static function save_meta($post_ID)
{
// Meta Stuff
if (!isset($_POST['bbpmeta_no_js'])) {
return;
}
if (isset($_POST['meta']) && $_POST['meta']) {
foreach ($_POST['meta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (!current_user_can('edit_post_meta', $post_ID, $value['key'])) {
continue;
}
update_meta($key, 'bbpmeta_params', $value);
}
}
if (isset($_POST['deletemeta']) && $_POST['deletemeta']) {
foreach ($_POST['deletemeta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (!current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) {
continue;
}
delete_meta($key);
}
}
self::add_meta($post_ID);
}
/**
* Update an existing post with values provided in $_POST.
*
* @since unknown
*
* @param array $post_data Optional.
* @return int Post ID.
*/
function edit_post($post_data = null)
{
if (empty($post_data)) {
$post_data =& $_POST;
}
$post_ID = (int) $post_data['post_ID'];
if ('page' == $post_data['post_type']) {
if (!current_user_can('edit_page', $post_ID)) {
wp_die(__('You are not allowed to edit this page.'));
}
} else {
if (!current_user_can('edit_post', $post_ID)) {
wp_die(__('You are not allowed to edit this post.'));
}
}
// Autosave shouldn't save too soon after a real save
if ('autosave' == $post_data['action']) {
$post =& get_post($post_ID);
$now = time();
$then = strtotime($post->post_date_gmt . ' +0000');
$delta = AUTOSAVE_INTERVAL / 2;
if ($now - $then < $delta) {
return $post_ID;
}
}
$post_data = _wp_translate_postdata(true, $post_data);
if (is_wp_error($post_data)) {
wp_die($post_data->get_error_message());
}
if (isset($post_data['visibility'])) {
switch ($post_data['visibility']) {
case 'public':
$post_data['post_password'] = '';
break;
case 'password':
unset($post_data['sticky']);
break;
case 'private':
$post_data['post_status'] = 'private';
$post_data['post_password'] = '';
unset($post_data['sticky']);
break;
}
}
// Meta Stuff
if (isset($post_data['meta']) && $post_data['meta']) {
foreach ($post_data['meta'] as $key => $value) {
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($post_data['deletemeta']) && $post_data['deletemeta']) {
foreach ($post_data['deletemeta'] as $key => $value) {
delete_meta($key);
}
}
add_meta($post_ID);
wp_update_post($post_data);
// Reunite any orphaned attachments with their parent
if (!($draft_ids = get_user_option('autosave_draft_ids'))) {
$draft_ids = array();
}
if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) {
_relocate_children($draft_temp_id, $post_ID);
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID);
if (current_user_can('edit_others_posts')) {
if (!empty($post_data['sticky'])) {
stick_post($post_ID);
} else {
unstick_post($post_ID);
}
}
return $post_ID;
}
function edit_post() {
global $user_ID;
$post_ID = (int) $_POST['post_ID'];
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_page', $post_ID ) )
wp_die( __('You are not allowed to edit this page.' ));
} else {
if ( !current_user_can( 'edit_post', $post_ID ) )
wp_die( __('You are not allowed to edit this post.' ));
}
// Autosave shouldn't save too soon after a real save
if ( 'autosave' == $_POST['action'] ) {
$post =& get_post( $post_ID );
$now = time();
$then = strtotime($post->post_date_gmt . ' +0000');
// Keep autosave_interval in sync with autosave-js.php.
$delta = apply_filters( 'autosave_interval', 120 ) / 2;
if ( ($now - $then) < $delta )
return $post_ID;
}
// Rename.
