PageRenderTime 67ms CodeModel.GetById 16ms app.highlight 40ms RepoModel.GetById 0ms app.codeStats 0ms

/wp-admin/includes/ajax-actions.php

https://github.com/sharpmachine/wakeupmedia.com
PHP | 1640 lines | 1271 code | 320 blank | 49 comment | 353 complexity | 95af43d29d2ec04d087fb722d2d456ce MD5 | raw file
   1<?php
   2/**
   3 * WordPress Core Ajax Handlers.
   4 *
   5 * @package WordPress
   6 * @subpackage Administration
   7 */
   8
   9/*
  10 * No-privilege Ajax handlers.
  11 */
  12
  13function wp_ajax_nopriv_autosave() {
  14	$id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0;
  15
  16	if ( ! $id )
  17		wp_die( -1 );
  18
  19	$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
  20	$x = new WP_Ajax_Response( array(
  21		'what' => 'autosave',
  22		'id' => $id,
  23		'data' => $message
  24	) );
  25	$x->send();
  26}
  27
  28/*
  29 * GET-based Ajax handlers.
  30 */
  31function wp_ajax_fetch_list() {
  32	global $current_screen, $wp_list_table;
  33
  34	$list_class = $_GET['list_args']['class'];
  35	check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' );
  36
  37	$current_screen = convert_to_screen( $_GET['list_args']['screen']['id'] );
  38
  39	define( 'WP_NETWORK_ADMIN', $current_screen->is_network );
  40	define( 'WP_USER_ADMIN', $current_screen->is_user );
  41
  42	$wp_list_table = _get_list_table( $list_class );
  43	if ( ! $wp_list_table )
  44		wp_die( 0 );
  45
  46	if ( ! $wp_list_table->ajax_user_can() )
  47		wp_die( -1 );
  48
  49	$wp_list_table->ajax_response();
  50
  51	wp_die( 0 );
  52}
  53function wp_ajax_ajax_tag_search() {
  54	global $wpdb;
  55
  56	if ( isset( $_GET['tax'] ) ) {
  57		$taxonomy = sanitize_key( $_GET['tax'] );
  58		$tax = get_taxonomy( $taxonomy );
  59		if ( ! $tax )
  60			wp_die( 0 );
  61		if ( ! current_user_can( $tax->cap->assign_terms ) )
  62			wp_die( -1 );
  63	} else {
  64		wp_die( 0 );
  65	}
  66
  67	$s = stripslashes( $_GET['q'] );
  68
  69	$comma = _x( ',', 'tag delimiter' );
  70	if ( ',' !== $comma )
  71		$s = str_replace( $comma, ',', $s );
  72	if ( false !== strpos( $s, ',' ) ) {
  73		$s = explode( ',', $s );
  74		$s = $s[count( $s ) - 1];
  75	}
  76	$s = trim( $s );
  77	if ( strlen( $s ) < 2 )
  78		wp_die(); // require 2 chars for matching
  79
  80	$results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
  81
  82	echo join( $results, "\n" );
  83	wp_die();
  84}
  85
  86function wp_ajax_wp_compression_test() {
  87	if ( !current_user_can( 'manage_options' ) )
  88		wp_die( -1 );
  89
  90	if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
  91		update_site_option('can_compress_scripts', 0);
  92		wp_die( 0 );
  93	}
  94
  95	if ( isset($_GET['test']) ) {
  96		header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
  97		header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
  98		header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
  99		header( 'Pragma: no-cache' );
 100		header('Content-Type: application/x-javascript; charset=UTF-8');
 101		$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
 102		$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
 103
 104		 if ( 1 == $_GET['test'] ) {
 105		 	echo $test_str;
 106		 	wp_die();
 107		 } elseif ( 2 == $_GET['test'] ) {
 108			if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
 109				wp_die( -1 );
 110			if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
 111				header('Content-Encoding: deflate');
 112				$out = gzdeflate( $test_str, 1 );
 113			} elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
 114				header('Content-Encoding: gzip');
 115				$out = gzencode( $test_str, 1 );
 116			} else {
 117				wp_die( -1 );
 118			}
 119			echo $out;
 120			wp_die();
 121		} elseif ( 'no' == $_GET['test'] ) {
 122			update_site_option('can_compress_scripts', 0);
 123		} elseif ( 'yes' == $_GET['test'] ) {
 124			update_site_option('can_compress_scripts', 1);
 125		}
 126	}
 127
 128	wp_die( 0 );
 129}
 130
 131function wp_ajax_imgedit_preview() {
 132	$post_id = intval($_GET['postid']);
 133	if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
 134		wp_die( -1 );
 135
 136	check_ajax_referer( "image_editor-$post_id" );
 137
 138	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
 139	if ( ! stream_preview_image($post_id) )
 140		wp_die( -1 );
 141
 142	wp_die();
 143}
 144
 145function wp_ajax_oembed_cache() {
 146	global $wp_embed;
 147
 148	$return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
 149	wp_die( $return );
 150}
 151
 152function wp_ajax_autocomplete_user() {
 153	if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) )
 154		wp_die( -1 );
 155
 156	if ( ! is_super_admin() && ! apply_filters( 'autocomplete_users_for_site_admins', false ) )
 157		wp_die( -1 );
 158
 159	$return = array();
 160
 161	// Check the type of request
 162	if ( isset( $_REQUEST['autocomplete_type'] ) )
 163		$type = $_REQUEST['autocomplete_type'];
 164	else
 165		$type = 'add';
 166
 167	// Exclude current users of this blog
 168	if ( isset( $_REQUEST['site_id'] ) )
 169		$id = absint( $_REQUEST['site_id'] );
 170	else
 171		$id = get_current_blog_id();
 172
 173	$include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
 174	$exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
 175
 176	$users = get_users( array(
 177		'blog_id' => false,
 178		'search'  => '*' . $_REQUEST['term'] . '*',
 179		'include' => $include_blog_users,
 180		'exclude' => $exclude_blog_users,
 181		'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ),
 182	) );
 183
 184	foreach ( $users as $user ) {
 185		$return[] = array(
 186			/* translators: 1: user_login, 2: user_email */
 187			'label' => sprintf( __( '%1$s (%2$s)' ), $user->user_login, $user->user_email ),
 188			'value' => $user->user_login,
 189		);
 190	}
 191
 192	wp_die( json_encode( $return ) );
 193}
 194
 195function wp_ajax_dashboard_widgets() {
 196	require ABSPATH . 'wp-admin/includes/dashboard.php';
 197
 198	switch ( $_GET['widget'] ) {
 199		case 'dashboard_incoming_links' :
 200			wp_dashboard_incoming_links();
 201			break;
 202		case 'dashboard_primary' :
 203			wp_dashboard_primary();
 204			break;
 205		case 'dashboard_secondary' :
 206			wp_dashboard_secondary();
 207			break;
 208		case 'dashboard_plugins' :
 209			wp_dashboard_plugins();
 210			break;
 211	}
 212	wp_die();
 213}
 214
 215function wp_ajax_logged_in() {
 216	wp_die( 1 );
 217}
 218
 219/*
 220 * Ajax helper.
