PageRenderTime 55ms CodeModel.GetById 17ms RepoModel.GetById 1ms app.codeStats 0ms

/wp-admin/includes/post.php

https://github.com/yanickouellet/WordPress
PHP | 1401 lines | 868 code | 231 blank | 302 comment | 305 complexity | 3dba7f058fdd2f09b0e7ea91d77d36f2 MD5 | raw file
Possible License(s): GPL-2.0, AGPL-1.0, LGPL-2.1
  1. <?php
  2. /**
  3. * WordPress Post Administration API.
  4. *
  5. * @package WordPress
  6. * @subpackage Administration
  7. */
  8. /**
  9. * Rename $_POST data from form names to DB post columns.
  10. *
  11. * Manipulates $_POST directly.
  12. *
  13. * @package WordPress
  14. * @since 2.6.0
  15. *
  16. * @param bool $update Are we updating a pre-existing post?
  17. * @param array $post_data Array of post data. Defaults to the contents of $_POST.
  18. * @return object|bool WP_Error on failure, true on success.
  19. */
  20. function _wp_translate_postdata( $update = false, $post_data = null ) {
  21. if ( empty($post_data) )
  22. $post_data = &$_POST;
  23. if ( $update )
  24. $post_data['ID'] = (int) $post_data['post_ID'];
  25. $ptype = get_post_type_object( $post_data['post_type'] );
  26. if ( $update && ! current_user_can( $ptype->cap->edit_post, $post_data['ID'] ) ) {
  27. if ( 'page' == $post_data['post_type'] )
  28. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
  29. else
  30. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
  31. } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
  32. if ( 'page' == $post_data['post_type'] )
  33. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
  34. else
  35. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
  36. }
  37. if ( isset( $post_data['content'] ) )
  38. $post_data['post_content'] = $post_data['content'];
  39. if ( isset( $post_data['excerpt'] ) )
  40. $post_data['post_excerpt'] = $post_data['excerpt'];
  41. if ( isset( $post_data['parent_id'] ) )
  42. $post_data['post_parent'] = (int) $post_data['parent_id'];
  43. if ( isset($post_data['trackback_url']) )
  44. $post_data['to_ping'] = $post_data['trackback_url'];
  45. if ( !isset($post_data['user_ID']) )
  46. $post_data['user_ID'] = $GLOBALS['user_ID'];
  47. if (!empty ( $post_data['post_author_override'] ) ) {
  48. $post_data['post_author'] = (int) $post_data['post_author_override'];
  49. } else {
  50. if (!empty ( $post_data['post_author'] ) ) {
  51. $post_data['post_author'] = (int) $post_data['post_author'];
  52. } else {
  53. $post_data['post_author'] = (int) $post_data['user_ID'];
  54. }
  55. }
  56. if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
  57. && ! current_user_can( $ptype->cap->edit_others_posts ) ) {
  58. if ( $update ) {
  59. if ( 'page' == $post_data['post_type'] )
  60. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
  61. else
  62. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
  63. } else {
  64. if ( 'page' == $post_data['post_type'] )
  65. return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
  66. else
  67. return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
  68. }
  69. }
  70. if ( ! empty( $post_data['post_status'] ) )
  71. $post_data['post_status'] = sanitize_key( $post_data['post_status'] );
  72. // What to do based on which button they pressed
  73. if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] )
  74. $post_data['post_status'] = 'draft';
  75. if ( isset($post_data['saveasprivate']) && '' != $post_data['saveasprivate'] )
  76. $post_data['post_status'] = 'private';
  77. if ( isset($post_data['publish']) && ( '' != $post_data['publish'] ) && ( !isset($post_data['post_status']) || $post_data['post_status'] != 'private' ) )
  78. $post_data['post_status'] = 'publish';
  79. if ( isset($post_data['advanced']) && '' != $post_data['advanced'] )
  80. $post_data['post_status'] = 'draft';
  81. if ( isset($post_data['pending']) && '' != $post_data['pending'] )
  82. $post_data['post_status'] = 'pending';
  83. if ( isset( $post_data['ID'] ) )
  84. $post_id = $post_data['ID'];
  85. else
  86. $post_id = false;
  87. $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
  88. $published_statuses = array( 'publish', 'future' );
  89. // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published.
  90. // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
  91. if ( isset($post_data['post_status']) && (in_array( $post_data['post_status'], $published_statuses ) && !current_user_can( $ptype->cap->publish_posts )) )
  92. if ( ! in_array( $previous_status, $published_statuses ) || !current_user_can( 'edit_post', $post_id ) )
  93. $post_data['post_status'] = 'pending';
  94. if ( ! isset($post_data['post_status']) )
  95. $post_data['post_status'] = $previous_status;
  96. if (!isset( $post_data['comment_status'] ))
  97. $post_data['comment_status'] = 'closed';
  98. if (!isset( $post_data['ping_status'] ))
  99. $post_data['ping_status'] = 'closed';
  100. foreach ( array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) {
  101. if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) {
  102. $post_data['edit_date'] = '1';
  103. break;
  104. }
  105. }
  106. if ( !empty( $post_data['edit_date'] ) ) {
  107. $aa = $post_data['aa'];
  108. $mm = $post_data['mm'];
  109. $jj = $post_data['jj'];
  110. $hh = $post_data['hh'];
  111. $mn = $post_data['mn'];
  112. $ss = $post_data['ss'];
  113. $aa = ($aa <= 0 ) ? date('Y') : $aa;
  114. $mm = ($mm <= 0 ) ? date('n') : $mm;
  115. $jj = ($jj > 31 ) ? 31 : $jj;
  116. $jj = ($jj <= 0 ) ? date('j') : $jj;
  117. $hh = ($hh > 23 ) ? $hh -24 : $hh;
  118. $mn = ($mn > 59 ) ? $mn -60 : $mn;
  119. $ss = ($ss > 59 ) ? $ss -60 : $ss;
  120. $post_data['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
  121. $valid_date = wp_checkdate( $mm, $jj, $aa, $post_data['post_date'] );
  122. if ( !$valid_date ) {
  123. return new WP_Error( 'invalid_date', __( 'Whoops, the provided date is invalid.' ) );
  124. }
  125. $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
  126. }
  127. return $post_data;
  128. }
  129. /**
  130. * Update an existing post with values provided in $_POST.
  131. *
  132. * @since 1.5.0
  133. *
  134. * @param array $post_data Optional.
