PageRenderTime 316ms CodeModel.GetById 140ms app.highlight 111ms RepoModel.GetById 35ms app.codeStats 1ms

/htdocs/wp-admin/includes/ajax-actions.php

https://bitbucket.org/dkrzos/phc
PHP | 2072 lines | 1564 code | 418 blank | 90 comment | 445 complexity | ce1e9254cfa6b49065e275c246672f3f MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1<?php
   2/**
   3 * WordPress Core Ajax Handlers.
   4 *
   5 * @package WordPress
   6 * @subpackage Administration
   7 */
   8
   9/*
  10 * No-privilege Ajax handlers.
  11 */
  12
  13function wp_ajax_nopriv_autosave() {
  14	$id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0;
  15
  16	if ( ! $id )
  17		wp_die( -1 );
  18
  19	$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
  20	$x = new WP_Ajax_Response( array(
  21		'what' => 'autosave',
  22		'id' => $id,
  23		'data' => $message
  24	) );
  25	$x->send();
  26}
  27
  28/*
  29 * GET-based Ajax handlers.
  30 */
  31function wp_ajax_fetch_list() {
  32	global $wp_list_table;
  33
  34	$list_class = $_GET['list_args']['class'];
  35	check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' );
  36
  37	$wp_list_table = _get_list_table( $list_class, array( 'screen' => $_GET['list_args']['screen']['id'] ) );
  38	if ( ! $wp_list_table )
  39		wp_die( 0 );
  40
  41	if ( ! $wp_list_table->ajax_user_can() )
  42		wp_die( -1 );
  43
  44	$wp_list_table->ajax_response();
  45
  46	wp_die( 0 );
  47}
  48function wp_ajax_ajax_tag_search() {
  49	global $wpdb;
  50
  51	if ( isset( $_GET['tax'] ) ) {
  52		$taxonomy = sanitize_key( $_GET['tax'] );
  53		$tax = get_taxonomy( $taxonomy );
  54		if ( ! $tax )
  55			wp_die( 0 );
  56		if ( ! current_user_can( $tax->cap->assign_terms ) )
  57			wp_die( -1 );
  58	} else {
  59		wp_die( 0 );
  60	}
  61
  62	$s = stripslashes( $_GET['q'] );
  63
  64	$comma = _x( ',', 'tag delimiter' );
  65	if ( ',' !== $comma )
  66		$s = str_replace( $comma, ',', $s );
  67	if ( false !== strpos( $s, ',' ) ) {
  68		$s = explode( ',', $s );
  69		$s = $s[count( $s ) - 1];
  70	}
  71	$s = trim( $s );
  72	if ( strlen( $s ) < 2 )
  73		wp_die(); // require 2 chars for matching
  74
  75	$results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
  76
  77	echo join( $results, "\n" );
  78	wp_die();
  79}
  80
  81function wp_ajax_wp_compression_test() {
  82	if ( !current_user_can( 'manage_options' ) )
  83		wp_die( -1 );
  84
  85	if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
  86		update_site_option('can_compress_scripts', 0);
  87		wp_die( 0 );
  88	}
  89
  90	if ( isset($_GET['test']) ) {
  91		header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
  92		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
  93		header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
  94		header( 'Pragma: no-cache' );
  95		header('Content-Type: application/x-javascript; charset=UTF-8');
  96		$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
  97		$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
  98
  99		 if ( 1 == $_GET['test'] ) {
 100		 	echo $test_str;
 101		 	wp_die();
 102		 } elseif ( 2 == $_GET['test'] ) {
 103			if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
 104				wp_die( -1 );
 105			if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
 106				header('Content-Encoding: deflate');
 107				$out = gzdeflate( $test_str, 1 );
 108			} elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
 109				header('Content-Encoding: gzip');
 110				$out = gzencode( $test_str, 1 );
 111			} else {
 112				wp_die( -1 );
 113			}
 114			echo $out;
 115			wp_die();
 116		} elseif ( 'no' == $_GET['test'] ) {
 117			update_site_option('can_compress_scripts', 0);
 118		} elseif ( 'yes' == $_GET['test'] ) {
 119			update_site_option('can_compress_scripts', 1);
 120		}
 121	}
 122
 123	wp_die( 0 );
 124}
 125
 126function wp_ajax_imgedit_preview() {
 127	$post_id = intval($_GET['postid']);
 128	if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
 129		wp_die( -1 );
 130
 131	check_ajax_referer( "image_editor-$post_id" );
 132
 133	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
 134	if ( ! stream_preview_image($post_id) )
 135		wp_die( -1 );
 136
 137	wp_die();
 138}
 139
 140function wp_ajax_oembed_cache() {
 141	global $wp_embed;
 142
 143	$return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
 144	wp_die( $return );
 145}
 146
 147function wp_ajax_autocomplete_user() {
 148	if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) )
 149		wp_die( -1 );
 150
 151	if ( ! is_super_admin() && ! apply_filters( 'autocomplete_users_for_site_admins', false ) )
 152		wp_die( -1 );
 153
 154	$return = array();
 155
 156	// Check the type of request
 157	if ( isset( $_REQUEST['autocomplete_type'] ) )
 158		$type = $_REQUEST['autocomplete_type'];
 159	else
 160		$type = 'add';
 161
 162	// Exclude current users of this blog
 163	if ( isset( $_REQUEST['site_id'] ) )
 164		$id = absint( $_REQUEST['site_id'] );
 165	else
 166		$id = get_current_blog_id();
 167
 168	$include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
 169	$exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
 170
 171	$users = get_users( array(
 172		'blog_id' => false,
 173		'search'  => '*' . $_REQUEST['term'] . '*',
 174		'include' => $include_blog_users,
 175		'exclude' => $exclude_blog_users,
 176		'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ),
 177	) );
 178
 179	foreach ( $users as $user ) {
 180		$return[] = array(
 181			/* translators: 1: user_login, 2: user_email */
 182			'label' => sprintf( __( '%1$s (%2$s)' ), $user->user_login, $user->user_email ),
 183			'value' => $user->user_login,
 184		);
 185	}
 186
 187	wp_die( json_encode( $return ) );
 188}
 189
 190function wp_ajax_dashboard_widgets() {
 191	require_once ABSPATH . 'wp-admin/includes/dashboard.php';
 192
 193	switch ( $_GET['widget'] ) {
 194		case 'dashboard_incoming_links' :
 195			wp_dashboard_incoming_links();
 196			break;
 197		case 'dashboard_primary' :
 198			wp_dashboard_primary();
 199			break;
 200		case 'dashboard_secondary' :
 201			wp_dashboard_secondary();
 202			break;
 203		case 'dashboard_plugins' :
 204			wp_dashboard_plugins();
 205			break;
 206	}
 207	wp_die();
 208}
 209
 210function wp_ajax_logged_in() {
 211	wp_die( 1 );
 212}
 213
 214/*
 215 * Ajax helper.