 221 */
 222
 223/**
 224 * Sends back current comment total and new page links if they need to be updated.
 225 *
 226 * Contrary to normal success AJAX response ("1"), die with time() on success.
 227 *
 228 * @since 2.7
 229 *
 230 * @param int $comment_id
 231 * @return die
 232 */
 233function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
 234	$total = (int) @$_POST['_total'];
 235	$per_page = (int) @$_POST['_per_page'];
 236	$page = (int) @$_POST['_page'];
 237	$url = esc_url_raw( @$_POST['_url'] );
 238	// JS didn't send us everything we need to know. Just die with success message
 239	if ( !$total || !$per_page || !$page || !$url )
 240		wp_die( time() );
 241
 242	$total += $delta;
 243	if ( $total < 0 )
 244		$total = 0;
 245
 246	// Only do the expensive stuff on a page-break, and about 1 other time per page
 247	if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) {
 248		$post_id = 0;
 249		$status = 'total_comments'; // What type of comment count are we looking for?
 250		$parsed = parse_url( $url );
 251		if ( isset( $parsed['query'] ) ) {
 252			parse_str( $parsed['query'], $query_vars );
 253			if ( !empty( $query_vars['comment_status'] ) )
 254				$status = $query_vars['comment_status'];
 255			if ( !empty( $query_vars['p'] ) )
 256				$post_id = (int) $query_vars['p'];
 257		}
 258
 259		$comment_count = wp_count_comments($post_id);
 260
 261		if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
 262			$total = $comment_count->$status;
 263			// else use the decremented value from above
 264	}
 265
 266	$time = time(); // The time since the last comment count
 267
 268	$x = new WP_Ajax_Response( array(
 269		'what' => 'comment',
 270		'id' => $comment_id, // here for completeness - not used
 271		'supplemental' => array(
 272			'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ),
 273			'total_pages' => ceil( $total / $per_page ),
 274			'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ),
 275			'total' => $total,
 276			'time' => $time
 277		)
 278	) );
 279	$x->send();
 280}
 281
 282/*
 283 * POST-based Ajax handlers.
 284 */
 285
 286function _wp_ajax_add_hierarchical_term() {
 287	$action = $_POST['action'];
 288	$taxonomy = get_taxonomy(substr($action, 4));
 289	check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
 290	if ( !current_user_can( $taxonomy->cap->edit_terms ) )
 291		wp_die( -1 );
 292	$names = explode(',', $_POST['new'.$taxonomy->name]);
 293	$parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
 294	if ( 0 > $parent )
 295		$parent = 0;
 296	if ( $taxonomy->name == 'category' )
 297		$post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
 298	else
 299		$post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
 300	$checked_categories = array_map( 'absint', (array) $post_category );
 301	$popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
 302
 303	foreach ( $names as $cat_name ) {
 304		$cat_name = trim($cat_name);
 305		$category_nicename = sanitize_title($cat_name);
 306		if ( '' === $category_nicename )
 307			continue;
 308		if ( !$cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) )
 309			$cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
 310		if ( is_wp_error( $cat_id ) )
 311			continue;
 312		else if ( is_array( $cat_id ) )
 313			$cat_id = $cat_id['term_id'];
 314		$checked_categories[] = $cat_id;
 315		if ( $parent ) // Do these all at once in a second
 316			continue;
 317		ob_start();
 318			wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
 319		$data = ob_get_contents();
 320		ob_end_clean();
 321		$add = array(
 322			'what' => $taxonomy->name,
 323			'id' => $cat_id,
 324			'data' => str_replace( array("\n", "\t"), '', $data),
 325			'position' => -1
 326		);
 327	}
 328
 329	if ( $parent ) { // Foncy - replace the parent and all its children
 330		$parent = get_term( $parent, $taxonomy->name );
 331		$term_id = $parent->term_id;
 332
 333		while ( $parent->parent ) { // get the top parent
 334			$parent = &get_term( $parent->parent, $taxonomy->name );
 335			if ( is_wp_error( $parent ) )
 336				break;
 337			$term_id = $parent->term_id;
 338		}
 339
 340		ob_start();
 341			wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
 342		$data = ob_get_contents();
 343		ob_end_clean();
 344		$add = array(
 345			'what' => $taxonomy->name,
 346			'id' => $term_id,
 347			'data' => str_replace( array("\n", "\t"), '', $data),
 348			'position' => -1
 349		);
 350	}
 351
 352	ob_start();
 353		wp_dropdown_categories( array(
 354			'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
 355			'hierarchical' => 1, 'show_option_none' => '&mdash; '.$taxonomy->labels->parent_item.' &mdash;'
 356		) );
 357	$sup = ob_get_contents();
 358	ob_end_clean();
 359	$add['supplemental'] = array( 'newcat_parent' => $sup );
 360
 361	$x = new WP_Ajax_Response( $add );
 362	$x->send();
 363}
 364
 365function wp_ajax_delete_comment() {
 366	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 367
 368	if ( !$comment = get_comment( $id ) )
 369		wp_die( time() );
 370	if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
 371		wp_die( -1 );
 372
 373	check_ajax_referer( "delete-comment_$id" );
 374	$status = wp_get_comment_status( $comment->comment_ID );
 375
 376	$delta = -1;
 377	if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
 378		if ( 'trash' == $status )
 379			wp_die( time() );
 380		$r = wp_trash_comment( $comment->comment_ID );
 381	} elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
 382		if ( 'trash' != $status )
 383			wp_die( time() );
 384		$r = wp_untrash_comment( $comment->comment_ID );
 385		if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash
 386			$delta = 1;
 387	} elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
 388		if ( 'spam' == $status )
 389			wp_die( time() );
 390		$r = wp_spam_comment( $comment->comment_ID );
 391	} elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
 392		if ( 'spam' != $status )
 393			wp_die( time() );
 394		$r = wp_unspam_comment( $comment->comment_ID );
 395		if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam
 396			$delta = 1;
 397	} elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
 398		$r = wp_delete_comment( $comment->comment_ID );
 399	} else {
 400		wp_die( -1 );
 401	}
 402
 403	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
 404		_wp_ajax_delete_comment_response( $comment->comment_ID, $delta );
 405	wp_die( 0 );
 406}
 407
 408function wp_ajax_delete_tag() {
 409	$tag_id = (int) $_POST['tag_ID'];