  135. * @return int Post ID.
  136. */
  137. function edit_post( $post_data = null ) {
  138. if ( empty($post_data) )
  139. $post_data = &$_POST;
  140. // Clear out any data in internal vars.
  141. unset( $post_data['filter'] );
  142. $post_ID = (int) $post_data['post_ID'];
  143. $post = get_post( $post_ID );
  144. $post_data['post_type'] = $post->post_type;
  145. $post_data['post_mime_type'] = $post->post_mime_type;
  146. $ptype = get_post_type_object($post_data['post_type']);
  147. if ( !current_user_can( $ptype->cap->edit_post, $post_ID ) ) {
  148. if ( 'page' == $post_data['post_type'] )
  149. wp_die( __('You are not allowed to edit this page.' ));
  150. else
  151. wp_die( __('You are not allowed to edit this post.' ));
  152. }
  153. $post_data = _wp_translate_postdata( true, $post_data );
  154. if ( is_wp_error($post_data) )
  155. wp_die( $post_data->get_error_message() );
  156. if ( ( empty( $post_data['action'] ) || 'autosave' != $post_data['action'] ) && 'auto-draft' == $post_data['post_status'] ) {
  157. $post_data['post_status'] = 'draft';
  158. }
  159. if ( isset($post_data['visibility']) ) {
  160. switch ( $post_data['visibility'] ) {
  161. case 'public' :
  162. $post_data['post_password'] = '';
  163. break;
  164. case 'password' :
  165. unset( $post_data['sticky'] );
  166. break;
  167. case 'private' :
  168. $post_data['post_status'] = 'private';
  169. $post_data['post_password'] = '';
  170. unset( $post_data['sticky'] );
  171. break;
  172. }
  173. }
  174. // Post Formats
  175. if ( isset( $post_data['post_format'] ) )
  176. set_post_format( $post_ID, $post_data['post_format'] );
  177. $format_meta_urls = array( 'url', 'link_url', 'quote_source_url' );
  178. foreach ( $format_meta_urls as $format_meta_url ) {
  179. $keyed = '_format_' . $format_meta_url;
  180. if ( isset( $post_data[ $keyed ] ) )
  181. update_post_meta( $post_ID, $keyed, wp_slash( esc_url_raw( wp_unslash( $post_data[ $keyed ] ) ) ) );
  182. }
  183. $format_keys = array( 'quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed' );
  184. foreach ( $format_keys as $key ) {
  185. $keyed = '_format_' . $key;
  186. if ( isset( $post_data[ $keyed ] ) ) {
  187. if ( current_user_can( 'unfiltered_html' ) )
  188. update_post_meta( $post_ID, $keyed, $post_data[ $keyed ] );
  189. else
  190. update_post_meta( $post_ID, $keyed, wp_filter_post_kses( $post_data[ $keyed ] ) );
  191. }
  192. }
  193. // Meta Stuff
  194. if ( isset($post_data['meta']) && $post_data['meta'] ) {
  195. foreach ( $post_data['meta'] as $key => $value ) {
  196. if ( !$meta = get_post_meta_by_id( $key ) )
  197. continue;
  198. if ( $meta->post_id != $post_ID )
  199. continue;
  200. if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) )
  201. continue;
  202. update_meta( $key, $value['key'], $value['value'] );
  203. }
  204. }
  205. if ( isset($post_data['deletemeta']) && $post_data['deletemeta'] ) {
  206. foreach ( $post_data['deletemeta'] as $key => $value ) {
  207. if ( !$meta = get_post_meta_by_id( $key ) )
  208. continue;
  209. if ( $meta->post_id != $post_ID )
  210. continue;
  211. if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) )
  212. continue;
  213. delete_meta( $key );
  214. }
  215. }
  216. // Attachment stuff
  217. if ( 'attachment' == $post_data['post_type'] ) {
  218. if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) {
  219. $image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] );
  220. if ( $image_alt != get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) ) {
  221. $image_alt = wp_strip_all_tags( $image_alt, true );
  222. // update_meta expects slashed
  223. update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
  224. }
  225. }
  226. $attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
  227. $post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data );
  228. }
  229. add_meta( $post_ID );
  230. update_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
  231. wp_update_post( $post_data );
  232. // Now that we have an ID we can fix any attachment anchor hrefs
  233. _fix_attachment_links( $post_ID );
  234. wp_set_post_lock( $post_ID );
  235. if ( current_user_can( $ptype->cap->edit_others_posts ) ) {
  236. if ( ! empty( $post_data['sticky'] ) )
  237. stick_post( $post_ID );
  238. else
  239. unstick_post( $post_ID );
  240. }
  241. return $post_ID;
  242. }
  243. /**
  244. * Process the post data for the bulk editing of posts.
  245. *
  246. * Updates all bulk edited posts/pages, adding (but not removing) tags and
  247. * categories. Skips pages when they would be their own parent or child.
  248. *
  249. * @since 2.7.0
  250. *
  251. * @param array $post_data Optional, the array of post data to process if not provided will use $_POST superglobal.
