/wordpress/wp-admin/includes/ajax-actions.php
PHP | 1645 lines | 1274 code | 315 blank | 56 comment | 352 complexity | 83d5aeb4b03ce7e34386f5565d2a3c6d MD5 | raw file
1<?php
2/**
3 * WordPress Core Ajax Handlers.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/*
10 * No-privilege Ajax handlers.
11 */
12function wp_ajax_nopriv_heartbeat() {
13 $response = array();
14
15 // screen_id is the same as $current_screen->id and the JS global 'pagenow'
16 if ( ! empty($_POST['screen_id']) )
17 $screen_id = sanitize_key($_POST['screen_id']);
18 else
19 $screen_id = 'front';
20
21 if ( ! empty($_POST['data']) ) {
22 $data = wp_unslash( (array) $_POST['data'] );
23 $response = apply_filters( 'heartbeat_nopriv_received', $response, $data, $screen_id );
24 }
25
26 $response = apply_filters( 'heartbeat_nopriv_send', $response, $screen_id );
27
28 // Allow the transport to be replaced with long-polling easily
29 do_action( 'heartbeat_nopriv_tick', $response, $screen_id );
30
31 // send the current time according to the server
32 $response['server_time'] = time();
33
34 wp_send_json($response);
35}
36
37/*
38 * GET-based Ajax handlers.
39 */
40function wp_ajax_fetch_list() {
41 global $wp_list_table;
42
43 $list_class = $_GET['list_args']['class'];
44 check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' );
45
46 $wp_list_table = _get_list_table( $list_class, array( 'screen' => $_GET['list_args']['screen']['id'] ) );
47 if ( ! $wp_list_table )
48 wp_die( 0 );
49
50 if ( ! $wp_list_table->ajax_user_can() )
51 wp_die( -1 );
52
53 $wp_list_table->ajax_response();
54
55 wp_die( 0 );
56}
57function wp_ajax_ajax_tag_search() {
58 global $wpdb;
59
60 if ( isset( $_GET['tax'] ) ) {
61 $taxonomy = sanitize_key( $_GET['tax'] );
62 $tax = get_taxonomy( $taxonomy );
63 if ( ! $tax )
64 wp_die( 0 );
65 if ( ! current_user_can( $tax->cap->assign_terms ) )
66 wp_die( -1 );
67 } else {
68 wp_die( 0 );
69 }
70
71 $s = wp_unslash( $_GET['q'] );
72
73 $comma = _x( ',', 'tag delimiter' );
74 if ( ',' !== $comma )
75 $s = str_replace( $comma, ',', $s );
76 if ( false !== strpos( $s, ',' ) ) {
77 $s = explode( ',', $s );
78 $s = $s[count( $s ) - 1];
79 }
80 $s = trim( $s );
81 if ( strlen( $s ) < 2 )
82 wp_die(); // require 2 chars for matching
83
84 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
85
86 echo join( $results, "\n" );
87 wp_die();
88}
89
90function wp_ajax_wp_compression_test() {
91 if ( !current_user_can( 'manage_options' ) )
92 wp_die( -1 );
93
94 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
95 update_site_option('can_compress_scripts', 0);
96 wp_die( 0 );
97 }
98
99 if ( isset($_GET['test']) ) {
100 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
101 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
102 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
103 header( 'Pragma: no-cache' );
104 header('Content-Type: application/x-javascript; charset=UTF-8');
105 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
106 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
107
108 if ( 1 == $_GET['test'] ) {
109 echo $test_str;
110 wp_die();
111 } elseif ( 2 == $_GET['test'] ) {
112 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
113 wp_die( -1 );
114 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
115 header('Content-Encoding: deflate');
116 $out = gzdeflate( $test_str, 1 );
117 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
118 header('Content-Encoding: gzip');
119 $out = gzencode( $test_str, 1 );
120 } else {
121 wp_die( -1 );
122 }
123 echo $out;
124 wp_die();
125 } elseif ( 'no' == $_GET['test'] ) {
126 update_site_option('can_compress_scripts', 0);
127 } elseif ( 'yes' == $_GET['test'] ) {
128 update_site_option('can_compress_scripts', 1);
129 }
130 }
131
132 wp_die( 0 );
133}
134
135function wp_ajax_imgedit_preview() {
136 $post_id = intval($_GET['postid']);
137 if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
138 wp_die( -1 );
139
140 check_ajax_referer( "image_editor-$post_id" );
141
142 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
143 if ( ! stream_preview_image($post_id) )
144 wp_die( -1 );
145
146 wp_die();
147}
148
149function wp_ajax_oembed_cache() {
150 global $wp_embed;
151
152 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
153 wp_die( $return );
154}
155
156function wp_ajax_autocomplete_user() {
157 if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) )
158 wp_die( -1 );
159
160 if ( ! is_super_admin() && ! apply_filters( 'autocomplete_users_for_site_admins', false ) )
161 wp_die( -1 );
162
163 $return = array();
164
165 // Check the type of request
166 if ( isset( $_REQUEST['autocomplete_type'] ) )
167 $type = $_REQUEST['autocomplete_type'];
168 else
169 $type = 'add';
170
171 // Exclude current users of this blog
172 if ( isset( $_REQUEST['site_id'] ) )
173 $id = absint( $_REQUEST['site_id'] );
174 else
175 $id = get_current_blog_id();
176
177 $include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
178 $exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
179
180 $users = get_users( array(
181 'blog_id' => false,
182 'search' => '*' . $_REQUEST['term'] . '*',
183 'include' => $include_blog_users,
184 'exclude' => $exclude_blog_users,
185 'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ),
186 ) );
187
188 foreach ( $users as $user ) {
189 $return[] = array(
190 /* translators: 1: user_login, 2: user_email */
191 'label' => sprintf( __( '%1$s (%2$s)' ), $user->user_login, $user->user_email ),
192 'value' => $user->user_login,
193 );
194 }
195
196 wp_die( json_encode( $return ) );
197}
198
199function wp_ajax_dashboard_widgets() {
200 require_once ABSPATH . 'wp-admin/includes/dashboard.php';
201
202 switch ( $_GET['widget'] ) {
203 case 'dashboard_incoming_links' :
204 wp_dashboard_incoming_links();
205 break;
206 case 'dashboard_primary' :
207 wp_dashboard_primary();
208 break;
209 case 'dashboard_secondary' :
210 wp_dashboard_secondary();
211 break;
212 case 'dashboard_plugins' :
213 wp_dashboard_plugins();
214 break;
215 }
216 wp_die();
217}
218
219function wp_ajax_logged_in() {
220 wp_die( 1 );
221}
222
223/*
224 * Ajax helper.