 410	check_ajax_referer( "delete-tag_$tag_id" );
 411
 412	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
 413	$tax = get_taxonomy($taxonomy);
 414
 415	if ( !current_user_can( $tax->cap->delete_terms ) )
 416		wp_die( -1 );
 417
 418	$tag = get_term( $tag_id, $taxonomy );
 419	if ( !$tag || is_wp_error( $tag ) )
 420		wp_die( 1 );
 421
 422	if ( wp_delete_term($tag_id, $taxonomy))
 423		wp_die( 1 );
 424	else
 425		wp_die( 0 );
 426}
 427
 428function wp_ajax_delete_link() {
 429	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 430
 431	check_ajax_referer( "delete-bookmark_$id" );
 432	if ( !current_user_can( 'manage_links' ) )
 433		wp_die( -1 );
 434
 435	$link = get_bookmark( $id );
 436	if ( !$link || is_wp_error( $link ) )
 437		wp_die( 1 );
 438
 439	if ( wp_delete_link( $id ) )
 440		wp_die( 1 );
 441	else
 442		wp_die( 0 );
 443}
 444
 445function wp_ajax_delete_meta() {
 446	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 447
 448	check_ajax_referer( "delete-meta_$id" );
 449	if ( !$meta = get_metadata_by_mid( 'post', $id ) )
 450		wp_die( 1 );
 451
 452	if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta',  $meta->post_id, $meta->meta_key ) )
 453		wp_die( -1 );
 454	if ( delete_meta( $meta->meta_id ) )
 455		wp_die( 1 );
 456	wp_die( 0 );
 457}
 458
 459function wp_ajax_delete_post( $action ) {
 460	if ( empty( $action ) )
 461		$action = 'delete-post';
 462	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 463
 464	check_ajax_referer( "{$action}_$id" );
 465	if ( !current_user_can( 'delete_post', $id ) )
 466		wp_die( -1 );
 467
 468	if ( !get_post( $id ) )
 469		wp_die( 1 );
 470
 471	if ( wp_delete_post( $id ) )
 472		wp_die( 1 );
 473	else
 474		wp_die( 0 );
 475}
 476
 477function wp_ajax_trash_post( $action ) {
 478	if ( empty( $action ) )
 479		$action = 'trash-post';
 480	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 481
 482	check_ajax_referer( "{$action}_$id" );
 483	if ( !current_user_can( 'delete_post', $id ) )
 484		wp_die( -1 );
 485
 486	if ( !get_post( $id ) )
 487		wp_die( 1 );
 488
 489	if ( 'trash-post' == $action )
 490		$done = wp_trash_post( $id );
 491	else
 492		$done = wp_untrash_post( $id );
 493
 494	if ( $done )
 495		wp_die( 1 );
 496
 497	wp_die( 0 );
 498}
 499
 500function wp_ajax_untrash_post( $action ) {
 501	if ( empty( $action ) )
 502		$action = 'untrash-post';
 503	wp_ajax_trash_post( $action );
 504}
 505
 506function wp_ajax_delete_page( $action ) {
 507	if ( empty( $action ) )
 508		$action = 'delete-page';
 509	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 510
 511	check_ajax_referer( "{$action}_$id" );
 512	if ( !current_user_can( 'delete_page', $id ) )
 513		wp_die( -1 );
 514
 515	if ( !get_page( $id ) )
 516		wp_die( 1 );
 517
 518	if ( wp_delete_post( $id ) )
 519		wp_die( 1 );
 520	else
 521		wp_die( 0 );
 522}
 523
 524function wp_ajax_dim_comment() {
 525	$id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
 526
 527	if ( !$comment = get_comment( $id ) ) {
 528		$x = new WP_Ajax_Response( array(
 529			'what' => 'comment',
 530			'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
 531		) );
 532		$x->send();
 533	}
 534
 535	if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) )
 536		wp_die( -1 );
 537
 538	$current = wp_get_comment_status( $comment->comment_ID );
 539	if ( $_POST['new'] == $current )
 540		wp_die( time() );
 541
 542	check_ajax_referer( "approve-comment_$id" );
 543	if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
 544		$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
 545	else
 546		$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
 547
 548	if ( is_wp_error($result) ) {
 549		$x = new WP_Ajax_Response( array(
 550			'what' => 'comment',
 551			'id' => $result
 552		) );
 553		$x->send();
 554	}
 555
 556	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
 557	_wp_ajax_delete_comment_response( $comment->comment_ID );
 558	wp_die( 0 );
 559}
 560
 561function wp_ajax_add_link_category( $action ) {
 562	if ( empty( $action ) )
 563		$action = 'add-link-category';
 564	check_ajax_referer( $action );
 565	if ( !current_user_can( 'manage_categories' ) )
 566		wp_die( -1 );
 567	$names = explode(',', $_POST['newcat']);
 568	$x = new WP_Ajax_Response();
 569	foreach ( $names as $cat_name ) {
 570		$cat_name = trim($cat_name);
 571		$slug = sanitize_title($cat_name);
 572		if ( '' === $slug )
 573			continue;
 574		if ( !$cat_id = term_exists( $cat_name, 'link_category' ) )
 575			$cat_id = wp_insert_term( $cat_name, 'link_category' );
 576		if ( is_wp_error( $cat_id ) )
 577			continue;
 578		else if ( is_array( $cat_id ) )
 579			$cat_id = $cat_id['term_id'];
 580		$cat_name = esc_html(stripslashes($cat_name));
 581		$x->add( array(
 582			'what' => 'link-category',
 583			'id' => $cat_id,
 584			'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
 585			'position' => -1
 586		) );
 587	}
 588	$x->send();
 589}
 590
 591function wp_ajax_add_tag() {
 592	global $wp_list_table;
 593
 594	check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
 595	$post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
 596	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
 597	$tax = get_taxonomy($taxonomy);
 598
 599	if ( !current_user_can( $tax->cap->edit_terms ) )
 600		wp_die( -1 );
 601
 602	$x = new WP_Ajax_Response();
 603
 604	$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
 605
 606	if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
 607		$message = __('An error has occurred. Please reload the page and try again.');
 608		if ( is_wp_error($tag) && $tag->get_error_message() )
 609			$message = $tag->get_error_message();
 610
 611		$x->add( array(
 612			'what' => 'taxonomy',
 613			'data' => new WP_Error('error', $message )
 614		) );
 615		$x->send();
 616	}
 617
 618	set_current_screen( $_POST['screen'] );
 619
 620	$wp_list_table = _get_list_table('WP_Terms_List_Table');
 621
 622	$level = 0;
 623	if ( is_taxonomy_hierarchical($taxonomy) ) {
 624		$level = count( get_ancestors( $tag->term_id, $taxonomy ) );
 625		ob_start();
 626		$wp_list_table->single_row( $tag, $level );
 627		$noparents = ob_get_clean();
 628	}
 629
 630	ob_start();
 631	$wp_list_table->single_row( $tag );
 632	$parents = ob_get_clean();
 633
 634	$x->add( array(
 635		'what' => 'taxonomy',
 636		'supplemental' => compact('parents', 'noparents')
 637		) );
 638	$x->add( array(
 639		'what' => 'term',
 640		'position' => $level,
 641		'supplemental' => (array) $tag
