| <?php |
| |
| // Update an existing post with values provided in $_POST. |
| function edit_post() { |
| global $user_ID; |
| |
| $post_ID = (int) $_POST['post_ID']; |
| |
| if ( 'page' == $_POST['post_type'] ) { |
| if ( !current_user_can( 'edit_page', $post_ID ) ) |
| wp_die( __('You are not allowed to edit this page.' )); |
| } else { |
| if ( !current_user_can( 'edit_post', $post_ID ) ) |
| wp_die( __('You are not allowed to edit this post.' )); |
| } |
| |
| // Autosave shouldn't save too soon after a real save |
| if ( 'autosave' == $_POST['action'] ) { |
| $post =& get_post( $post_ID ); |
| $now = time(); |
| $then = strtotime($post->post_date_gmt . ' +0000'); |
| // Keep autosave_interval in sync with autosave-js.php. |
| $delta = apply_filters( 'autosave_interval', 120 ) / 2; |
| if ( ($now - $then) < $delta ) |
| return $post_ID; |
| } |
| |
| // Rename. |
| $_POST['ID'] = (int) $_POST['post_ID']; |
| $_POST['post_content'] = $_POST['content']; |
| $_POST['post_excerpt'] = $_POST['excerpt']; |
| $_POST['post_parent'] = $_POST['parent_id']; |
| $_POST['to_ping'] = $_POST['trackback_url']; |
| |
| if (!empty ( $_POST['post_author_override'] ) ) { |
| $_POST['post_author'] = (int) $_POST['post_author_override']; |
| } else |
| if (!empty ( $_POST['post_author'] ) ) { |
| $_POST['post_author'] = (int) $_POST['post_author']; |
| } else { |
| $_POST['post_author'] = (int) $_POST['user_ID']; |
| } |
| |
| if ( $_POST['post_author'] != $_POST['user_ID'] ) { |
| if ( 'page' == $_POST['post_type'] ) { |
| if ( !current_user_can( 'edit_others_pages' ) ) |
| wp_die( __('You are not allowed to edit pages as this user.' )); |
| } else { |
| if ( !current_user_can( 'edit_others_posts' ) ) |
| wp_die( __('You are not allowed to edit posts as this user.' )); |
| |
| } |
| } |
| |
| // What to do based on which button they pressed |
| if ('' != $_POST['saveasdraft'] ) |
| $_POST['post_status'] = 'draft'; |
| if ('' != $_POST['saveasprivate'] ) |
| $_POST['post_status'] = 'private'; |
| if ('' != $_POST['publish'] ) |
| $_POST['post_status'] = 'publish'; |
| if ('' != $_POST['advanced'] ) |
| $_POST['post_status'] = 'draft'; |
| |
| if ( 'page' == $_POST['post_type'] ) { |
| if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' )) |
| $_POST['post_status'] = 'pending'; |
| } else { |
| if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' )) |
| $_POST['post_status'] = 'pending'; |
| } |
| |
| if (!isset( $_POST['comment_status'] )) |
| $_POST['comment_status'] = 'closed'; |
| |
| if (!isset( $_POST['ping_status'] )) |
| $_POST['ping_status'] = 'closed'; |
| |
| if (!empty ( $_POST['edit_date'] ) ) { |
| $aa = $_POST['aa']; |
| $mm = $_POST['mm']; |
| $jj = $_POST['jj']; |
| $hh = $_POST['hh']; |
| $mn = $_POST['mn']; |
| $ss = $_POST['ss']; |
| $jj = ($jj > 31 ) ? 31 : $jj; |
| $hh = ($hh > 23 ) ? $hh -24 : $hh; |
| $mn = ($mn > 59 ) ? $mn -60 : $mn; |
| $ss = ($ss > 59 ) ? $ss -60 : $ss; |
| $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; |
| $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); |
| } |
| |
| // Meta Stuff |
| if ( $_POST['meta'] ) { |
| foreach ( $_POST['meta'] as $key => $value ) |
| update_meta( $key, $value['key'], $value['value'] ); |
| } |
| |
| if ( $_POST['deletemeta'] ) { |
| foreach ( $_POST['deletemeta'] as $key => $value ) |
| delete_meta( $key ); |
| } |
| |
| add_meta( $post_ID ); |
| |
| wp_update_post( $_POST ); |
| |
| // Reunite any orphaned attachments with their parent |
| if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) |
| $draft_ids = array(); |
| if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) |