 216 */
 217
 218/**
 219 * Sends back current comment total and new page links if they need to be updated.
 220 *
 221 * Contrary to normal success AJAX response ("1"), die with time() on success.
 222 *
 223 * @since 2.7
 224 *
 225 * @param int $comment_id
 226 * @return die
 227 */
 228function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
 229	$total = (int) @$_POST['_total'];
 230	$per_page = (int) @$_POST['_per_page'];
 231	$page = (int) @$_POST['_page'];
 232	$url = esc_url_raw( @$_POST['_url'] );
 233	// JS didn't send us everything we need to know. Just die with success message
 234	if ( !$total || !$per_page || !$page || !$url )
 235		wp_die( time() );
 236
 237	$total += $delta;
 238	if ( $total < 0 )
 239		$total = 0;
 240
 241	// Only do the expensive stuff on a page-break, and about 1 other time per page
 242	if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) {
 243		$post_id = 0;
 244		$status = 'total_comments'; // What type of comment count are we looking for?
 245		$parsed = parse_url( $url );
 246		if ( isset( $parsed['query'] ) ) {
 247			parse_str( $parsed['query'], $query_vars );
 248			if ( !empty( $query_vars['comment_status'] ) )
 249				$status = $query_vars['comment_status'];
 250			if ( !empty( $query_vars['p'] ) )
 251				$post_id = (int) $query_vars['p'];
 252		}
 253
 254		$comment_count = wp_count_comments($post_id);
 255
 256		if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
 257			$total = $comment_count->$status;
 258			// else use the decremented value from above
 259	}
 260
 261	$time = time(); // The time since the last comment count
 262
 263	$x = new WP_Ajax_Response( array(
 264		'what' => 'comment',
 265		'id' => $comment_id, // here for completeness - not used
 266		'supplemental' => array(
 267			'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ),
 268			'total_pages' => ceil( $total / $per_page ),
 269			'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ),
 270			'total' => $total,
 271			'time' => $time
 272		)
 273	) );
 274	$x->send();
 275}
 276
 277/*
 278 * POST-based Ajax handlers.
 279 */
 280
 281function _wp_ajax_add_hierarchical_term() {
 282	$action = $_POST['action'];
 283	$taxonomy = get_taxonomy(substr($action, 4));
 284	check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
 285	if ( !current_user_can( $taxonomy->cap->edit_terms ) )
 286		wp_die( -1 );
 287	$names = explode(',', $_POST['new'.$taxonomy->name]);
 288	$parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
 289	if ( 0 > $parent )
 290		$parent = 0;
 291	if ( $taxonomy->name == 'category' )
 292		$post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
 293	else
 294		$post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
 295	$checked_categories = array_map( 'absint', (array) $post_category );
 296	$popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
 297
 298	foreach ( $names as $cat_name ) {
 299		$cat_name = trim($cat_name);
 300		$category_nicename = sanitize_title($cat_name);
 301		if ( '' === $category_nicename )
 302			continue;
 303		if ( !$cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) )
 304			$cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
 305		if ( is_wp_error( $cat_id ) )
 306			continue;
 307		else if ( is_array( $cat_id ) )
 308			$cat_id = $cat_id['term_id'];
 309		$checked_categories[] = $cat_id;
 310		if ( $parent ) // Do these all at once in a second
 311			continue;
 312		ob_start();
 313			wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
 314		$data = ob_get_contents();
 315		ob_end_clean();
 316		$add = array(
 317			'what' => $taxonomy->name,
 318			'id' => $cat_id,
 319			'data' => str_replace( array("\n", "\t"), '', $data),
 320			'position' => -1
 321		);
 322	}
 323
 324	if ( $parent ) { // Foncy - replace the parent and all its children
 325		$parent = get_term( $parent, $taxonomy->name );
 326		$term_id = $parent->term_id;
 327
 328		while ( $parent->parent ) { // get the top parent
 329			$parent = get_term( $parent->parent, $taxonomy->name );
 330			if ( is_wp_error( $parent ) )
 331				break;
 332			$term_id = $parent->term_id;
 333		}
 334
 335		ob_start();
 336			wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
 337		$data = ob_get_contents();
 338		ob_end_clean();
 339		$add = array(
 340			'what' => $taxonomy->name,
 341			'id' => $term_id,
 342			'data' => str_replace( array("\n", "\t"), '', $data),
 343			'position' => -1
 344		);
 345	}
 346
 347	ob_start();
 348		wp_dropdown_categories( array(
 349			'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
 350			'hierarchical' => 1, 'show_option_none' => '&mdash; '.$taxonomy->labels->parent_item.' &mdash;'
 351		) );
 352	$sup = ob_get_contents();
 353	ob_end_clean();
 354	$add['supplemental'] = array( 'newcat_parent' => $sup );
 355
 356	$x = new WP_Ajax_Response( $add );
 357	$x->send();
 358}
 359
 360function wp_ajax_delete_comment() {
 361	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 362
 363	if ( !$comment = get_comment( $id ) )
 364		wp_die( time() );
 365	if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
 366		wp_die( -1 );
 367
 368	check_ajax_referer( "delete-comment_$id" );
 369	$status = wp_get_comment_status( $comment->comment_ID );
 370
 371	$delta = -1;
 372	if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
 373		if ( 'trash' == $status )
 374			wp_die( time() );
 375		$r = wp_trash_comment( $comment->comment_ID );
 376	} elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
 377		if ( 'trash' != $status )
 378			wp_die( time() );
 379		$r = wp_untrash_comment( $comment->comment_ID );
 380		if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash
 381			$delta = 1;
 382	} elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
 383		if ( 'spam' == $status )
 384			wp_die( time() );
 385		$r = wp_spam_comment( $comment->comment_ID );
 386	} elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
 387		if ( 'spam' != $status )
 388			wp_die( time() );
 389		$r = wp_unspam_comment( $comment->comment_ID );
 390		if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam
 391			$delta = 1;
 392	} elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
 393		$r = wp_delete_comment( $comment->comment_ID );
 394	} else {
 395		wp_die( -1 );
 396	}
 397
 398	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
 399		_wp_ajax_delete_comment_response( $comment->comment_ID, $delta );
 400	wp_die( 0 );
 401}
