PageRenderTime 73ms CodeModel.GetById 26ms app.highlight 39ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-admin/admin-ajax.php

https://gitlab.com/endomorphosis/reservationtelco
PHP | 1530 lines | 1258 code | 237 blank | 35 comment | 344 complexity | cfc7deb7906c10940564c296ad6116e0 MD5 | raw file
   1<?php
   2/**
   3 * WordPress AJAX Process Execution.
   4 *
   5 * @package WordPress
   6 * @subpackage Administration
   7 */
   8
   9/**
  10 * Executing AJAX process.
  11 *
  12 * @since unknown
  13 */
  14define('DOING_AJAX', true);
  15define('WP_ADMIN', true);
  16
  17require_once('../wp-load.php');
  18
  19if ( ! isset( $_REQUEST['action'] ) )
  20	die('-1');
  21
  22require_once('./includes/admin.php');
  23@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
  24send_nosniff_header();
  25
  26do_action('admin_init');
  27
  28if ( ! is_user_logged_in() ) {
  29
  30	if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
  31		$id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
  32
  33		if ( ! $id )
  34			die('-1');
  35
  36		$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
  37		$x = new WP_Ajax_Response( array(
  38			'what' => 'autosave',
  39			'id' => $id,
  40			'data' => $message
  41		) );
  42		$x->send();
  43	}
  44
  45	if ( !empty( $_REQUEST['action'] ) )
  46		do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
  47
  48	die('-1');
  49}
  50
  51if ( isset( $_GET['action'] ) ) :
  52switch ( $action = $_GET['action'] ) :
  53case 'ajax-tag-search' :
  54	if ( !current_user_can( 'edit_posts' ) )
  55		die('-1');
  56
  57	$s = $_GET['q']; // is this slashed already?
  58
  59	if ( isset($_GET['tax']) )
  60		$taxonomy = sanitize_title($_GET['tax']);
  61	else
  62		die('0');
  63
  64	if ( false !== strpos( $s, ',' ) ) {
  65		$s = explode( ',', $s );
  66		$s = $s[count( $s ) - 1];
  67	}
  68	$s = trim( $s );
  69	if ( strlen( $s ) < 2 )
  70		die; // require 2 chars for matching
  71
  72	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
  73
  74	echo join( $results, "\n" );
  75	die;
  76	break;
  77case 'wp-compression-test' :
  78	if ( !current_user_can( 'manage_options' ) )
  79		die('-1');
  80
  81	if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
  82		update_site_option('can_compress_scripts', 0);
  83		die('0');
  84	}
  85
  86	if ( isset($_GET['test']) ) {
  87		header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
  88		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
  89		header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
  90		header( 'Pragma: no-cache' );
  91		header('Content-Type: application/x-javascript; charset=UTF-8');
  92		$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
  93		$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
  94
  95		 if ( 1 == $_GET['test'] ) {
  96		 	echo $test_str;
  97		 	die;
  98		 } elseif ( 2 == $_GET['test'] ) {
  99			if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
 100				die('-1');
 101			if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
 102				header('Content-Encoding: deflate');
 103				$out = gzdeflate( $test_str, 1 );
 104			} elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
 105				header('Content-Encoding: gzip');
 106				$out = gzencode( $test_str, 1 );
 107			} else {
 108				die('-1');
 109			}
 110			echo $out;
 111			die;
 112		} elseif ( 'no' == $_GET['test'] ) {
 113			update_site_option('can_compress_scripts', 0);
 114		} elseif ( 'yes' == $_GET['test'] ) {
 115			update_site_option('can_compress_scripts', 1);
 116		}
 117	}
 118
 119	die('0');
 120	break;
 121case 'imgedit-preview' :
 122	$post_id = intval($_GET['postid']);
 123	if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
 124		die('-1');
 125
 126	check_ajax_referer( "image_editor-$post_id" );
 127
 128	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
 129	if ( ! stream_preview_image($post_id) )
 130		die('-1');
 131
 132	die();
 133	break;
 134case 'menu-quick-search':
 135	if ( ! current_user_can( 'edit_theme_options' ) )
 136		die('-1');
 137
 138	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
 139
 140	_wp_ajax_menu_quick_search( $_REQUEST );
 141
 142	exit;
 143	break;
 144case 'oembed-cache' :
 145	$return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
 146	die( $return );
 147	break;
 148default :
 149	do_action( 'wp_ajax_' . $_GET['action'] );
 150	die('0');
 151	break;
 152endswitch;
 153endif;
 154
 155/**
 156 * Sends back current comment total and new page links if they need to be updated.
 157 *
 158 * Contrary to normal success AJAX response ("1"), die with time() on success.
 159 *
 160 * @since 2.7
 161 *
 162 * @param int $comment_id
 163 * @return die
 164 */
 165function _wp_ajax_delete_comment_response( $comment_id ) {
 166	$total = (int) @$_POST['_total'];
 167	$per_page = (int) @$_POST['_per_page'];
 168	$page = (int) @$_POST['_page'];
 169	$url = esc_url_raw( @$_POST['_url'] );
 170	// JS didn't send us everything we need to know. Just die with success message
 171	if ( !$total || !$per_page || !$page || !$url )
 172		die( (string) time() );
 173
 174	if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
 175		$total = 0;
 176
 177	if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
 178		die( (string) time() );
 179
 180	$post_id = 0;
 181	$status = 'total_comments'; // What type of comment count are we looking for?