| _relocate_children( $draft_temp_id, $post_ID ); |
| |
| // Now that we have an ID we can fix any attachment anchor hrefs |
| _fix_attachment_links( $post_ID ); |
| |
| return $post_ID; |
| } |
| |
| // Default post information to use when populating the "Write Post" form. |
| function get_default_post_to_edit() { |
| if ( !empty( $_REQUEST['post_title'] ) ) |
| $post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] )); |
| else if ( !empty( $_REQUEST['popuptitle'] ) ) { |
| $post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] )); |
| $post_title = funky_javascript_fix( $post_title ); |
| } else { |
| $post_title = ''; |
| } |
| |
| if ( !empty( $_REQUEST['content'] ) ) |
| $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] )); |
| else if ( !empty( $post_title ) ) { |
| $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) ); |
| $text = funky_javascript_fix( $text); |
| $popupurl = clean_url($_REQUEST['popupurl']); |
| $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text"; |
| } |
| |
| if ( !empty( $_REQUEST['excerpt'] ) ) |
| $post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] )); |
| else |
| $post_excerpt = ''; |
| |
| $post->post_status = 'draft'; |
| $post->comment_status = get_option( 'default_comment_status' ); |
| $post->ping_status = get_option( 'default_ping_status' ); |
| $post->post_pingback = get_option( 'default_pingback_flag' ); |
| $post->post_category = get_option( 'default_category' ); |
| $post->post_content = apply_filters( 'default_content', $post_content); |
| $post->post_title = apply_filters( 'default_title', $post_title ); |
| $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt); |
| $post->page_template = 'default'; |
| $post->post_parent = 0; |
| $post->menu_order = 0; |
| |
| return $post; |
| } |
| |
| // Get an existing post and format it for editing. |
| function get_post_to_edit( $id ) { |
| |
| $post = get_post( $id, OBJECT, 'edit' ); |
| |
| if ( $post->post_type == 'page' ) |
| $post->page_template = get_post_meta( $id, '_wp_page_template', true ); |
| |
| return $post; |
| } |
| |
| function post_exists($title, $content = '', $post_date = '') { |
| global $wpdb; |
| |
| if (!empty ($post_date)) |
| $post_date = "AND post_date = '$post_date'"; |
| |
| if (!empty ($title)) |
| return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date"); |
| else |
| if (!empty ($content)) |
| return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date"); |
| |
| return 0; |
| } |
| |
| // Creates a new post from the "Write Post" form using $_POST information. |
| function wp_write_post() { |
| global $user_ID; |
| |
| if ( 'page' == $_POST['post_type'] ) { |
| if ( !current_user_can( 'edit_pages' ) ) |
| return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) ); |
| } else { |
| if ( !current_user_can( 'edit_posts' ) ) |
| return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) ); |
| } |
| |
| |
| // Check for autosave collisions |
| $temp_id = false; |
| if ( isset($_POST['temp_ID']) ) { |
| $temp_id = (int) $_POST['temp_ID']; |
| if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) |
| $draft_ids = array(); |
| foreach ( $draft_ids as $temp => $real ) |
| if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then ) |
| unset($draft_ids[$temp]); |
| |
| if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write |
| $_POST['post_ID'] = $draft_ids[$temp_id]; |
| unset($_POST['temp_ID']); |
| update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids ); |
| return edit_post(); |
| } |
| } |
| |
| // Rename. |
| $_POST['post_content'] = $_POST['content']; |
