static function save_meta($post_ID) { // Meta Stuff if (!isset($_POST['bbpmeta_no_js'])) { return; } if (isset($_POST['meta']) && $_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (!current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, 'bbpmeta_params', $value); } } if (isset($_POST['deletemeta']) && $_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (!current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } self::add_meta($post_ID); }
/** * Update an existing post with values provided in $_POST. * * @since unknown * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } $post_ID = (int) $post_data['post_ID']; if ('page' == $post_data['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $post_data['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($post_data); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); if (current_user_can('edit_others_posts')) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_page', $post_ID ) ) wp_die( __('You are not allowed to edit this page.' )); } else { if ( !current_user_can( 'edit_post', $post_ID ) ) wp_die( __('You are not allowed to edit this post.' )); } // Autosave shouldn't save too soon after a real save if ( 'autosave' == $_POST['action'] ) { $post =& get_post( $post_ID ); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); // Keep autosave_interval in sync with autosave-js.php. $delta = apply_filters( 'autosave_interval', 120 ) / 2; if ( ($now - $then) < $delta ) return $post_ID; } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ( $_POST['post_author_override'] ) ) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else if (!empty ( $_POST['post_author'] ) ) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_others_pages' ) ) wp_die( __('You are not allowed to edit pages as this user.' )); } else { if ( !current_user_can( 'edit_others_posts' ) ) wp_die( __('You are not allowed to edit posts as this user.' )); } } // What to do based on which button they pressed if ('' != $_POST['saveasdraft'] ) $_POST['post_status'] = 'draft'; if ('' != $_POST['saveasprivate'] ) $_POST['post_status'] = 'private'; if ('' != $_POST['publish'] ) $_POST['post_status'] = 'publish'; if ('' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' )) $_POST['post_status'] = 'draft'; } else { if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' )) $_POST['post_status'] = 'draft'; } if (!isset( $_POST['comment_status'] )) $_POST['comment_status'] = 'closed'; if (!isset( $_POST['ping_status'] )) $_POST['ping_status'] = 'closed'; if (!empty ( $_POST['edit_date'] ) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); } // Meta Stuff if ( $_POST['meta'] ) { foreach ( $_POST['meta'] as $key => $value ) update_meta( $key, $value['key'], $value['value'] ); } if ( $_POST['deletemeta'] ) { foreach ( $_POST['deletemeta'] as $key => $value ) delete_meta( $key ); } add_meta( $post_ID ); wp_update_post( $_POST ); // Reunite any orphaned attachments with their parent if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) relocate_children( $draft_temp_id, $post_ID ); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links( $post_ID ); return $post_ID; }
} if (wp_delete_link($id)) { die('1'); } else { die('0'); } break; case 'delete-meta': check_ajax_referer("delete-meta_{$id}"); if (!($meta = get_post_meta_by_id($id))) { die('1'); } if (!current_user_can('edit_post', $meta->post_id)) { die('-1'); } if (delete_meta($meta->meta_id)) { die('1'); } die('0'); break; case 'delete-post': check_ajax_referer("{$action}_{$id}"); if (!current_user_can('delete_post', $id)) { die('-1'); } if (!get_post($id)) { die('1'); } if (wp_delete_post($id)) { die('1'); } else {
/** * Delete a product meta via AJAX * * @since 3.8.9 * @access private * * @uses delete_meta() Deletes metadata by meta id * @uses WP_Error WordPress error class * * @return array|WP_Error $return Response args if successful, WP_Error if otherwise */ function _wpsc_ajax_remove_product_meta() { $meta_id = (int) $_POST['meta_id']; if (!delete_meta($meta_id)) { return new WP_Error('wpsc_cannot_delete_product_meta', __("Couldn't delete product meta. Please try again.", 'wpsc')); } return array('meta_id' => $meta_id); }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can('edit_post', $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if ((empty($post_data['action']) || 'autosave' != $post_data['action']) && 'auto-draft' == $post_data['post_status']) { $post_data['post_status'] = 'draft'; } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Post Formats if (isset($post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } $format_meta_urls = array('url', 'link_url', 'quote_source_url'); foreach ($format_meta_urls as $format_meta_url) { $keyed = '_format_' . $format_meta_url; if (isset($post_data[$keyed])) { update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed])))); } } $format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed'); foreach ($format_keys as $key) { $keyed = '_format_' . $key; if (isset($post_data[$keyed])) { if (current_user_can('unfiltered_html')) { update_post_meta($post_ID, $keyed, $post_data[$keyed]); } else { update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed])); } } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type']) { if (isset($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_unslash($post_data['_wp_attachment_image_alt']); if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) { $image_alt = wp_strip_all_tags($image_alt, true); // update_meta expects slashed update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt)); } } $attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array(); $post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data); } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', get_current_user_id()); wp_update_post($post_data); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
function test_delete_meta() { $mid = add_post_meta($this->post_id, 'delete_meta', 'delete_meta_value', true); $this->assertInternalType('integer', $mid); $this->assertTrue(delete_meta($mid)); $this->assertFalse(get_metadata_by_mid('post', $mid)); $this->assertFalse(delete_meta(123456789)); }
function podcasting_save_form($postID) { global $wpdb; // Security prevention if (!current_user_can('edit_post', $postID)) { return $postID; } // Extra security prevention if (isset($_POST['comment_post_ID'])) { return $postID; } if (isset($_POST['not_spam'])) { return $postID; } // akismet fix if (isset($_POST['comment'])) { return $postID; } // moderation.php fix // Update enclosures $enclosure_ids = explode(',', $_POST['enclosure_ids']); $enclosures = get_post_meta($postID, 'enclosure'); $i = 0; foreach ($enclosure_ids as $enclosure_id) { // Ensure we're dealing with an ID $enclosure_id = (int) $enclosure_id; $itunes = serialize(array('format' => $_POST['pod_format_' . $enclosure_id], 'keywords' => $_POST['pod_keywords_' . $enclosure_id], 'author' => $_POST['pod_author_' . $enclosure_id], 'length' => $_POST['pod_length_' . $enclosure_id], 'explicit' => $_POST['pod_explicit_' . $enclosure_id])); // Update format wp_set_object_terms($enclosure_id, $_POST['pod_format_' . $enclosure_id], 'podcast_format', false); // Update enclsoure $enclosure = explode("\n", $enclosures[$i]); $enclosure[3] = $itunes; update_post_meta($postID, 'enclosure', implode("\n", $enclosure), $enclosures[$i]); $i++; // Delete enclosure if (isset($_POST['delete_pod_' . $enclosure_id])) { // Remove format wp_delete_object_term_relationships($enclosure_id, 'podcast_format'); // Remove enclosure delete_meta($enclosure_id); // Fake a save $_POST['save'] = 'Update'; } } // Add new enclosures if (isset($_POST['pod_new_file']) && '' != $_POST['pod_new_file']) { $content = $_POST['pod_new_file']; $enclosed = get_enclosed($postID); do_enclose($content, $postID); // Add relationship if new enclosure if (!in_array($content, $enclosed)) { $enclosure_id = $wpdb->get_var("SELECT meta_id FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id DESC"); // Find the enclosure we just added wp_set_object_terms($enclosure_id, 'default-format', 'podcast_format', false); } } return $postID; }
function podcasting_save_form($postID) { global $wpdb; // Security prevention if (!current_user_can('edit_post', $postID)) { return $postID; } // Extra security prevention if (isset($_POST['comment_post_ID'])) { return $postID; } if (isset($_POST['not_spam'])) { return $postID; } // akismet fix if (isset($_POST['comment'])) { return $postID; } // moderation.php fix // Ignore save_post action for revisions and autosaves if (function_exists('wp_is_post_revision') && function_exists('wp_is_post_autosave')) { if (wp_is_post_revision($postID) || wp_is_post_autosave($postID)) { return $postID; } } // Add new enclosures if ($_POST['pod_new_enclosure_ids'] != '') { $pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1)); $pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1)); $added_enclosure_ids = array(); foreach ($pod_new_enclosure_ids as $pod_enclosure_id) { $pod_enclosure_id = (int) $pod_enclosure_id; // Check if the enclosure is on the ignore list if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) { $pod_content = podcasting_urlencode($_POST['pod_new_file_' . $pod_enclosure_id]); $pod_format = $_POST['pod_new_format_' . $pod_enclosure_id]; $enclosed = get_enclosed($postID); do_enclose($pod_content, $postID); // Add relationship if new enclosure if (!in_array($pod_content, $enclosed)) { $pod_enclosure_id2 = $wpdb->get_var("SELECT meta_id FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id DESC"); // Find the enclosure we just added wp_set_object_terms($pod_enclosure_id2, $pod_format, 'podcast_format', false); } $added_enclosure_ids[] = $pod_enclosure_id; } } } // Update enclosures if (isset($_POST['pod_enclosure_ids'])) { $pod_enclosure_ids = explode(',', $_POST['pod_enclosure_ids']); $pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1)); $pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1)); $pod_delete_enclosure_ids = explode(',', substr($_POST['pod_delete_enclosure_ids'], 0, -1)); $enclosures = $wpdb->get_results("SELECT meta_id, meta_value FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id", ARRAY_A); $i = 0; if ($_POST['pod_enclosure_ids'] != '') { foreach ($pod_enclosure_ids as $pod_enclosure_id) { // Ensure we're dealing with an ID $pod_enclosure_id = (int) $pod_enclosure_id; $itunes = serialize(array('format' => $_POST['pod_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_author_' . $pod_enclosure_id], 'length' => $_POST['pod_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_explicit_' . $pod_enclosure_id])); // Update format wp_set_object_terms($pod_enclosure_id, $_POST['pod_format_' . $pod_enclosure_id], 'podcast_format', false); // Update enclsoure $enclosure = explode("\n", $enclosures[$i]['meta_value']); $enclosure[3] = $itunes; update_post_meta($postID, 'enclosure', implode("\n", $enclosure), $enclosures[$i]['meta_value']); $i++; // Delete enclosure if (in_array($pod_enclosure_id, $pod_delete_enclosure_ids)) { // Remove format wp_delete_object_term_relationships($pod_enclosure_id, 'podcast_format'); // Remove enclosure delete_meta($pod_enclosure_id); } } } if (count($added_enclosure_ids) > 0) { foreach ($added_enclosure_ids as $pod_enclosure_id) { // Ensure we're dealing with an ID $pod_enclosure_id = (int) $pod_enclosure_id; // Check if the enclosure is on the ignore list if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) { $itunes = serialize(array('format' => $_POST['pod_new_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_new_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_new_author_' . $pod_enclosure_id], 'length' => $_POST['pod_new_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_new_explicit_' . $pod_enclosure_id])); // Update format $meta_id = $enclosures[$i]['meta_id']; wp_set_object_terms($meta_id, $_POST['pod_new_format_' . $pod_enclosure_id], 'podcast_format', false); // Update enclsoure $enclosure = explode("\n", $enclosures[$i]['meta_value']); $enclosure[3] = $itunes; $enclosure_insert = implode("\n", $enclosure); $wpdb->query("UPDATE {$wpdb->postmeta} SET meta_value = '{$enclosure_insert}' WHERE meta_id = '{$meta_id}'"); $i++; } } } } return $postID; }
function edit_post() { $post_ID = (int) $_POST['post_ID']; if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $_POST['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } $translated = _wp_translate_postdata(true); if (is_wp_error($translated)) { wp_die($translated->get_error_message()); } // Meta Stuff if (isset($_POST['meta']) && $_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if (isset($_POST['deletemeta']) && $_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); return $post_ID; }
function wpsc_admin_ajax() { global $wpdb; if (isset($_POST['action']) && $_POST['action'] == 'product-page-order') { $current_order = get_option('wpsc_product_page_order'); $new_order = $_POST['order']; if (isset($new_order["advanced"])) { $current_order["advanced"] = array_unique(explode(',', $new_order["advanced"])); } if (isset($new_order["side"])) { $current_order["side"] = array_unique(explode(',', $new_order["side"])); } update_option('wpsc_product_page_order', $current_order); exit(print_r($order, 1)); } if (isset($_POST['save_image_upload_state']) && $_POST['save_image_upload_state'] == 'true' && is_numeric($_POST['image_upload_state'])) { $upload_state = (int) (bool) $_POST['image_upload_state']; update_option('wpsc_use_flash_uploader', $upload_state); exit("done"); } if (isset($_POST['remove_variation_value']) && $_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) { $value_id = absint($_GET['variation_value_id']); echo wp_delete_term($value_id, 'wpsc-variation'); exit; } if (isset($_POST['hide_ecom_dashboard']) && $_POST['hide_ecom_dashboard'] == 'true') { require_once ABSPATH . WPINC . '/rss.php'; $rss = fetch_rss('http://www.instinct.co.nz/feed/'); $rss->items = array_slice($rss->items, 0, 5); $rss_hash = sha1(serialize($rss->items)); update_option('wpsc_ecom_news_hash', $rss_hash); exit(1); } if (isset($_POST['remove_meta']) && $_POST['remove_meta'] == 'true' && is_numeric($_POST['meta_id'])) { $meta_id = (int) $_POST['meta_id']; if (delete_meta($meta_id)) { echo $meta_id; exit; } echo 0; exit; } if (isset($_REQUEST['log_state']) && $_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) { $newvalue = $_POST['value']; if ($_REQUEST['suspend'] == 'true') { if ($_REQUEST['value'] == 1 && function_exists('wpsc_member_dedeactivate_subscriptions')) { wpsc_member_dedeactivate_subscriptions($_POST['id']); } elseif (function_exists('wpsc_member_deactivate_subscriptions')) { wpsc_member_deactivate_subscriptions($_POST['id']); } exit; } else { $log_data = $wpdb->get_row($wpdb->prepare("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '%d' LIMIT 1", $_POST['id']), ARRAY_A); if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) { wpsc_member_activate_subscriptions($_POST['id']); } $wpdb->update(WPSC_TABLE_PURCHASE_LOGS, array('processed' => $newvalue), array('id' => $_POST['id']), '%d', '%d'); if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) { transaction_results($log_data['sessionid'], false); } $status_name = wpsc_find_purchlog_status_name($purchase['processed']); echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").innerHTML = '" . $status_name . "';\n"; $year = date("Y"); $month = date("m"); $start_timestamp = mktime(0, 0, 0, $month, 1, $year); $end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year); echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(wpsc_currency_display(admin_display_total_price($start_timestamp, $end_timestamp))) . "';\n"; echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(wpsc_currency_display(admin_display_total_price())) . "';\n"; exit; } } }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can($ptype->cap->edit_post, $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if ('autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status']) { $post_data['post_status'] = 'draft'; } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Post Formats if (isset($post_data['post_format'])) { if (current_theme_supports('post-formats', $post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } elseif ('0' == $post_data['post_format']) { set_post_format($post_ID, false); } } // Featured Images if (isset($post_data['thumbnail_id'])) { if ('-1' == $post_data['thumbnail_id']) { delete_post_thumbnail($post_ID); } else { set_post_thumbnail($post_ID, $post_data['thumbnail_id']); } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type'] && isset($post_data['_wp_attachment_image_alt'])) { $image_alt = get_post_meta($post_ID, '_wp_attachment_image_alt', true); if ($image_alt != stripslashes($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_strip_all_tags(stripslashes($post_data['_wp_attachment_image_alt']), true); // update_meta expects slashed update_post_meta($post_ID, '_wp_attachment_image_alt', addslashes($image_alt)); } } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', $GLOBALS['current_user']->ID); wp_update_post($post_data); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
/** * Saves information about enclosures */ function saveForm($postID) { global $wpdb; // Security prevention if (!current_user_can('edit_post', $postID)) { return $postID; } // Extra security prevention if (isset($_POST['comment_post_ID'])) { return $postID; } if (isset($_POST['not_spam'])) { return $postID; } // akismet fix if (isset($_POST['comment'])) { return $postID; } // moderation.php fix // Ignore save_post action for revisions and autosave if (wp_is_post_revision($postID) || wp_is_post_autosave($postID)) { return $postID; } // Add new enclosures if ($_POST['pod_new_enclosure_ids'] != '') { $pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1)); $pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1)); $added_enclosure_ids = array(); foreach ($pod_new_enclosure_ids as $pod_enclosure_id) { $pod_enclosure_id = (int) $pod_enclosure_id; // Check if the enclosure is on the ignore list if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) { $pod_content = $this->prepareEnclosure($_POST['pod_new_file_' . $pod_enclosure_id]); $pod_format = $_POST['pod_new_format_' . $pod_enclosure_id]; $enclosed = get_enclosed($postID); // Enclose the file using a custom method $headers = $this->getHttpHeaders($pod_content); # Check if the headers processed the file correctly, if they didn't try to clean up the file if ($headers['response'] != '200') { $pod_content = podcasting_urlencode($pod_content); $headers = $this->getHttpHeaders($pod_content); } $length = (int) $headers['content-length']; $type = addslashes($headers['content-type']); if ($headers['response'] != '404' && is_array($headers)) { add_post_meta($postID, 'enclosure', "{$pod_content}\n{$length}\n{$type}\n"); // Add relationship if new enclosure if (!in_array($pod_content, $enclosed)) { $pod_enclosure_id2 = $wpdb->get_var("SELECT meta_id FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id DESC"); // Find the enclosure we just added wp_set_object_terms($pod_enclosure_id2, $pod_format, 'podcast_format', false); } $added_enclosure_ids[] = $pod_enclosure_id; } } } } // Update enclosures if (isset($_POST['pod_enclosure_ids'])) { $pod_enclosure_ids = explode(',', $_POST['pod_enclosure_ids']); $pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1)); $pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1)); $pod_delete_enclosure_ids = explode(',', substr($_POST['pod_delete_enclosure_ids'], 0, -1)); $enclosures = $wpdb->get_results("SELECT meta_id, meta_value FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id", ARRAY_A); $i = 0; if ($_POST['pod_enclosure_ids'] != '') { foreach ($pod_enclosure_ids as $pod_enclosure_id) { // Ensure we're dealing with an ID $pod_enclosure_id = (int) $pod_enclosure_id; $itunes = serialize(array('format' => $_POST['pod_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_author_' . $pod_enclosure_id], 'length' => $_POST['pod_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_explicit_' . $pod_enclosure_id])); // Update format wp_set_object_terms($pod_enclosure_id, $_POST['pod_format_' . $pod_enclosure_id], 'podcast_format', false); // Update enclsoure $enclosure = explode("\n", $enclosures[$i]['meta_value']); $enclosure[3] = $itunes; // Check that we have the full enclosure before updating it if (is_array($enclosures)) { update_post_meta($postID, 'enclosure', implode("\n", $enclosure), $enclosures[$i]['meta_value']); } $i++; // Delete enclosure if (in_array($pod_enclosure_id, $pod_delete_enclosure_ids)) { // Remove format wp_delete_object_term_relationships($pod_enclosure_id, 'podcast_format'); // Remove enclosure delete_meta($pod_enclosure_id); } } } if (count($added_enclosure_ids) > 0) { foreach ($added_enclosure_ids as $pod_enclosure_id) { // Ensure we're dealing with an ID $pod_enclosure_id = (int) $pod_enclosure_id; // Check if the enclosure is on the ignore list if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) { $itunes = serialize(array('format' => $_POST['pod_new_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_new_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_new_author_' . $pod_enclosure_id], 'length' => $_POST['pod_new_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_new_explicit_' . $pod_enclosure_id])); // Update format $meta_id = $enclosures[$i]['meta_id']; wp_set_object_terms($meta_id, $_POST['pod_new_format_' . $pod_enclosure_id], 'podcast_format', false); // Update enclsoure $enclosure = explode("\n", $enclosures[$i]['meta_value']); $enclosure[3] = $itunes; $enclosure_insert = implode("\n", $enclosure); $wpdb->query("UPDATE {$wpdb->postmeta} SET meta_value = '{$enclosure_insert}' WHERE meta_id = '{$meta_id}'"); $i++; } } } } return $postID; }
function edit_post() { $post_ID = (int) $_POST['post_ID']; if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $_POST['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = isset($_POST['parent_id']) ? $_POST['parent_id'] : ''; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty($_POST['post_author_override'])) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else { if (!empty($_POST['post_author'])) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } } if ($_POST['post_author'] != $_POST['user_ID']) { if ('page' == $_POST['post_type']) { if (!current_user_can('edit_others_pages')) { wp_die(__('You are not allowed to edit pages as this user.')); } } else { if (!current_user_can('edit_others_posts')) { wp_die(__('You are not allowed to edit posts as this user.')); } } } // What to do based on which button they pressed if (isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft']) { $_POST['post_status'] = 'draft'; } if (isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate']) { $_POST['post_status'] = 'private'; } if (isset($_POST['publish']) && '' != $_POST['publish'] && $_POST['post_status'] != 