$_POST['ID'] = (int) $_POST['post_ID'];
$_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_parent'] = $_POST['parent_id'];
$_POST['to_ping'] = $_POST['trackback_url'];
if (!empty ( $_POST['post_author_override'] ) ) {
$_POST['post_author'] = (int) $_POST['post_author_override'];
} else
if (!empty ( $_POST['post_author'] ) ) {
$_POST['post_author'] = (int) $_POST['post_author'];
} else {
$_POST['post_author'] = (int) $_POST['user_ID'];
}
if ( $_POST['post_author'] != $_POST['user_ID'] ) {
if ( 'page' == $_POST['post_type'] ) {
if ( !current_user_can( 'edit_others_pages' ) )
wp_die( __('You are not allowed to edit pages as this user.' ));
} else {
if ( !current_user_can( 'edit_others_posts' ) )
wp_die( __('You are not allowed to edit posts as this user.' ));
}
}
// What to do based on which button they pressed
if ('' != $_POST['saveasdraft'] )
$_POST['post_status'] = 'draft';
if ('' != $_POST['saveasprivate'] )
$_POST['post_status'] = 'private';
if ('' != $_POST['publish'] )
$_POST['post_status'] = 'publish';
if ('' != $_POST['advanced'] )
$_POST['post_status'] = 'draft';
if ( 'page' == $_POST['post_type'] ) {
if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' ))
$_POST['post_status'] = 'draft';
} else {
if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' ))
$_POST['post_status'] = 'draft';
}
if (!isset( $_POST['comment_status'] ))
$_POST['comment_status'] = 'closed';
if (!isset( $_POST['ping_status'] ))
$_POST['ping_status'] = 'closed';
if (!empty ( $_POST['edit_date'] ) ) {
$aa = $_POST['aa'];
$mm = $_POST['mm'];
$jj = $_POST['jj'];
$hh = $_POST['hh'];
$mn = $_POST['mn'];
$ss = $_POST['ss'];
$jj = ($jj > 31 ) ? 31 : $jj;
$hh = ($hh > 23 ) ? $hh -24 : $hh;
$mn = ($mn > 59 ) ? $mn -60 : $mn;
$ss = ($ss > 59 ) ? $ss -60 : $ss;
$_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
$_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" );
}
// Meta Stuff
if ( $_POST['meta'] ) {
foreach ( $_POST['meta'] as $key => $value )
update_meta( $key, $value['key'], $value['value'] );
}
if ( $_POST['deletemeta'] ) {
foreach ( $_POST['deletemeta'] as $key => $value )
delete_meta( $key );
}
add_meta( $post_ID );
wp_update_post( $_POST );
// Reunite any orphaned attachments with their parent
if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
$draft_ids = array();
if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
relocate_children( $draft_temp_id, $post_ID );
// Now that we have an ID we can fix any attachment anchor hrefs
fix_attachment_links( $post_ID );
return $post_ID;
}
}
if (wp_delete_link($id)) {
die('1');
} else {
die('0');
}
break;
case 'delete-meta':
check_ajax_referer("delete-meta_{$id}");
if (!($meta = get_post_meta_by_id($id))) {
die('1');
}
if (!current_user_can('edit_post', $meta->post_id)) {
die('-1');
}
if (delete_meta($meta->meta_id)) {
die('1');
}
die('0');
break;
case 'delete-post':
check_ajax_referer("{$action}_{$id}");
if (!current_user_can('delete_post', $id)) {
die('-1');
}
if (!get_post($id)) {
die('1');
}
if (wp_delete_post($id)) {
die('1');
} else {
/**
* Delete a product meta via AJAX
*
* @since 3.8.9
* @access private
*
* @uses delete_meta() Deletes metadata by meta id
* @uses WP_Error WordPress error class
*
* @return array|WP_Error $return Response args if successful, WP_Error if otherwise
*/
function _wpsc_ajax_remove_product_meta()
{
$meta_id = (int) $_POST['meta_id'];
if (!delete_meta($meta_id)) {
return new WP_Error('wpsc_cannot_delete_product_meta', __("Couldn't delete product meta. Please try again.", 'wpsc'));
}
return array('meta_id' => $meta_id);
}
/**
* Update an existing post with values provided in $_POST.
*
* @since 1.5.0
*
* @param array $post_data Optional.
* @return int Post ID.
*/
function edit_post($post_data = null)
{
if (empty($post_data)) {
$post_data =& $_POST;
}
// Clear out any data in internal vars.