| $_POST['post_excerpt'] = $_POST['excerpt']; |
| $_POST['post_parent'] = $_POST['parent_id']; |
| $_POST['to_ping'] = $_POST['trackback_url']; |
| |
| if (!empty ( $_POST['post_author_override'] ) ) { |
| $_POST['post_author'] = (int) $_POST['post_author_override']; |
| } else { |
| if (!empty ( $_POST['post_author'] ) ) { |
| $_POST['post_author'] = (int) $_POST['post_author']; |
| } else { |
| $_POST['post_author'] = (int) $_POST['user_ID']; |
| } |
| |
| } |
| |
| if ( $_POST['post_author'] != $_POST['user_ID'] ) { |
| if ( 'page' == $_POST['post_type'] ) { |
| if ( !current_user_can( 'edit_others_pages' ) ) |
| return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); |
| } else { |
| if ( !current_user_can( 'edit_others_posts' ) ) |
| return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) ); |
| |
| } |
| } |
| |
| // What to do based on which button they pressed |
| if ('' != $_POST['saveasdraft'] ) |
| $_POST['post_status'] = 'draft'; |
| if ('' != $_POST['saveasprivate'] ) |
| $_POST['post_status'] = 'private'; |
| if ('' != $_POST['publish'] ) |
| $_POST['post_status'] = 'publish'; |
| if ('' != $_POST['advanced'] ) |
| $_POST['post_status'] = 'draft'; |
| |
| if ( 'page' == $_POST['post_type'] ) { |
| if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) |
| $_POST['post_status'] = 'pending'; |
| } else { |
| if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) |
| $_POST['post_status'] = 'pending'; |
| } |
| |
| if (!isset( $_POST['comment_status'] )) |
| $_POST['comment_status'] = 'closed'; |
| |
| if (!isset( $_POST['ping_status'] )) |
| $_POST['ping_status'] = 'closed'; |
| |
| if (!empty ( $_POST['edit_date'] ) ) { |
| $aa = $_POST['aa']; |
| $mm = $_POST['mm']; |
| $jj = $_POST['jj']; |
| $hh = $_POST['hh']; |
| $mn = $_POST['mn']; |
| $ss = $_POST['ss']; |
| $jj = ($jj > 31 ) ? 31 : $jj; |
| $hh = ($hh > 23 ) ? $hh -24 : $hh; |
| $mn = ($mn > 59 ) ? $mn -60 : $mn; |
| $ss = ($ss > 59 ) ? $ss -60 : $ss; |
| $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); |
| $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); |
| } |
| |
| // Create the post. |
| $post_ID = wp_insert_post( $_POST ); |
| if ( is_wp_error( $post_ID ) ) |
| return $post_ID; |
| |
| if ( empty($post_ID) ) |
| return 0; |
| |
| add_meta( $post_ID ); |
| |
| // Reunite any orphaned attachments with their parent |
| if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) |
| $draft_ids = array(); |
| if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) |
| _relocate_children( $draft_temp_id, $post_ID ); |
| if ( $temp_id && $temp_id != $draft_temp_id ) |
| _relocate_children( $temp_id, $post_ID ); |
| |
| // Update autosave collision detection |
| if ( $temp_id ) { |
| $draft_ids[$temp_id] = $post_ID; |
| update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids ); |
| } |
| |
| // Now that we have an ID we can fix any attachment anchor hrefs |
| _fix_attachment_links( $post_ID ); |
| |
| return $post_ID; |
| } |
| |
| function write_post() { |
| $result = wp_write_post(); |
| if( is_wp_error( $result ) ) |
| wp_die( $result->get_error_message() ); |
| else |
| return $result; |
| } |
| |
| // |
| // Post Meta |
| // |
| |
| function add_meta( $post_ID ) { |
| global $wpdb; |
| $post_ID = (int) $post_ID; |
| |
| $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); |
| |
| $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) ); |
| $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) ); |
| $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) )); |
| $metavalue = $wpdb->escape( $metavalue ); |
| |
| if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) { |