 182	$parsed = parse_url( $url );
 183	if ( isset( $parsed['query'] ) ) {
 184		parse_str( $parsed['query'], $query_vars );
 185		if ( !empty( $query_vars['comment_status'] ) )
 186			$status = $query_vars['comment_status'];
 187		if ( !empty( $query_vars['p'] ) )
 188			$post_id = (int) $query_vars['p'];
 189	}
 190
 191	$comment_count = wp_count_comments($post_id);
 192	$time = time(); // The time since the last comment count
 193
 194	if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
 195		$total = $comment_count->$status;
 196	// else use the decremented value from above
 197
 198	$page_links = paginate_links( array(
 199		'base' => add_query_arg( 'apage', '%#%', $url ),
 200		'format' => '',
 201		'prev_text' => __('&laquo;'),
 202		'next_text' => __('&raquo;'),
 203		'total' => ceil($total / $per_page),
 204		'current' => $page
 205	) );
 206	$x = new WP_Ajax_Response( array(
 207		'what' => 'comment',
 208		'id' => $comment_id, // here for completeness - not used
 209		'supplemental' => array(
 210			'pageLinks' => $page_links,
 211			'total' => $total,
 212			'time' => $time
 213		)
 214	) );
 215	$x->send();
 216}
 217
 218function _wp_ajax_add_hierarchical_term() {
 219	$action = $_POST['action'];
 220	$taxonomy = get_taxonomy(substr($action, 4));
 221	check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
 222	if ( !current_user_can( $taxonomy->cap->edit_terms ) )
 223		die('-1');
 224	$names = explode(',', $_POST['new'.$taxonomy->name]);
 225	$parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
 226	if ( 0 > $parent )
 227		$parent = 0;
 228	if ( $taxonomy->name == 'category' )
 229		$post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
 230	else
 231		$post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
 232	$checked_categories = array_map( 'absint', (array) $post_category );
 233	$popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
 234
 235	foreach ( $names as $cat_name ) {
 236		$cat_name = trim($cat_name);
 237		$category_nicename = sanitize_title($cat_name);
 238		if ( '' === $category_nicename )
 239			continue;
 240		if ( !($cat_id = is_term($cat_name, $taxonomy->name, $parent)) ) {
 241			$new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent));
 242			$cat_id = $new_term['term_id'];
 243		}
 244		$checked_categories[] = $cat_id;
 245		if ( $parent ) // Do these all at once in a second
 246			continue;
 247		$category = get_term( $cat_id, $taxonomy->name );
 248		ob_start();
 249			wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
 250		$data = ob_get_contents();
 251		ob_end_clean();
 252		$add = array(
 253			'what' => $taxonomy->name,
 254			'id' => $cat_id,
 255			'data' => str_replace( array("\n", "\t"), '', $data),
 256			'position' => -1
 257		);
 258	}
 259
 260	if ( $parent ) { // Foncy - replace the parent and all its children
 261		$parent = get_term( $parent, $taxonomy->name );
 262		$term_id = $parent->term_id;
 263
 264		while ( $parent->parent ) { // get the top parent
 265			$parent = &get_term( $parent->parent, $taxonomy->name );
 266			if ( is_wp_error( $parent ) )
 267				break;
 268			$term_id = $parent->term_id;
 269		}
 270
 271		ob_start();
 272			wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
 273		$data = ob_get_contents();
 274		ob_end_clean();
 275		$add = array(
 276			'what' => $taxonomy->name,
 277			'id' => $term_id,
 278			'data' => str_replace( array("\n", "\t"), '', $data),
 279			'position' => -1
 280		);
 281	}
 282
 283	ob_start();
 284		wp_dropdown_categories( array(
 285			'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
 286			'hierarchical' => 1, 'show_option_none' => '&mdash; '.$taxonomy->labels->parent_item.' &mdash;'
 287		) );
 288	$sup = ob_get_contents();
 289	ob_end_clean();
 290	$add['supplemental'] = array( 'newcat_parent' => $sup );
 291
 292	$x = new WP_Ajax_Response( $add );
 293	$x->send();
 294}
 295
 296$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
 297switch ( $action = $_POST['action'] ) :
 298case 'delete-comment' : // On success, die with time() instead of 1
 299	if ( !$comment = get_comment( $id ) )
 300		die( (string) time() );
 301	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
 302		die('-1');
 303
 304	check_ajax_referer( "delete-comment_$id" );
 305	$status = wp_get_comment_status( $comment->comment_ID );
 306
 307	if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
 308		if ( 'trash' == $status )
 309			die( (string) time() );
 310		$r = wp_trash_comment( $comment->comment_ID );
 311	} elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
 312		if ( 'trash' != $status )
 313			die( (string) time() );
 314		$r = wp_untrash_comment( $comment->comment_ID );
 315	} elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
 316		if ( 'spam' == $status )
 317			die( (string) time() );
 318		$r = wp_spam_comment( $comment->comment_ID );
 319	} elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
 320		if ( 'spam' != $status )
 321			die( (string) time() );
 322		$r = wp_unspam_comment( $comment->comment_ID );
 323	} elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
 324		$r = wp_delete_comment( $comment->comment_ID );
 325	} else {
 326		die('-1');
 327	}
 328
 329	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
 330		_wp_ajax_delete_comment_response( $comment->comment_ID );
 331	die( '0' );
 332	break;
 333case 'delete-tag' :
 334	$tag_id = (int) $_POST['tag_ID'];
 335	check_ajax_referer( "delete-tag_$tag_id" );
 336
 337	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
 338	$tax = get_taxonomy($taxonomy);
 339
 340	if ( !current_user_can( $tax->cap->delete_terms ) )
 341		die('-1');
 342
 343	$tag = get_term( $tag_id, $taxonomy );
 344	if ( !$tag || is_wp_error( $tag ) )
 345		die('1');
 346
 347	if ( wp_delete_term($tag_id, $taxonomy))
 348		die('1');
 349	else
 350		die('0');
 351	break;
 352case 'delete-link-cat' :
 353	check_ajax_referer( "delete-link-category_$id" );
 354	if ( !current_user_can( 'manage_categories' ) )
 355		die('-1');
 356
 357	$cat = get_term( $id, 'link_category' );
 358	if ( !$cat || is_wp_error( $cat ) )
 359		die('1');
 360
 361	$cat_name = get_term_field('name', $id, 'link_category');
 362
 363	$default = get_option('default_link_category');
 364
 365	// Don't delete the default cats.