unset($post_data['filter']);
$post_ID = (int) $post_data['post_ID'];
$post = get_post($post_ID);
$post_data['post_type'] = $post->post_type;
$post_data['post_mime_type'] = $post->post_mime_type;
$ptype = get_post_type_object($post_data['post_type']);
if (!current_user_can('edit_post', $post_ID)) {
if ('page' == $post_data['post_type']) {
wp_die(__('You are not allowed to edit this page.'));
} else {
wp_die(__('You are not allowed to edit this post.'));
}
}
$post_data = _wp_translate_postdata(true, $post_data);
if (is_wp_error($post_data)) {
wp_die($post_data->get_error_message());
}
if ((empty($post_data['action']) || 'autosave' != $post_data['action']) && 'auto-draft' == $post_data['post_status']) {
$post_data['post_status'] = 'draft';
}
if (isset($post_data['visibility'])) {
switch ($post_data['visibility']) {
case 'public':
$post_data['post_password'] = '';
break;
case 'password':
unset($post_data['sticky']);
break;
case 'private':
$post_data['post_status'] = 'private';
$post_data['post_password'] = '';
unset($post_data['sticky']);
break;
}
}
// Post Formats
if (isset($post_data['post_format'])) {
set_post_format($post_ID, $post_data['post_format']);
}
$format_meta_urls = array('url', 'link_url', 'quote_source_url');
foreach ($format_meta_urls as $format_meta_url) {
$keyed = '_format_' . $format_meta_url;
if (isset($post_data[$keyed])) {
update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed]))));
}
}
$format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed');
foreach ($format_keys as $key) {
$keyed = '_format_' . $key;
if (isset($post_data[$keyed])) {
if (current_user_can('unfiltered_html')) {
update_post_meta($post_ID, $keyed, $post_data[$keyed]);
} else {
update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed]));
}
}
}
// Meta Stuff
if (isset($post_data['meta']) && $post_data['meta']) {
foreach ($post_data['meta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) {
continue;
}
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($post_data['deletemeta']) && $post_data['deletemeta']) {
foreach ($post_data['deletemeta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) {
continue;
}
delete_meta($key);
}
}
// Attachment stuff
if ('attachment' == $post_data['post_type']) {
if (isset($post_data['_wp_attachment_image_alt'])) {
$image_alt = wp_unslash($post_data['_wp_attachment_image_alt']);
if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) {
$image_alt = wp_strip_all_tags($image_alt, true);
// update_meta expects slashed
update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt));
}
}
$attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array();
$post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data);
}
add_meta($post_ID);
update_post_meta($post_ID, '_edit_last', get_current_user_id());
wp_update_post($post_data);
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID);
if (current_user_can($ptype->cap->edit_others_posts)) {
if (!empty($post_data['sticky'])) {
stick_post($post_ID);
} else {
unstick_post($post_ID);
}
}
return $post_ID;
}
function test_delete_meta()
{
$mid = add_post_meta($this->post_id, 'delete_meta', 'delete_meta_value', true);
$this->assertInternalType('integer', $mid);
$this->assertTrue(delete_meta($mid));
$this->assertFalse(get_metadata_by_mid('post', $mid));
$this->assertFalse(delete_meta(123456789));
}
function podcasting_save_form($postID)
{
global $wpdb;
// Security prevention
if (!current_user_can('edit_post', $postID)) {
return $postID;
}
// Extra security prevention
if (isset($_POST['comment_post_ID'])) {
return $postID;
}
if (isset($_POST['not_spam'])) {
return $postID;
}
// akismet fix
if (isset($_POST['comment'])) {
return $postID;
}
// moderation.php fix
// Update enclosures
$enclosure_ids = explode(',', $_POST['enclosure_ids']);
$enclosures = get_post_meta($postID, 'enclosure');
$i = 0;
foreach ($enclosure_ids as $enclosure_id) {
// Ensure we're dealing with an ID
$enclosure_id = (int) $enclosure_id;
$itunes = serialize(array('format' => $_POST['pod_format_' . $enclosure_id], 'keywords' => $_POST['pod_keywords_' . $enclosure_id], 'author' => $_POST['pod_author_' . $enclosure_id], 'length' => $_POST['pod_length_' . $enclosure_id], 'explicit' => $_POST['pod_explicit_' . $enclosure_id]));
