function anno_popup_images_iframe_html() { $errors = array(); if (isset($_POST['html-upload']) && !empty($_FILES)) { check_admin_referer('media-form'); // Upload File button was clicked $id = media_handle_upload('async-upload', $_REQUEST['post_id']); unset($_FILES); if (is_wp_error($id)) { $errors['upload_error'] = $id; $id = false; } } global $tab; $post_id = anno_get_post_id(); $attachments = get_posts(array('post_type' => 'attachment', 'posts_per_page' => -1, 'post_parent' => $post_id, 'post_mime_type' => 'image', 'order' => 'ASC')); ?> <body id="anno-popup-images"> <div id="anno-popup-images-inside" class="anno-mce-popup"> <div class="anno-mce-popup-fields"> <?php if (!empty($id)) { if (is_wp_error($id)) { echo '<div id="media-upload-error">' . esc_html($id->get_error_message()) . '</div>'; exit; } } ?> <table class="anno-images"> <thead> <tr> <th scope="col" class="img-list-img"></th> <th scope="col" class="img-list-title"></th> <th scope="col" class="img-list-actions"></th> </tr> </thead> <tbody id="media-items"> <?php foreach ($attachments as $attachment_key => $attachment) { anno_popup_images_row_display($attachment); anno_popup_images_row_edit($attachment); } ?> </tbody> </table> <?php anno_upload_form(); ?> </div> </body> <?php }
/** * Draft state markup for major actions. */ function annowf_major_action_draft_markup() { global $anno_post_save; $post_id = anno_get_post_id(); if (anno_user_can('trash_post')) { $wrap_class = ''; ?> <div id="delete-action"> <a class="submitdelete deletion" href="<?php echo get_delete_post_link($post_id); ?> "><?php _ex('Move To Trash', 'Publishing box trash action link text', 'anno'); ?> </a> </div> <?php } else { $wrap_class = ' class="center-wrap"'; } ?> <div id="publishing-action"<?php echo $wrap_class; ?> > <img src="<?php echo esc_url(admin_url('images/wpspin_light.gif')); ?> " class="ajax-loading" id="ajax-loading" alt="" /> <input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e($anno_post_save['review']); ?> " /> <?php submit_button($anno_post_save['review'], 'primary', 'publish', false, array('tabindex' => '5', 'accesskey' => 'p')); ?> </div> <div class="clear"></div> <?php }
/** * Utility function to convert our HTML into XML * By default, this doesn't do anything by itself, but it runs the * 'anno_to_xml' action to allow various actions to change * small specific portions of the HTML * * @see anno_xml_to_html_replace_bold() for simple example on usage * * @param string $xml_content * @return void */ function anno_to_xml($html_content) { $post_id = anno_get_post_id(); if (strpos($html_content, 'data-xmlel') === false) { # Already an XML document (or at least not an editable-HTML translation of an XML document) return $html_content; } // Load the XML source $xml = new DOMDocument(); $xml->loadXML('<div data-xmlel="textorum">' . $html_content . '</div>'); $xsl = new DOMDocument(); $xsl->load(trailingslashit(get_template_directory()) . 'js/textorum/dist/textorum/xsl/cke2xml.xsl'); // Configure the transformer $proc = new XSLTProcessor(); $proc->importStyleSheet($xsl); // attach the xsl rules $content = $proc->transformToXML($xml); $content = preg_replace('/^.*?<textorum>/ms', '', $content); $content = preg_replace('/<\\/textorum>.*?$/ms', '', $content); return $content; // Strip out Textorum's DOCTYPE declaration $html_content = preg_replace("/^<!DOCTYPE[^>]*?>/", "", $html_content); return $html_content; // Load our phpQuery document up, so filters should be able to use the pq() function to access its elements phpQuery::newDocument($html_content); // Let our various actions alter the document into XML do_action('anno_to_xml', $html_content); $imported = get_post_meta($post_id, '_anno_knol_import', true); if ($imported) { do_action('anno_to_xml_imported', $html_content); } // Return the newly formed HTML return phpQuery::getDocument()->__toString(); }