 366	if ( $id == $default ) {
 367		$x = new WP_AJAX_Response( array(
 368			'what' => 'link-cat',
 369			'id' => $id,
 370			'data' => new WP_Error( 'default-link-cat', sprintf(__("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
 371		) );
 372		$x->send();
 373	}
 374
 375	$r = wp_delete_term($id, 'link_category', array('default' => $default));
 376	if ( !$r )
 377		die('0');
 378	if ( is_wp_error($r) ) {
 379		$x = new WP_AJAX_Response( array(
 380			'what' => 'link-cat',
 381			'id' => $id,
 382			'data' => $r
 383		) );
 384		$x->send();
 385	}
 386	die('1');
 387	break;
 388case 'delete-link' :
 389	check_ajax_referer( "delete-bookmark_$id" );
 390	if ( !current_user_can( 'manage_links' ) )
 391		die('-1');
 392
 393	$link = get_bookmark( $id );
 394	if ( !$link || is_wp_error( $link ) )
 395		die('1');
 396
 397	if ( wp_delete_link( $id ) )
 398		die('1');
 399	else
 400		die('0');
 401	break;
 402case 'delete-meta' :
 403	check_ajax_referer( "delete-meta_$id" );
 404	if ( !$meta = get_post_meta_by_id( $id ) )
 405		die('1');
 406
 407	if ( !current_user_can( 'edit_post', $meta->post_id ) )
 408		die('-1');
 409	if ( delete_meta( $meta->meta_id ) )
 410		die('1');
 411	die('0');
 412	break;
 413case 'delete-post' :
 414	check_ajax_referer( "{$action}_$id" );
 415	if ( !current_user_can( 'delete_post', $id ) )
 416		die('-1');
 417
 418	if ( !get_post( $id ) )
 419		die('1');
 420
 421	if ( wp_delete_post( $id ) )
 422		die('1');
 423	else
 424		die('0');
 425	break;
 426case 'trash-post' :
 427case 'untrash-post' :
 428	check_ajax_referer( "{$action}_$id" );
 429	if ( !current_user_can( 'delete_post', $id ) )
 430		die('-1');
 431
 432	if ( !get_post( $id ) )
 433		die('1');
 434
 435	if ( 'trash-post' == $action )
 436		$done = wp_trash_post( $id );
 437	else
 438		$done = wp_untrash_post( $id );
 439
 440	if ( $done )
 441		die('1');
 442
 443	die('0');
 444	break;
 445case 'delete-page' :
 446	check_ajax_referer( "{$action}_$id" );
 447	if ( !current_user_can( 'delete_page', $id ) )
 448		die('-1');
 449
 450	if ( !get_page( $id ) )
 451		die('1');
 452
 453	if ( wp_delete_post( $id ) )
 454		die('1');
 455	else
 456		die('0');
 457	break;
 458case 'dim-comment' : // On success, die with time() instead of 1
 459
 460	if ( !$comment = get_comment( $id ) ) {
 461		$x = new WP_Ajax_Response( array(
 462			'what' => 'comment',
 463			'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
 464		) );
 465		$x->send();
 466	}
 467
 468	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
 469		die('-1');
 470
 471	$current = wp_get_comment_status( $comment->comment_ID );
 472	if ( $_POST['new'] == $current )
 473		die( (string) time() );
 474
 475	check_ajax_referer( "approve-comment_$id" );
 476	if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
 477		$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
 478	else
 479		$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
 480
 481	if ( is_wp_error($result) ) {
 482		$x = new WP_Ajax_Response( array(
 483			'what' => 'comment',
 484			'id' => $result
 485		) );
 486		$x->send();
 487	}
 488
 489	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
 490	_wp_ajax_delete_comment_response( $comment->comment_ID );
 491	die( '0' );
 492	break;
 493case 'add-link-category' : // On the Fly
 494	check_ajax_referer( $action );
 495	if ( !current_user_can( 'manage_categories' ) )
 496		die('-1');
 497	$names = explode(',', $_POST['newcat']);
 498	$x = new WP_Ajax_Response();
 499	foreach ( $names as $cat_name ) {
 500		$cat_name = trim($cat_name);
 501		$slug = sanitize_title($cat_name);
 502		if ( '' === $slug )
 503			continue;
 504		if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
 505			$cat_id = wp_insert_term( $cat_name, 'link_category' );
 506		}
 507		$cat_id = $cat_id['term_id'];
 508		$cat_name = esc_html(stripslashes($cat_name));
 509		$x->add( array(
 510			'what' => 'link-category',
 511			'id' => $cat_id,
 512			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
 513			'position' => -1
 514		) );
 515	}
 516	$x->send();
 517	break;
 518case 'add-link-cat' : // From Blogroll -> Categories
 519	check_ajax_referer( 'add-link-category' );
 520	if ( !current_user_can( 'manage_categories' ) )
 521		die('-1');
 522
 523	if ( '' === trim($_POST['name']) ) {
 524		$x = new WP_Ajax_Response( array(
 525			'what' => 'link-cat',
 526			'id' => new WP_Error( 'name', __('You did not enter a category name.') )
 527		) );
 528		$x->send();
 529	}
 530
 531	$r = wp_insert_term($_POST['name'], 'link_category', $_POST );
 532	if ( is_wp_error( $r ) ) {
 533		$x = new WP_AJAX_Response( array(
 534			'what' => 'link-cat',
 535			'id' => $r
 536		) );
 537		$x->send();
 538	}
 539
 540	extract($r, EXTR_SKIP);
 541
 542	if ( !$link_cat = link_cat_row( $term_id ) )
 543		die('0');
 544
 545	$x = new WP_Ajax_Response( array(
 546		'what' => 'link-cat',
 547		'id' => $term_id,
 548		'position' => -1,
 549		'data' => $link_cat
 550	) );
 551	$x->send();
 552	break;
 553case 'add-tag' : // From Manage->Tags
 554	check_ajax_referer( 'add-tag' );
 555
 556	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
 557	$tax = get_taxonomy($taxonomy);
 558
 559	$x = new WP_Ajax_Response();
 560
 561	if ( !current_user_can( $tax->cap->edit_terms ) )
 562		die('-1');
 563
 564	$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
 565
 566	if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
 567		$message = __('An error has occured. Please reload the page and try again.');
 568		if ( is_wp_error($tag) && $tag->get_error_message() )
 569			$message = $tag->get_error_message();
 570
 571		$x->add( array(
 572			'what' => 'taxonomy',
 573			'data' => new WP_Error('error', $message )
 574		) );
 575		$x->send();
 576	}
 577
 578	$level = 0;
 579	$tag_full_name = false;
 580	$tag_full_name = $tag->name;
 581	if ( is_taxonomy_hierarchical($taxonomy) ) {
 582		$_tag = $tag;
 583		while ( $_tag->parent  ) {
 584			$_tag = get_term( $_tag->parent, $taxonomy );
 585			$tag_full_name = $_tag->name . ' &#8212; ' . $tag_full_name;
 586			$level++;
 587		}
 588		$noparents = _tag_row( $tag, $level, $taxonomy );
 589	}
 590	$tag->name = $tag_full_name;
 591	$parents = _tag_row( $tag, 0, $taxonomy);
 592
 593	$x->add( array(
 594		'what' => 'taxonomy',
 595		'supplemental' => compact('parents', 'noparents')
 596		) );
 597	$x->add( array(
 598		'what' => 'term',
 599		'position' => $level,
 600		'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name.