225 */
226
227/**
228 * Sends back current comment total and new page links if they need to be updated.
229 *
230 * Contrary to normal success AJAX response ("1"), die with time() on success.
231 *
232 * @since 2.7
233 *
234 * @param int $comment_id
235 * @return die
236 */
237function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
238 $total = (int) @$_POST['_total'];
239 $per_page = (int) @$_POST['_per_page'];
240 $page = (int) @$_POST['_page'];
241 $url = esc_url_raw( @$_POST['_url'] );
242 // JS didn't send us everything we need to know. Just die with success message
243 if ( !$total || !$per_page || !$page || !$url )
244 wp_die( time() );
245
246 $total += $delta;
247 if ( $total < 0 )
248 $total = 0;
249
250 // Only do the expensive stuff on a page-break, and about 1 other time per page
251 if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) {
252 $post_id = 0;
253 $status = 'total_comments'; // What type of comment count are we looking for?
254 $parsed = parse_url( $url );
255 if ( isset( $parsed['query'] ) ) {
256 parse_str( $parsed['query'], $query_vars );
257 if ( !empty( $query_vars['comment_status'] ) )
258 $status = $query_vars['comment_status'];
259 if ( !empty( $query_vars['p'] ) )
260 $post_id = (int) $query_vars['p'];
261 }
262
263 $comment_count = wp_count_comments($post_id);
264
265 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
266 $total = $comment_count->$status;
267 // else use the decremented value from above
268 }
269
270 $time = time(); // The time since the last comment count
271
272 $x = new WP_Ajax_Response( array(
273 'what' => 'comment',
274 'id' => $comment_id, // here for completeness - not used
275 'supplemental' => array(
276 'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ),
277 'total_pages' => ceil( $total / $per_page ),
278 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ),
279 'total' => $total,
280 'time' => $time
281 )
282 ) );
283 $x->send();
284}
285
286/*
287 * POST-based Ajax handlers.
288 */
289
290function _wp_ajax_add_hierarchical_term() {
291 $action = $_POST['action'];
292 $taxonomy = get_taxonomy(substr($action, 4));
293 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
294 if ( !current_user_can( $taxonomy->cap->edit_terms ) )
295 wp_die( -1 );
296 $names = explode(',', $_POST['new'.$taxonomy->name]);
297 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
298 if ( 0 > $parent )
299 $parent = 0;
300 if ( $taxonomy->name == 'category' )
301 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
302 else
303 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
304 $checked_categories = array_map( 'absint', (array) $post_category );
305 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
306
307 foreach ( $names as $cat_name ) {
308 $cat_name = trim($cat_name);
309 $category_nicename = sanitize_title($cat_name);
310 if ( '' === $category_nicename )
311 continue;
312 if ( !$cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) )
313 $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
314 if ( is_wp_error( $cat_id ) )
315 continue;
316 else if ( is_array( $cat_id ) )
317 $cat_id = $cat_id['term_id'];
318 $checked_categories[] = $cat_id;
319 if ( $parent ) // Do these all at once in a second
320 continue;
321 ob_start();
322 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
323 $data = ob_get_contents();
324 ob_end_clean();
325 $add = array(
326 'what' => $taxonomy->name,
327 'id' => $cat_id,
328 'data' => str_replace( array("\n", "\t"), '', $data),
329 'position' => -1
330 );
331 }
332
333 if ( $parent ) { // Foncy - replace the parent and all its children
334 $parent = get_term( $parent, $taxonomy->name );
335 $term_id = $parent->term_id;
336
337 while ( $parent->parent ) { // get the top parent
338 $parent = get_term( $parent->parent, $taxonomy->name );
339 if ( is_wp_error( $parent ) )
340 break;
341 $term_id = $parent->term_id;
342 }
343
344 ob_start();
345 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
346 $data = ob_get_contents();
347 ob_end_clean();
348 $add = array(
349 'what' => $taxonomy->name,
350 'id' => $term_id,
351 'data' => str_replace( array("\n", "\t"), '', $data),
352 'position' => -1
353 );
354 }
355
356 ob_start();
357 wp_dropdown_categories( array(
358 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
359 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —'
360 ) );
361 $sup = ob_get_contents();
362 ob_end_clean();
363 $add['supplemental'] = array( 'newcat_parent' => $sup );
364
365 $x = new WP_Ajax_Response( $add );
366 $x->send();
367}
368
369function wp_ajax_delete_comment() {
370 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
371
372 if ( !$comment = get_comment( $id ) )
373 wp_die( time() );
374 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
375 wp_die( -1 );
376
377 check_ajax_referer( "delete-comment_$id" );
378 $status = wp_get_comment_status( $comment->comment_ID );
379
380 $delta = -1;
381 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
382 if ( 'trash' == $status )
383 wp_die( time() );
384 $r = wp_trash_comment( $comment->comment_ID );
385 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
386 if ( 'trash' != $status )
387 wp_die( time() );
388 $r = wp_untrash_comment( $comment->comment_ID );
389 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash
390 $delta = 1;
391 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
392 if ( 'spam' == $status )
393 wp_die( time() );
394 $r = wp_spam_comment( $comment->comment_ID );
395 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
396 if ( 'spam' != $status )
397 wp_die( time() );
398 $r = wp_unspam_comment( $comment->comment_ID );
399 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam
400 $delta = 1;
401 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
402 $r = wp_delete_comment( $comment->comment_ID );
403 } else {
404 wp_die( -1 );
405 }
406
407 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
408 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta );
409 wp_die( 0 );
410}
411
412function wp_ajax_delete_tag() {
413 $tag_id = (int) $_POST['tag_ID'];