 402
 403function wp_ajax_delete_tag() {
 404	$tag_id = (int) $_POST['tag_ID'];
 405	check_ajax_referer( "delete-tag_$tag_id" );
 406
 407	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
 408	$tax = get_taxonomy($taxonomy);
 409
 410	if ( !current_user_can( $tax->cap->delete_terms ) )
 411		wp_die( -1 );
 412
 413	$tag = get_term( $tag_id, $taxonomy );
 414	if ( !$tag || is_wp_error( $tag ) )
 415		wp_die( 1 );
 416
 417	if ( wp_delete_term($tag_id, $taxonomy))
 418		wp_die( 1 );
 419	else
 420		wp_die( 0 );
 421}
 422
 423function wp_ajax_delete_link() {
 424	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 425
 426	check_ajax_referer( "delete-bookmark_$id" );
 427	if ( !current_user_can( 'manage_links' ) )
 428		wp_die( -1 );
 429
 430	$link = get_bookmark( $id );
 431	if ( !$link || is_wp_error( $link ) )
 432		wp_die( 1 );
 433
 434	if ( wp_delete_link( $id ) )
 435		wp_die( 1 );
 436	else
 437		wp_die( 0 );
 438}
 439
 440function wp_ajax_delete_meta() {
 441	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 442
 443	check_ajax_referer( "delete-meta_$id" );
 444	if ( !$meta = get_metadata_by_mid( 'post', $id ) )
 445		wp_die( 1 );
 446
 447	if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta',  $meta->post_id, $meta->meta_key ) )
 448		wp_die( -1 );
 449	if ( delete_meta( $meta->meta_id ) )
 450		wp_die( 1 );
 451	wp_die( 0 );
 452}
 453
 454function wp_ajax_delete_post( $action ) {
 455	if ( empty( $action ) )
 456		$action = 'delete-post';
 457	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 458
 459	check_ajax_referer( "{$action}_$id" );
 460	if ( !current_user_can( 'delete_post', $id ) )
 461		wp_die( -1 );
 462
 463	if ( !get_post( $id ) )
 464		wp_die( 1 );
 465
 466	if ( wp_delete_post( $id ) )
 467		wp_die( 1 );
 468	else
 469		wp_die( 0 );
 470}
 471
 472function wp_ajax_trash_post( $action ) {
 473	if ( empty( $action ) )
 474		$action = 'trash-post';
 475	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 476
 477	check_ajax_referer( "{$action}_$id" );
 478	if ( !current_user_can( 'delete_post', $id ) )
 479		wp_die( -1 );
 480
 481	if ( !get_post( $id ) )
 482		wp_die( 1 );
 483
 484	if ( 'trash-post' == $action )
 485		$done = wp_trash_post( $id );
 486	else
 487		$done = wp_untrash_post( $id );
 488
 489	if ( $done )
 490		wp_die( 1 );
 491
 492	wp_die( 0 );
 493}
 494
 495function wp_ajax_untrash_post( $action ) {
 496	if ( empty( $action ) )
 497		$action = 'untrash-post';
 498	wp_ajax_trash_post( $action );
 499}
 500
 501function wp_ajax_delete_page( $action ) {
 502	if ( empty( $action ) )
 503		$action = 'delete-page';
 504	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 505
 506	check_ajax_referer( "{$action}_$id" );
 507	if ( !current_user_can( 'delete_page', $id ) )
 508		wp_die( -1 );
 509
 510	if ( ! get_post( $id ) )
 511		wp_die( 1 );
 512
 513	if ( wp_delete_post( $id ) )
 514		wp_die( 1 );
 515	else
 516		wp_die( 0 );
 517}
 518
 519function wp_ajax_dim_comment() {
 520	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 521
 522	if ( !$comment = get_comment( $id ) ) {
 523		$x = new WP_Ajax_Response( array(
 524			'what' => 'comment',
 525			'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
 526		) );
 527		$x->send();
 528	}
 529
 530	if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) )
 531		wp_die( -1 );
 532
 533	$current = wp_get_comment_status( $comment->comment_ID );
 534	if ( $_POST['new'] == $current )
 535		wp_die( time() );
 536
 537	check_ajax_referer( "approve-comment_$id" );
 538	if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
 539		$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
 540	else
 541		$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
 542
 543	if ( is_wp_error($result) ) {
 544		$x = new WP_Ajax_Response( array(
 545			'what' => 'comment',
 546			'id' => $result
 547		) );
 548		$x->send();
 549	}
 550
 551	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
 552	_wp_ajax_delete_comment_response( $comment->comment_ID );
 553	wp_die( 0 );
 554}
 555
 556function wp_ajax_add_link_category( $action ) {
 557	if ( empty( $action ) )
 558		$action = 'add-link-category';
 559	check_ajax_referer( $action );
 560	if ( !current_user_can( 'manage_categories' ) )
 561		wp_die( -1 );
 562	$names = explode(',', $_POST['newcat']);
 563	$x = new WP_Ajax_Response();
 564	foreach ( $names as $cat_name ) {
 565		$cat_name = trim($cat_name);
 566		$slug = sanitize_title($cat_name);
 567		if ( '' === $slug )
 568			continue;
 569		if ( !$cat_id = term_exists( $cat_name, 'link_category' ) )
 570			$cat_id = wp_insert_term( $cat_name, 'link_category' );
 571		if ( is_wp_error( $cat_id ) )
 572			continue;
 573		else if ( is_array( $cat_id ) )
 574			$cat_id = $cat_id['term_id'];
 575		$cat_name = esc_html(stripslashes($cat_name));
 576		$x->add( array(
 577			'what' => 'link-category',
 578			'id' => $cat_id,
 579			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
 580			'position' => -1
 581		) );
 582	}
 583	$x->send();
 584}
 585
 586function wp_ajax_add_tag() {
 587	global $wp_list_table;
 588
 589	check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
 590	$post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
 591	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
 592	$tax = get_taxonomy($taxonomy);
 593
 594	if ( !current_user_can( $tax->cap->edit_terms ) )
 595		wp_die( -1 );
 596
 597	$x = new WP_Ajax_Response();
 598
 599	$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
 600
 601	if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
 602		$message = __('An error has occurred. Please reload the page and try again.');
 603		if ( is_wp_error($tag) && $tag->get_error_message() )
 604			$message = $tag->get_error_message();
 605
 606		$x->add( array(
 607			'what' => 'taxonomy',
 608			'data' => new WP_Error('error', $message )
 609		) );
 610		$x->send();
 611	}
 612
 613	$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) );
 614
 615	$level = 0;
 616	if ( is_taxonomy_hierarchical($taxonomy) ) {
 617		$level = count( get_ancestors( $tag->term_id, $taxonomy ) );
 618		ob_start();
 619		$wp_list_table->single_row( $tag, $level );
 620		$noparents = ob_get_clean();
 621	}
 622
 623	ob_start();
 624	$wp_list_table->single_row( $tag );
 625	$parents = ob_get_clean();
 626
 627	$x->add( array(
 628		'what' => 'taxonomy',
 629		'supplemental' => compact('parents', 'noparents')
 630		) );
