_title($post->post_name ? $post->post_name : $post->post_title, $post->ID);
  844. }
  845. // If the user wants to set a new name -- override the current one
  846. // Note: if empty name is supplied -- use the title instead, see #6072
  847. if ( !is_null($name) )
  848. $post->post_name = sanitize_title($name ? $name : $title, $post->ID);
  849. $post->post_name = wp_unique_post_slug($post->post_name, $post->ID, $post->post_status, $post->post_type, $post->post_parent);
  850. $post->filter = 'sample';
  851. $permalink = get_permalink($post, true);
  852. // Replace custom post_type Token with generic pagename token for ease of use.
  853. $permalink = str_replace("%$post->post_type%", '%pagename%', $permalink);
  854. // Handle page hierarchy
  855. if ( $ptype->hierarchical ) {
  856. $uri = get_page_uri($post);
  857. $uri = untrailingslashit($uri);
  858. $uri = strrev( stristr( strrev( $uri ), '/' ) );
  859. $uri = untrailingslashit($uri);
  860. $uri = apply_filters( 'editable_slug', $uri );
  861. if ( !empty($uri) )
  862. $uri .= '/';
  863. $permalink = str_replace('%pagename%', "{$uri}%pagename%", $permalink);
  864. }
  865. $permalink = array($permalink, apply_filters('editable_slug', $post->post_name));
  866. $post->post_status = $original_status;
  867. $post->post_date = $original_date;
  868. $post->post_name = $original_name;
  869. unset($post->filter);
  870. return $permalink;
  871. }
  872. /**
  873. * Returns the HTML of the sample permalink slug editor.
  874. *
  875. * @since 2.5.0
  876. *
  877. * @param int|object $id Post ID or post object.
  878. * @param string $new_title Optional. New title.
  879. * @param string $new_slug Optional. New slug.
  880. * @return string The HTML of the sample permalink slug editor.
  881. */
  882. function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
  883. global $wpdb;
  884. $post = get_post($id);
  885. list($permalink, $post_name) = get_sample_permalink($post->ID, $new_title, $new_slug);
  886. if ( 'publish' == get_post_status( $post ) ) {
  887. $ptype = get_post_type_object($post->post_type);
  888. $view_post = $ptype->labels->view_item;
  889. $title = __('Click to edit this part of the permalink');
  890. } else {
  891. $title = __('Temporary permalink. Click to edit this part.');
  892. }
  893. if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
  894. $return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . $permalink . "</span>\n";
  895. if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) )
  896. $return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
  897. if ( isset( $view_post ) )
  898. $return .= "<span id='view-post-btn'><a href='$permalink' class='button button-small'>$view_post</a></span>\n";
  899. $return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
  900. return $return;
  901. }
  902. if ( function_exists('mb_strlen') ) {
  903. if ( mb_strlen($post_name) > 30 ) {
  904. $post_name_abridged = mb_substr($post_name, 0, 14). '&hellip;' . mb_substr($post_name, -14);
  905. } else {
  906. $post_name_abridged = $post_name;
  907. }
  908. } else {
  909. if ( strlen($post_name) > 30 ) {
  910. $post_name_abridged = substr($post_name, 0, 14). '&hellip;' . substr($post_name, -14);
  911. } else {
  912. $post_name_abridged = $post_name;
  913. }
  914. }
  915. $post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>';
  916. $display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink);
  917. $view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink);
  918. $return = '<strong>' . __('Permalink:') . "</strong>\n";
  919. $return .= '<span id="sample-permalink" tabindex="-1">' . $display_link . "</span>\n";
  920. $return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
  921. $return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button button-small hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
  922. $return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
  923. if ( isset($view_post) )
  924. $return .= "<span id='view-post-btn'><a href='$view_link' class='button button-small'>$view_post</a></span>\n";
  925. $return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
  926. return $return;
  927. }
  928. /**
  929. * Output HTML for the post thumbnail meta-box.