414 check_ajax_referer( "delete-tag_$tag_id" );
415
416 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
417 $tax = get_taxonomy($taxonomy);
418
419 if ( !current_user_can( $tax->cap->delete_terms ) )
420 wp_die( -1 );
421
422 $tag = get_term( $tag_id, $taxonomy );
423 if ( !$tag || is_wp_error( $tag ) )
424 wp_die( 1 );
425
426 if ( wp_delete_term($tag_id, $taxonomy))
427 wp_die( 1 );
428 else
429 wp_die( 0 );
430}
431
432function wp_ajax_delete_link() {
433 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
434
435 check_ajax_referer( "delete-bookmark_$id" );
436 if ( !current_user_can( 'manage_links' ) )
437 wp_die( -1 );
438
439 $link = get_bookmark( $id );
440 if ( !$link || is_wp_error( $link ) )
441 wp_die( 1 );
442
443 if ( wp_delete_link( $id ) )
444 wp_die( 1 );
445 else
446 wp_die( 0 );
447}
448
449function wp_ajax_delete_meta() {
450 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
451
452 check_ajax_referer( "delete-meta_$id" );
453 if ( !$meta = get_metadata_by_mid( 'post', $id ) )
454 wp_die( 1 );
455
456 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) )
457 wp_die( -1 );
458 if ( delete_meta( $meta->meta_id ) )
459 wp_die( 1 );
460 wp_die( 0 );
461}
462
463function wp_ajax_delete_post( $action ) {
464 if ( empty( $action ) )
465 $action = 'delete-post';
466 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
467
468 check_ajax_referer( "{$action}_$id" );
469 if ( !current_user_can( 'delete_post', $id ) )
470 wp_die( -1 );
471
472 if ( !get_post( $id ) )
473 wp_die( 1 );
474
475 if ( wp_delete_post( $id ) )
476 wp_die( 1 );
477 else
478 wp_die( 0 );
479}
480
481function wp_ajax_trash_post( $action ) {
482 if ( empty( $action ) )
483 $action = 'trash-post';
484 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
485
486 check_ajax_referer( "{$action}_$id" );
487 if ( !current_user_can( 'delete_post', $id ) )
488 wp_die( -1 );
489
490 if ( !get_post( $id ) )
491 wp_die( 1 );
492
493 if ( 'trash-post' == $action )
494 $done = wp_trash_post( $id );
495 else
496 $done = wp_untrash_post( $id );
497
498 if ( $done )
499 wp_die( 1 );
500
501 wp_die( 0 );
502}
503
504function wp_ajax_untrash_post( $action ) {
505 if ( empty( $action ) )
506 $action = 'untrash-post';
507 wp_ajax_trash_post( $action );
508}
509
510function wp_ajax_delete_page( $action ) {
511 if ( empty( $action ) )
512 $action = 'delete-page';
513 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
514
515 check_ajax_referer( "{$action}_$id" );
516 if ( !current_user_can( 'delete_page', $id ) )
517 wp_die( -1 );
518
519 if ( ! get_post( $id ) )
520 wp_die( 1 );
521
522 if ( wp_delete_post( $id ) )
523 wp_die( 1 );
524 else
525 wp_die( 0 );
526}
527
528function wp_ajax_dim_comment() {
529 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
530
531 if ( !$comment = get_comment( $id ) ) {
532 $x = new WP_Ajax_Response( array(
533 'what' => 'comment',
534 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
535 ) );
536 $x->send();
537 }
538
539 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) )
540 wp_die( -1 );
541
542 $current = wp_get_comment_status( $comment->comment_ID );
543 if ( $_POST['new'] == $current )
544 wp_die( time() );
545
546 check_ajax_referer( "approve-comment_$id" );
547 if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
548 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
549 else
550 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
551
552 if ( is_wp_error($result) ) {
553 $x = new WP_Ajax_Response( array(
554 'what' => 'comment',
555 'id' => $result
556 ) );
557 $x->send();
558 }
559
560 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
561 _wp_ajax_delete_comment_response( $comment->comment_ID );
562 wp_die( 0 );
563}
564
565function wp_ajax_add_link_category( $action ) {
566 if ( empty( $action ) )
567 $action = 'add-link-category';
568 check_ajax_referer( $action );
569 if ( !current_user_can( 'manage_categories' ) )
570 wp_die( -1 );
571 $names = explode(',', wp_unslash( $_POST['newcat'] ) );
572 $x = new WP_Ajax_Response();
573 foreach ( $names as $cat_name ) {
574 $cat_name = trim($cat_name);
575 $slug = sanitize_title($cat_name);
576 if ( '' === $slug )
577 continue;
578 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) )
579 $cat_id = wp_insert_term( $cat_name, 'link_category' );
580 if ( is_wp_error( $cat_id ) )
581 continue;
582 else if ( is_array( $cat_id ) )
583 $cat_id = $cat_id['term_id'];
584 $cat_name = esc_html( $cat_name );
585 $x->add( array(
586 'what' => 'link-category',
587 'id' => $cat_id,
588 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
589 'position' => -1
590 ) );
591 }
592 $x->send();
593}
594
595function wp_ajax_add_tag() {
596 global $wp_list_table;
597
598 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
599 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
600 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
601 $tax = get_taxonomy($taxonomy);
602
603 if ( !current_user_can( $tax->cap->edit_terms ) )
604 wp_die( -1 );
605
606 $x = new WP_Ajax_Response();
607
608 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
609
610 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
611 $message = __('An error has occurred. Please reload the page and try again.');
612 if ( is_wp_error($tag) && $tag->get_error_message() )
613 $message = $tag->get_error_message();
614
615 $x->add( array(
616 'what' => 'taxonomy',
617 'data' => new WP_Error('error', $message )
618 ) );
619 $x->send();
620 }
621
622 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => $_POST['screen'] ) );
623
624 $level = 0;
625 if ( is_taxonomy_hierarchical($taxonomy) ) {
626 $level = count( get_ancestors( $tag->term_id, $taxonomy ) );
627 ob_start();
628 $wp_list_table->single_row( $tag, $level );
629 $noparents = ob_get_clean();
630 }
631
632 ob_start();
633 $wp_list_table->single_row( $tag );
634 $parents = ob_get_clean();
635
636 $x->add( array(
637 'what' => 'taxonomy',
638 'supplemental' => compact('parents', 'noparents')
639 ) );
640 $x->add( array(
641 'what' => 'term',
642 'position' => $level,
643 'supplemental' => (array) $tag