 631	$x->add( array(
 632		'what' => 'term',
 633		'position' => $level,
 634		'supplemental' => (array) $tag
 635		) );
 636	$x->send();
 637}
 638
 639function wp_ajax_get_tagcloud() {
 640	if ( isset( $_POST['tax'] ) ) {
 641		$taxonomy = sanitize_key( $_POST['tax'] );
 642		$tax = get_taxonomy( $taxonomy );
 643		if ( ! $tax )
 644			wp_die( 0 );
 645		if ( ! current_user_can( $tax->cap->assign_terms ) )
 646			wp_die( -1 );
 647	} else {
 648		wp_die( 0 );
 649	}
 650
 651	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
 652
 653	if ( empty( $tags ) )
 654		wp_die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
 655
 656	if ( is_wp_error( $tags ) )
 657		wp_die( $tags->get_error_message() );
 658
 659	foreach ( $tags as $key => $tag ) {
 660		$tags[ $key ]->link = '#';
 661		$tags[ $key ]->id = $tag->term_id;
 662	}
 663
 664	// We need raw tag names here, so don't filter the output
 665	$return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
 666
 667	if ( empty($return) )
 668		wp_die( 0 );
 669
 670	echo $return;
 671
 672	wp_die();
 673}
 674
 675function wp_ajax_get_comments( $action ) {
 676	global $wp_list_table, $post_id;
 677	if ( empty( $action ) )
 678		$action = 'get-comments';
 679
 680	check_ajax_referer( $action );
 681
 682	$wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 683
 684	if ( !current_user_can( 'edit_post', $post_id ) )
 685		wp_die( -1 );
 686
 687	$wp_list_table->prepare_items();
 688
 689	if ( !$wp_list_table->has_items() )
 690		wp_die( 1 );
 691
 692	$x = new WP_Ajax_Response();
 693	ob_start();
 694	foreach ( $wp_list_table->items as $comment ) {
 695		if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
 696			continue;
 697		get_comment( $comment );
 698		$wp_list_table->single_row( $comment );
 699	}
 700	$comment_list_item = ob_get_contents();
 701	ob_end_clean();
 702
 703	$x->add( array(
 704		'what' => 'comments',
 705		'data' => $comment_list_item
 706	) );
 707	$x->send();
 708}
 709
 710function wp_ajax_replyto_comment( $action ) {
 711	global $wp_list_table, $wpdb;
 712	if ( empty( $action ) )
 713		$action = 'replyto-comment';
 714
 715	check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
 716
 717	$comment_post_ID = (int) $_POST['comment_post_ID'];
 718	if ( !current_user_can( 'edit_post', $comment_post_ID ) )
 719		wp_die( -1 );
 720
 721	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
 722
 723	if ( empty($status) )
 724		wp_die( 1 );
 725	elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
 726		wp_die( __('ERROR: you are replying to a comment on a draft post.') );
 727
 728	$user = wp_get_current_user();
 729	if ( $user->exists() ) {
 730		$user_ID = $user->ID;
 731		$comment_author       = $wpdb->escape($user->display_name);
 732		$comment_author_email = $wpdb->escape($user->user_email);
 733		$comment_author_url   = $wpdb->escape($user->user_url);
 734		$comment_content      = trim($_POST['content']);
 735		if ( current_user_can( 'unfiltered_html' ) ) {
 736			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 737				kses_remove_filters(); // start with a clean slate
 738				kses_init_filters(); // set up the filters
 739			}
 740		}
 741	} else {
 742		wp_die( __( 'Sorry, you must be logged in to reply to a comment.' ) );
 743	}
 744
 745	if ( '' == $comment_content )
 746		wp_die( __( 'ERROR: please type a comment.' ) );
 747
 748	$comment_parent = absint($_POST['comment_ID']);
 749	$comment_auto_approved = false;
 750	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
 751
 752	// automatically approve parent comment
 753	if ( !empty($_POST['approve_parent']) ) {
 754		$parent = get_comment( $comment_parent );
 755
 756		if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) {
 757			if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) )
 758				$comment_auto_approved = true;
 759		}
 760	}
 761
 762	$comment_id = wp_new_comment( $commentdata );
 763	$comment = get_comment($comment_id);
 764	if ( ! $comment ) wp_die( 1 );
 765
 766	$position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
 767
 768	ob_start();
 769		if ( 'dashboard' == $_REQUEST['mode'] ) {
 770			require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
 771			_wp_dashboard_recent_comments_row( $comment );
 772		} else {
 773			if ( 'single' == $_REQUEST['mode'] ) {
 774				$wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 775			} else {
 776				$wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 777			}
 778			$wp_list_table->single_row( $comment );
 779		}
 780		$comment_list_item = ob_get_contents();
 781	ob_end_clean();
 782
 783	$response =  array(
 784		'what' => 'comment',
 785		'id' => $comment->comment_ID,
 786		'data' => $comment_list_item,
 787		'position' => $position
 788	);
 789
 790	if ( $comment_auto_approved )
 791		$response['supplemental'] = array( 'parent_approved' => $parent->comment_ID );
 792
 793	$x = new WP_Ajax_Response();
 794	$x->add( $response );
 795	$x->send();
 796}
 797
 798function wp_ajax_edit_comment() {
 799	global $wp_list_table;
 800
 801	check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
 802
 803	$comment_id = (int) $_POST['comment_ID'];
 804	if ( ! current_user_can( 'edit_comment', $comment_id ) )
 805		wp_die( -1 );
 806
 807	if ( '' == $_POST['content'] )
 808		wp_die( __( 'ERROR: please type a comment.' ) );
 809
 810	$_POST['comment_status'] = $_POST['status'];
 811	edit_comment();
 812
 813	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
 814	$comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
 815
 816	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
 817	$wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
 818
 819	$comment = get_comment( $comment_id );
 820
 821	ob_start();
 822		$wp_list_table->single_row( $comment );
 823		$comment_list_item = ob_get_contents();
 824	ob_end_clean();
 825
 826	$x = new WP_Ajax_Response();
 827
 828	$x->add( array(
 829		'what' => 'edit_comment',
 830		'id' => $comment->comment_ID,
 831		'data' => $comment_list_item,
 832		'position' => $position
 833	));
 834
 835	$x->send();
 836}
 837
 838function wp_ajax_add_menu_item() {
 839	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
 840
 841	if ( ! current_user_can( 'edit_theme_options' ) )
 842		wp_die( -1 );
 843
 844	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
 845
 846	// For performance reasons, we omit some object properties from the checklist.