  930. *
  931. * @since 2.9.0
  932. *
  933. * @param int $thumbnail_id ID of the attachment used for thumbnail
  934. * @param mixed $post The post ID or object associated with the thumbnail, defaults to global $post.
  935. * @return string html
  936. */
  937. function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) {
  938. global $content_width, $_wp_additional_image_sizes;
  939. $post = get_post( $post );
  940. $upload_iframe_src = esc_url( get_upload_iframe_src('image', $post->ID ) );
  941. $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="%s" id="set-post-thumbnail" class="thickbox">%s</a></p>';
  942. $content = sprintf( $set_thumbnail_link, $upload_iframe_src, esc_html__( 'Set featured image' ) );
  943. if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
  944. $old_content_width = $content_width;
  945. $content_width = 266;
  946. if ( !isset( $_wp_additional_image_sizes['post-thumbnail'] ) )
  947. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, array( $content_width, $content_width ) );
  948. else
  949. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'post-thumbnail' );
  950. if ( !empty( $thumbnail_html ) ) {
  951. $ajax_nonce = wp_create_nonce( 'set_post_thumbnail-' . $post->ID );
  952. $content = sprintf( $set_thumbnail_link, $upload_iframe_src, $thumbnail_html );
  953. $content .= '<p class="hide-if-no-js"><a href="#" id="remove-post-thumbnail" onclick="WPRemoveThumbnail(\'' . $ajax_nonce . '\');return false;">' . esc_html__( 'Remove featured image' ) . '</a></p>';
  954. }
  955. $content_width = $old_content_width;
  956. }
  957. return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID );
  958. }
  959. /**
  960. * Check to see if the post is currently being edited by another user.
  961. *
  962. * @since 2.5.0
  963. *
  964. * @param int $post_id ID of the post to check for editing
  965. * @return bool|int False: not locked or locked by current user. Int: user ID of user with lock.
  966. */
  967. function wp_check_post_lock( $post_id ) {
  968. if ( !$post = get_post( $post_id ) )
  969. return false;
  970. if ( !$lock = get_post_meta( $post->ID, '_edit_lock', true ) )
  971. return false;
  972. $lock = explode( ':', $lock );
  973. $time = $lock[0];
  974. $user = isset( $lock[1] ) ? $lock[1] : get_post_meta( $post->ID, '_edit_last', true );
  975. $time_window = apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 );
  976. if ( $time && $time > time() - $time_window && $user != get_current_user_id() )
  977. return $user;
  978. return false;
  979. }
  980. /**
  981. * Mark the post as currently being edited by the current user
  982. *
  983. * @since 2.5.0
  984. *
  985. * @param int $post_id ID of the post to being edited
  986. * @return bool|array Returns false if the post doesn't exist of there is no current user, or
  987. * an array of the lock time and the user ID.
  988. */
  989. function wp_set_post_lock( $post_id ) {
  990. if ( !$post = get_post( $post_id ) )
  991. return false;
  992. if ( 0 == ($user_id = get_current_user_id()) )
  993. return false;
  994. $now = time();
  995. $lock = "$now:$user_id";
  996. update_post_meta( $post->ID, '_edit_lock', $lock );
  997. return array( $now, $user_id );
  998. }
  999. /**
  1000. * Outputs the notice message to say that someone else is editing this post at the moment.
  1001. *
  1002. * @since 2.8.5
  1003. * @return none
  1004. */
  1005. function _admin_notice_post_locked() {
  1006. $post = get_post();
  1007. $lock = explode( ':', get_post_meta( $post->ID, '_edit_lock', true ) );
  1008. $user = isset( $lock[1] ) ? $lock[1] : get_post_meta( $post->ID, '_edit_last', true );
  1009. $last_user = get_userdata( $user );
  1010. $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
  1011. switch ($post->post_type) {
  1012. case 'post':
  1013. $message = __( 'Warning: %s is currently editing this post' );
  1014. break;
  1015. case 'page':
  1016. $message = __( 'Warning: %s is currently editing this page' );
  1017. break;
  1018. default:
  1019. $message = __( 'Warning: %s is currently editing this.' );
  1020. }
  1021. $message = sprintf( $message, esc_html( $last_user_name ) );
  1022. echo "<div class='error'><p>$message</p></div>";
  1023. }
  1024. /**
  1025. * Creates autosave data for the specified post from $_POST data.