  252. * @return array
  253. */
  254. function bulk_edit_posts( $post_data = null ) {
  255. global $wpdb;
  256. if ( empty($post_data) )
  257. $post_data = &$_POST;
  258. if ( isset($post_data['post_type']) )
  259. $ptype = get_post_type_object($post_data['post_type']);
  260. else
  261. $ptype = get_post_type_object('post');
  262. if ( !current_user_can( $ptype->cap->edit_posts ) ) {
  263. if ( 'page' == $ptype->name )
  264. wp_die( __('You are not allowed to edit pages.'));
  265. else
  266. wp_die( __('You are not allowed to edit posts.'));
  267. }
  268. if ( -1 == $post_data['_status'] ) {
  269. $post_data['post_status'] = null;
  270. unset($post_data['post_status']);
  271. } else {
  272. $post_data['post_status'] = $post_data['_status'];
  273. }
  274. unset($post_data['_status']);
  275. $post_IDs = array_map( 'intval', (array) $post_data['post'] );
  276. $reset = array( 'post_author', 'post_status', 'post_password', 'post_parent', 'page_template', 'comment_status', 'ping_status', 'keep_private', 'tax_input', 'post_category', 'sticky' );
  277. foreach ( $reset as $field ) {
  278. if ( isset($post_data[$field]) && ( '' == $post_data[$field] || -1 == $post_data[$field] ) )
  279. unset($post_data[$field]);
  280. }
  281. if ( isset($post_data['post_category']) ) {
  282. if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) )
  283. $new_cats = array_map( 'absint', $post_data['post_category'] );
  284. else
  285. unset($post_data['post_category']);
  286. }
  287. $tax_input = array();
  288. if ( isset($post_data['tax_input'])) {
  289. foreach ( $post_data['tax_input'] as $tax_name => $terms ) {
  290. if ( empty($terms) )
  291. continue;
  292. if ( is_taxonomy_hierarchical( $tax_name ) ) {
  293. $tax_input[ $tax_name ] = array_map( 'absint', $terms );
  294. } else {
  295. $comma = _x( ',', 'tag delimiter' );
  296. if ( ',' !== $comma )
  297. $terms = str_replace( $comma, ',', $terms );
  298. $tax_input[ $tax_name ] = explode( ',', trim( $terms, " \n\t\r\0\x0B," ) );
  299. }
  300. }
  301. }
  302. if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) {
  303. $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'");
  304. $children = array();
  305. for ( $i = 0; $i < 50 && $parent > 0; $i++ ) {
  306. $children[] = $parent;
  307. foreach ( $pages as $page ) {
  308. if ( $page->ID == $parent ) {
  309. $parent = $page->post_parent;
  310. break;
  311. }
  312. }
  313. }
  314. }
  315. $updated = $skipped = $locked = array();
  316. foreach ( $post_IDs as $post_ID ) {
  317. $post_type_object = get_post_type_object( get_post_type( $post_ID ) );
  318. if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( $post_type_object->cap->edit_post, $post_ID ) ) {
  319. $skipped[] = $post_ID;
  320. continue;
  321. }
  322. if ( wp_check_post_lock( $post_ID ) ) {
  323. $locked[] = $post_ID;
  324. continue;
  325. }
  326. $post = get_post( $post_ID );
  327. $tax_names = get_object_taxonomies( $post );
  328. foreach ( $tax_names as $tax_name ) {
  329. $taxonomy_obj = get_taxonomy($tax_name);
  330. if ( isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) )
  331. $new_terms = $tax_input[$tax_name];
  332. else
  333. $new_terms = array();
  334. if ( $taxonomy_obj->hierarchical )
  335. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'ids') );
  336. else
  337. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'names') );
  338. $post_data['tax_input'][$tax_name] = array_merge( $current_terms, $new_terms );
  339. }
  340. if ( isset($new_cats) && in_array( 'category', $tax_names ) ) {
  341. $cats = (array) wp_get_post_categories($post_ID);
  342. $post_data['post_category'] = array_unique( array_merge($cats, $new_cats) );
  343. unset( $post_data['tax_input']['category'] );
  344. }
  345. $post_data['post_mime_type'] = $post->post_mime_type;
  346. $post_data['guid'] = $post->guid;
  347. $post_data['ID'] = $post_ID;
  348. $updated[] = wp_update_post( $post_data );
  349. if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) {
  350. if ( 'sticky' == $post_data['sticky'] )
  351. stick_post( $post_ID );
  352. else
  353. unstick_post( $post_ID );
  354. }
  355. }
  356. return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked );
  357. }
  358. /**
  359. * Default post information to use when populating the "Write Post" form.
  360. *
  361. * @since 2.0.0
  362. *
  363. * @param string $post_type A post type string, defaults to 'post'.
  364. * @return WP_Post Post object containing all the default post data as attributes
  365. */
  366. function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) {
  367. global $wpdb;
  368. $post_title = '';
  369. if ( !empty( $_REQUEST['post_title'] ) )
  370. $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ));
  371. $post_content = '';
  372. if ( !empty( $_REQUEST['content'] ) )
  373. $post_content = esc_html( wp_unslash( $_REQUEST['content'] ));
  374. $post_excerpt = '';
  375. if ( !empty( $_REQUEST['excerpt'] ) )
  376. $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ));
  377. if ( $create_in_db ) {
  378. $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) );
  379. $post = get_post( $post_id );
  380. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) && get_option( 'default_post_format' ) )
  381. set_post_format( $post, get_option( 'default_post_format' ) );
  382. } else {
  383. $post = new stdClass;
  384. $post->ID = 0;
  385. $post->post_author = '';
  386. $post->post_date = '';
  387. $post->post_date_gmt = '';
  388. $post->post_password = '';
  389. $post->post_type = $post_type;
  390. $post->post_status = 'draft';
  391. $post->to_ping = '';
  392. $post->pinged = '';
  393. $post->comment_status = get_option( 'default_comment_status' );
  394. $post->ping_status = get_option( 'default_ping_status' );
  395. $post->post_pingback = get_option( 'default_pingback_flag' );
  396. $post->post_category = get_option( 'default_category' );
  397. $post->page_template = 'default';
  398. $post->post_parent = 0;
  399. $post->menu_order = 0;
  400. $post = new WP_Post( $post );
  401. }
  402. $post->post_content = apply_filters( 'default_content', $post_content, $post );
  403. $post->post_title = apply_filters( 'default_title', $post_title, $post );
  404. $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt, $post );
  405. $post->post_name = '';
  406. return $post;
  407. }
  408. /**
  409. * Determine if a post exists based on title, content, and date
  410. *
  411. * @since 2.0.0
  412. *
  413. * @param string $title Post title
  414. * @param string $content Optional post content
  415. * @param string $date Optional post date
  416. * @return int Post ID if post exists, 0 otherwise.
  417. */
  418. function post_exists($title, $content = '', $date = '') {
  419. global $wpdb;
  420. $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) );
  421. $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) );
  422. $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) );
  423. $query = "SELECT ID FROM $wpdb->posts WHERE 1=1";
  424. $args = array();
  425. if ( !empty ( $date ) ) {
  426. $query .= ' AND post_date = %s';
  427. $args[] = $post_date;
  428. }
  429. if ( !empty ( $title ) ) {
  430. $query .= ' AND post_title = %s';
  431. $args[] = $post_title;
  432. }
  433. if ( !empty ( $content ) ) {
  434. $query .= 'AND post_content = %s';
  435. $args[] = $post_content;
  436. }
  437. if ( !empty ( $args ) )
  438. return (int) $wpdb->get_var( $wpdb->prepare($query, $args) );
  439. return 0;
  440. }
  441. /**
  442. * Creates a new post from the "Write Post" form using $_POST information.