 642		) );
 643	$x->send();
 644}
 645
 646function wp_ajax_get_tagcloud() {
 647	if ( isset( $_POST['tax'] ) ) {
 648		$taxonomy = sanitize_key( $_POST['tax'] );
 649		$tax = get_taxonomy( $taxonomy );
 650		if ( ! $tax )
 651			wp_die( 0 );
 652		if ( ! current_user_can( $tax->cap->assign_terms ) )
 653			wp_die( -1 );
 654	} else {
 655		wp_die( 0 );
 656	}
 657
 658	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
 659
 660	if ( empty( $tags ) )
 661		wp_die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
 662
 663	if ( is_wp_error( $tags ) )
 664		wp_die( $tags->get_error_message() );
 665
 666	foreach ( $tags as $key => $tag ) {
 667		$tags[ $key ]->link = '#';
 668		$tags[ $key ]->id = $tag->term_id;
 669	}
 670
 671	// We need raw tag names here, so don't filter the output
 672	$return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
 673
 674	if ( empty($return) )
 675		wp_die( 0 );
 676
 677	echo $return;
 678
 679	wp_die();
 680}
 681
 682function wp_ajax_get_comments( $action ) {
 683	global $wp_list_table, $post_id;
 684	if ( empty( $action ) )
 685		$action = 'get-comments';
 686
 687	check_ajax_referer( $action );
 688
 689	set_current_screen( 'edit-comments' );
 690
 691	$wp_list_table = _get_list_table('WP_Post_Comments_List_Table');
 692
 693	if ( !current_user_can( 'edit_post', $post_id ) )
 694		wp_die( -1 );
 695
 696	$wp_list_table->prepare_items();
 697
 698	if ( !$wp_list_table->has_items() )
 699		wp_die( 1 );
 700
 701	$x = new WP_Ajax_Response();
 702	ob_start();
 703	foreach ( $wp_list_table->items as $comment ) {
 704		if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
 705			continue;
 706		get_comment( $comment );
 707		$wp_list_table->single_row( $comment );
 708	}
 709	$comment_list_item = ob_get_contents();
 710	ob_end_clean();
 711
 712	$x->add( array(
 713		'what' => 'comments',
 714		'data' => $comment_list_item
 715	) );
 716	$x->send();
 717}
 718
 719function wp_ajax_replyto_comment( $action ) {
 720	global $wp_list_table, $wpdb;
 721	if ( empty( $action ) )
 722		$action = 'replyto-comment';
 723
 724	check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
 725
 726	set_current_screen( 'edit-comments' );
 727
 728	$comment_post_ID = (int) $_POST['comment_post_ID'];
 729	if ( !current_user_can( 'edit_post', $comment_post_ID ) )
 730		wp_die( -1 );
 731
 732	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
 733
 734	if ( empty($status) )
 735		wp_die( 1 );
 736	elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
 737		wp_die( __('ERROR: you are replying to a comment on a draft post.') );
 738
 739	$user = wp_get_current_user();
 740	if ( $user->exists() ) {
 741		$user_ID = $user->ID;
 742		$comment_author       = $wpdb->escape($user->display_name);
 743		$comment_author_email = $wpdb->escape($user->user_email);
 744		$comment_author_url   = $wpdb->escape($user->user_url);
 745		$comment_content      = trim($_POST['content']);
 746		if ( current_user_can( 'unfiltered_html' ) ) {
 747			if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
 748				kses_remove_filters(); // start with a clean slate
 749				kses_init_filters(); // set up the filters
 750			}
 751		}
 752	} else {
 753		wp_die( __( 'Sorry, you must be logged in to reply to a comment.' ) );
 754	}
 755
 756	if ( '' == $comment_content )
 757		wp_die( __( 'ERROR: please type a comment.' ) );
 758
 759	$comment_parent = absint($_POST['comment_ID']);
 760	$comment_auto_approved = false;
 761	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
 762
 763	$comment_id = wp_new_comment( $commentdata );
 764	$comment = get_comment($comment_id);
 765	if ( ! $comment ) wp_die( 1 );
 766
 767	$position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
 768
 769	// automatically approve parent comment
 770	if ( !empty($_POST['approve_parent']) ) {
 771		$parent = get_comment( $comment_parent );
 772
 773		if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) {
 774			if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) )
 775				$comment_auto_approved = true;
 776		}
 777	}
 778
 779	ob_start();
 780		if ( 'dashboard' == $_REQUEST['mode'] ) {
 781			require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
 782			_wp_dashboard_recent_comments_row( $comment );
 783		} else {
 784			if ( 'single' == $_REQUEST['mode'] ) {
 785				$wp_list_table = _get_list_table('WP_Post_Comments_List_Table');
 786			} else {
 787				$wp_list_table = _get_list_table('WP_Comments_List_Table');
 788			}
 789			$wp_list_table->single_row( $comment );
 790		}
 791		$comment_list_item = ob_get_contents();
 792	ob_end_clean();
 793
 794	$response =  array(
 795		'what' => 'comment',
 796		'id' => $comment->comment_ID,
 797		'data' => $comment_list_item,
 798		'position' => $position
 799	);
 800
 801	if ( $comment_auto_approved )
 802		$response['supplemental'] = array( 'parent_approved' => $parent->comment_ID );
 803
 804	$x = new WP_Ajax_Response();
 805	$x->add( $response );
 806	$x->send();
 807}
 808
 809function wp_ajax_edit_comment() {
 810	global $wp_list_table;
 811
 812	check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
 813
 814	set_current_screen( 'edit-comments' );
 815
 816	$comment_id = (int) $_POST['comment_ID'];
 817	if ( ! current_user_can( 'edit_comment', $comment_id ) )
 818		wp_die( -1 );
 819
 820	if ( '' == $_POST['content'] )
 821		wp_die( __( 'ERROR: please type a comment.' ) );
 822
 823	$_POST['comment_status'] = $_POST['status'];
 824	edit_comment();
 825
 826	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
 827	$comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
 828
 829	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
 830	$wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' );
 831
 832	$comment = get_comment( $comment_id );
 833
 834	ob_start();
 835		$wp_list_table->single_row( $comment );
 836		$comment_list_item = ob_get_contents();
 837	ob_end_clean();
 838
 839	$x = new WP_Ajax_Response();
 840
 841	$x->add( array(
 842		'what' => 'edit_comment',
 843		'id' => $comment->comment_ID,
 844		'data' => $comment_list_item,
 845		'position' => $position
 846	));
 847
 848	$x->send();
 849}
 850
 851function wp_ajax_add_menu_item() {
 852	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
 853
 854	if ( ! current_user_can( 'edit_theme_options' ) )
 855		wp_die( -1 );
 856
 857	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
 858
 859	// For performance reasons, we omit some object properties from the checklist.