 601		) );
 602	$x->send();
 603	break;
 604case 'get-tagcloud' :
 605	if ( !current_user_can( 'edit_posts' ) )
 606		die('-1');
 607
 608	if ( isset($_POST['tax']) )
 609		$taxonomy = sanitize_title($_POST['tax']);
 610	else
 611		die('0');
 612
 613	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
 614
 615	if ( empty( $tags ) ) {
 616		$tax = get_taxonomy( $taxonomy );
 617		die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
 618	}
 619
 620	if ( is_wp_error($tags) )
 621		die($tags->get_error_message());
 622
 623	foreach ( $tags as $key => $tag ) {
 624		$tags[ $key ]->link = '#';
 625		$tags[ $key ]->id = $tag->term_id;
 626	}
 627
 628	// We need raw tag names here, so don't filter the output
 629	$return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
 630
 631	if ( empty($return) )
 632		die('0');
 633
 634	echo $return;
 635
 636	exit;
 637	break;
 638case 'add-comment' :
 639	check_ajax_referer( $action );
 640	if ( !current_user_can( 'edit_posts' ) )
 641		die('-1');
 642	$search = isset($_POST['s']) ? $_POST['s'] : false;
 643	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
 644	$per_page = isset($_POST['per_page']) ?  (int) $_POST['per_page'] + 8 : 28;
 645	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
 646	if ( 1 > $start )
 647		$start = 27;
 648
 649	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
 650	$p = isset($_POST['p']) ? $_POST['p'] : 0;
 651	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
 652	list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
 653
 654	if ( get_option('show_avatars') )
 655		add_filter( 'comment_author', 'floated_admin_avatar' );
 656
 657	if ( !$comments )
 658		die('1');
 659	$x = new WP_Ajax_Response();
 660	foreach ( (array) $comments as $comment ) {
 661		get_comment( $comment );
 662		ob_start();
 663			_wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
 664			$comment_list_item = ob_get_contents();
 665		ob_end_clean();
 666		$x->add( array(
 667			'what' => 'comment',
 668			'id' => $comment->comment_ID,
 669			'data' => $comment_list_item
 670		) );
 671	}
 672	$x->send();
 673	break;
 674case 'get-comments' :
 675	check_ajax_referer( $action );
 676
 677	$post_ID = (int) $_POST['post_ID'];
 678	if ( !current_user_can( 'edit_post', $post_ID ) )
 679		die('-1');
 680
 681	$start = isset($_POST['start']) ? intval($_POST['start']) : 0;
 682	$num = isset($_POST['num']) ? intval($_POST['num']) : 10;
 683
 684	list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
 685
 686	if ( !$comments )
 687		die('1');
 688
 689	$comment_list_item = '';
 690	$x = new WP_Ajax_Response();
 691	foreach ( (array) $comments as $comment ) {
 692		get_comment( $comment );
 693		ob_start();
 694			_wp_comment_row( $comment->comment_ID, 'single', false, false );
 695			$comment_list_item .= ob_get_contents();
 696		ob_end_clean();
 697	}
 698	$x->add( array(
 699		'what' => 'comments',
 700		'data' => $comment_list_item
 701	) );
 702	$x->send();
 703	break;
 704case 'replyto-comment' :
 705	check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
 706
 707	$comment_post_ID = (int) $_POST['comment_post_ID'];
 708	if ( !current_user_can( 'edit_post', $comment_post_ID ) )
 709		die('-1');
 710
 711	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
 712
 713	if ( empty($status) )
 714		die('1');
 715	elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
 716		die( __('Error: you are replying to a comment on a draft post.') );
 717
 718	$user = wp_get_current_user();
 719	if ( $user->ID ) {
 720		$comment_author       = $wpdb->escape($user->display_name);
 721		$comment_author_email = $wpdb->escape($user->user_email);
 722		$comment_author_url   = $wpdb->escape($user->user_url);
 723		$comment_content      = trim($_POST['content']);
 724		if ( current_user_can('unfiltered_html') ) {
 725			if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
 726				kses_remove_filters(); // start with a clean slate
 727				kses_init_filters(); // set up the filters
 728			}
 729		}
 730	} else {
 731		die( __('Sorry, you must be logged in to reply to a comment.') );
 732	}
 733
 734	if ( '' == $comment_content )
 735		die( __('Error: please type a comment.') );
 736
 737	$comment_parent = absint($_POST['comment_ID']);
 738	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
 739
 740	$comment_id = wp_new_comment( $commentdata );
 741	$comment = get_comment($comment_id);
 742	if ( ! $comment ) die('1');
 743
 744	$modes = array( 'single', 'detail', 'dashboard' );
 745	$mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
 746	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