  443. *
  444. * @since 2.1.0
  445. *
  446. * @return unknown
  447. */
  448. function wp_write_post() {
  449. global $user_ID;
  450. if ( isset($_POST['post_type']) )
  451. $ptype = get_post_type_object($_POST['post_type']);
  452. else
  453. $ptype = get_post_type_object('post');
  454. if ( !current_user_can( $ptype->cap->edit_posts ) ) {
  455. if ( 'page' == $ptype->name )
  456. return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this site.' ) );
  457. else
  458. return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this site.' ) );
  459. }
  460. $_POST['post_mime_type'] = '';
  461. // Clear out any data in internal vars.
  462. unset( $_POST['filter'] );
  463. // Edit don't write if we have a post id.
  464. if ( isset( $_POST['post_ID'] ) )
  465. return edit_post();
  466. $translated = _wp_translate_postdata( false );
  467. if ( is_wp_error($translated) )
  468. return $translated;
  469. if ( isset($_POST['visibility']) ) {
  470. switch ( $_POST['visibility'] ) {
  471. case 'public' :
  472. $_POST['post_password'] = '';
  473. break;
  474. case 'password' :
  475. unset( $_POST['sticky'] );
  476. break;
  477. case 'private' :
  478. $_POST['post_status'] = 'private';
  479. $_POST['post_password'] = '';
  480. unset( $_POST['sticky'] );
  481. break;
  482. }
  483. }
  484. // Create the post.
  485. $post_ID = wp_insert_post( $_POST );
  486. if ( is_wp_error( $post_ID ) )
  487. return $post_ID;
  488. if ( empty($post_ID) )
  489. return 0;
  490. add_meta( $post_ID );
  491. add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID );
  492. // Now that we have an ID we can fix any attachment anchor hrefs
  493. _fix_attachment_links( $post_ID );
  494. wp_set_post_lock( $post_ID );
  495. return $post_ID;
  496. }
  497. /**
  498. * Calls wp_write_post() and handles the errors.
  499. *
  500. * @since 2.0.0
  501. * @uses wp_write_post()
  502. * @uses is_wp_error()
  503. * @uses wp_die()
  504. * @return unknown
  505. */
  506. function write_post() {
  507. $result = wp_write_post();
  508. if ( is_wp_error( $result ) )
  509. wp_die( $result->get_error_message() );
  510. else
  511. return $result;
  512. }
  513. //
  514. // Post Meta
  515. //
  516. /**
  517. * {@internal Missing Short Description}}
  518. *
  519. * @since 1.2.0
  520. *
  521. * @param unknown_type $post_ID
  522. * @return unknown
  523. */
  524. function add_meta( $post_ID ) {
  525. global $wpdb;
  526. $post_ID = (int) $post_ID;
  527. $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : '';
  528. $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : '';
  529. $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : '';
  530. if ( is_string( $metavalue ) )
  531. $metavalue = trim( $metavalue );
  532. if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( ( ( '#NONE#' != $metakeyselect ) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput ) ) ) {
  533. // We have a key/value pair. If both the select and the
  534. // input for the key have data, the input takes precedence:
  535. if ( '#NONE#' != $metakeyselect )
  536. $metakey = $metakeyselect;
  537. if ( $metakeyinput )
  538. $metakey = $metakeyinput; // default
  539. if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) )
  540. return false;
  541. $metakey = esc_sql( $metakey );
  542. return add_post_meta( $post_ID, $metakey, $metavalue );
  543. }
  544. return false;
  545. } // add_meta
  546. /**
  547. * {@internal Missing Short Description}}
  548. *
  549. * @since 1.2.0
  550. *
  551. * @param unknown_type $mid
  552. * @return unknown
  553. */
  554. function delete_meta( $mid ) {
  555. return delete_metadata_by_mid( 'post' , $mid );
  556. }
  557. /**
  558. * Get a list of previously defined keys.
  559. *
  560. * @since 1.2.0
  561. *
  562. * @return unknown
  563. */
  564. function get_meta_keys() {
  565. global $wpdb;
  566. $keys = $wpdb->get_col( "
  567. SELECT meta_key
  568. FROM $wpdb->postmeta
  569. GROUP BY meta_key
  570. ORDER BY meta_key" );
  571. return $keys;
  572. }
  573. /**
  574. * {@internal Missing Short Description}}
  575. *
  576. * @since 2.1.0
  577. *
  578. * @param unknown_type $mid
  579. * @return unknown
  580. */
  581. function get_post_meta_by_id( $mid ) {
  582. return get_metadata_by_mid( 'post', $mid );
  583. }
  584. /**
  585. * {@internal Missing Short Description}}
  586. *
  587. * Some postmeta stuff.
  588. *
  589. * @since 1.2.0
  590. *
  591. * @param unknown_type $postid
  592. * @return unknown
  593. */
  594. function has_meta( $postid ) {
  595. global $wpdb;
  596. return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id
  597. FROM $wpdb->postmeta WHERE post_id = %d
  598. ORDER BY meta_key,meta_id", $postid), ARRAY_A );
  599. }
  600. /**
  601. * {@internal Missing Short Description}}
  602. *
  603. * @since 1.2.0
  604. *
  605. * @param unknown_type $meta_id
  606. * @param unknown_type $meta_key Expect Slashed
  607. * @param unknown_type $meta_value Expect Slashed
  608. * @return unknown
  609. */
  610. function update_meta( $meta_id, $meta_key, $meta_value ) {
  611. $meta_key = wp_unslash( $meta_key );
  612. $meta_value = wp_unslash( $meta_value );
  613. return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key );
  614. }
  615. //
  616. // Private
  617. //
  618. /**
  619. * Replace hrefs of attachment anchors with up-to-date permalinks.