 860	// The following is a hacky way to restore them when adding non-custom items.
 861
 862	$menu_items_data = array();
 863	foreach ( (array) $_POST['menu-item'] as $menu_item_data ) {
 864		if (
 865			! empty( $menu_item_data['menu-item-type'] ) &&
 866			'custom' != $menu_item_data['menu-item-type'] &&
 867			! empty( $menu_item_data['menu-item-object-id'] )
 868		) {
 869			switch( $menu_item_data['menu-item-type'] ) {
 870				case 'post_type' :
 871					$_object = get_post( $menu_item_data['menu-item-object-id'] );
 872				break;
 873
 874				case 'taxonomy' :
 875					$_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] );
 876				break;
 877			}
 878
 879			$_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) );
 880			$_menu_item = array_shift( $_menu_items );
 881
 882			// Restore the missing menu item properties
 883			$menu_item_data['menu-item-description'] = $_menu_item->description;
 884		}
 885
 886		$menu_items_data[] = $menu_item_data;
 887	}
 888
 889	$item_ids = wp_save_nav_menu_items( 0, $menu_items_data );
 890	if ( is_wp_error( $item_ids ) )
 891		wp_die( 0 );
 892
 893	$menu_items = array();
 894
 895	foreach ( (array) $item_ids as $menu_item_id ) {
 896		$menu_obj = get_post( $menu_item_id );
 897		if ( ! empty( $menu_obj->ID ) ) {
 898			$menu_obj = wp_setup_nav_menu_item( $menu_obj );
 899			$menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
 900			$menu_items[] = $menu_obj;
 901		}
 902	}
 903
 904	$walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] );
 905
 906	if ( ! class_exists( $walker_class_name ) )
 907		wp_die( 0 );
 908
 909	if ( ! empty( $menu_items ) ) {
 910		$args = array(
 911			'after' => '',
 912			'before' => '',
 913			'link_after' => '',
 914			'link_before' => '',
 915			'walker' => new $walker_class_name,
 916		);
 917		echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
 918	}
 919}
 920
 921function wp_ajax_add_meta() {
 922	check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
 923	$c = 0;
 924	$pid = (int) $_POST['post_id'];
 925	$post = get_post( $pid );
 926
 927	if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
 928		if ( !current_user_can( 'edit_post', $pid ) )
 929			wp_die( -1 );
 930		if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
 931			wp_die( 1 );
 932		if ( $post->post_status == 'auto-draft' ) {
 933			$save_POST = $_POST; // Backup $_POST
 934			$_POST = array(); // Make it empty for edit_post()
 935			$_POST['action'] = 'draft'; // Warning fix
 936			$_POST['post_ID'] = $pid;
 937			$_POST['post_type'] = $post->post_type;
 938			$_POST['post_status'] = 'draft';
 939			$now = current_time('timestamp', 1);
 940			$_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
 941
 942			if ( $pid = edit_post() ) {
 943				if ( is_wp_error( $pid ) ) {
 944					$x = new WP_Ajax_Response( array(
 945						'what' => 'meta',
 946						'data' => $pid
 947					) );
 948					$x->send();
 949				}
 950				$_POST = $save_POST; // Now we can restore original $_POST again
 951				if ( !$mid = add_meta( $pid ) )
 952					wp_die( __( 'Please provide a custom field value.' ) );
 953			} else {
 954				wp_die( 0 );
 955			}
 956		} else if ( !$mid = add_meta( $pid ) ) {
 957			wp_die( __( 'Please provide a custom field value.' ) );
 958		}
 959
 960		$meta = get_metadata_by_mid( 'post', $mid );
 961		$pid = (int) $meta->post_id;
 962		$meta = get_object_vars( $meta );
 963		$x = new WP_Ajax_Response( array(
 964			'what' => 'meta',
 965			'id' => $mid,
 966			'data' => _list_meta_row( $meta, $c ),
 967			'position' => 1,
 968			'supplemental' => array('postid' => $pid)
 969		) );
 970	} else { // Update?