  1026. *
  1027. * @package WordPress
  1028. * @subpackage Post_Revisions
  1029. * @since 2.6.0
  1030. *
  1031. * @uses _wp_translate_postdata()
  1032. * @uses _wp_post_revision_fields()
  1033. *
  1034. * @return unknown
  1035. */
  1036. function wp_create_post_autosave( $post_id ) {
  1037. $translated = _wp_translate_postdata( true );
  1038. if ( is_wp_error( $translated ) )
  1039. return $translated;
  1040. // Only store one autosave. If there is already an autosave, overwrite it.
  1041. if ( $old_autosave = wp_get_post_autosave( $post_id ) ) {
  1042. $new_autosave = _wp_post_revision_fields( $_POST, true );
  1043. $new_autosave['ID'] = $old_autosave->ID;
  1044. $new_autosave['post_author'] = get_current_user_id();
  1045. return wp_update_post( $new_autosave );
  1046. }
  1047. // _wp_put_post_revision() expects unescaped.
  1048. $_POST = stripslashes_deep($_POST);
  1049. // Otherwise create the new autosave as a special post revision
  1050. return _wp_put_post_revision( $_POST, true );
  1051. }
  1052. /**
  1053. * Save draft or manually autosave for showing preview.
  1054. *
  1055. * @package WordPress
  1056. * @since 2.7.0
  1057. *
  1058. * @uses get_post_status()
  1059. * @uses edit_post()
  1060. * @uses get_post()
  1061. * @uses current_user_can()
  1062. * @uses wp_die()
  1063. * @uses wp_create_post_autosave()
  1064. * @uses add_query_arg()
  1065. * @uses wp_create_nonce()
  1066. *
  1067. * @return str URL to redirect to show the preview
  1068. */
  1069. function post_preview() {
  1070. $post_ID = (int) $_POST['post_ID'];
  1071. $status = get_post_status( $post_ID );
  1072. if ( 'auto-draft' == $status )
  1073. wp_die( __('Preview not available. Please save as a draft first.') );
  1074. if ( isset($_POST['catslist']) )
  1075. $_POST['post_category'] = explode(",", $_POST['catslist']);
  1076. if ( isset($_POST['tags_input']) )
  1077. $_POST['tags_input'] = explode(",", $_POST['tags_input']);
  1078. if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
  1079. unset($_POST['post_category']);
  1080. $_POST['ID'] = $post_ID;
  1081. $post = get_post($post_ID);
  1082. if ( 'page' == $post->post_type ) {
  1083. if ( !current_user_can('edit_page', $post_ID) )
  1084. wp_die(__('You are not allowed to edit this page.'));
  1085. } else {
  1086. if ( !current_user_can('edit_post', $post_ID) )
  1087. wp_die(__('You are not allowed to edit this post.'));
  1088. }
  1089. if ( 'draft' == $post->post_status ) {
  1090. $id = edit_post();
  1091. } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
  1092. $id = wp_create_post_autosave( $post->ID );
  1093. if ( ! is_wp_error($id) )
  1094. $id = $post->ID;
  1095. }
  1096. if ( is_wp_error($id) )
  1097. wp_die( $id->get_error_message() );
  1098. if ( $_POST['post_status'] == 'draft' ) {
  1099. $url = add_query_arg( 'preview', 'true', get_permalink($id) );
  1100. } else {
  1101. $nonce = wp_create_nonce('post_preview_' . $id);
  1102. $url = add_query_arg( array( 'preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce ), get_permalink($id) );
  1103. }
  1104. return $url;
  1105. }