644 ) );
645 $x->send();
646}
647
648function wp_ajax_get_tagcloud() {
649 if ( isset( $_POST['tax'] ) ) {
650 $taxonomy = sanitize_key( $_POST['tax'] );
651 $tax = get_taxonomy( $taxonomy );
652 if ( ! $tax )
653 wp_die( 0 );
654 if ( ! current_user_can( $tax->cap->assign_terms ) )
655 wp_die( -1 );
656 } else {
657 wp_die( 0 );
658 }
659
660 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
661
662 if ( empty( $tags ) )
663 wp_die( $tax->labels->not_found );
664
665 if ( is_wp_error( $tags ) )
666 wp_die( $tags->get_error_message() );
667
668 foreach ( $tags as $key => $tag ) {
669 $tags[ $key ]->link = '#';
670 $tags[ $key ]->id = $tag->term_id;
671 }
672
673 // We need raw tag names here, so don't filter the output
674 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
675
676 if ( empty($return) )
677 wp_die( 0 );
678
679 echo $return;
680
681 wp_die();
682}
683
684function wp_ajax_get_comments( $action ) {
685 global $wp_list_table, $post_id;
686 if ( empty( $action ) )
687 $action = 'get-comments';
688
689 check_ajax_referer( $action );
690
691 $wp_list_table = _get_list_table( 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
692
693 if ( !current_user_can( 'edit_post', $post_id ) )
694 wp_die( -1 );
695
696 $wp_list_table->prepare_items();
697
698 if ( !$wp_list_table->has_items() )
699 wp_die( 1 );
700
701 $x = new WP_Ajax_Response();
702 ob_start();
703 foreach ( $wp_list_table->items as $comment ) {
704 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
705 continue;
706 get_comment( $comment );
707 $wp_list_table->single_row( $comment );
708 }
709 $comment_list_item = ob_get_contents();
710 ob_end_clean();
711
712 $x->add( array(
713 'what' => 'comments',
714 'data' => $comment_list_item
715 ) );
716 $x->send();
717}
718
719function wp_ajax_replyto_comment( $action ) {
720 global $wp_list_table, $wpdb;
721 if ( empty( $action ) )
722 $action = 'replyto-comment';
723
724 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
725
726 $comment_post_ID = (int) $_POST['comment_post_ID'];
727 $post = get_post( $comment_post_ID );
728 if ( ! $post )
729 wp_die( -1 );
730
731 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
732 wp_die( -1 );
733
734 if ( empty( $post->post_status ) )
735 wp_die( 1 );
736 elseif ( in_array($post->post_status, array('draft', 'pending', 'trash') ) )
737 wp_die( __('ERROR: you are replying to a comment on a draft post.') );
738
739 $user = wp_get_current_user();
740 if ( $user->exists() ) {
741 $user_ID = $user->ID;
742 $comment_author = wp_slash( $user->display_name );
743 $comment_author_email = wp_slash( $user->user_email );
744 $comment_author_url = wp_slash( $user->user_url );
745 $comment_content = trim($_POST['content']);
746 if ( current_user_can( 'unfiltered_html' ) ) {
747 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
748 kses_remove_filters(); // start with a clean slate
749 kses_init_filters(); // set up the filters
750 }
751 }
752 } else {
753 wp_die( __( 'Sorry, you must be logged in to reply to a comment.' ) );
754 }
755
756 if ( '' == $comment_content )
757 wp_die( __( 'ERROR: please type a comment.' ) );
758
759 $comment_parent = absint($_POST['comment_ID']);
760 $comment_auto_approved = false;
761 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
762
763 // automatically approve parent comment
764 if ( !empty($_POST['approve_parent']) ) {
765 $parent = get_comment( $comment_parent );
766
767 if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) {
768 if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) )
769 $comment_auto_approved = true;
770 }
771 }
772
773 $comment_id = wp_new_comment( $commentdata );
774 $comment = get_comment($comment_id);
775 if ( ! $comment ) wp_die( 1 );
776
777 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
778
779 ob_start();
780 if ( 'dashboard' == $_REQUEST['mode'] ) {
781 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
782 _wp_dashboard_recent_comments_row( $comment );
783 } else {
784 if ( 'single' == $_REQUEST['mode'] ) {
785 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
786 } else {
787 $wp_list_table = _get_list_table('WP_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
788 }
789 $wp_list_table->single_row( $comment );
790 }
791 $comment_list_item = ob_get_contents();
792 ob_end_clean();
793
794 $response = array(
795 'what' => 'comment',
796 'id' => $comment->comment_ID,
797 'data' => $comment_list_item,
798 'position' => $position
799 );
800
801 if ( $comment_auto_approved )
802 $response['supplemental'] = array( 'parent_approved' => $parent->comment_ID );
803
804 $x = new WP_Ajax_Response();
805 $x->add( $response );
806 $x->send();
807}
808
809function wp_ajax_edit_comment() {
810 global $wp_list_table;
811
812 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
813
814 $comment_id = (int) $_POST['comment_ID'];
815 if ( ! current_user_can( 'edit_comment', $comment_id ) )
816 wp_die( -1 );
817
818 if ( '' == $_POST['content'] )
819 wp_die( __( 'ERROR: please type a comment.' ) );
820
821 $_POST['comment_status'] = $_POST['status'];
822 edit_comment();
823
824 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
825 $comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
826
827 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
828 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table', array( 'screen' => 'edit-comments' ) );
829
830 $comment = get_comment( $comment_id );
831
832 ob_start();
833 $wp_list_table->single_row( $comment );
834 $comment_list_item = ob_get_contents();
835 ob_end_clean();
836
837 $x = new WP_Ajax_Response();
838
839 $x->add( array(
840 'what' => 'edit_comment',
841 'id' => $comment->comment_ID,
842 'data' => $comment_list_item,
843 'position' => $position
844 ));
845
846 $x->send();
847}
848
849function wp_ajax_add_menu_item() {
850 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
851
852 if ( ! current_user_can( 'edit_theme_options' ) )
853 wp_die( -1 );
854
855 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
856
857 // For performance reasons, we omit some object properties from the checklist.