 971		$mid = (int) key( $_POST['meta'] );
 972		$key = stripslashes( $_POST['meta'][$mid]['key'] );
 973		$value = stripslashes( $_POST['meta'][$mid]['value'] );
 974		if ( '' == trim($key) )
 975			wp_die( __( 'Please provide a custom field name.' ) );
 976		if ( '' == trim($value) )
 977			wp_die( __( 'Please provide a custom field value.' ) );
 978		if ( ! $meta = get_metadata_by_mid( 'post', $mid ) )
 979			wp_die( 0 ); // if meta doesn't exist
 980		if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) ||
 981			! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ||
 982			! current_user_can( 'edit_post_meta', $meta->post_id, $key ) )
 983			wp_die( -1 );
 984		if ( $meta->meta_value != $value || $meta->meta_key != $key ) {
 985			if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) )
 986				wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
 987		}
 988
 989		$x = new WP_Ajax_Response( array(
 990			'what' => 'meta',
 991			'id' => $mid, 'old_id' => $mid,
 992			'data' => _list_meta_row( array(
 993				'meta_key' => $key,
 994				'meta_value' => $value,
 995				'meta_id' => $mid
 996			), $c ),
 997			'position' => 0,
 998			'supplemental' => array('postid' => $meta->post_id)
 999		) );
1000	}
1001	$x->send();
1002}
1003
1004function wp_ajax_add_user( $action ) {
1005	global $wp_list_table;
1006	if ( empty( $action ) )
1007		$action = 'add-user';
1008
1009	check_ajax_referer( $action );
1010	if ( ! current_user_can('create_users') )
1011		wp_die( -1 );
1012	if ( ! $user_id = edit_user() ) {
1013		wp_die( 0 );
1014	} elseif ( is_wp_error( $user_id ) ) {
1015		$x = new WP_Ajax_Response( array(
1016			'what' => 'user',
1017			'id' => $user_id
1018		) );
1019		$x->send();
1020	}
1021	$user_object = new WP_User( $user_id );
1022
1023	$wp_list_table = _get_list_table('WP_Users_List_Table');
1024
1025	$x = new WP_Ajax_Response( array(
1026		'what' => 'user',
1027		'id' => $user_id,
1028		'data' => $wp_list_table->single_row( $user_object, '', $user_object->roles[0] ),
1029		'supplemental' => array(
1030			'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
1031			'role' => $user_object->roles[0]
1032		)
1033	) );
1034	$x->send();
1035}
1036
1037function wp_ajax_autosave() {
1038	global $login_grace_period;
1039
1040	define( 'DOING_AUTOSAVE', true );
1041
1042	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
1043
1044	$_POST['post_category'] = explode(",", $_POST['catslist']);
1045	if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
1046		unset($_POST['post_category']);
1047
1048	$do_autosave = (bool) $_POST['autosave'];
1049	$do_lock = true;
1050
1051	$data = $alert = '';
1052	/* translators: draft saved date format, see http://php.net/date */
1053	$draft_saved_date_format = __('g:i:s a');
1054	/* translators: %s: date and time */
1055	$message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
1056
1057	$supplemental = array();
1058	if ( isset($login_grace_period) )
1059		$alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) );
1060
1061	$id = $revision_id = 0;
1062
1063	$post_ID = (int) $_POST['post_ID'];
1064	$_POST['ID'] = $post_ID;
1065	$post = get_post($post_ID);
1066	if ( 'auto-draft' == $post->post_status )
1067		$_POST['post_status'] = 'draft';
1068
1069	if ( $last = wp_check_post_lock( $post->ID ) ) {
1070		$do_autosave = $do_lock = false;
1071
1072		$last_user = get_userdata( $last );
1073		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1074		$data = __( 'Autosave disabled.' );
1075
1076		$supplemental['disable_autosave'] = 'disable';
1077		$alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) );
1078	}
1079
1080	if ( 'page' == $post->post_type ) {
1081		if ( !current_user_can('edit_page', $post_ID) )
1082			wp_die( __( 'You are not allowed to edit this page.' ) );
1083	} else {
1084		if ( !current_user_can('edit_post', $post_ID) )
1085			wp_die( __( 'You are not allowed to edit this post.' ) );
1086	}
1087
1088	if ( $do_autosave ) {
1089		// Drafts and auto-drafts are just overwritten by autosave
1090		if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) {
1091			$id = edit_post();
1092		} else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
1093			$revision_id = wp_create_post_autosave( $post->ID );
1094			if ( is_wp_error($revision_id) )
1095				$id = $revision_id;
1096			else
1097				$id = $post->ID;
1098		}
1099		$data = $message;
1100	} else {
1101		if ( ! empty( $_POST['auto_draft'] ) )
1102			$id = 0; // This tells us it didn't actually save
1103		else
1104			$id = $post->ID;
1105	}
1106
1107	if ( $do_lock && empty( $_POST['auto_draft'] ) && $id && is_numeric( $id ) ) {
1108		$lock_result = wp_set_post_lock( $id );
1109		$supplemental['active-post-lock'] = implode( ':', $lock_result );
1110	}
1111
1112	if ( $nonce_age == 2 ) {
1113		$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1114		$supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1115		$supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1116		$supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1117		$supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' );
1118		if ( $id ) {
1119			if ( $_POST['post_type'] == 'post' )
1120				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1121			elseif ( $_POST['post_type'] == 'page' )
1122				$supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1123		}
1124	}
1125
1126	if ( ! empty($alert) )
1127		$supplemental['alert'] = $alert;
1128
1129	$x = new WP_Ajax_Response( array(
1130		'what' => 'autosave',
1131		'id' => $id,
1132		'data' => $id ? $data : '',
1133		'supplemental' => $supplemental
1134	) );
1135	$x->send();
1136}
1137
1138function wp_ajax_closed_postboxes() {
1139	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1140	$closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1141	$closed = array_filter($closed);
1142
1143	$hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1144	$hidden = array_filter($hidden);
1145
1146	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1147
1148	if ( $page != sanitize_key( $page ) )
1149		wp_die( 0 );
1150
1151	if ( ! $user = wp_get_current_user() )
1152		wp_die( -1 );
1153
1154	if ( is_array($closed) )
1155		update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1156
1157	if ( is_array($hidden) ) {
1158		$hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1159		update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1160	}
1161
1162	wp_die( 1 );
1163}
1164
1165function wp_ajax_hidden_columns() {
1166	check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1167	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1168	$hidden = explode( ',', $_POST['hidden'] );
1169	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1170
1171	if ( $page != sanitize_key( $page ) )
1172		wp_die( 0 );
1173
1174	if ( ! $user = wp_get_current_user() )
1175		wp_die( -1 );
1176
1177	if ( is_array($hidden) )