 747	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
 748
 749	if ( get_option('show_avatars') && 'single' != $mode )
 750		add_filter( 'comment_author', 'floated_admin_avatar' );
 751
 752	$x = new WP_Ajax_Response();
 753
 754	ob_start();
 755		if ( 'dashboard' == $mode ) {
 756			require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
 757			_wp_dashboard_recent_comments_row( $comment, false );
 758		} else {
 759			_wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
 760		}
 761		$comment_list_item = ob_get_contents();
 762	ob_end_clean();
 763
 764	$x->add( array(
 765		'what' => 'comment',
 766		'id' => $comment->comment_ID,
 767		'data' => $comment_list_item,
 768		'position' => $position
 769	));
 770
 771	$x->send();
 772	break;
 773case 'edit-comment' :
 774	check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
 775
 776	$comment_post_ID = (int) $_POST['comment_post_ID'];
 777	if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
 778		die('-1');
 779
 780	if ( '' == $_POST['content'] )
 781		die( __('Error: please type a comment.') );
 782
 783	$comment_id = (int) $_POST['comment_ID'];
 784	$_POST['comment_status'] = $_POST['status'];
 785	edit_comment();
 786
 787	$mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
 788	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
 789	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
 790	$comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
 791
 792	if ( get_option('show_avatars') && 'single' != $mode )
 793		add_filter( 'comment_author', 'floated_admin_avatar' );
 794
 795	$x = new WP_Ajax_Response();
 796
 797	ob_start();
 798		_wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
 799		$comment_list_item = ob_get_contents();
 800	ob_end_clean();
 801
 802	$x->add( array(
 803		'what' => 'edit_comment',
 804		'id' => $comment->comment_ID,
 805		'data' => $comment_list_item,
 806		'position' => $position
 807	));
 808
 809	$x->send();
 810	break;
 811case 'add-menu-item' :
 812	if ( ! current_user_can( 'edit_theme_options' ) )
 813		die('-1');
 814
 815	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
 816
 817	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
 818
 819	$item_ids = wp_save_nav_menu_items( 0, $_POST['menu-item'] );
 820	if ( is_wp_error( $item_ids ) )
 821		die('-1');
 822
 823	foreach ( (array) $item_ids as $menu_item_id ) {
 824		$menu_obj = get_post( $menu_item_id );
 825		if ( ! empty( $menu_obj->ID ) ) {
 826			$menu_obj = wp_setup_nav_menu_item( $menu_obj );
 827			$menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
 828			$menu_items[] = $menu_obj;
 829		}
 830	}
 831
 832	if ( ! empty( $menu_items ) ) {
 833		$args = array(
 834			'after' => '',
 835			'before' => '',
 836			'link_after' => '',
 837			'link_before' => '',
 838			'walker' => new Walker_Nav_Menu_Edit,
 839		);
 840		echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
 841	}
 842	break;
 843case 'add-meta' :
 844	check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
 845	$c = 0;
 846	$pid = (int) $_POST['post_id'];
 847	$post = get_post( $pid );
 848
 849	if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
 850		if ( !current_user_can( 'edit_post', $pid ) )
 851			die('-1');
 852		if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
 853			die('1');
 854		if ( $post->post_status == 'auto-draft' ) {
 855			$save_POST = $_POST; // Backup $_POST
 856			$_POST = array(); // Make it empty for edit_post()
 857			$_POST['action'] = 'draft'; // Warning fix
 858			$_POST['post_ID'] = $pid;
 859			$_POST['post_type'] = $post->post_type;
 860			$_POST['post_status'] = 'draft';
 861			$now = current_time('timestamp', 1);
 862			$_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
 863
 864			if ( $pid = edit_post() ) {
 865				if ( is_wp_error( $pid ) ) {
 866					$x = new WP_Ajax_Response( array(
 867						'what' => 'meta',
 868						'data' => $pid
 869					) );
 870					$x->send();
 871				}
 872				$_POST = $save_POST; // Now we can restore original $_POST again
 873				if ( !$mid = add_meta( $pid ) )
 874					die(__('Please provide a custom field value.'));
 875			} else {
 876				die('0');
 877			}
 878		} else if ( !$mid = add_meta( $pid ) ) {
 879			die(__('Please provide a custom field value.'));
 880		}
 881
 882		$meta = get_post_meta_by_id( $mid );
 883		$pid = (int) $meta->post_id;
 884		$meta = get_object_vars( $meta );
 885		$x = new WP_Ajax_Response( array(
 886			'what' => 'meta',
 887			'id' => $mid,
 888			'data' => _list_meta_row( $meta, $c ),
 889			'position' => 1,
 890			'supplemental' => array('postid' => $pid)
 891		) );
 892	} else { // Update?