858 // The following is a hacky way to restore them when adding non-custom items.
859
860 $menu_items_data = array();
861 foreach ( (array) $_POST['menu-item'] as $menu_item_data ) {
862 if (
863 ! empty( $menu_item_data['menu-item-type'] ) &&
864 'custom' != $menu_item_data['menu-item-type'] &&
865 ! empty( $menu_item_data['menu-item-object-id'] )
866 ) {
867 switch( $menu_item_data['menu-item-type'] ) {
868 case 'post_type' :
869 $_object = get_post( $menu_item_data['menu-item-object-id'] );
870 break;
871
872 case 'taxonomy' :
873 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] );
874 break;
875 }
876
877 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) );
878 $_menu_item = array_shift( $_menu_items );
879
880 // Restore the missing menu item properties
881 $menu_item_data['menu-item-description'] = $_menu_item->description;
882 }
883
884 $menu_items_data[] = $menu_item_data;
885 }
886
887 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data );
888 if ( is_wp_error( $item_ids ) )
889 wp_die( 0 );
890
891 $menu_items = array();
892
893 foreach ( (array) $item_ids as $menu_item_id ) {
894 $menu_obj = get_post( $menu_item_id );
895 if ( ! empty( $menu_obj->ID ) ) {
896 $menu_obj = wp_setup_nav_menu_item( $menu_obj );
897 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
898 $menu_items[] = $menu_obj;
899 }
900 }
901
902 $walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] );
903
904 if ( ! class_exists( $walker_class_name ) )
905 wp_die( 0 );
906
907 if ( ! empty( $menu_items ) ) {
908 $args = array(
909 'after' => '',
910 'before' => '',
911 'link_after' => '',
912 'link_before' => '',
913 'walker' => new $walker_class_name,
914 );
915 echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
916 }
917 wp_die();
918}
919
920function wp_ajax_add_meta() {
921 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
922 $c = 0;
923 $pid = (int) $_POST['post_id'];
924 $post = get_post( $pid );
925
926 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
927 if ( !current_user_can( 'edit_post', $pid ) )
928 wp_die( -1 );
929 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
930 wp_die( 1 );
931 if ( $post->post_status == 'auto-draft' ) {
932 $save_POST = $_POST; // Backup $_POST
933 $_POST = array(); // Make it empty for edit_post()
934 $_POST['action'] = 'draft'; // Warning fix
935 $_POST['post_ID'] = $pid;
936 $_POST['post_type'] = $post->post_type;
937 $_POST['post_status'] = 'draft';
938 $now = current_time('timestamp', 1);
939 $_POST['post_title'] = sprintf( __( 'Draft created on %1$s at %2$s' ), date( get_option( 'date_format' ), $now ), date( get_option( 'time_format' ), $now ) );
940
941 if ( $pid = edit_post() ) {
942 if ( is_wp_error( $pid ) ) {
943 $x = new WP_Ajax_Response( array(
944 'what' => 'meta',
945 'data' => $pid
946 ) );
947 $x->send();
948 }
949 $_POST = $save_POST; // Now we can restore original $_POST again
950 if ( !$mid = add_meta( $pid ) )
951 wp_die( __( 'Please provide a custom field value.' ) );
952 } else {
953 wp_die( 0 );
954 }
955 } else if ( !$mid = add_meta( $pid ) ) {
956 wp_die( __( 'Please provide a custom field value.' ) );
957 }
958
959 $meta = get_metadata_by_mid( 'post', $mid );
960 $pid = (int) $meta->post_id;
961 $meta = get_object_vars( $meta );
962 $x = new WP_Ajax_Response( array(
963 'what' => 'meta',
964 'id' => $mid,
965 'data' => _list_meta_row( $meta, $c ),
966 'position' => 1,
967 'supplemental' => array('postid' => $pid)
968 ) );
969 } else { // Update?
970 $mid = (int) key( $_POST['meta'] );
971 $key = wp_unslash( $_POST['meta'][$mid]['key'] );
972 $value = wp_unslash( $_POST['meta'][$mid]['value'] );
973 if ( '' == trim($key) )
974 wp_die( __( 'Please provide a custom field name.' ) );
975 if ( '' == trim($value) )
976 wp_die( __( 'Please provide a custom field value.' ) );
977 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) )
978 wp_die( 0 ); // if meta doesn't exist
979 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) ||
980 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ||
981 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) )
982 wp_die( -1 );
983 if ( $meta->meta_value != $value || $meta->meta_key != $key ) {
984 if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) )
985 wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
986 }
987
988 $x = new WP_Ajax_Response( array(
989 'what' => 'meta',
990 'id' => $mid, 'old_id' => $mid,
991 'data' => _list_meta_row( array(
992 'meta_key' => $key,
993 'meta_value' => $value,
994 'meta_id' => $mid
995 ), $c ),
996 'position' => 0,
997 'supplemental' => array('postid' => $meta->post_id)
998 ) );
999 }
1000 $x->send();
1001}
1002
1003function wp_ajax_add_user( $action ) {
1004 global $wp_list_table;
1005 if ( empty( $action ) )
1006 $action = 'add-user';
1007
1008 check_ajax_referer( $action );
1009 if ( ! current_user_can('create_users') )
1010 wp_die( -1 );
1011 if ( ! $user_id = edit_user() ) {
1012 wp_die( 0 );
1013 } elseif ( is_wp_error( $user_id ) ) {
1014 $x = new WP_Ajax_Response( array(
1015 'what' => 'user',
1016 'id' => $user_id
1017 ) );
1018 $x->send();
1019 }
1020 $user_object = get_userdata( $user_id );
1021
1022 $wp_list_table = _get_list_table('WP_Users_List_Table');
1023
1024 $role = current( $user_object->roles );
1025
1026 $x = new WP_Ajax_Response( array(
1027 'what' => 'user',
1028 'id' => $user_id,
1029 'data' => $wp_list_table->single_row( $user_object, '', $role ),
1030 'supplemental' => array(
1031 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
1032 'role' => $role,
1033 )
1034 ) );
1035 $x->send();
1036}
1037
1038function wp_ajax_autosave() {
1039 define( 'DOING_AUTOSAVE', true );
1040
1041 check_ajax_referer( 'autosave', 'autosavenonce' );
1042
1043 $_POST['post_category'] = explode(",", $_POST['catslist']);
1044 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
1045 unset($_POST['post_category']);
1046
1047 $data = '';
1048 $supplemental = array();
1049 $id = $revision_id = 0;
1050
1051 $post_id = (int) $_POST['post_id'];
1052 $_POST['ID'] = $_POST['post_ID'] = $post_id;
1053 $post = get_post($post_id);
1054 if ( 'auto-draft' == $post->post_status )
1055 $_POST['post_status'] = 'draft';
1056
1057 if ( 'page' == $post->post_type ) {
1058 if ( !current_user_can('edit_page', $post->ID) )
1059 wp_die( __( 'You are not allowed to edit this page.' ) );
1060 } else {
1061 if ( !current_user_can('edit_post', $post->ID) )
1062 wp_die( __( 'You are not allowed to edit this post.' ) );
1063 }
1064
1065 if ( ! empty( $_POST['autosave'] ) ) {
1066 if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
1067 // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
1068 $id = edit_post();
1069 } else {
1070 // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user.