 847	// The following is a hacky way to restore them when adding non-custom items.
 848
 849	$menu_items_data = array();
 850	foreach ( (array) $_POST['menu-item'] as $menu_item_data ) {
 851		if (
 852			! empty( $menu_item_data['menu-item-type'] ) &&
 853			'custom' != $menu_item_data['menu-item-type'] &&
 854			! empty( $menu_item_data['menu-item-object-id'] )
 855		) {
 856			switch( $menu_item_data['menu-item-type'] ) {
 857				case 'post_type' :
 858					$_object = get_post( $menu_item_data['menu-item-object-id'] );
 859				break;
 860
 861				case 'taxonomy' :
 862					$_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] );
 863				break;
 864			}
 865
 866			$_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) );
 867			$_menu_item = array_shift( $_menu_items );
 868
 869			// Restore the missing menu item properties
 870			$menu_item_data['menu-item-description'] = $_menu_item->description;
 871		}
 872
 873		$menu_items_data[] = $menu_item_data;
 874	}
 875
 876	$item_ids = wp_save_nav_menu_items( 0, $menu_items_data );
 877	if ( is_wp_error( $item_ids ) )
 878		wp_die( 0 );
 879
 880	$menu_items = array();
 881
 882	foreach ( (array) $item_ids as $menu_item_id ) {
 883		$menu_obj = get_post( $menu_item_id );
 884		if ( ! empty( $menu_obj->ID ) ) {
 885			$menu_obj = wp_setup_nav_menu_item( $menu_obj );
 886			$menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
 887			$menu_items[] = $menu_obj;
 888		}
 889	}
 890
 891	$walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] );
 892
 893	if ( ! class_exists( $walker_class_name ) )
 894		wp_die( 0 );
 895
 896	if ( ! empty( $menu_items ) ) {
 897		$args = array(
 898			'after' => '',
 899			'before' => '',
 900			'link_after' => '',
 901			'link_before' => '',
 902			'walker' => new $walker_class_name,
 903		);
 904		echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
 905	}
 906}
 907
 908function wp_ajax_add_meta() {
 909	check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
 910	$c = 0;
 911	$pid = (int) $_POST['post_id'];
 912	$post = get_post( $pid );
 913
 914	if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
 915		if ( !current_user_can( 'edit_post', $pid ) )
 916			wp_die( -1 );
 917		if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
 918			wp_die( 1 );
 919		if ( $post->post_status == 'auto-draft' ) {
 920			$save_POST = $_POST; // Backup $_POST
 921			$_POST = array(); // Make it empty for edit_post()
 922			$_POST['action'] = 'draft'; // Warning fix
 923			$_POST['post_ID'] = $pid;
 924			$_POST['post_type'] = $post->post_type;
 925			$_POST['post_status'] = 'draft';
 926			$now = current_time('timestamp', 1);
 927			$_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
 928
 929			if ( $pid = edit_post() ) {
 930				if ( is_wp_error( $pid ) ) {
 931					$x = new WP_Ajax_Response( array(
 932						'what' => 'meta',
 933						'data' => $pid
 934					) );
 935					$x->send();
 936				}
 937				$_POST = $save_POST; // Now we can restore original $_POST again
 938				if ( !$mid = add_meta( $pid ) )
 939					wp_die( __( 'Please provide a custom field value.' ) );
 940			} else {
 941				wp_die( 0 );
 942			}
 943		} else if ( !$mid = add_meta( $pid ) ) {
 944			wp_die( __( 'Please provide a custom field value.' ) );
 945		}
 946
 947		$meta = get_metadata_by_mid( 'post', $mid );
 948		$pid = (int) $meta->post_id;
 949		$meta = get_object_vars( $meta );
 950		$x = new WP_Ajax_Response( array(
 951			'what' => 'meta',
 952			'id' => $mid,
 953			'data' => _list_meta_row( $meta, $c ),
 954			'position' => 1,
 955			'supplemental' => array('postid' => $pid)
 956		) );
 957	} else { // Update?