 893		$mid = (int) array_pop(array_keys($_POST['meta']));
 894		$key = $_POST['meta'][$mid]['key'];
 895		$value = $_POST['meta'][$mid]['value'];
 896		if ( '' == trim($key) )
 897			die(__('Please provide a custom field name.'));
 898		if ( '' == trim($value) )
 899			die(__('Please provide a custom field value.'));
 900		if ( !$meta = get_post_meta_by_id( $mid ) )
 901			die('0'); // if meta doesn't exist
 902		if ( !current_user_can( 'edit_post', $meta->post_id ) )
 903			die('-1');
 904		if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
 905			if ( !$u = update_meta( $mid, $key, $value ) )
 906				die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
 907		}
 908
 909		$key = stripslashes($key);
 910		$value = stripslashes($value);
 911		$x = new WP_Ajax_Response( array(
 912			'what' => 'meta',
 913			'id' => $mid, 'old_id' => $mid,
 914			'data' => _list_meta_row( array(
 915				'meta_key' => $key,
 916				'meta_value' => $value,
 917				'meta_id' => $mid
 918			), $c ),
 919			'position' => 0,
 920			'supplemental' => array('postid' => $meta->post_id)
 921		) );
 922	}
 923	$x->send();
 924	break;
 925case 'add-user' :
 926	check_ajax_referer( $action );
 927	if ( !current_user_can('create_users') )
 928		die('-1');
 929	require_once(ABSPATH . WPINC . '/registration.php');
 930	if ( !$user_id = add_user() )
 931		die('0');
 932	elseif ( is_wp_error( $user_id ) ) {
 933		$x = new WP_Ajax_Response( array(
 934			'what' => 'user',
 935			'id' => $user_id
 936		) );
 937		$x->send();
 938	}
 939	$user_object = new WP_User( $user_id );
 940
 941	$x = new WP_Ajax_Response( array(
 942		'what' => 'user',
 943		'id' => $user_id,
 944		'data' => user_row( $user_object, '', $user_object->roles[0] ),
 945		'supplemental' => array(
 946			'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
 947			'role' => $user_object->roles[0]
 948		)
 949	) );
 950	$x->send();
 951	break;
 952case 'autosave' : // The name of this action is hardcoded in edit_post()
 953	define( 'DOING_AUTOSAVE', true );
 954
 955	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
 956	global $current_user;
 957
 958	$_POST['post_category'] = explode(",", $_POST['catslist']);
 959	if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
 960		unset($_POST['post_category']);
 961
 962	$do_autosave = (bool) $_POST['autosave'];
 963	$do_lock = true;
 964
 965	$data = '';
 966	/* translators: draft saved date format, see http://php.net/date */
 967	$draft_saved_date_format = __('g:i:s a');
 968	/* translators: %s: date and time */
 969	$message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
 970
 971	$supplemental = array();
 972	if ( isset($login_grace_period) )
 973		$supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
 974
 975	$id = $revision_id = 0;
 976
 977	$post_ID = (int) $_POST['post_ID'];
 978	$_POST['ID'] = $post_ID;
 979	$post = get_post($post_ID);
 980	if ( 'auto-draft' == $post->post_status )
 981		$_POST['post_status'] = 'draft';
 982
 983	if ( $last = wp_check_post_lock( $post->ID ) ) {
 984		$do_autosave = $do_lock = false;
 985
 986		$last_user = get_userdata( $last );
 987		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
 988		$data = new WP_Error( 'locked', sprintf(
 989			$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
 990			esc_html( $last_user_name )
 991		) );
 992
 993		$supplemental['disable_autosave'] = 'disable';
 994	}
 995
 996	if ( 'page' == $post->post_type ) {
 997		if ( !current_user_can('edit_page', $post_ID) )
 998			die(__('You are not allowed to edit this page.'));
 999	} else {
1000		if ( !current_user_can('edit_post', $post_ID) )
1001			die(__('You are not allowed to edit this post.'));
1002	}
1003
1004	if ( $do_autosave ) {
1005		// Drafts and auto-drafts are just overwritten by autosave
1006		if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) {
1007			$id = edit_post();
1008		} else { // Non drafts are not overwritten.  The autosave is stored in a special post revision.
1009			$revision_id = wp_create_post_autosave( $post->ID );
1010			if ( is_wp_error($revision_id) )
1011				$id = $revision_id;
1012			else
1013				$id = $post->ID;
1014		}
1015		$data = $message;
1016	} else {
1017		if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] )
1018			$id = 0; // This tells us it didn't actually save
1019		else
1020			$id = $post->ID;
1021	}
1022
1023	if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) )
1024		wp_set_post_lock( $id );
1025
1026	if ( $nonce_age == 2 ) {
1027		$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1028		$supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1029		$supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1030		$supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1031		if ( $id ) {
1032			if ( $_POST['post_type'] == 'post' )
1033				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1034			elseif ( $_POST['post_type'] == 'page' )
1035				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1036		}
1037	}
1038
1039	$x = new WP_Ajax_Response( array(
1040		'what' => 'autosave',
1041		'id' => $id,
1042		'data' => $id ? $data : '',
1043		'supplemental' => $supplemental
1044	) );
1045	$x->send();
1046	break;
1047case 'closed-postboxes' :
1048	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1049	$closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1050	$closed = array_filter($closed);
1051
1052	$hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1053	$hidden = array_filter($hidden);
1054
1055	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1056
1057	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1058		die('-1');
1059
1060	if ( ! $user = wp_get_current_user() )
1061		die('-1');
1062
1063	if ( is_array($closed) )
1064		update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1065
1066	if ( is_array($hidden) ) {
1067		$hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1068		update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1069	}
1070
1071	die('1');
1072	break;
1073case 'hidden-columns' :
1074	check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1075	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1076	$hidden = explode( ',', $_POST['hidden'] );
1077	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1078
1079	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1080		die('-1');
1081
1082	if ( ! $user = wp_get_current_user() )
1083		die('-1');
1084
1085	if ( is_array($hidden) )
1086		update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1087
1088	die('1');
1089	break;
1090case 'menu-get-metabox' :
1091	if ( ! current_user_can( 'edit_theme_options' ) )
1092		die('-1');
1093