1071 $revision_id = wp_create_post_autosave( $post->ID );
1072 if ( is_wp_error($revision_id) )
1073 $id = $revision_id;
1074 else
1075 $id = $post->ID;
1076 }
1077
1078 if ( ! is_wp_error($id) ) {
1079 /* translators: draft saved date format, see http://php.net/date */
1080 $draft_saved_date_format = __('g:i:s a');
1081 /* translators: %s: date and time */
1082 $data = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
1083 }
1084 } else {
1085 if ( ! empty( $_POST['auto_draft'] ) )
1086 $id = 0; // This tells us it didn't actually save
1087 else
1088 $id = $post->ID;
1089 }
1090
1091 // @todo Consider exposing any errors, rather than having 'Saving draft...'
1092 $x = new WP_Ajax_Response( array(
1093 'what' => 'autosave',
1094 'id' => $id,
1095 'data' => $data,
1096 'supplemental' => $supplemental
1097 ) );
1098 $x->send();
1099}
1100
1101function wp_ajax_closed_postboxes() {
1102 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1103 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1104 $closed = array_filter($closed);
1105
1106 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1107 $hidden = array_filter($hidden);
1108
1109 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1110
1111 if ( $page != sanitize_key( $page ) )
1112 wp_die( 0 );
1113
1114 if ( ! $user = wp_get_current_user() )
1115 wp_die( -1 );
1116
1117 if ( is_array($closed) )
1118 update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1119
1120 if ( is_array($hidden) ) {
1121 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1122 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1123 }
1124
1125 wp_die( 1 );
1126}
1127
1128function wp_ajax_hidden_columns() {
1129 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1130 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1131 $hidden = explode( ',', $_POST['hidden'] );
1132 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1133
1134 if ( $page != sanitize_key( $page ) )
1135 wp_die( 0 );
1136
1137 if ( ! $user = wp_get_current_user() )
1138 wp_die( -1 );
1139
1140 if ( is_array($hidden) )
1141 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1142
1143 wp_die( 1 );
1144}
1145
1146function wp_ajax_update_welcome_panel() {
1147 check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' );
1148
1149 if ( ! current_user_can( 'edit_theme_options' ) )
1150 wp_die( -1 );
1151
1152 update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 );
1153
1154 wp_die( 1 );
1155}
1156
1157function wp_ajax_menu_get_metabox() {
1158 if ( ! current_user_can( 'edit_theme_options' ) )
1159 wp_die( -1 );
1160
1161 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1162
1163 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1164 $type = 'posttype';
1165 $callback = 'wp_nav_menu_item_post_type_meta_box';
1166 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1167 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1168 $type = 'taxonomy';
1169 $callback = 'wp_nav_menu_item_taxonomy_meta_box';
1170 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1171 }
1172
1173 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1174 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1175 ob_start();
1176 call_user_func_array($callback, array(
1177 null,
1178 array(
1179 'id' => 'add-' . $item->name,
1180 'title' => $item->labels->name,
1181 'callback' => $callback,
1182 'args' => $item,
1183 )
1184 ));
1185
1186 $markup = ob_get_clean();
1187
1188 echo json_encode(array(
1189 'replace-id' => $type . '-' . $item->name,
1190 'markup' => $markup,
1191 ));
1192 }
1193
1194 wp_die();
1195}
1196
1197function wp_ajax_wp_link_ajax() {
1198 check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' );
1199
1200 $args = array();
1201
1202 if ( isset( $_POST['search'] ) )
1203 $args['s'] = wp_unslash( $_POST['search'] );
1204 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
1205
1206 require(ABSPATH . WPINC . '/class-wp-editor.php');
1207 $results = _WP_Editors::wp_link_query( $args );
1208
1209 if ( ! isset( $results ) )
1210 wp_die( 0 );
1211
1212 echo json_encode( $results );
1213 echo "\n";
1214
1215 wp_die();
1216}
1217
1218function wp_ajax_menu_locations_save() {
1219 if ( ! current_user_can( 'edit_theme_options' ) )
1220 wp_die( -1 );
1221 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1222 if ( ! isset( $_POST['menu-locations'] ) )
1223 wp_die( 0 );
1224 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) );
1225 wp_die( 1 );
1226}
1227
1228function wp_ajax_meta_box_order() {
1229 check_ajax_referer( 'meta-box-order' );
1230 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1231 $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto';
1232
1233 if ( $page_columns != 'auto' )
1234 $page_columns = (int) $page_columns;
1235
1236 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1237
1238 if ( $page != sanitize_key( $page ) )
1239 wp_die( 0 );
1240
1241 if ( ! $user = wp_get_current_user() )
1242 wp_die( -1 );
1243
1244 if ( $order )
1245 update_user_option($user->ID, "meta-box-order_$page", $order, true);
1246
1247 if ( $page_columns )
1248 update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1249
1250 wp_die( 1 );
1251}
1252
1253function wp_ajax_menu_quick_search() {
1254 if ( ! current_user_can( 'edit_theme_options' ) )
1255 wp_die( -1 );
1256
1257 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1258
1259 _wp_ajax_menu_quick_search( $_POST );
1260
1261 wp_die();
1262}
1263
1264function wp_ajax_get_permalink() {
1265 check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1266 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1267 wp_die( add_query_arg( array( 'preview' => 'true' ), get_permalink( $post_id ) ) );
1268}
1269
1270function wp_ajax_sample_permalink() {