// Update format
wp_set_object_terms($enclosure_id, $_POST['pod_format_' . $enclosure_id], 'podcast_format', false);
// Update enclsoure
$enclosure = explode("\n", $enclosures[$i]);
$enclosure[3] = $itunes;
update_post_meta($postID, 'enclosure', implode("\n", $enclosure), $enclosures[$i]);
$i++;
// Delete enclosure
if (isset($_POST['delete_pod_' . $enclosure_id])) {
// Remove format
wp_delete_object_term_relationships($enclosure_id, 'podcast_format');
// Remove enclosure
delete_meta($enclosure_id);
// Fake a save
$_POST['save'] = 'Update';
}
}
// Add new enclosures
if (isset($_POST['pod_new_file']) && '' != $_POST['pod_new_file']) {
$content = $_POST['pod_new_file'];
$enclosed = get_enclosed($postID);
do_enclose($content, $postID);
// Add relationship if new enclosure
if (!in_array($content, $enclosed)) {
$enclosure_id = $wpdb->get_var("SELECT meta_id FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id DESC");
// Find the enclosure we just added
wp_set_object_terms($enclosure_id, 'default-format', 'podcast_format', false);
}
}
return $postID;
}
function podcasting_save_form($postID)
{
global $wpdb;
// Security prevention
if (!current_user_can('edit_post', $postID)) {
return $postID;
}
// Extra security prevention
if (isset($_POST['comment_post_ID'])) {
return $postID;
}
if (isset($_POST['not_spam'])) {
return $postID;
}
// akismet fix
if (isset($_POST['comment'])) {
return $postID;
}
// moderation.php fix
// Ignore save_post action for revisions and autosaves
if (function_exists('wp_is_post_revision') && function_exists('wp_is_post_autosave')) {
if (wp_is_post_revision($postID) || wp_is_post_autosave($postID)) {
return $postID;
}
}
// Add new enclosures
if ($_POST['pod_new_enclosure_ids'] != '') {
$pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1));
$pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1));
$added_enclosure_ids = array();
foreach ($pod_new_enclosure_ids as $pod_enclosure_id) {
$pod_enclosure_id = (int) $pod_enclosure_id;
// Check if the enclosure is on the ignore list
if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) {
$pod_content = podcasting_urlencode($_POST['pod_new_file_' . $pod_enclosure_id]);
$pod_format = $_POST['pod_new_format_' . $pod_enclosure_id];
$enclosed = get_enclosed($postID);
do_enclose($pod_content, $postID);
// Add relationship if new enclosure
if (!in_array($pod_content, $enclosed)) {
$pod_enclosure_id2 = $wpdb->get_var("SELECT meta_id FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id DESC");
// Find the enclosure we just added
wp_set_object_terms($pod_enclosure_id2, $pod_format, 'podcast_format', false);
}
$added_enclosure_ids[] = $pod_enclosure_id;
}
}
}
// Update enclosures
if (isset($_POST['pod_enclosure_ids'])) {
$pod_enclosure_ids = explode(',', $_POST['pod_enclosure_ids']);
$pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1));
$pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1));
$pod_delete_enclosure_ids = explode(',', substr($_POST['pod_delete_enclosure_ids'], 0, -1));
$enclosures = $wpdb->get_results("SELECT meta_id, meta_value FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id", ARRAY_A);
$i = 0;
if ($_POST['pod_enclosure_ids'] != '') {
foreach ($pod_enclosure_ids as $pod_enclosure_id) {
// Ensure we're dealing with an ID
$pod_enclosure_id = (int) $pod_enclosure_id;
$itunes = serialize(array('format' => $_POST['pod_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_author_' . $pod_enclosure_id], 'length' => $_POST['pod_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_explicit_' . $pod_enclosure_id]));
// Update format
wp_set_object_terms($pod_enclosure_id, $_POST['pod_format_' . $pod_enclosure_id], 'podcast_format', false);
// Update enclsoure
$enclosure = explode("\n", $enclosures[$i]['meta_value']);
$enclosure[3] = $itunes;
update_post_meta($postID, 'enclosure', implode("\n", $enclosure), $enclosures[$i]['meta_value']);
$i++;
// Delete enclosure
if (in_array($pod_enclosure_id, $pod_delete_enclosure_ids)) {
// Remove format
wp_delete_object_term_relationships($pod_enclosure_id, 'podcast_format');