1094	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1095
1096	if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1097		$type = 'posttype';
1098		$callback = 'wp_nav_menu_item_post_type_meta_box';
1099		$items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1100	} elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1101		$type = 'taxonomy';
1102		$callback = 'wp_nav_menu_item_taxonomy_meta_box';
1103		$items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1104	}
1105
1106	if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1107		$item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1108		ob_start();
1109		call_user_func_array($callback, array(
1110			null,
1111			array(
1112				'id' => 'add-' . $item->name,
1113				'title' => $item->labels->name,
1114				'callback' => $callback,
1115				'args' => $item,
1116			)
1117		));
1118		
1119		$markup = ob_get_clean();
1120		
1121		echo json_encode(array(
1122			'replace-id' => $type . '-' . $item->name,
1123			'markup' => $markup,
1124		));
1125	}
1126
1127	exit;
1128	break;
1129case 'menu-quick-search':
1130	if ( ! current_user_can( 'edit_theme_options' ) )
1131		die('-1');
1132
1133	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1134
1135	_wp_ajax_menu_quick_search( $_REQUEST );
1136
1137	exit;
1138	break;
1139case 'menu-locations-save':
1140	if ( ! current_user_can( 'edit_theme_options' ) )
1141		die('-1');
1142	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1143	if ( ! isset( $_POST['menu-locations'] ) )
1144		die('0');
1145	set_theme_mod( 'nav_menu_locations', $_POST['menu-locations'] );
1146	die('1');
1147	break;
1148case 'meta-box-order':
1149	check_ajax_referer( 'meta-box-order' );
1150	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1151	$page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1152	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1153
1154	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1155		die('-1');
1156
1157	if ( ! $user = wp_get_current_user() )
1158		die('-1');
1159
1160	if ( $order )
1161		update_user_option($user->ID, "meta-box-order_$page", $order, true);
1162
1163	if ( $page_columns )
1164		update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1165
1166	die('1');
1167	break;
1168case 'get-permalink':
1169	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1170	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1171	die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1172break;
1173case 'sample-permalink':
1174	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1175	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1176	$title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1177	$slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1178	die(get_sample_permalink_html($post_id, $title, $slug));
1179break;
1180case 'inline-save':
1181	check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1182
1183	if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1184		exit;
1185
1186	if ( 'page' == $_POST['post_type'] ) {
1187		if ( ! current_user_can( 'edit_page', $post_ID ) )
1188			die( __('You are not allowed to edit this page.') );
1189	} else {
1190		if ( ! current_user_can( 'edit_post', $post_ID ) )
1191			die( __('You are not allowed to edit this post.') );
1192	}
1193
1194	if ( isset($_POST['screen']) )
1195		set_current_screen($_POST['screen']);
1196
1197	if ( $last = wp_check_post_lock( $post_ID ) ) {
1198		$last_user = get_userdata( $last );
1199		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1200		printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),	esc_html( $last_user_name ) );
1201		exit;
1202	}
1203
1204	$data = &$_POST;
1205
1206	$post = get_post( $post_ID, ARRAY_A );
1207	$post = add_magic_quotes($post); //since it is from db
1208
1209	$data['content'] = $post['post_content'];
1210	$data['excerpt'] = $post['post_excerpt'];
1211
1212	// rename
1213	$data['user_ID'] = $GLOBALS['user_ID'];
1214
1215	if ( isset($data['post_parent']) )
1216		$data['parent_id'] = $data['post_parent'];
1217
1218	// status
1219	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1220		$data['post_status'] = 'private';
1221	else
1222		$data['post_status'] = $data['_status'];
1223
1224	if ( empty($data['comment_status']) )
1225		$data['comment_status'] = 'closed';
1226	if ( empty($data['ping_status']) )
1227		$data['ping_status'] = 'closed';
1228
1229	// update the post
1230	edit_post();
1231
1232	$post = array();
1233	if ( 'page' == $_POST['post_type'] ) {
1234		$post[] = get_post($_POST['post_ID']);
1235		page_rows($post);
1236	} elseif ( 'post' == $_POST['post_type'] || in_array($_POST['post_type'], get_post_types( array('public' => true) ) ) ) {
1237		$mode = $_POST['post_view'];
1238		$post[] = get_post($_POST['post_ID']);
1239		post_rows($post);
1240	}
1241
1242	exit;
1243	break;
1244case 'inline-save-tax':
1245	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1246
1247	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false;
1248	if ( ! $taxonomy )
1249		die( __('Cheatin&#8217; uh?') );
1250	$tax = get_taxonomy($taxonomy);
1251
1252	if ( ! current_user_can( $tax->cap->edit_terms ) )
1253		die( __('Cheatin&#8217; uh?') );
1254
1255	if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1256		die(-1);
1257
1258	switch ($_POST['tax_type']) {
1259		case 'link-cat' :
1260			$updated = wp_update_term($id, 'link_category', $_POST);
1261
1262			if ( $updated && !is_wp_error($updated) )
1263				echo link_cat_row($updated['term_id']);
1264			else
1265				die( __('Category not updated.') );
1266
1267			break;
1268		case 'tag' :
1269			$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
1270
1271			$tag = get_term( $id, $taxonomy );
1272			$_POST['description'] = $tag->description;
1273
1274			$updated = wp_update_term($id, $taxonomy, $_POST);
1275			if ( $updated && !is_wp_error($updated) ) {
1276				$tag = get_term( $updated['term_id'], $taxonomy );
1277				if ( !$tag || is_wp_error( $tag ) ) {
1278					if ( is_wp_error($tag) && $tag->get_error_message() )
1279						die( $tag->get_error_message() );
1280					die( __('Item not updated.') );
1281				}
1282
1283				echo _tag_row($tag, 0, $taxonomy);
1284			} else {
1285				if ( is_wp_error($updated) && $updated->get_error_message() )
1286					die( $updated->get_error_message() );
1287				die( __('Item not updated.') );
1288			}
1289
1290			break;
1291	}
1292
1293	exit;
1294	break;
1295case 'find_posts':
1296	check_ajax_referer( 'find-posts' );
1297
1298	if ( empty($_POST['ps']) )
1299		exit;
1300
1301	if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) )
1302		$what = $_POST['post_type'];
1303	else