1271 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1272 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1273 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1274 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1275 wp_die( get_sample_permalink_html( $post_id, $title, $slug ) );
1276}
1277
1278function wp_ajax_inline_save() {
1279 global $wp_list_table;
1280
1281 check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1282
1283 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1284 wp_die();
1285
1286 if ( 'page' == $_POST['post_type'] ) {
1287 if ( ! current_user_can( 'edit_page', $post_ID ) )
1288 wp_die( __( 'You are not allowed to edit this page.' ) );
1289 } else {
1290 if ( ! current_user_can( 'edit_post', $post_ID ) )
1291 wp_die( __( 'You are not allowed to edit this post.' ) );
1292 }
1293
1294 if ( $last = wp_check_post_lock( $post_ID ) ) {
1295 $last_user = get_userdata( $last );
1296 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1297 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1298 wp_die();
1299 }
1300
1301 $data = &$_POST;
1302
1303 $post = get_post( $post_ID, ARRAY_A );
1304 $post = wp_slash($post); //since it is from db
1305
1306 $data['content'] = $post['post_content'];
1307 $data['excerpt'] = $post['post_excerpt'];
1308
1309 // rename
1310 $data['user_ID'] = $GLOBALS['user_ID'];
1311
1312 if ( isset($data['post_parent']) )
1313 $data['parent_id'] = $data['post_parent'];
1314
1315 // status
1316 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1317 $data['post_status'] = 'private';
1318 else
1319 $data['post_status'] = $data['_status'];
1320
1321 if ( empty($data['comment_status']) )
1322 $data['comment_status'] = 'closed';
1323 if ( empty($data['ping_status']) )
1324 $data['ping_status'] = 'closed';
1325
1326 // Hack: wp_unique_post_slug() doesn't work for drafts, so we will fake that our post is published.
1327 if ( ! empty( $data['post_name'] ) && in_array( $post['post_status'], array( 'draft', 'pending' ) ) ) {
1328 $post['post_status'] = 'publish';
1329 $data['post_name'] = wp_unique_post_slug( $data['post_name'], $post['ID'], $post['post_status'], $post['post_type'], $post['post_parent'] );
1330 }
1331
1332 // update the post
1333 edit_post();
1334
1335 $wp_list_table = _get_list_table( 'WP_Posts_List_Table', array( 'screen' => $_POST['screen'] ) );
1336
1337 $mode = $_POST['post_view'];
1338
1339 $level = 0;
1340 $request_post = array( get_post( $_POST['post_ID'] ) );
1341 $parent = $request_post[0]->post_parent;
1342
1343 while ( $parent > 0 ) {
1344 $parent_post = get_post( $parent );
1345 $parent = $parent_post->post_parent;
1346 $level++;
1347 }
1348
1349 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ), $level );
1350
1351 wp_die();
1352}
1353
1354function wp_ajax_inline_save_tax() {
1355 global $wp_list_table;
1356
1357 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1358
1359 $taxonomy = sanitize_key( $_POST['taxonomy'] );
1360 $tax = get_taxonomy( $taxonomy );
1361 if ( ! $tax )
1362 wp_die( 0 );
1363
1364 if ( ! current_user_can( $tax->cap->edit_terms ) )
1365 wp_die( -1 );
1366
1367 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) );
1368
1369 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1370 wp_die( -1 );
1371
1372 $tag = get_term( $id, $taxonomy );
1373 $_POST['description'] = $tag->description;
1374
1375 $updated = wp_update_term($id, $taxonomy, $_POST);
1376 if ( $updated && !is_wp_error($updated) ) {
1377 $tag = get_term( $updated['term_id'], $taxonomy );
1378 if ( !$tag || is_wp_error( $tag ) ) {
1379 if ( is_wp_error($tag) && $tag->get_error_message() )
1380 wp_die( $tag->get_error_message() );
1381 wp_die( __( 'Item not updated.' ) );
1382 }
1383 } else {
1384 if ( is_wp_error($updated) && $updated->get_error_message() )
1385 wp_die( $updated->get_error_message() );
1386 wp_die( __( 'Item not updated.' ) );
1387 }
1388 $level = 0;
1389 $parent = $tag->parent;
1390 while ( $parent > 0 ) {
1391 $parent_tag = get_term( $parent, $taxonomy );
1392 $parent = $parent_tag->parent;
1393 $level++;
1394 }
1395 $wp_list_table->single_row( $tag, $level );
1396 wp_die();
1397}
1398
1399function wp_ajax_find_posts() {
1400 global $wpdb;
1401
1402 check_ajax_referer( 'find-posts' );
1403
1404 $post_types = get_post_types( array( 'public' => true ), 'objects' );
1405 unset( $post_types['attachment'] );
1406
1407 $s = wp_unslash( $_POST['ps'] );
1408 $searchand = $search = '';
1409 $args = array(
1410 'post_type' => array_keys( $post_types ),
1411 'post_status' => 'any',
1412 'posts_per_page' => 50,
1413 );
1414 if ( '' !== $s )
1415 $args['s'] = $s;
1416
1417 $posts = get_posts( $args );
1418
1419 if ( ! $posts )
1420 wp_die( __('No items found.') );
1421
1422 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th class="no-break">'.__('Type').'</th><th class="no-break">'.__('Date').'</th><th class="no-break">'.__('Status').'</th></tr></thead><tbody>';
1423 foreach ( $posts as $post ) {
1424 $title = trim( $post->post_title ) ? $post->post_title : __( '(no title)' );
1425
1426 switch ( $post->post_status ) {
1427 case 'publish' :
1428 case 'private' :
1429 $stat = __('Published');
1430 break;
1431 case 'future' :
1432 $stat = __('Scheduled');
1433 break;
1434 case 'pending' :
1435 $stat = __('Pending Review');
1436 break;
1437 case 'draft' :
1438 $stat = __('Draft');
1439 break;
1440 }
1441
1442 if ( '0000-00-00 00:00:00' == $post->post_date ) {
1443 $time = '';
1444 } else {
1445 /* translators: date format in table columns, see http://php.net/date */
1446 $time = mysql2date(__('Y/m/d'), $post->post_date);
1447 }
1448