/** * Admin request handler. Handles backend permission enforcement, cloning. */ function annowf_admin_request_handler() { global $anno_post_save, $post; // Cloning. This must come before the enforcing of capabilities below. if (isset($_POST['publish']) && $_POST['publish'] == $anno_post_save['clone']) { $post_id = anno_get_post_id(); if (!anno_user_can('clone_post') || annowf_has_clone($post_id)) { wp_die(_x('You are not allowed to clone this post.', 'Cloned article error message', 'anno')); } $new_id = annowf_clone_post($post_id); if (!empty($new_id)) { $url = add_query_arg('message', 11, get_edit_post_link($new_id, 'url')); } else { $url = add_query_arg('message', 12, get_edit_post_link($post_id, 'url')); } wp_redirect($url); die; } // Enforce Capabilities on the backend. Determine the action, and its relevant annotum capability if (isset($_POST['action'])) { $wp_action = $_POST['action']; } else { if (isset($_GET['action'])) { $wp_action = $_GET['action']; } } if (isset($_POST['deletepost'])) { $wp_action = 'delete'; } if (isset($_POST['post_type'])) { $post_type = $_POST['post_type']; } else { if (isset($_GET['post_type'])) { $post_type = $_GET['post_type']; } else { if (isset($_GET['revision'])) { // We only get revision when restoring a given revision $rev_id = $_GET['revision']; $rev = get_post($rev_id); if (isset($rev->post_parent)) { $post = get_post($rev->post_parent); if (isset($post->post_type)) { $post_type = $post->post_type; } } } else { $post = get_post(anno_get_post_id()); if (isset($post->post_type)) { $post_type = $post->post_type; } } } } if (!empty($wp_action) && !empty($post_type) && $post_type == 'article') { switch ($wp_action) { case 'postajaxpost': case 'post': case 'post-quickpress-publish': case 'post-quickpress-save': $anno_cap = 'edit_post'; break; // Creation, editing, restoring from revision // Creation, editing, restoring from revision case 'editpost': case 'editattachment': case 'autosave': case 'restore': case 'inline-save': $anno_cap = 'edit_post'; break; // For Viewing post-edit screen // For Viewing post-edit screen case 'edit': $anno_cap = 'view_post'; break; case 'trash': case 'untrash': $anno_cap = 'trash_post'; break; case 'delete': $anno_cap = 'admin'; break; default: break; } if (!empty($anno_cap) && !anno_user_can($anno_cap)) { add_filter('user_has_cap', 'annowf_user_has_cap_filter'); } } }
function anno_upload_form($type = 'image', $errors = null, $id = null) { $post_id = anno_get_post_id(); $form_action_url = admin_url("?type={$type}&tab=type&post_id={$post_id}&anno_action=image_popup"); ?> <form enctype="multipart/form-data" method="post" action="<?php echo esc_attr($form_action_url); ?> " class="media-upload-form type-form validate" id="<?php echo $type; ?> -form"> <?php submit_button('', 'hidden', 'save', false); ?> <input type="hidden" name="post_id" id="post_id" value="<?php echo (int) $post_id; ?> " /> <?php wp_nonce_field('media-form'); ?> <?php anno_media_upload_form($errors); ?> <script type="text/javascript"> //<![CDATA[ jQuery(function($){ var preloaded = $(".media-item.preloaded"); if ( preloaded.length > 0 ) { preloaded.each(function(){annoPrepareMediaItem({id:this.id.replace(/[^0-9]/g, '')},'');}); } updateMediaForm(); }); //]]> </script> </form> <?php }
/** * Utility function to convert our HTML into XML * By default, this doesn't do anything by itself, but it runs the * 'anno_to_xml' action to allow various actions to change * small specific portions of the HTML * * @see anno_xml_to_html_replace_bold() for simple example on usage * * @param string $xml_content * @return void */ function anno_to_xml($html_content) { $post_id = anno_get_post_id(); // Load our phpQuery document up, so filters should be able to use the pq() function to access its elements phpQuery::newDocument($html_content); // Let our various actions alter the document into XML do_action('anno_to_xml', $html_content); $imported = get_post_meta($post_id, '_anno_knol_import', true); if ($imported) { do_action('anno_to_xml_imported', $html_content); } // Return the newly formed HTML return phpQuery::getDocument()->__toString(); }
/** * Opening HTML tags with HTML5 Boilerplate-style conditional comments */ function anno_open_html() { $post_id = anno_get_post_id(); $template = Anno_Keeper::retrieve('template'); $template->render_open_html($post_id); }
/** * Determines whether or not a user has the given abilities for a given post * * @param string $cap The capability to check * @param int $user_id The user id to check for a capability. Defaults to current user (global) * @param int $post_id The ID of the post to check Defaults to current post (global) * @param int $comment_id the ID of the comment to check * @return bool True if user has the given capability for the given post */ function anno_user_can($cap, $user_id = null, $post_id = null, $comment_id = null) { if (is_null($user_id)) { $current_user = wp_get_current_user(); $user_id = $current_user->ID; } if (is_null($post_id)) { $post_id = anno_get_post_id(); } if (!empty($_GET['revision'])) { $revision = get_post($_GET['revision']); $post_id = $revision->post_parent; } $post_state = annowf_get_post_state($post_id); $user_role = anno_role($user_id, $post_id); // Number of times this item has gone back to draft state. $post_round = get_post_meta($post_id, '_round', true); // WP role names $admin = 'administrator'; $editor = 'editor'; switch ($cap) { case 'administrator': case 'admin': if ($user_role == $admin) { return true; } break; case 'editor': case 'view_audit': if (in_array($user_role, array($admin, $editor))) { return true; } break; case 'trash_post': // Draft state, author or editor+ if (in_array($user_role, array($admin, $editor))) { return true; } else { if ($post_round < 1 && $post_state == 'draft' && $user_role == 'author') { return true; } } break; case 'view_post': // Published post state, or user is associated with the post if ($post_state == 'published' || $user_role) { return true; } break; case 'edit_slug': if ($user_role == $admin) { return true; } if ($user_role == $editor && $post_state == 'draft') { return true; } break; case 'edit_post': global $pagenow; // Allow edits for things such as typos (in any state) if ($user_role == $admin) { return true; } else { if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) { return true; } else { if (($user_role == 'author' || $user_role == 'co-author') && $post_state == 'draft') { return true; } else { if ($pagenow == 'post-new.php') { return true; } } } } break; case 'leave_review': // Only reviewers, and in_review state $reviewers = anno_get_reviewers($post_id); if (in_array($user_id, $reviewers) && $post_state == 'in_review') { return true; } break; case 'edit_comment': $comment = get_comment($comment_id); if ($user_role && in_array($user_role, array($editor, $admin)) || $user_id == $comment->user_id) { return true; } break; case 'add_general_comment': // Anyone who isn't a reviewer, attached to the post and not in published state if ($user_role && $user_role != 'reviewer') { return true; } break; case 'view_general_comment': case 'view_general_comments': if ($user_role) { return true; } break; case 'add_review_comment': // if user is reviewer or editor+ and state is in review if ($user_role && !in_array($user_role, array('author', 'co-author')) && $post_state == 'in_review') { return true; } break; case 'manage_co_authors': if ($user_role == $admin) { return true; } else { if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) { return true; } else { if ($user_role == 'author' && $post_state == 'draft') { return true; } } } break; case 'manage_public_comments': if (in_array($user_role, array($admin, $editor))) { return true; } break; case 'view_review_comment': // if user is or editor+ if (in_array($user_role, array($admin, $editor))) { return true; } // if user is reviewer and comment author = reviewer $comment = anno_internal_comments_get_comment_root($comment_id); if ($user_role == 'reviewer' && $comment && $comment->user_id == $user_id) { return true; } break; case 'view_reviewers': case 'view_review_comments': //Reviewer or editor+ if ($user_role && !in_array($user_role, array('author', 'co-author'))) { return true; } else { if ($user_role == 'author' && anno_workflow_enabled('author_reviewer')) { return true; } } break; case 'manage_reviewers': // if in review state and user is editor+ if (in_array($user_role, array($admin, $editor)) && in_array($post_state, array('submitted', 'in_review'))) { return true; } break; case 'alter_post_state': switch ($post_state) { case 'draft': // If not reviewer, and in draft state if ($user_role && !in_array($user_role, array('reviewer', 'co-author')) && $post_state == 'draft') { return true; } break; case 'submitted': case 'in_review': // Revert to draft // Revert to draft case 'rejected': // Must be an editor+ if (in_array($user_role, array($admin, $editor))) { return true; } break; // Must be a part of the publishing staff // Must be a part of the publishing staff case 'approved': if ($user_role == $admin) { return true; } break; case 'published': // No one can change a published article's status return false; break; default: break; } break; case 'clone_post': // Anyone can clone the post when its published if ($post_state == 'published' || $post_state == 'rejected') { return true; } break; case 'select_author': if ($user_role == $admin) { return true; } else { if ($user_role == $editor && !in_array($post_state, array('published', 'rejected'))) { return true; } else { if ($user_role == 'author' && $post_state == 'draft') { return true; } } } default: break; } // if we haven't returned, assume false return false; }