'private') { $_POST['post_status'] = 'publish'; } if (isset($_POST['advanced']) && '' != $_POST['advanced']) { $_POST['post_status'] = 'draft'; } if ('page' == $_POST['post_type']) { if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages')) { if ($previous_status != 'publish' or !current_user_can('edit_published_pages')) { $_POST['post_status'] = 'pending'; } } } else { if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) { $_POST['post_status'] = 'pending'; } } if (!isset($_POST['comment_status'])) { $_POST['comment_status'] = 'closed'; } if (!isset($_POST['ping_status'])) { $_POST['ping_status'] = 'closed'; } foreach (array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit) { if (!empty($_POST['hidden_' . $timeunit]) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit]) { $_POST['edit_date'] = '1'; break; } } if (!empty($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = $jj > 31 ? 31 : $jj; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"; $_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"); } // Meta Stuff if (isset($_POST['meta']) && $_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if (isset($_POST['deletemeta']) && $_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { global $wpdb; if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; if (!empty($post_data['post_status'])) { $post_data['post_status'] = sanitize_key($post_data['post_status']); if ('inherit' == $post_data['post_status']) { unset($post_data['post_status']); } } $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can('edit_post', $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } if (post_type_supports($ptype->name, 'revisions')) { $revisions = wp_get_post_revisions($post_ID, array('order' => 'ASC', 'posts_per_page' => 1)); $revision = current($revisions); // Check if the revisions have been upgraded if ($revisions && _wp_get_post_revision_version($revision) < 1) { _wp_upgrade_revisions_of_post($post, wp_get_post_revisions($post_ID)); } } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } // Post Formats if (isset($post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } $format_meta_urls = array('url', 'link_url', 'quote_source_url'); foreach ($format_meta_urls as $format_meta_url) { $keyed = '_format_' . $format_meta_url; if (isset($post_data[$keyed])) { update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed])))); } } $format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed'); foreach ($format_keys as $key) { $keyed = '_format_' . $key; if (isset($post_data[$keyed])) { if (current_user_can('unfiltered_html')) { update_post_meta($post_ID, $keyed, $post_data[$keyed]); } else { update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed])); } } } if ('attachment' === $post_data['post_type'] && preg_match('#^(audio|video)/#', $post_data['post_mime_type'])) { $id3data = wp_get_attachment_metadata($post_ID); if (!is_array($id3data)) { $id3data = array(); } foreach (wp_get_attachment_id3_keys($post, 'edit') as $key => $label) { if (isset($post_data['id3_' . $key])) { $id3data[$key] = sanitize_text_field(wp_unslash($post_data['id3_' . $key])); } } wp_update_attachment_metadata($post_ID, $id3data); } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type']) { if (isset($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_unslash($post_data['_wp_attachment_image_alt']); if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) { $image_alt = wp_strip_all_tags($image_alt, true); // update_meta expects slashed. update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt)); } } $attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array(); /** This filter is documented in wp-admin/includes/media.php */ $post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data); } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', get_current_user_id()); $success = wp_update_post($post_data); // If the save failed, see if we can sanity check the main fields and try again if (!$success && is_callable(array($wpdb, 'strip_invalid_text_for_column'))) { $fields = array('post_title', 'post_content', 'post_excerpt'); foreach ($fields as $field) { if (isset($post_data[$field])) { $post_data[$field] = $wpdb->strip_invalid_text_for_column($wpdb->posts, $field, $post_data[$field]); } } wp_update_post($post_data); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