 958		$mid = (int) key( $_POST['meta'] );
 959		$key = stripslashes( $_POST['meta'][$mid]['key'] );
 960		$value = stripslashes( $_POST['meta'][$mid]['value'] );
 961		if ( '' == trim($key) )
 962			wp_die( __( 'Please provide a custom field name.' ) );
 963		if ( '' == trim($value) )
 964			wp_die( __( 'Please provide a custom field value.' ) );
 965		if ( ! $meta = get_metadata_by_mid( 'post', $mid ) )
 966			wp_die( 0 ); // if meta doesn't exist
 967		if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) ||
 968			! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ||
 969			! current_user_can( 'edit_post_meta', $meta->post_id, $key ) )
 970			wp_die( -1 );
 971		if ( $meta->meta_value != $value || $meta->meta_key != $key ) {
 972			if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) )
 973				wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
 974		}
 975
 976		$x = new WP_Ajax_Response( array(
 977			'what' => 'meta',
 978			'id' => $mid, 'old_id' => $mid,
 979			'data' => _list_meta_row( array(
 980				'meta_key' => $key,
 981				'meta_value' => $value,
 982				'meta_id' => $mid
 983			), $c ),
 984			'position' => 0,
 985			'supplemental' => array('postid' => $meta->post_id)
 986		) );
 987	}
 988	$x->send();
 989}
 990
 991function wp_ajax_add_user( $action ) {
 992	global $wp_list_table;
 993	if ( empty( $action ) )
 994		$action = 'add-user';
 995
 996	check_ajax_referer( $action );
 997	if ( ! current_user_can('create_users') )
 998		wp_die( -1 );
 999	if ( ! $user_id = edit_user() ) {
1000		wp_die( 0 );
1001	} elseif ( is_wp_error( $user_id ) ) {
1002		$x = new WP_Ajax_Response( array(
1003			'what' => 'user',
1004			'id' => $user_id
1005		) );
1006		$x->send();
1007	}
1008	$user_object = get_userdata( $user_id );
1009
1010	$wp_list_table = _get_list_table('WP_Users_List_Table');
1011
1012	$role = current( $user_object->roles );
1013
1014	$x = new WP_Ajax_Response( array(
1015		'what' => 'user',
1016		'id' => $user_id,
1017		'data' => $wp_list_table->single_row( $user_object, '', $role ),
1018		'supplemental' => array(
1019			'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
1020			'role' => $role,
1021		)
1022	) );
1023	$x->send();
1024}
1025
1026function wp_ajax_autosave() {
1027	global $login_grace_period;
1028
1029	define( 'DOING_AUTOSAVE', true );
1030
1031	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
1032
1033	$_POST['post_category'] = explode(",", $_POST['catslist']);
1034	if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
1035		unset($_POST['post_category']);
1036
1037	$do_autosave = (bool) $_POST['autosave'];
1038	$do_lock = true;
1039
1040	$data = $alert = '';
1041	/* translators: draft saved date format, see http://php.net/date */
1042	$draft_saved_date_format = __('g:i:s a');
1043	/* translators: %s: date and time */
1044	$message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
1045
1046	$supplemental = array();
1047	if ( isset($login_grace_period) )
1048		$alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) );
1049
1050	$id = $revision_id = 0;
1051
1052	$post_ID = (int) $_POST['post_ID'];
1053	$_POST['ID'] = $post_ID;
1054	$post = get_post($post_ID);
1055	if ( 'auto-draft' == $post->post_status )
1056		$_POST['post_status'] = 'draft';
1057
1058	if ( $last = wp_check_post_lock( $post->ID ) ) {
1059		$do_autosave = $do_lock = false;
1060
1061		$last_user = get_userdata( $last );
1062		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1063		$data = __( 'Autosave disabled.' );
1064
1065		$supplemental['disable_autosave'] = 'disable';
1066		$alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) );
1067	}
1068
1069	if ( 'page' == $post->post_type ) {
1070		if ( !current_user_can('edit_page', $post_ID) )
1071			wp_die( __( 'You are not allowed to edit this page.' ) );
1072	} else {
1073		if ( !current_user_can('edit_post', $post_ID) )
1074			wp_die( __( 'You are not allowed to edit this post.' ) );
1075	}
1076
1077	if ( $do_autosave ) {
1078		// Drafts and auto-drafts are just overwritten by autosave
1079		if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) {
1080			$id = edit_post();
1081		} else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
1082			$revision_id = wp_create_post_autosave( $post->ID );
1083			if ( is_wp_error($revision_id) )
1084				$id = $revision_id;
1085			else
1086				$id = $post->ID;
1087		}
1088		$data = $message;
1089	} else {
1090		if ( ! empty( $_POST['auto_draft'] ) )
1091			$id = 0; // This tells us it didn't actually save
1092		else
1093			$id = $post->ID;
1094	}
1095
1096	if ( $do_lock && empty( $_POST['auto_draft'] ) && $id && is_numeric( $id ) ) {
1097		$lock_result = wp_set_post_lock( $id );
1098		$supplemental['active-post-lock'] = implode( ':', $lock_result );
1099	}
1100
1101	if ( $nonce_age == 2 ) {
1102		$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1103		$supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1104		$supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1105		$supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1106		$supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' );
1107		if ( $id ) {
1108			if ( $_POST['post_type'] == 'post' )
1109				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1110			elseif ( $_POST['post_type'] == 'page' )
1111				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1112		}
1113	}
1114
1115	if ( ! empty($alert) )
1116		$supplemental['alert'] = $alert;
1117
1118	$x = new WP_Ajax_Response( array(
1119		'what' => 'autosave',
1120		'id' => $id,
1121		'data' => $id ? $data : '',
1122		'supplemental' => $supplemental
1123	) );
1124	$x->send();
1125}
1126
1127function wp_ajax_closed_postboxes() {
1128	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1129	$closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1130	$closed = array_filter($closed);
1131
1132	$hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1133	$hidden = array_filter($hidden);
1134
1135	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1136
1137	if ( $page != sanitize_key( $page ) )
1138		wp_die( 0 );
1139
1140	if ( ! $user = wp_get_current_user() )
1141		wp_die( -1 );
1142
1143	if ( is_array($closed) )
1144		update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1145
1146	if ( is_array($hidden) ) {
1147		$hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1148		update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1149	}
1150
1151	wp_die( 1 );
1152}
1153
1154function wp_ajax_hidden_columns() {
1155	check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1156	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1157	$hidden = explode( ',', $_POST['hidden'] );
1158	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1159
1160	if ( $page != sanitize_key( $page ) )
1161		wp_die( 0 );
1162
1163	if ( ! $user = wp_get_current_user() )
1164		wp_die( -1 );
1165
1166	if ( is_array($hidden) )
1167		update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1168
1169	wp_die( 1 );
1170}
1171
1172function wp_ajax_update_welcome_panel() {
1173	check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' );