1178		update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1179
1180	wp_die( 1 );
1181}
1182
1183function wp_ajax_update_welcome_panel() {
1184	check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' );
1185
1186	if ( ! current_user_can( 'edit_theme_options' ) )
1187		wp_die( -1 );
1188
1189	update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 );
1190
1191	wp_die( 1 );
1192}
1193
1194function wp_ajax_menu_get_metabox() {
1195	if ( ! current_user_can( 'edit_theme_options' ) )
1196		wp_die( -1 );
1197
1198	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1199
1200	if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1201		$type = 'posttype';
1202		$callback = 'wp_nav_menu_item_post_type_meta_box';
1203		$items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1204	} elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1205		$type = 'taxonomy';
1206		$callback = 'wp_nav_menu_item_taxonomy_meta_box';
1207		$items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1208	}
1209
1210	if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1211		$item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1212		ob_start();
1213		call_user_func_array($callback, array(
1214			null,
1215			array(
1216				'id' => 'add-' . $item->name,
1217				'title' => $item->labels->name,
1218				'callback' => $callback,
1219				'args' => $item,
1220			)
1221		));
1222
1223		$markup = ob_get_clean();
1224
1225		echo json_encode(array(
1226			'replace-id' => $type . '-' . $item->name,
1227			'markup' => $markup,
1228		));
1229	}
1230
1231	wp_die();
1232}
1233
1234function wp_ajax_wp_link_ajax() {
1235	check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' );
1236
1237	$args = array();
1238
1239	if ( isset( $_POST['search'] ) )
1240		$args['s'] = stripslashes( $_POST['search'] );
1241	$args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
1242
1243	require(ABSPATH . WPINC . '/class-wp-editor.php');
1244	$results = _WP_Editors::wp_link_query( $args );
1245
1246	if ( ! isset( $results ) )
1247		wp_die( 0 );
1248
1249	echo json_encode( $results );
1250	echo "\n";
1251
1252	wp_die();
1253}
1254
1255function wp_ajax_menu_locations_save() {
1256	if ( ! current_user_can( 'edit_theme_options' ) )
1257		wp_die( -1 );
1258	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1259	if ( ! isset( $_POST['menu-locations'] ) )
1260		wp_die( 0 );
1261	set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) );
1262	wp_die( 1 );
1263}
1264
1265function wp_ajax_meta_box_order() {
1266	check_ajax_referer( 'meta-box-order' );
1267	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1268	$page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto';
1269
1270	if ( $page_columns != 'auto' )
1271		$page_columns = (int) $page_columns;
1272
1273	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1274
1275	if ( $page != sanitize_key( $page ) )
1276		wp_die( 0 );
1277
1278	if ( ! $user = wp_get_current_user() )
1279		wp_die( -1 );
1280
1281	if ( $order )
1282		update_user_option($user->ID, "meta-box-order_$page", $order, true);
1283
1284	if ( $page_columns )
1285		update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1286
1287	wp_die( 1 );
1288}
1289
1290function wp_ajax_menu_quick_search() {
1291	if ( ! current_user_can( 'edit_theme_options' ) )
1292		wp_die( -1 );
1293
1294	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1295
1296	_wp_ajax_menu_quick_search( $_POST );
1297
1298	wp_die();
1299}
1300
1301function wp_ajax_get_permalink() {
1302	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1303	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1304	wp_die( add_query_arg( array( 'preview' => 'true' ), get_permalink( $post_id ) ) );
1305}
1306
1307function wp_ajax_sample_permalink() {
1308	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1309	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1310	$title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1311	$slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1312	wp_die( get_sample_permalink_html( $post_id, $title, $slug ) );
1313}
1314
1315function wp_ajax_inline_save() {
1316	global $wp_list_table;
1317
1318	check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1319
1320	if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1321		wp_die();
1322
1323	if ( 'page' == $_POST['post_type'] ) {
1324		if ( ! current_user_can( 'edit_page', $post_ID ) )
1325			wp_die( __( 'You are not allowed to edit this page.' ) );
1326	} else {
1327		if ( ! current_user_can( 'edit_post', $post_ID ) )
1328			wp_die( __( 'You are not allowed to edit this post.' ) );
1329	}
1330
1331	set_current_screen( $_POST['screen'] );
1332
1333	if ( $last = wp_check_post_lock( $post_ID ) ) {
1334		$last_user = get_userdata( $last );
1335		$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1336		printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ),	esc_html( $last_user_name ) );
1337		wp_die();
1338	}
1339
1340	$data = &$_POST;
1341
1342	$post = get_post( $post_ID, ARRAY_A );
1343	$post = add_magic_quotes($post); //since it is from db
1344
1345	$data['content'] = $post['post_content'];
1346	$data['excerpt'] = $post['post_excerpt'];
1347
1348	// rename
1349	$data['user_ID'] = $GLOBALS['user_ID'];
1350
1351	if ( isset($data['post_parent']) )
1352		$data['parent_id'] = $data['post_parent'];
1353
1354	// status
1355	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1356		$data['post_status'] = 'private';
1357	else
1358		$data['post_status'] = $data['_status'];
1359
1360	if ( empty($data['comment_status']) )
1361		$data['comment_status'] = 'closed';
1362	if ( empty($data['ping_status']) )
1363		$data['ping_status'] = 'closed';
1364
1365	// update the post
1366	edit_post();
1367
1368	$wp_list_table = _get_list_table('WP_Posts_List_Table');
1369
1370	$mode = $_POST['post_view'];
1371	$wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) );
1372
1373	wp_die();
1374}
1375
1376function wp_ajax_inline_save_tax() {
1377	global $wp_list_table;
1378
1379	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1380
1381	$taxonomy = sanitize_key( $_POST['taxonomy'] );
1382	$tax = get_taxonomy( $taxonomy );
1383	if ( ! $tax )
1384		wp_die( 0 );
1385
1386	if ( ! current_user_can( $tax->cap->edit_terms ) )
1387		wp_die( -1 );
1388
1389	set_current_screen( 'edit-' . $taxonomy );
1390
1391	$wp_list_table = _get_list_table('WP_Terms_List_Table');
1392
1393	if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1394		wp_die( -1 );
1395
1396	$tag = get_term( $id, $taxonomy );
1397	$_POST['description'] = $tag->description;
1398
1399	$updated = wp_update_term($id, $taxonomy, $_POST);
1400	if ( $updated && !is_wp_error($updated) ) {
1401		$tag = get_term( $updated['term_id'], $taxonomy );
1402		if ( !$tag || is_wp_error( $tag ) ) {
1403			if ( is_wp_error($tag) && $tag->get_error_message() )
1404				wp_die( $tag->get_error_message() );