  620. *
  621. * @since 2.3.0
  622. * @access private
  623. *
  624. * @param unknown_type $post_ID
  625. * @return unknown
  626. */
  627. function _fix_attachment_links( $post_ID ) {
  628. $post = get_post( $post_ID, ARRAY_A );
  629. $content = $post['post_content'];
  630. // quick sanity check, don't run if no pretty permalinks or post is not published
  631. if ( !get_option('permalink_structure') || $post['post_status'] != 'publish' )
  632. return;
  633. // Short if there aren't any links or no '?attachment_id=' strings (strpos cannot be zero)
  634. if ( !strpos($content, '?attachment_id=') || !preg_match_all( '/<a ([^>]+)>[\s\S]+?<\/a>/', $content, $link_matches ) )
  635. return;
  636. $site_url = get_bloginfo('url');
  637. $site_url = substr( $site_url, (int) strpos($site_url, '://') ); // remove the http(s)
  638. $replace = '';
  639. foreach ( $link_matches[1] as $key => $value ) {
  640. if ( !strpos($value, '?attachment_id=') || !strpos($value, 'wp-att-')
  641. || !preg_match( '/href=(["\'])[^"\']*\?attachment_id=(\d+)[^"\']*\\1/', $value, $url_match )
  642. || !preg_match( '/rel=["\'][^"\']*wp-att-(\d+)/', $value, $rel_match ) )
  643. continue;
  644. $quote = $url_match[1]; // the quote (single or double)
  645. $url_id = (int) $url_match[2];
  646. $rel_id = (int) $rel_match[1];
  647. if ( !$url_id || !$rel_id || $url_id != $rel_id || strpos($url_match[0], $site_url) === false )
  648. continue;
  649. $link = $link_matches[0][$key];
  650. $replace = str_replace( $url_match[0], 'href=' . $quote . get_attachment_link( $url_id ) . $quote, $link );
  651. $content = str_replace( $link, $replace, $content );
  652. }
  653. if ( $replace ) {
  654. $post['post_content'] = $content;
  655. // Escape data pulled from DB.
  656. $post = add_magic_quotes($post);
  657. return wp_update_post($post);
  658. }
  659. }
  660. /**
  661. * Move child posts to a new parent.
  662. *
  663. * @since 2.3.0
  664. * @access private
  665. *
  666. * @param unknown_type $old_ID
  667. * @param unknown_type $new_ID
  668. * @return unknown
  669. */
  670. function _relocate_children( $old_ID, $new_ID ) {
  671. global $wpdb;
  672. $old_ID = (int) $old_ID;
  673. $new_ID = (int) $new_ID;
  674. $children = $wpdb->get_col( $wpdb->prepare("
  675. SELECT post_id
  676. FROM $wpdb->postmeta
  677. WHERE meta_key = '_wp_attachment_temp_parent'
  678. AND meta_value = %d", $old_ID) );
  679. foreach ( $children as $child_id ) {
  680. $wpdb->update($wpdb->posts, array('post_parent' => $new_ID), array('ID' => $child_id) );
  681. delete_post_meta($child_id, '_wp_attachment_temp_parent');
  682. }
  683. }
  684. /**
  685. * Get all the possible statuses for a post_type
  686. *
  687. * @since 2.5.0
  688. *
  689. * @param string $type The post_type you want the statuses for
  690. * @return array As array of all the statuses for the supplied post type
  691. */
  692. function get_available_post_statuses($type = 'post') {
  693. $stati = wp_count_posts($type);
  694. return array_keys(get_object_vars($stati));
  695. }
  696. /**
  697. * Run the wp query to fetch the posts for listing on the edit posts page
  698. *
  699. * @since 2.5.0
  700. *
  701. * @param array|bool $q Array of query variables to use to build the query or false to use $_GET superglobal.
  702. * @return array
  703. */
  704. function wp_edit_posts_query( $q = false ) {
  705. if ( false === $q )
  706. $q = $_GET;
  707. $q['m'] = isset($q['m']) ? (int) $q['m'] : 0;
  708. $q['cat'] = isset($q['cat']) ? (int) $q['cat'] : 0;
  709. $post_stati = get_post_stati();
  710. if ( isset($q['post_type']) && in_array( $q['post_type'], get_post_types() ) )
  711. $post_type = $q['post_type'];
  712. else
  713. $post_type = 'post';
  714. $avail_post_stati = get_available_post_statuses($post_type);
  715. if ( isset($q['post_status']) && in_array( $q['post_status'], $post_stati ) ) {
  716. $post_status = $q['post_status'];
  717. $perm = 'readable';
  718. }
  719. if ( isset($q['orderby']) )
  720. $orderby = $q['orderby'];
  721. elseif ( isset($q['post_status']) && in_array($q['post_status'], array('pending', 'draft')) )
  722. $orderby = 'modified';
  723. if ( isset($q['order']) )
  724. $order = $q['order'];
  725. elseif ( isset($q['post_status']) && 'pending' == $q['post_status'] )
  726. $order = 'ASC';
  727. $per_page = 'edit_' . $post_type . '_per_page';
  728. $posts_per_page = (int) get_user_option( $per_page );
  729. if ( empty( $posts_per_page ) || $posts_per_page < 1 )
  730. $posts_per_page = 20;
  731. $posts_per_page = apply_filters( $per_page, $posts_per_page );
  732. $posts_per_page = apply_filters( 'edit_posts_per_page', $posts_per_page, $post_type );
  733. $query = compact('post_type', 'post_status', 'perm', 'order', 'orderby', 'posts_per_page');
  734. // Hierarchical types require special args.
  735. if ( is_post_type_hierarchical( $post_type ) && !isset($orderby) ) {
  736. $query['orderby'] = 'menu_order title';
  737. $query['order'] = 'asc';
  738. $query['posts_per_page'] = -1;
  739. $query['posts_per_archive_page'] = -1;
  740. }
  741. if ( ! empty( $q['show_sticky'] ) )
  742. $query['post__in'] = (array) get_option( 'sticky_posts' );
  743. wp( $query );
  744. return $avail_post_stati;
  745. }
  746. /**
  747. * {@internal Missing Short Description}}
  748. *
  749. * @since 2.5.0
  750. *
  751. * @param unknown_type $type
  752. * @return unknown
  753. */
  754. function get_available_post_mime_types($type = 'attachment') {
  755. global $wpdb;
  756. $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type));
  757. return $types;
  758. }
  759. /**
  760. * Executes a query for attachments. An array of WP_Query arguments
  761. * can be passed in, which will override the arguments set by this function.
  762. *
  763. * @since 2.5.0
  764. * @uses apply_filters() Calls 'upload_per_page' on posts_per_page argument
  765. *
  766. * @param array|bool $q Array of query variables to use to build the query or false to use $_GET superglobal.