1174
1175	if ( ! current_user_can( 'edit_theme_options' ) )
1176		wp_die( -1 );
1177
1178	update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 );
1179
1180	wp_die( 1 );
1181}
1182
1183function wp_ajax_menu_get_metabox() {
1184	if ( ! current_user_can( 'edit_theme_options' ) )
1185		wp_die( -1 );
1186
1187	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1188
1189	if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1190		$type = 'posttype';
1191		$callback = 'wp_nav_menu_item_post_type_meta_box';
1192		$items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1193	} elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1194		$type = 'taxonomy';
1195		$callback = 'wp_nav_menu_item_taxonomy_meta_box';
1196		$items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1197	}
1198
1199	if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1200		$item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1201		ob_start();
1202		call_user_func_array($callback, array(
1203			null,
1204			array(
1205				'id' => 'add-' . $item->name,
1206				'title' => $item->labels->name,
1207				'callback' => $callback,
1208				'args' => $item,
1209			)
1210		));
1211
1212		$markup = ob_get_clean();
1213
1214		echo json_encode(array(
1215			'replace-id' => $type . '-' . $item->name,
1216			'markup' => $markup,
1217		));
1218	}
1219
1220	wp_die();
1221}
1222
1223function wp_ajax_wp_link_ajax() {
1224	check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' );
1225
1226	$args = array();
1227
1228	if ( isset( $_POST['search'] ) )
1229		$args['s'] = stripslashes( $_POST['search'] );
1230	$args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
1231
1232	require(ABSPATH . WPINC . '/class-wp-editor.php');
1233	$results = _WP_Editors::wp_link_query( $args );
1234
1235	if ( ! isset( $results ) )
1236		wp_die( 0 );
1237
1238	echo json_encode( $results );
1239	echo "\n";
1240
1241	wp_die();
1242}
1243
1244function wp_ajax_menu_locations_save() {
1245	if ( ! current_user_can( 'edit_theme_options' ) )
1246		wp_die( -1 );
1247	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1248	if ( ! isset( $_POST['menu-locations'] ) )
1249		wp_die( 0 );
1250	set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) );
1251	wp_die( 1 );
1252}
1253
1254function wp_ajax_meta_box_order() {
1255	check_ajax_referer( 'meta-box-order' );
1256	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1257	$page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto';
1258
1259	if ( $page_columns != 'auto' )
1260		$page_columns = (int) $page_columns;
1261
1262	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1263
1264	if ( $page != sanitize_key( $page ) )
1265		wp_die( 0 );
1266
1267	if ( ! $user = wp_get_current_user() )
1268		wp_die( -1 );
1269
1270	if ( $order )
1271		update_user_option($user->ID, "meta-box-order_$page", $order, true);
1272
1273	if ( $page_columns )
1274		update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1275
1276	wp_die( 1 );
1277}
1278
1279function wp_ajax_menu_quick_search() {
1280	if ( ! current_user_can( 'edit_theme_options' ) )
1281		wp_die( -1 );
1282
1283	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1284
1285	_wp_ajax_menu_quick_search( $_POST );
1286
1287	wp_die();
1288}
1289
1290function wp_ajax_get_permalink() {
1291	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1292	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1293	wp_die( add_query_arg( array( 'preview' => 'true' ), get_permalink( $post_id ) ) );
1294}
1295
1296function wp_ajax_sample_permalink() {
1297	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1298	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1299	$title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1300	$slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1301	wp_die( get_sample_permalink_html( $post_id, $title, $slug ) );
1302}
1303
1304function wp_ajax_inline_save() {
1305	global $wp_list_table;
1306
1307	check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1308
1309	if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1310		wp_die();
1311
1312	if ( 'page' == $_POST['post_type'] ) {
1313		if ( ! current_user_can( 'edit_page', $post_ID ) )
1314			wp_die( __( 'You are not allowed to edit this page.' ) );
1315	} else {
1316		if ( ! current_user_can( 'edit_post', $post_ID ) )
1317			wp_die( __( 'You are not allowed to edit this post.' ) );
1318	}
1319
1320	if ( $last = wp_check_post_lock( $post_ID ) ) {
1321		$last_user = get_userdata( $last );
1322		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1323		printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),	esc_html( $last_user_name ) );
1324		wp_die();
1325	}
1326
1327	$data = &$_POST;
1328
1329	$post = get_post( $post_ID, ARRAY_A );
1330	$post = add_magic_quotes($post); //since it is from db
1331
1332	$data['content'] = $post['post_content'];
1333	$data['excerpt'] = $post['post_excerpt'];
1334
1335	// rename
1336	$data['user_ID'] = $GLOBALS['user_ID'];
1337
1338	if ( isset($data['post_parent']) )
1339		$data['parent_id'] = $data['post_parent'];
1340
1341	// status
1342	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1343		$data['post_status'] = 'private';
1344	else
1345		$data['post_status'] = $data['_status'];
1346
1347	if ( empty($data['comment_status']) )
1348		$data['comment_status'] = 'closed';
1349	if ( empty($data['ping_status']) )
1350		$data['ping_status'] = 'closed';
1351
1352	// update the post
1353	edit_post();
1354
1355	$wp_list_table = _get_list_table( 'WP_Posts_List_Table', array( 'screen' => $_POST['screen'] ) );
1356
1357	$mode = $_POST['post_view'];
1358
1359	$level = 0;
1360	$request_post = array( get_post( $_POST['post_ID'] ) );
1361	$parent = $request_post[0]->post_parent;
1362
1363	while ( $parent > 0 ) {
1364		$parent_post = get_post( $parent );
1365		$parent = $parent_post->post_parent;
1366		$level++;
1367	}
1368
1369	$wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ), $level );
1370
1371	wp_die();
1372}
1373
1374function wp_ajax_inline_save_tax() {
1375	global $wp_list_table;
1376
1377	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1378
1379	$taxonomy = sanitize_key( $_POST['taxonomy'] );
1380	$tax = get_taxonomy( $taxonomy );
1381	if ( ! $tax )
1382		wp_die( 0 );
1383
1384	if ( ! current_user_can( $tax->cap->edit_terms ) )
1385		wp_die( -1 );
1386
1387	$wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) );
1388
1389	if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1390		wp_die( -1 );
1391
1392	$tag = get_term( $id, $taxonomy );
1393	$_POST['description'] = $tag->description;
1394
1395	$updated = wp_update_term($id, $taxonomy, $_POST);
1396	if ( $updated && !is_wp_error($updated) ) {
1397		$tag = get_term( $updated['term_id'], $taxonomy );
1398		if ( !$tag || is_wp_error( $tag ) ) {
1399			if ( is_wp_error($tag) && $tag->get_error_message() )
1400				wp_die( $tag->get_error_message() );
1401			wp_die( __( 'Item not updated.' ) );
1402		}
1403	} else {
1404		if ( is_wp_error($updated) && $updated->get_error_message() )