| // We have a key/value pair. If both the select and the |
| // input for the key have data, the input takes precedence: |
| |
| if ('#NONE#' != $metakeyselect) |
| $metakey = $metakeyselect; |
| |
| if ( $metakeyinput) |
| $metakey = $metakeyinput; // default |
| |
| if ( in_array($metakey, $protected) ) |
| return false; |
| |
| $result = $wpdb->query( " |
| INSERT INTO $wpdb->postmeta |
| (post_id,meta_key,meta_value ) |
| VALUES ('$post_ID','$metakey','$metavalue' ) |
| " ); |
| return $wpdb->insert_id; |
| } |
| return false; |
| } // add_meta |
| |
| function delete_meta( $mid ) { |
| global $wpdb; |
| $mid = (int) $mid; |
| |
| return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); |
| } |
| |
| // Get a list of previously defined keys |
| function get_meta_keys() { |
| global $wpdb; |
| |
| $keys = $wpdb->get_col( " |
| SELECT meta_key |
| FROM $wpdb->postmeta |
| GROUP BY meta_key |
| ORDER BY meta_key" ); |
| |
| return $keys; |
| } |
| |
| function get_post_meta_by_id( $mid ) { |
| global $wpdb; |
| $mid = (int) $mid; |
| |
| $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" ); |
| if ( is_serialized_string( $meta->meta_value ) ) |
| $meta->meta_value = maybe_unserialize( $meta->meta_value ); |
| return $meta; |
| } |
| |
| // Some postmeta stuff |
| function has_meta( $postid ) { |
| global $wpdb; |
| |
| return $wpdb->get_results( " |
| SELECT meta_key, meta_value, meta_id, post_id |
| FROM $wpdb->postmeta |
| WHERE post_id = '$postid' |
| ORDER BY meta_key,meta_id", ARRAY_A ); |
| |
| } |
| |
| function update_meta( $mid, $mkey, $mvalue ) { |
| global $wpdb; |
| |
| $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' ); |
| |
| if ( in_array($mkey, $protected) ) |
| return false; |
| |
| $mvalue = maybe_serialize( stripslashes( $mvalue )); |
| $mvalue = $wpdb->escape( $mvalue ); |
| $mid = (int) $mid; |
| return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" ); |
| } |
| |
| // |
| // Private |
| // |
| |
| // Replace hrefs of attachment anchors with up-to-date permalinks. |
| function _fix_attachment_links( $post_ID ) { |
| global $wp_rewrite; |
| |
| $post = & get_post( $post_ID, ARRAY_A ); |
| |
| $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; |
| |
| // See if we have any rel="attachment" links |
| if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) ) |
| return; |
| |
| $i = 0; |
| $search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i"; |
| foreach ( $anchor_matches[0] as $anchor ) { |
| if ( 0 == preg_match( $search, $anchor, $id_matches ) ) |
| continue; |
| |
| $id = (int) $id_matches[3]; |
| |
| // While we have the attachment ID, let's adopt any orphans. |
| $attachment = & get_post( $id, ARRAY_A ); |
| if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) { |
| $attachment['post_parent'] = $post_ID; |
| // Escape data pulled from DB. |
| $attachment = add_magic_quotes( $attachment); |
| wp_update_post( $attachment); |
| } |
| |
| $post_search[$i] = $anchor; |
| $post_replace[$i] = preg_replace( "#href=(\"|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor ); |
| ++$i; |
| } |
| |
| $post['post_content'] = str_replace( $post_search, $post_replace, $post['post_content'] ); |
| |
| // Escape data pulled from DB. |
| $post = add_magic_quotes( $post); |
| |
| return wp_update_post( $post); |
| } |
| |
| // Move child posts to a new parent |
| function _relocate_children( $old_ID, $new_ID ) { |
| global $wpdb; |
| $old_ID = (int) $old_ID; |
| $new_ID = (int) $new_ID; |
| return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" ); |
| } |
| |
| ?> |