// Remove enclosure
delete_meta($pod_enclosure_id);
}
}
}
if (count($added_enclosure_ids) > 0) {
foreach ($added_enclosure_ids as $pod_enclosure_id) {
// Ensure we're dealing with an ID
$pod_enclosure_id = (int) $pod_enclosure_id;
// Check if the enclosure is on the ignore list
if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) {
$itunes = serialize(array('format' => $_POST['pod_new_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_new_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_new_author_' . $pod_enclosure_id], 'length' => $_POST['pod_new_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_new_explicit_' . $pod_enclosure_id]));
// Update format
$meta_id = $enclosures[$i]['meta_id'];
wp_set_object_terms($meta_id, $_POST['pod_new_format_' . $pod_enclosure_id], 'podcast_format', false);
// Update enclsoure
$enclosure = explode("\n", $enclosures[$i]['meta_value']);
$enclosure[3] = $itunes;
$enclosure_insert = implode("\n", $enclosure);
$wpdb->query("UPDATE {$wpdb->postmeta} SET meta_value = '{$enclosure_insert}' WHERE meta_id = '{$meta_id}'");
$i++;
}
}
}
}
return $postID;
}
function edit_post()
{
$post_ID = (int) $_POST['post_ID'];
if ('page' == $_POST['post_type']) {
if (!current_user_can('edit_page', $post_ID)) {
wp_die(__('You are not allowed to edit this page.'));
}
} else {
if (!current_user_can('edit_post', $post_ID)) {
wp_die(__('You are not allowed to edit this post.'));
}
}
// Autosave shouldn't save too soon after a real save
if ('autosave' == $_POST['action']) {
$post =& get_post($post_ID);
$now = time();
$then = strtotime($post->post_date_gmt . ' +0000');
$delta = AUTOSAVE_INTERVAL / 2;
if ($now - $then < $delta) {
return $post_ID;
}
}
$translated = _wp_translate_postdata(true);
if (is_wp_error($translated)) {
wp_die($translated->get_error_message());
}
// Meta Stuff
if (isset($_POST['meta']) && $_POST['meta']) {
foreach ($_POST['meta'] as $key => $value) {
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($_POST['deletemeta']) && $_POST['deletemeta']) {
foreach ($_POST['deletemeta'] as $key => $value) {
delete_meta($key);
}
}
add_meta($post_ID);
wp_update_post($_POST);
// Reunite any orphaned attachments with their parent
if (!($draft_ids = get_user_option('autosave_draft_ids'))) {
$draft_ids = array();
}
if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) {
_relocate_children($draft_temp_id, $post_ID);
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID);
return $post_ID;
}
function wpsc_admin_ajax()
{
global $wpdb;
if (isset($_POST['action']) && $_POST['action'] == 'product-page-order') {
$current_order = get_option('wpsc_product_page_order');
$new_order = $_POST['order'];
if (isset($new_order["advanced"])) {
$current_order["advanced"] = array_unique(explode(',', $new_order["advanced"]));
}
if (isset($new_order["side"])) {
$current_order["side"] = array_unique(explode(',', $new_order["side"]));
}
update_option('wpsc_product_page_order', $current_order);
exit(print_r($order, 1));
}
if (isset($_POST['save_image_upload_state']) && $_POST['save_image_upload_state'] == 'true' && is_numeric($_POST['image_upload_state'])) {
$upload_state = (int) (bool) $_POST['image_upload_state'];
update_option('wpsc_use_flash_uploader', $upload_state);
exit("done");
}
if (isset($_POST['remove_variation_value']) && $_POST['remove_variation_value'] == "true" && is_numeric($_POST['variation_value_id'])) {
$value_id = absint($_GET['variation_value_id']);
echo wp_delete_term($value_id, 'wpsc-variation');
exit;
}
if (isset($_POST['hide_ecom_dashboard']) && $_POST['hide_ecom_dashboard'] == 'true') {
require_once ABSPATH . WPINC . '/rss.php';
$rss = fetch_rss('http://www.instinct.co.nz/feed/');
$rss->items = array_slice($rss->items, 0, 5);
$rss_hash = sha1(serialize($rss->items));
update_option('wpsc_ecom_news_hash', $rss_hash);
exit(1);
}
if (isset($_POST['remove_meta']) && $_POST['remove_meta'] == 'true' && is_numeric($_POST['meta_id'])) {
$meta_id = (int) $_POST['meta_id'];
if (delete_meta($meta_id)) {
echo $meta_id;
exit;
}
echo 0;
exit;
}
if (isset($_REQUEST['log_state']) && $_REQUEST['log_state'] == "true" && is_numeric($_POST['id']) && is_numeric($_POST['value'])) {