1304		$what = 'post';
1305
1306	$s = stripslashes($_POST['ps']);
1307	preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1308	$search_terms = array_map('_search_terms_tidy', $matches[0]);
1309
1310	$searchand = $search = '';
1311	foreach ( (array) $search_terms as $term ) {
1312		$term = addslashes_gpc($term);
1313		$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1314		$searchand = ' AND ';
1315	}
1316	$term = $wpdb->escape($s);
1317	if ( count($search_terms) > 1 && $search_terms[0] != $s )
1318		$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1319
1320	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
1321
1322	if ( ! $posts ) {
1323		$posttype = get_post_type_object($what);
1324		exit($posttype->labels->not_found);
1325	}
1326
1327	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1328	foreach ( $posts as $post ) {
1329
1330		switch ( $post->post_status ) {
1331			case 'publish' :
1332			case 'private' :
1333				$stat = __('Published');
1334				break;
1335			case 'future' :
1336				$stat = __('Scheduled');
1337				break;
1338			case 'pending' :
1339				$stat = __('Pending Review');
1340				break;
1341			case 'draft' :
1342				$stat = __('Draft');
1343				break;
1344		}
1345
1346		if ( '0000-00-00 00:00:00' == $post->post_date ) {
1347			$time = '';
1348		} else {
1349			/* translators: date format in table columns, see http://php.net/date */
1350			$time = mysql2date(__('Y/m/d'), $post->post_date);
1351		}
1352
1353		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1354		$html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1355	}
1356	$html .= '</tbody></table>';
1357
1358	$x = new WP_Ajax_Response();
1359	$x->add( array(
1360		'what' => $what,
1361		'data' => $html
1362	));
1363	$x->send();
1364
1365	break;
1366case 'lj-importer' :
1367	check_ajax_referer( 'lj-api-import' );
1368	if ( !current_user_can( 'publish_posts' ) )
1369		die('-1');
1370	if ( empty( $_POST['step'] ) )
1371		die( '-1' );
1372	define('WP_IMPORTING', true);
1373	include( ABSPATH . 'wp-admin/import/livejournal.php' );
1374	$result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1375	if ( is_wp_error( $result ) )
1376		echo $result->get_error_message();
1377	die;
1378	break;
1379case 'widgets-order' :
1380	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1381
1382	if ( !current_user_can('edit_theme_options') )
1383		die('-1');
1384
1385	unset( $_POST['savewidgets'], $_POST['action'] );
1386
1387	// save widgets order for all sidebars
1388	if ( is_array($_POST['sidebars']) ) {
1389		$sidebars = array();
1390		foreach ( $_POST['sidebars'] as $key => $val ) {
1391			$sb = array();
1392			if ( !empty($val) ) {
1393				$val = explode(',', $val);
1394				foreach ( $val as $k => $v ) {
1395					if ( strpos($v, 'widget-') === false )
1396						continue;
1397
1398					$sb[$k] = substr($v, strpos($v, '_') + 1);
1399				}
1400			}
1401			$sidebars[$key] = $sb;
1402		}
1403		wp_set_sidebars_widgets($sidebars);
1404		die('1');
1405	}
1406
1407	die('-1');
1408	break;
1409case 'save-widget' :
1410	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1411
1412	if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1413		die('-1');
1414
1415	unset( $_POST['savewidgets'], $_POST['action'] );
1416
1417	do_action('load-widgets.php');
1418	do_action('widgets.php');
1419	do_action('sidebar_admin_setup');
1420
1421	$id_base = $_POST['id_base'];
1422	$widget_id = $_POST['widget-id'];
1423	$sidebar_id = $_POST['sidebar'];
1424	$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1425	$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1426	$error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1427
1428	$sidebars = wp_get_sidebars_widgets();
1429	$sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1430
1431	// delete
1432	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1433
1434		if ( !isset($wp_registered_widgets[$widget_id]) )
1435			die($error);
1436
1437		$sidebar = array_diff( $sidebar, array($widget_id) );
1438		$_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1439	} elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1440		if ( !$multi_number )
1441			die($error);
1442
1443		$_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1444		$widget_id = $id_base . '-' . $multi_number;
1445		$sidebar[] = $widget_id;
1446	}
1447	$_POST['widget-id'] = $sidebar;
1448
1449	foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1450
1451		if ( $name == $id_base ) {
1452			if ( !is_callable( $control['callback'] ) )
1453				continue;
1454
1455			ob_start();
1456				call_user_func_array( $control['callback'], $control['params'] );
1457			ob_end_clean();
1458			break;
1459		}
1460	}
1461
1462	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1463		$sidebars[$sidebar_id] = $sidebar;
1464		wp_set_sidebars_widgets($sidebars);
1465		echo "deleted:$widget_id";
1466		die();
1467	}
1468
1469	if ( !empty($_POST['add_new']) )
1470		die();
1471
1472	if ( $form = $wp_registered_widget_controls[$widget_id] )
1473		call_user_func_array( $form['callback'], $form['params'] );
1474
1475	die();
1476	break;
1477case 'image-editor':
1478	$attachment_id = intval($_POST['postid']);
1479	if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
1480		die('-1');
1481
1482	check_ajax_referer( "image_editor-$attachment_id" );
1483	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
1484
1485	$msg = false;
1486	switch ( $_POST['do'] ) {
1487		case 'save' :
1488			$msg = wp_save_image($attachment_id);
1489			$msg = json_encode($msg);
1490			die($msg);
1491			break;
1492		case 'scale' :
1493			$msg = wp_save_image($attachment_id);
1494			break;
1495		case 'restore' :
1496			$msg = wp_restore_image($attachment_id);
1497			break;
1498	}
1499
1500	wp_image_editor($attachment_id, $msg);
1501	die();
1502	break;
1503case 'set-post-thumbnail':
1504	$post_ID = intval( $_POST['post_id'] );
1505	if ( !current_user_can( 'edit_post', $post_ID ) )
1506		die( '-1' );
1507	$thumbnail_id = intval( $_POST['thumbnail_id'] );
1508
1509	check_ajax_referer( "set_post_thumbnail-$post_ID" );
1510
1511	if ( $thumbnail_id == '-1' ) {
1512		delete_post_meta( $post_ID, '_thumbnail_id' );
1513		die( _wp_post_thumbnail_html() );
1514	}
1515
1516	if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
1517		$thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
1518		if ( !empty( $thumbnail_html ) ) {
1519			update_post_meta( $post_ID, '_thumbnail_id', $thumbnail_id );
1520			die( _wp_post_thumbnail_html( $thumbnail_id ) );
1521		}
1522	}
1523	die( '0' );
1524	break;
1525default :
1526	do_action( 'wp_ajax_' . $_POST['action'] );
1527	die('0');
1528	break;
1529endswitch;
1530?>