1449 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1450 $html .= '<td><label for="found-'.$post->ID.'">' . esc_html( $title ) . '</label></td><td class="no-break">' . esc_html( $post_types[$post->post_type]->labels->singular_name ) . '</td><td class="no-break">'.esc_html( $time ) . '</td><td class="no-break">' . esc_html( $stat ). ' </td></tr>' . "\n\n";
1451 }
1452
1453 $html .= '</tbody></table>';
1454
1455 $x = new WP_Ajax_Response();
1456 $x->add( array(
1457 'data' => $html
1458 ));
1459 $x->send();
1460}
1461
1462function wp_ajax_widgets_order() {
1463 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1464
1465 if ( !current_user_can('edit_theme_options') )
1466 wp_die( -1 );
1467
1468 unset( $_POST['savewidgets'], $_POST['action'] );
1469
1470 // save widgets order for all sidebars
1471 if ( is_array($_POST['sidebars']) ) {
1472 $sidebars = array();
1473 foreach ( $_POST['sidebars'] as $key => $val ) {
1474 $sb = array();
1475 if ( !empty($val) ) {
1476 $val = explode(',', $val);
1477 foreach ( $val as $k => $v ) {
1478 if ( strpos($v, 'widget-') === false )
1479 continue;
1480
1481 $sb[$k] = substr($v, strpos($v, '_') + 1);
1482 }
1483 }
1484 $sidebars[$key] = $sb;
1485 }
1486 wp_set_sidebars_widgets($sidebars);
1487 wp_die( 1 );
1488 }
1489
1490 wp_die( -1 );
1491}
1492
1493function wp_ajax_save_widget() {
1494 global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates;
1495
1496 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1497
1498 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1499 wp_die( -1 );
1500
1501 unset( $_POST['savewidgets'], $_POST['action'] );
1502
1503 do_action('load-widgets.php');
1504 do_action('widgets.php');
1505 do_action('sidebar_admin_setup');
1506
1507 $id_base = $_POST['id_base'];
1508 $widget_id = $_POST['widget-id'];
1509 $sidebar_id = $_POST['sidebar'];
1510 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1511 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1512 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>';
1513
1514 $sidebars = wp_get_sidebars_widgets();
1515 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1516
1517 // delete
1518 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1519
1520 if ( !isset($wp_registered_widgets[$widget_id]) )
1521 wp_die( $error );
1522
1523 $sidebar = array_diff( $sidebar, array($widget_id) );
1524 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1525 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1526 if ( !$multi_number )
1527 wp_die( $error );
1528
1529 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1530 $widget_id = $id_base . '-' . $multi_number;
1531 $sidebar[] = $widget_id;
1532 }
1533 $_POST['widget-id'] = $sidebar;
1534
1535 foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1536
1537 if ( $name == $id_base ) {
1538 if ( !is_callable( $control['callback'] ) )
1539 continue;
1540
1541 ob_start();
1542 call_user_func_array( $control['callback'], $control['params'] );
1543 ob_end_clean();
1544 break;
1545 }
1546 }
1547
1548 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1549 $sidebars[$sidebar_id] = $sidebar;
1550 wp_set_sidebars_widgets($sidebars);
1551 echo "deleted:$widget_id";
1552 wp_die();
1553 }
1554
1555 if ( !empty($_POST['add_new']) )
1556 wp_die();
1557
1558 if ( $form = $wp_registered_widget_controls[$widget_id] )
1559 call_user_func_array( $form['callback'], $form['params'] );
1560
1561 wp_die();
1562}
1563
1564function wp_ajax_upload_attachment() {
1565 check_ajax_referer( 'media-form' );
1566
1567 if ( ! current_user_can( 'upload_files' ) )
1568 wp_die();
1569
1570 if ( isset( $_REQUEST['post_id'] ) ) {
1571 $post_id = $_REQUEST['post_id'];
1572 if ( ! current_user_can( 'edit_post', $post_id ) )
1573 wp_die();
1574 } else {
1575 $post_id = null;
1576 }
1577
1578 $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
1579
1580 // If the context is custom header or background, make sure the uploaded file is an image.
1581 if ( isset( $post_data['context'] ) && in_array( $post_data['context'], array( 'custom-header', 'custom-background' ) ) ) {
1582 $wp_filetype = wp_check_filetype_and_ext( $_FILES['async-upload']['tmp_name'], $_FILES['async-upload']['name'], false );
1583 if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) ) {
1584 echo json_encode( array(
1585 'success' => false,
1586 'data' => array(
1587 'message' => __( 'The uploaded file is not a valid image. Please try again.' ),
1588 'filename' => $_FILES['async-upload']['name'],
1589 )
1590 ) );
1591
1592 wp_die();
1593 }
1594 }
1595
1596 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
1597
1598 if ( is_wp_error( $attachment_id ) ) {
1599 echo json_encode( array(
1600 'success' => false,
1601 'data' => array(
1602 'message' => $attachment_id->get_error_message(),
1603 'filename' => $_FILES['async-upload']['name'],
1604 )
1605 ) );
1606
1607 wp_die();
1608 }
1609
1610 if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
1611 if ( 'custom-background' === $post_data['context'] )
1612 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
1613
1614 if ( 'custom-header' === $post_data['context'] )
1615 update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
1616 }
1617
1618 if ( ! $attachment = wp_prepare_attachment_for_js( $attachment_id ) )
1619 wp_die();
1620
1621 echo json_encode( array(
1622 'success' => true,
1623 'data' => $attachment,
1624 ) );
1625
1626 wp_die();
1627}
1628
1629function wp_ajax_image_editor() {
1630 $attachment_id = intval($_POST['postid']);
1631 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
1632 wp_die( -1 );
1633
1634 check_ajax_referer( "image_editor-$attachment_id" );
1635 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
1636
1637 $msg = false;
1638 switch ( $_POST['do'] ) {
1639 case 'save' :
1640 $msg = wp_save_image($attachment_id);
1641 $msg = json_encode($msg);
1642 wp_die( $msg );
1643 break;
1644 case 'scale' :
1645