/** * Set custom fields for post. * * @since 2.5.0 * * @param int $post_id Post ID. * @param array $fields Custom fields. */ function set_custom_fields($post_id, $fields) { $post_id = (int) $post_id; foreach ((array) $fields as $meta) { if (isset($meta['id'])) { $meta['id'] = (int) $meta['id']; if (isset($meta['key'])) { update_meta($meta['id'], $meta['key'], $meta['value']); } else { delete_meta($meta['id']); } } else { $_POST['metakeyinput'] = $meta['key']; $_POST['metavalue'] = $meta['value']; add_meta($post_id); } } }
function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if (!current_user_can('edit_post', $post_ID)) { die(__('You are not allowed to edit this post.')); } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty($_POST['post_author_override'])) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else { if (!empty($_POST['post_author'])) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } } if ($_POST['post_author'] != $_POST['user_ID'] && !current_user_can('edit_others_posts')) { die(__('You cannot post as this user.')); } // What to do based on which button they pressed if ('' != $_POST['saveasdraft']) { $_POST['post_status'] = 'draft'; } if ('' != $_POST['saveasprivate']) { $_POST['post_status'] = 'private'; } if ('' != $_POST['publish']) { $_POST['post_status'] = 'publish'; } if ('' != $_POST['advanced']) { $_POST['post_status'] = 'draft'; } if ('' != $_POST['savepage']) { $_POST['post_status'] = 'static'; } if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) { $_POST['post_status'] = 'draft'; } if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) { die(__('This user cannot edit pages.')); } if (!isset($_POST['comment_status'])) { $_POST['comment_status'] = 'closed'; } if (!isset($_POST['ping_status'])) { $_POST['ping_status'] = 'closed'; } if (!empty($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = $jj > 31 ? 31 : $jj; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"; $_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"); } // Meta Stuff if ($_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if ($_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links($post_ID); return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can($ptype->cap->edit_post, $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $post_data['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if ('autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status']) { $post_data['post_status'] = 'draft'; } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Post Formats if (isset($post_data['post_format'])) { if (current_theme_supports('post-formats', $post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } elseif ('0' == $post_data['post_format']) { set_post_format($post_ID, false); } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', $GLOBALS['current_user']->ID); wp_update_post($post_data); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { global $wpdb; if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; if (!empty($post_data['post_status'])) { $post_data['post_status'] = sanitize_key($post_data['post_status']); if ('inherit' == $post_data['post_status']) { unset($post_data['post_status']); } } $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can('edit_post', $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('Sorry, you are not allowed to edit this page.')); } else { wp_die(__('Sorry, you are not allowed to edit this post.')); } } if (post_type_supports($ptype->name, 'revisions')) { $revisions = wp_get_post_revisions($post_ID, array('order' => 'ASC', 'posts_per_page' => 1)); $revision = current($revisions); // Check if the revisions have been upgraded if ($revisions && _wp_get_post_revision_version($revision) < 1) { _wp_upgrade_revisions_of_post($post, wp_get_post_revisions($post_ID)); } } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } // Post Formats if (isset($post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } $format_meta_urls = array('url', 'link_url', 'quote_source_url'); foreach ($format_meta_urls as $format_meta_url) { $keyed = '_format_' . $format_meta_url; if (isset($post_data[$keyed])) { update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed])))); } } $format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed'); foreach ($format_keys as $key) { $keyed = '_format_' . $key; if (isset($post_data[$keyed])) { if (current_user_can('unfiltered_html')) { update_post_meta($post_ID, $keyed, $post_data[$keyed]); } else { update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed])); } } } if ('attachment' === $post_data['post_type'] && preg_match('#^(audio|video)/#', $post_data['post_mime_type'])) { $id3data = wp_get_attachment_metadata($post_ID); if (!is_array($id3data)) { $id3data = array(); } foreach (wp_get_attachment_id3_keys($post, 'edit') as $key => $label) { if (isset($post_data['id3_' . $key])) { $id3data[$key] = sanitize_text_field(wp_unslash($post_data['id3_' . $key])); } } wp_update_attachment_metadata($post_ID, $id3data); } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type']) { if (isset($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_unslash($post_data['_wp_attachment_image_alt']); if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) { $image_alt = wp_strip_all_tags($image_alt, true); // update_meta expects slashed. update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt)); } } $attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array(); /** This filter is documented in wp-admin/includes/media.php */ $post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data); } // Convert taxonomy input to term IDs, to avoid ambiguity. if (isset($post_data['tax_input'])) { foreach ((array) $post_data['tax_input'] as $taxonomy => $terms) { // Hierarchical taxonomy data is already sent as term IDs, so no conversion is necessary. if (is_taxonomy_hierarchical($taxonomy)) { continue; } /* * Assume that a 'tax_input' string is a comma-separated list of term names. * Some languages may use a character other than a comma as a delimiter, so we standardize on * commas before parsing the list. */ if (!is_array($terms)) { $comma = _x(',', 'tag delimiter'); if (',' !== $comma) { $terms = str_replace($comma, ',', $terms); } $terms = explode(',', trim($terms, " \n\t\r\v,")); } $clean_terms = array(); foreach ($terms as $term) { // Empty terms are invalid input. if (empty($term)) { continue; } $_term = get_terms($taxonomy, array('name' => $term, 'fields' => 'ids', 'hide_empty' => false)); if (!empty($_term)) { $clean_terms[] = intval($_term[0]); } else { // No existing term was found, so pass the string. A new term will be created. $clean_terms[] = $term; } } $post_data['tax_input'][$taxonomy] = $clean_terms; } } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', get_current_user_id()); $success = wp_update_post($post_data); // If the save failed, see if we can sanity check the main fields and try again if (!$success && is_callable(array($wpdb, 'strip_invalid_text_for_column'))) { $fields = array('post_title', 'post_content', 'post_excerpt'); foreach ($fields as $field) { if (isset($post_data[$field])) { $post_data[$field] = $wpdb->strip_invalid_text_for_column($wpdb->posts, $field, $post_data[$field]); } } wp_update_post($post_data); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts) && current_user_can($ptype->cap->publish_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
if ($post_status == 'publish') { if ($post_pingback) { pingback($postObject->getVar('post_content', 'e'), $post_ID); } do_action('publish_post', $post_ID); do_trackback($postObject, $useutf8); } // Meta Stuff if ($meta) { foreach ($meta as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if ($deletemeta) { foreach ($deletemeta as $key => $value) { delete_meta($key); } } add_meta($post_ID); do_action('edit_post', $post_ID); exit; break; //Show Delete Cofirmation Screen //Show Delete Cofirmation Screen case 'confirmdelete': //Check User_Level user_level_check(); //Rendering Admin Screen header $parent_file = 'edit.php'; $title = 'Delete Post'; $standalone = 0;
/** * Ajax handler for deleting meta. * * @since 3.1.0 */ function wp_ajax_delete_meta() { $id = isset($_POST['id']) ? (int) $_POST['id'] : 0; check_ajax_referer("delete-meta_{$id}"); if (!($meta = get_metadata_by_mid('post', $id))) { wp_die(1); } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $meta->post_id, $meta->meta_key)) { wp_die(-1); } if (delete_meta($meta->meta_id)) { wp_die(1); } wp_die(0); }
exit; } switch ($_POST['accion']) { case 'ver_metas': ver_metas($_POST['id_cons']); break; case 'crear_meta': ver_meta($_POST['accion'], $_POST['id_matr']); break; case 'editar_meta': ver_meta($_POST['accion'], $_POST['id_meta']); break; case 'create_meta': create_meta($_POST['id_matr'], $_POST['metapromedio'], $_POST['promediomomento'], $_POST['riesgo'], $_POST['hice'], $_POST['nodebohacer'], $_POST['debohacer'], $_POST['id_cons']); break; case 'update_meta': update_meta($_POST['id_meta'], $_POST['metapromedio'], $_POST['promediomomento'], $_POST['riesgo'], $_POST['hice'], $_POST['nodebohacer'], $_POST['debohacer'], $_POST['id_cons']); break; case 'delete_meta': delete_meta($_POST['id_meta'], $_POST['id_cons']); break; /*case 'insert_meta': ver_meta($_POST['accion'],$_POST['contexto'],$_POST['id_meta']); break;*/ /*case 'insert_meta': ver_meta($_POST['accion'],$_POST['contexto'],$_POST['id_meta']); break;*/ default: ver_metas(1); break; }