  767. * @return array
  768. */
  769. function wp_edit_attachments_query( $q = false ) {
  770. if ( false === $q )
  771. $q = $_GET;
  772. $q['m'] = isset( $q['m'] ) ? (int) $q['m'] : 0;
  773. $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0;
  774. $q['post_type'] = 'attachment';
  775. $post_type = get_post_type_object( 'attachment' );
  776. $states = 'inherit';
  777. if ( current_user_can( $post_type->cap->read_private_posts ) )
  778. $states .= ',private';
  779. $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states;
  780. $media_per_page = (int) get_user_option( 'upload_per_page' );
  781. if ( empty( $media_per_page ) || $media_per_page < 1 )
  782. $media_per_page = 20;
  783. $q['posts_per_page'] = apply_filters( 'upload_per_page', $media_per_page );
  784. $post_mime_types = get_post_mime_types();
  785. $avail_post_mime_types = get_available_post_mime_types('attachment');
  786. if ( isset($q['post_mime_type']) && !array_intersect( (array) $q['post_mime_type'], array_keys($post_mime_types) ) )
  787. unset($q['post_mime_type']);
  788. if ( isset($q['detached']) )
  789. add_filter('posts_where', '_edit_attachments_query_helper');
  790. wp( $q );
  791. if ( isset($q['detached']) )
  792. remove_filter('posts_where', '_edit_attachments_query_helper');
  793. return array($post_mime_types, $avail_post_mime_types);
  794. }
  795. function _edit_attachments_query_helper($where) {
  796. global $wpdb;
  797. return $where .= " AND {$wpdb->posts}.post_parent < 1";
  798. }
  799. /**
  800. * Returns the list of classes to be used by a metabox
  801. *
  802. * @uses get_user_option()
  803. * @since 2.5.0
  804. *
  805. * @param unknown_type $id
  806. * @param unknown_type $page
  807. * @return unknown
  808. */
  809. function postbox_classes( $id, $page ) {
  810. if ( isset( $_GET['edit'] ) && $_GET['edit'] == $id ) {
  811. $classes = array( '' );
  812. } elseif ( $closed = get_user_option('closedpostboxes_'.$page ) ) {
  813. if ( !is_array( $closed ) ) {
  814. $classes = array( '' );
  815. } else {
  816. $classes = in_array( $id, $closed ) ? array( 'closed' ) : array( '' );
  817. }
  818. } else {
  819. $classes = array( '' );
  820. }
  821. $classes = apply_filters( "postbox_classes_{$page}_{$id}", $classes );
  822. return implode( ' ', $classes );
  823. }
  824. /**
  825. * {@internal Missing Short Description}}
  826. *
  827. * @since 2.5.0
  828. *
  829. * @param int|object $id Post ID or post object.
  830. * @param string $title (optional) Title
  831. * @param string $name (optional) Name
  832. * @return array With two entries of type string
  833. */
  834. function get_sample_permalink($id, $title = null, $name = null) {
  835. $post = get_post($id);
  836. if ( !$post->ID )
  837. return array('', '');
  838. $ptype = get_post_type_object($post->post_type);
  839. $original_status = $post->post_status;
  840. $original_date = $post->post_date;
  841. $original_name = $post->post_name;
  842. // Hack: get_permalink() would return ugly permalink for drafts, so we will fake that our post is published.
  843. if ( in_array( $post->post_status, array( 'draft', 'pending' ) ) ) {
  844. $post->post_status = 'publish';
  845. $post->post_name = sanitize_title($post->post_name ? $post->post_name : $post->post_title, $post->ID);
  846. }
  847. // If the user wants to set a new name -- override the current one
  848. // Note: if empty name is supplied -- use the title instead, see #6072
  849. if ( !is_null($name) )
  850. $post->post_name = sanitize_title($name ? $name : $title, $post->ID);
  851. $post->post_name = wp_unique_post_slug($post->post_name, $post->ID, $post->post_status, $post->post_type, $post->post_parent);
  852. $post->filter = 'sample';
  853. $permalink = get_permalink($post, true);
  854. // Replace custom post_type Token with generic pagename token for ease of use.
  855. $permalink = str_replace("%$post->post_type%", '%pagename%', $permalink);
  856. // Handle page hierarchy
  857. if ( $ptype->hierarchical ) {
  858. $uri = get_page_uri($post);
  859. $uri = untrailingslashit($uri);
  860. $uri = strrev( stristr( strrev( $uri ), '/' ) );
  861. $uri = untrailingslashit($uri);
  862. $uri = apply_filters( 'editable_slug', $uri );
  863. if ( !empty($uri) )
  864. $uri .= '/';
  865. $permalink = str_replace('%pagename%', "{$uri}%pagename%", $permalink);
  866. }
  867. $permalink = array($permalink, apply_filters('editable_slug', $post->post_name));
  868. $post->post_status = $original_status;
  869. $post->post_date = $original_date;
  870. $post->post_name = $original_name;
  871. unset($post->filter);
  872. return $permalink;
  873. }
  874. /**
  875. * Returns the HTML of the sample permalink slug editor.
  876. *
  877. * @since 2.5.0
  878. *
  879. * @param int|object $id Post ID or post object.
  880. * @param string $new_title Optional. New title.
  881. * @param string $new_slug Optional. New slug.
  882. * @return string The HTML of the sample permalink slug editor.
  883. */
  884. function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
  885. global $wpdb;
  886. $post = get_post($id);
  887. list($permalink, $post_name) = get_sample_permalink($post->ID, $new_title, $new_slug);
  888. if ( 'publish' == get_post_status( $post ) ) {
  889. $ptype = get_post_type_object($post->post_type);
  890. $view_post = $ptype->labels->view_item;
  891. $title = __('Click to edit this part of the permalink');
  892. } else {
  893. $title = __('Temporary permalink. Click to edit this part.');
  894. }
  895. if ( false === strpos($permalink, '%postname%') && false === strpos($permalink, '%pagename%') ) {
  896. $return = '<strong>' . __('Permalink:') . "</strong>\n" . '<span id="sample-permalink" tabindex="-1">' . $permalink . "</span>\n";
  897. if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) )
  898. $return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n";
  899. if ( isset( $view_post ) )
  900. $return .= "<span id='view-post-btn'><a href='$permalink' class='button button-small'>$view_post</a></span>\n";
  901. $return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
  902. return $return;
  903. }
  904. if ( function_exists('mb_strlen') ) {
  905. if ( mb_strlen($post_name) > 30 ) {
  906. $post_name_abridged = mb_substr($post_name, 0, 14). '&hellip;' . mb_substr($post_name, -14);
  907. } else {
  908. $post_name_abridged = $post_name;
  909. }
  910. } else {
  911. if ( strlen($post_name) > 30 ) {
  912. $post_name_abridged = substr($post_name, 0, 14). '&hellip;' . substr($post_name, -14);
  913. } else {
  914. $post_name_abridged = $post_name;
  915. }
  916. }
  917. $post_name_html = '<span id="editable-post-name" title="' . $title . '">' . $post_name_abridged . '</span>';
  918. $display_link = str_replace(array('%pagename%','%postname%'), $post_name_html, $permalink);
  919. $view_link = str_replace(array('%pagename%','%postname%'), $post_name, $permalink);
  920. $return = '<strong>' . __('Permalink:') . "</strong>\n";
  921. $return .= '<span id="sample-permalink" tabindex="-1">' . $display_link . "</span>\n";
  922. $return .= '&lrm;'; // Fix bi-directional text display defect in RTL languages.