1405			wp_die( __( 'Item not updated.' ) );
1406		}
1407
1408		echo $wp_list_table->single_row( $tag );
1409	} else {
1410		if ( is_wp_error($updated) && $updated->get_error_message() )
1411			wp_die( $updated->get_error_message() );
1412		wp_die( __( 'Item not updated.' ) );
1413	}
1414
1415	wp_die();
1416}
1417
1418function wp_ajax_find_posts() {
1419	global $wpdb;
1420
1421	check_ajax_referer( 'find-posts' );
1422
1423	if ( empty($_POST['ps']) )
1424		wp_die();
1425
1426	if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) )
1427		$what = $_POST['post_type'];
1428	else
1429		$what = 'post';
1430
1431	$s = stripslashes($_POST['ps']);
1432	preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1433	$search_terms = array_map('_search_terms_tidy', $matches[0]);
1434
1435	$searchand = $search = '';
1436	foreach ( (array) $search_terms as $term ) {
1437		$term = esc_sql( like_escape( $term ) );
1438		$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1439		$searchand = ' AND ';
1440	}
1441	$term = esc_sql( like_escape( $s ) );
1442	if ( count($search_terms) > 1 && $search_terms[0] != $s )
1443		$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1444
1445	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
1446
1447	if ( ! $posts ) {
1448		$posttype = get_post_type_object($what);
1449		wp_die( $posttype->labels->not_found );
1450	}
1451
1452	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1453	foreach ( $posts as $post ) {
1454
1455		switch ( $post->post_status ) {
1456			case 'publish' :
1457			case 'private' :
1458				$stat = __('Published');
1459				break;
1460			case 'future' :
1461				$stat = __('Scheduled');
1462				break;
1463			case 'pending' :
1464				$stat = __('Pending Review');
1465				break;
1466			case 'draft' :
1467				$stat = __('Draft');
1468				break;
1469		}
1470
1471		if ( '0000-00-00 00:00:00' == $post->post_date ) {
1472			$time = '';
1473		} else {
1474			/* translators: date format in table columns, see http://php.net/date */
1475			$time = mysql2date(__('Y/m/d'), $post->post_date);
1476		}
1477
1478		$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1479		$html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1480	}
1481	$html .= '</tbody></table>';
1482
1483	$x = new WP_Ajax_Response();
1484	$x->add( array(
1485		'what' => $what,
1486		'data' => $html
1487	));
1488	$x->send();
1489
1490}
1491
1492function wp_ajax_widgets_order() {
1493	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1494
1495	if ( !current_user_can('edit_theme_options') )
1496		wp_die( -1 );
1497
1498	unset( $_POST['savewidgets'], $_POST['action'] );
1499
1500	// save widgets order for all sidebars
1501	if ( is_array($_POST['sidebars']) ) {
1502		$sidebars = array();
1503		foreach ( $_POST['sidebars'] as $key => $val ) {
1504			$sb = array();
1505			if ( !empty($val) ) {
1506				$val = explode(',', $val);
1507				foreach ( $val as $k => $v ) {
1508					if ( strpos($v, 'widget-') === false )
1509						continue;
1510
1511					$sb[$k] = substr($v, strpos($v, '_') + 1);
1512				}
1513			}
1514			$sidebars[$key] = $sb;
1515		}
1516		wp_set_sidebars_widgets($sidebars);
1517		wp_die( 1 );
1518	}
1519
1520	wp_die( -1 );
1521}
1522
1523function wp_ajax_save_widget() {
1524	global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates;
1525
1526	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1527
1528	if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1529		wp_die( -1 );
1530
1531	unset( $_POST['savewidgets'], $_POST['action'] );
1532
1533	do_action('load-widgets.php');
1534	do_action('widgets.php');
1535	do_action('sidebar_admin_setup');
1536
1537	$id_base = $_POST['id_base'];
1538	$widget_id = $_POST['widget-id'];
1539	$sidebar_id = $_POST['sidebar'];
1540	$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1541	$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1542	$error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>';
1543
1544	$sidebars = wp_get_sidebars_widgets();
1545	$sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1546
1547	// delete
1548	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1549
1550		if ( !isset($wp_registered_widgets[$widget_id]) )
1551			wp_die( $error );
1552
1553		$sidebar = array_diff( $sidebar, array($widget_id) );
1554		$_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1555	} elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1556		if ( !$multi_number )
1557			wp_die( $error );
1558
1559		$_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1560		$widget_id = $id_base . '-' . $multi_number;
1561		$sidebar[] = $widget_id;
1562	}
1563	$_POST['widget-id'] = $sidebar;
1564
1565	foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1566
1567		if ( $name == $id_base ) {
1568			if ( !is_callable( $control['callback'] ) )
1569				continue;
1570
1571			ob_start();
1572				call_user_func_array( $control['callback'], $control['params'] );
1573			ob_end_clean();
1574			break;
1575		}
1576	}
1577
1578	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1579		$sidebars[$sidebar_id] = $sidebar;
1580		wp_set_sidebars_widgets($sidebars);
1581		echo "deleted:$widget_id";
1582		wp_die();
1583	}
1584
1585	if ( !empty($_POST['add_new']) )
1586		wp_die();
1587
1588	if ( $form = $wp_registered_widget_controls[$widget_id] )
1589		call_user_func_array( $form['callback'], $form['params'] );
1590
1591	wp_die();
1592}
1593
1594function wp_ajax_upload_attachment() {
1595	check_ajax_referer( 'media-form' );
1596
1597	if ( ! current_user_can( 'upload_files' ) )
1598		wp_die( -1 );
1599
1600	if ( isset( $_REQUEST['post_id'] ) ) {
1601		$post_id = $_REQUEST['post_id'];
1602		if ( ! current_user_can( 'edit_post', $post_id ) )
1603			wp_die( -1 );
1604	} else {
1605		$post_id = null;
1606	}
1607
1608	$post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
1609
1610	$attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
1611
1612	if ( is_wp_error( $attachment_id ) ) {
1613		echo json_encode( array(
1614			'type' => 'error',
1615			'data' => array(
1616				'message'  => $attachment_id->get_error_message(),
1617				'filename' => $_FILES['async-upload']['name'],
1618			),
1619		) );
1620		wp_die();
1621	}
1622
1623	if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
1624		if ( 'custom-background' === $post_data['context'] )
1625			update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
1626
1627		if ( 'custom-header' === $post_data['context'] )
1628			update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
1629	}
1630
1631	$post = get_post( $attachment_id );
1632
1633	echo json_encode( array(
1634		'type' => 'success',
1635		'data' => array(
1636			'id'       => $attachment_id,
1637			'title'    => esc_attr( $post->post_title ),
1638			'filename' => esc_html( basename( $post->guid ) ),
1639			'url'      => wp_get_attachment_url( $attachment_id ),
1640			'meta'     => wp_get_attachment