1405			wp_die( $updated->get_error_message() );
1406		wp_die( __( 'Item not updated.' ) );
1407	}
1408	$level = 0;
1409	$parent = $tag->parent;
1410	while ( $parent > 0 ) {
1411		$parent_tag = get_term( $parent, $taxonomy );
1412		$parent = $parent_tag->parent;
1413		$level++;
1414	}
1415	echo $wp_list_table->single_row( $tag, $level );
1416	wp_die();
1417}
1418
1419function wp_ajax_find_posts() {
1420	global $wpdb;
1421
1422	check_ajax_referer( 'find-posts' );
1423
1424	$post_types = get_post_types( array( 'public' => true ), 'objects' );
1425	unset( $post_types['attachment'] );
1426
1427	$s = stripslashes( $_POST['ps'] );
1428	$searchand = $search = '';
1429	$args = array(
1430		'post_type' => array_keys( $post_types ),
1431		'post_status' => 'any',
1432		'posts_per_page' => 50,
1433	);
1434	if ( '' !== $s )
1435		$args['s'] = $s;
1436
1437	$posts = get_posts( $args );
1438
1439	if ( ! $posts )
1440		wp_die( __('No items found.') );
1441
1442	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th class="no-break">'.__('Type').'</th><th class="no-break">'.__('Date').'</th><th class="no-break">'.__('Status').'</th></tr></thead><tbody>';
1443	foreach ( $posts as $post ) {
1444		$title = trim( $post->post_title ) ? $post->post_title : __( '(no title)' );
1445
1446		switch ( $post->post_status ) {
1447			case 'publish' :
1448			case 'private' :
1449				$stat = __('Published');
1450				break;
1451			case 'future' :
1452				$stat = __('Scheduled');
1453				break;
1454			case 'pending' :
1455				$stat = __('Pending Review');
1456				break;
1457			case 'draft' :
1458				$stat = __('Draft');
1459				break;
1460		}
1461
1462		if ( '0000-00-00 00:00:00' == $post->post_date ) {
1463			$time = '';
1464		} else {
1465			/* translators: date format in table columns, see http://php.net/date */
1466			$time = mysql2date(__('Y/m/d'), $post->post_date);
1467		}
1468
1469		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1470		$html .= '<td><label for="found-'.$post->ID.'">' . esc_html( $title ) . '</label></td><td class="no-break">' . esc_html( $post_types[$post->post_type]->labels->singular_name ) . '</td><td class="no-break">'.esc_html( $time ) . '</td><td class="no-break">' . esc_html( $stat ). ' </td></tr>' . "\n\n";
1471	}
1472
1473	$html .= '</tbody></table>';
1474
1475	$x = new WP_Ajax_Response();
1476	$x->add( array(
1477		'data' => $html
1478	));
1479	$x->send();
1480}
1481
1482function wp_ajax_widgets_order() {
1483	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1484
1485	if ( !current_user_can('edit_theme_options') )
1486		wp_die( -1 );
1487
1488	unset( $_POST['savewidgets'], $_POST['action'] );
1489
1490	// save widgets order for all sidebars
1491	if ( is_array($_POST['sidebars']) ) {
1492		$sidebars = array();
1493		foreach ( $_POST['sidebars'] as $key => $val ) {
1494			$sb = array();
1495			if ( !empty($val) ) {
1496				$val = explode(',', $val);
1497				foreach ( $val as $k => $v ) {
1498					if ( strpos($v, 'widget-') === false )
1499						continue;
1500
1501					$sb[$k] = substr($v, strpos($v, '_') + 1);
1502				}
1503			}
1504			$sidebars[$key] = $sb;
1505		}
1506		wp_set_sidebars_widgets($sidebars);
1507		wp_die( 1 );
1508	}
1509
1510	wp_die( -1 );
1511}
1512
1513function wp_ajax_save_widget() {
1514	global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates;
1515
1516	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1517
1518	if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1519		wp_die( -1 );
1520
1521	unset( $_POST['savewidgets'], $_POST['action'] );
1522
1523	do_action('load-widgets.php');
1524	do_action('widgets.php');
1525	do_action('sidebar_admin_setup');
1526
1527	$id_base = $_POST['id_base'];
1528	$widget_id = $_POST['widget-id'];
1529	$sidebar_id = $_POST['sidebar'];
1530	$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1531	$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1532	$error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>';
1533
1534	$sidebars = wp_get_sidebars_widgets();
1535	$sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1536
1537	// delete
1538	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1539
1540		if ( !isset($wp_registered_widgets[$widget_id]) )
1541			wp_die( $error );
1542
1543		$sidebar = array_diff( $sidebar, array($widget_id) );
1544		$_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1545	} elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1546		if ( !$multi_number )
1547			wp_die( $error );
1548
1549		$_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1550		$widget_id = $id_base . '-' . $multi_number;
1551		$sidebar[] = $widget_id;
1552	}
1553	$_POST['widget-id'] = $sidebar;
1554
1555	foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1556
1557		if ( $name == $id_base ) {
1558			if ( !is_callable( $control['callback'] ) )
1559				continue;
1560
1561			ob_start();
1562				call_user_func_array( $control['callback'], $control['params'] );
1563			ob_end_clean();
1564			break;
1565		}
1566	}
1567
1568	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1569		$sidebars[$sidebar_id] = $sidebar;
1570		wp_set_sidebars_widgets($sidebars);
1571		echo "deleted:$widget_id";
1572		wp_die();
1573	}
1574
1575	if ( !empty($_POST['add_new']) )
1576		wp_die();
1577
1578	if ( $form = $wp_registered_widget_controls[$widget_id] )
1579		call_user_func_array( $form['callback'], $form['params'] );
1580
1581	wp_die();
1582}
1583
1584function wp_ajax_upload_attachment() {
1585	check_ajax_referer( 'media-form' );
1586
1587	if ( ! current_user_can( 'upload_files' ) )
1588		wp_die();
1589
1590	if ( isset( $_REQUEST['post_id'] ) ) {
1591		$post_id = $_REQUEST['post_id'];
1592		if ( ! current_user_can( 'edit_post', $post_id ) )
1593			wp_die();
1594	} else {
1595		$post_id = null;
1596	}
1597
1598	$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
1599
1600	// If the context is custom header or background, make sure the uploaded file is an image.
1601	if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
1602		$wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
1603		if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
1604			echo json_encode( array(
1605				'success' => false,
1606				'data'    => array(
1607					'message'  => __( 'The uploaded file is not a valid image. Please try again.' ),
1608					'filename' => $_FILES['async-upload']['name'],
1609				)
1610			) );
1611
1612			wp_die();
1613		}
1614	}
1615
1616	$attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
1617
1618	if ( is_wp_error( $attachment_id ) ) {
1619		echo json_encode( array(
1620			'success' => false,
1621			'data'    => array(
1622				'message'  => $attachment_id->get_error_message(),
1623				'filename' => $_FILES['async-upload']['name'],
1624			)
1625		) );
1626
1627		wp_die();
1628	}
1629
1630	if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
1631		if ( 'custom-background' === $post_data['context'] )
1632			update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
1633
1634		if ( 'custom…

Large files files are truncated, but you can click here to view the full file