  923. $return .= '<span id="edit-slug-buttons"><a href="#post_name" class="edit-slug button button-small hide-if-no-js" onclick="editPermalink(' . $id . '); return false;">' . __('Edit') . "</a></span>\n";
  924. $return .= '<span id="editable-post-name-full">' . $post_name . "</span>\n";
  925. if ( isset($view_post) )
  926. $return .= "<span id='view-post-btn'><a href='$view_link' class='button button-small'>$view_post</a></span>\n";
  927. $return = apply_filters('get_sample_permalink_html', $return, $id, $new_title, $new_slug);
  928. return $return;
  929. }
  930. /**
  931. * Output HTML for the post thumbnail meta-box.
  932. *
  933. * @since 2.9.0
  934. *
  935. * @param int $thumbnail_id ID of the attachment used for thumbnail
  936. * @param mixed $post The post ID or object associated with the thumbnail, defaults to global $post.
  937. * @return string html
  938. */
  939. function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) {
  940. global $content_width, $_wp_additional_image_sizes;
  941. $post = get_post( $post );
  942. $upload_iframe_src = esc_url( get_upload_iframe_src('image', $post->ID ) );
  943. $set_thumbnail_link = '<p class="hide-if-no-js"><a title="' . esc_attr__( 'Set featured image' ) . '" href="%s" id="set-post-thumbnail" class="thickbox">%s</a></p>';
  944. $content = sprintf( $set_thumbnail_link, $upload_iframe_src, esc_html__( 'Set featured image' ) );
  945. if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
  946. $old_content_width = $content_width;
  947. $content_width = 266;
  948. if ( !isset( $_wp_additional_image_sizes['post-thumbnail'] ) )
  949. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, array( $content_width, $content_width ) );
  950. else
  951. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'post-thumbnail' );
  952. if ( !empty( $thumbnail_html ) ) {
  953. $ajax_nonce = wp_create_nonce( 'set_post_thumbnail-' . $post->ID );
  954. $content = sprintf( $set_thumbnail_link, $upload_iframe_src, $thumbnail_html );
  955. $content .= '<p class="hide-if-no-js"><a href="#" id="remove-post-thumbnail" onclick="WPRemoveThumbnail(\'' . $ajax_nonce . '\');return false;">' . esc_html__( 'Remove featured image' ) . '</a></p>';
  956. }
  957. $content_width = $old_content_width;
  958. }
  959. return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID );
  960. }
  961. /**
  962. * Check to see if the post is currently being edited by another user.
  963. *
  964. * @since 2.5.0
  965. *
  966. * @param int $post_id ID of the post to check for editing
  967. * @return bool|int False: not locked or locked by current user. Int: user ID of user with lock.
  968. */
  969. function wp_check_post_lock( $post_id ) {
  970. if ( !$post = get_post( $post_id ) )
  971. return false;
  972. if ( !$lock = get_post_meta( $post->ID, '_edit_lock', true ) )
  973. return false;
  974. $lock = explode( ':', $lock );
  975. $time = $lock[0];
  976. $user = isset( $lock[1] ) ? $lock[1] : get_post_meta( $post->ID, '_edit_last', true );
  977. $time_window = apply_filters( 'wp_check_post_lock_window', 120 );
  978. if ( $time && $time > time() - $time_window && $user != get_current_user_id() )
  979. return $user;
  980. return false;
  981. }
  982. /**
  983. * Mark the post as currently being edited by the current user
  984. *
  985. * @since 2.5.0
  986. *
  987. * @param int $post_id ID of the post to being edited
  988. * @return bool|array Returns false if the post doesn't exist of there is no current user, or
  989. * an array of the lock time and the user ID.
  990. */
  991. function wp_set_post_lock( $post_id ) {
  992. if ( !$post = get_post( $post_id ) )
  993. return false;
  994. if ( 0 == ($user_id = get_current_user_id()) )
  995. return false;
  996. $now = time();
  997. $lock = "$now:$user_id";
  998. update_post_meta( $post->ID, '_edit_lock', $lock );
  999. return array( $now, $user_id );
  1000. }
  1001. /**
  1002. * Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post.
  1003. *
  1004. * @since 2.8.5
  1005. * @return none
  1006. */
  1007. function _admin_notice_post_locked() {
  1008. if ( ! $post = get_post() )
  1009. return;
  1010. if ( ( $user_id = wp_check_post_lock( $post->ID ) ) && ( $user = get_userdata( $user_id ) ) ) {
  1011. $locked = apply_filters( 'show_post_locked_dialog', true, $post, $user );
  1012. } else {
  1013. $locked = false;
  1014. }
  1015. if ( $locked && ( $sendback = wp_get_referer() ) &&
  1016. false === strpos( $sendback, 'post.php' ) && false === strpos( $sendback, 'post-new.php' ) ) {
  1017. $sendback_text = __('Go back');
  1018. } else {
  1019. $sendback = admin_url( 'edit.php' );
  1020. if ( 'post' != $post->post_type )
  1021. $sendback = add_query_arg( 'post_type', $post->post_type, $sendback );
  1022. $sendback_text = get_post_type_object( $post->post_type )->labels->all_items;
  1023. }
  1024. $hidden = $locked ? '' : ' hidden';
  1025. ?>
  1026. <div id="post-lock-dialog" class="notification-dialog-wrap<?php echo $hidden; ?>">
  1027. <div class="notification-dialog-background"></div>
  1028. <div class="notification-dialog">
  1029. <?php
  1030. if ( $locked ) {
  1031. $preview_link = set_url_scheme( add_query_arg( 'preview', 'true', get_permalink( $post->ID ) ) );
  1032. if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) {
  1033. // Latest content is in autosave
  1034. $nonce = wp_create_nonce( 'post_preview_' . $post->ID );
  1035. $preview_link = add_query_arg( array( 'preview_id' => $post->ID, 'preview_nonce' => $nonce ), $preview_link );
  1036. }
  1037. $preview_link = apply_filters( 'preview_post_link', $preview_link );
  1038. $override = apply_filters( 'override_post_lock', true, $post, $user );
  1039. $tab_last = $override ? '' : ' wp-tab-last';
  1040. ?>
  1041. <div class="post-locked-message">
  1042. <div class="post-locked-avatar"><?php echo get_avatar( $user->ID, 64 ); ?></div>
  1043. <p class="currently-editing wp-tab-first" tabindex="0"><?php esc_html_e( sprintf( __( 'This content is currently locked. If you take over, %s will be blocked from continuing to edit.' ), $user->display_name ) ); ?></p>
  1044. <?php do_action( 'post_lock_text', $post ); ?>
  1045. <p>
  1046. <a class="button" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a>
  1047. <a class="button<?php echo $tab_last; ?>" href="<?php echo esc_url( $preview_link ); ?>"><?php _e('Preview'); ?></a>
  1048. <?php
  1049. // Allow plugins to prevent some users overriding the post lock
  1050. if ( $override ) {
  1051. ?>
  1052. <a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', get_edit_post_link( $post->ID, 'url' ) ) ); ?>"><?php _e('Take over'); ?></a>
  1053. <?php
  1054. }
  1055. ?>
  1056. </p>
  1057. </div>
  1058. <?php
  1059. } else {
  1060. ?>
  1061. <div class="post-taken-over">
  1062. <div class="post-locked-avatar"></div>
  1063. <p class="wp-tab-first" tabindex="0">
  1064. <span class="currently-editing"></span><br>
  1065. <span class="locked-saving hidden"><img src="images/wpspin_light-2x.gif" width="16" height="16" /> <?php _e('Saving revision...'); ?></span>
  1066. <span class="locked-saved hidden"><?php _e('Your latest changes were saved as a revision.'); ?></span>
  1067. </p>
  1068. <?php do_action( 'post_lock_text', $post ); ?>
  1069. <p><a class="button button-primary wp-tab-last" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a></p>
  1070. </div>
  1071. <?php
  1072. }
  1073. ?>
  1074. </div>
  1075. </div>
  1076. <?php
  1077. }
  1078. /**
  1079. * Creates autosave data for the specified post from $_POST data.
  1080. *
  1081. * @package WordPress
  1082. * @subpackage Post_Revisions
  1083. * @since 2.6.0
  1084. *
  1085. * @uses _wp_translate_postdata()
  1086. * @uses _wp_post_revision_fields()
  1087. *
  1088. * @return unknown
  1089. */
  1090. function wp_create_post_autosave( $post_id ) {
  1091. $translated = _wp_translate_postdata( true );
  1092. if ( is_wp_error( $translated ) )
  1093. return $translated;
  1094. $post_author = get_current_user_id();
  1095. // Store one autosave per author. If there is already an autosave, overwrite it.
  1096. if ( $old_autosave = wp_get_post_autosave( $post_id, $post_author ) ) {
  1097. $new_autosave = _wp_post_revision_fields( $_POST, true );
  1098. $new_autosave['ID'] = $old_autosave->ID;
  1099. $new_autosave['post_author'] = $post_author;
  1100. return wp_update_post( $new_autosave );
  1101. }
  1102. // _wp_put_post_revision() expects unescaped.
  1103. $_POST = wp_unslash($_POST);
  1104. // Otherwise create the new autosave as a special post revision
  1105. return _wp_put_post_revision( $_POST, true );
  1106. }
  1107. /**
  1108. * Save draft or manually autosave for showing preview.
  1109. *
  1110. * @package WordPress
  1111. * @since 2.7.0
  1112. *
  1113. * @uses get_post_status()
  1114. * @uses edit_post()
  1115. * @uses get_post()
  1116. * @uses current_user_can()
  1117. * @uses wp_die()
  1118. * @uses wp_create_post_autosave()
  1119. * @uses add_query_arg()
  1120. * @uses wp_create_nonce()
  1121. *
  1122. * @return str URL to redirect to show the preview
  1123. */
  1124. function post_preview() {
  1125. $post_ID = (int) $_POST['post_ID'];
  1126. $status = get_post_status( $post_ID );
  1127. if ( 'auto-draft' == $status )
  1128. wp_die( __('Preview not available. Please save as a draft first.') );
  1129. if ( isset($_POST['catslist']) )
  1130. $_POST['post_category'] = explode(",", $_POST['catslist']);
  1131. if ( isset($_POST['tags_input']) )
  1132. $_POST['tags_input'] = explode(",", $_POST['tags_input']);
  1133. if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
  1134. unset($_POST['post_category']);
  1135. $_POST['ID'] = $post_ID;
  1136. $post = get_post($post_ID);
  1137. if ( 'page' == $post->post_type ) {
  1138. if ( ! current_user_can('edit_page', $post_ID) )
  1139. wp_die( __('You are not allowed to edit this page.') );
  1140. } else {
  1141. if ( ! current_user_can('edit_post', $post_ID) )
  1142. wp_die( __('You are not allowed to edit this post.') );
  1143. }
  1144. $user_id = get_current_user_id();
  1145. $locked = wp_check_post_lock( $post->ID );
  1146. if ( ! $locked && 'draft' == $post->post_status && $user_id == $post->post_author ) {
  1147. $id = edit_post();
  1148. } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
  1149. $id = wp_create_post_autosave( $post->ID );
  1150. if ( ! is_wp_error($id) )
  1151. $id = $post->ID;
  1152. }
  1153. if ( is_wp_error($id) )
  1154. wp_die( $id->get_error_message() );
  1155. if ( ! $locked && $_POST['post_status'] == 'draft' && $user_id == $post->post_author ) {
  1156. $url = add_query_arg( 'preview', 'true', get_permalink($id) );
  1157. } else {
  1158. $nonce = wp_create_nonce('post_preview_' . $id);
  1159. $args = array(
  1160. 'preview' => 'true',
  1161. 'preview_id' => $id,
  1162. 'preview_nonce' => $nonce,
  1163. );
  1164. if ( isset( $_POST['post_format'] ) )
  1165. $args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] );
  1166. $url = add_query_arg( $args, get_permalink($id) );
  1167. }
  1168. return apply_filters( 'preview_post_link', $url );
  1169. }