$newvalue = $_POST['value'];
if ($_REQUEST['suspend'] == 'true') {
if ($_REQUEST['value'] == 1 && function_exists('wpsc_member_dedeactivate_subscriptions')) {
wpsc_member_dedeactivate_subscriptions($_POST['id']);
} elseif (function_exists('wpsc_member_deactivate_subscriptions')) {
wpsc_member_deactivate_subscriptions($_POST['id']);
}
exit;
} else {
$log_data = $wpdb->get_row($wpdb->prepare("SELECT * FROM `" . WPSC_TABLE_PURCHASE_LOGS . "` WHERE `id` = '%d' LIMIT 1", $_POST['id']), ARRAY_A);
if ($newvalue == 2 && function_exists('wpsc_member_activate_subscriptions')) {
wpsc_member_activate_subscriptions($_POST['id']);
}
$wpdb->update(WPSC_TABLE_PURCHASE_LOGS, array('processed' => $newvalue), array('id' => $_POST['id']), '%d', '%d');
if ($newvalue > $log_data['processed'] && $log_data['processed'] < 2) {
transaction_results($log_data['sessionid'], false);
}
$status_name = wpsc_find_purchlog_status_name($purchase['processed']);
echo "document.getElementById(\"form_group_" . $_POST['id'] . "_text\").innerHTML = '" . $status_name . "';\n";
$year = date("Y");
$month = date("m");
$start_timestamp = mktime(0, 0, 0, $month, 1, $year);
$end_timestamp = mktime(0, 0, 0, $month + 1, 0, $year);
echo "document.getElementById(\"log_total_month\").innerHTML = '" . addslashes(wpsc_currency_display(admin_display_total_price($start_timestamp, $end_timestamp))) . "';\n";
echo "document.getElementById(\"log_total_absolute\").innerHTML = '" . addslashes(wpsc_currency_display(admin_display_total_price())) . "';\n";
exit;
}
}
}
/**
* Update an existing post with values provided in $_POST.
*
* @since 1.5.0
*
* @param array $post_data Optional.
* @return int Post ID.
*/
function edit_post($post_data = null)
{
if (empty($post_data)) {
$post_data =& $_POST;
}
// Clear out any data in internal vars.
unset($post_data['filter']);
$post_ID = (int) $post_data['post_ID'];
$post = get_post($post_ID);
$post_data['post_type'] = $post->post_type;
$post_data['post_mime_type'] = $post->post_mime_type;
$ptype = get_post_type_object($post_data['post_type']);
if (!current_user_can($ptype->cap->edit_post, $post_ID)) {
if ('page' == $post_data['post_type']) {
wp_die(__('You are not allowed to edit this page.'));
} else {
wp_die(__('You are not allowed to edit this post.'));
}
}
$post_data = _wp_translate_postdata(true, $post_data);
if (is_wp_error($post_data)) {
wp_die($post_data->get_error_message());
}
if ('autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status']) {
$post_data['post_status'] = 'draft';
}
if (isset($post_data['visibility'])) {
switch ($post_data['visibility']) {
case 'public':
$post_data['post_password'] = '';
break;
case 'password':
unset($post_data['sticky']);
break;
case 'private':
$post_data['post_status'] = 'private';
$post_data['post_password'] = '';
unset($post_data['sticky']);
break;
}
}
// Post Formats
if (isset($post_data['post_format'])) {
if (current_theme_supports('post-formats', $post_data['post_format'])) {
set_post_format($post_ID, $post_data['post_format']);
} elseif ('0' == $post_data['post_format']) {
set_post_format($post_ID, false);
}
}
// Featured Images
if (isset($post_data['thumbnail_id'])) {
if ('-1' == $post_data['thumbnail_id']) {
delete_post_thumbnail($post_ID);
} else {
set_post_thumbnail($post_ID, $post_data['thumbnail_id']);
}
}
// Meta Stuff
if (isset($post_data['meta']) && $post_data['meta']) {
foreach ($post_data['meta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) {
continue;
}
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($post_data['deletemeta']) && $post_data['deletemeta']) {
foreach ($post_data['deletemeta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) {
continue;
}
delete_meta($key);
}
}
// Attachment stuff
if ('attachment' == $post_data['post_type'] && isset($post_data['_wp_attachment_image_alt'])) {
$image_alt = get_post_meta($post_ID, '_wp_attachment_image_alt', true);
if ($image_alt != stripslashes($post_data['_wp_attachment_image_alt'])) {
$image_alt = wp_strip_all_tags(stripslashes($post_data['_wp_attachment_image_alt']), true);
// update_meta expects slashed
update_post_meta($post_ID, '_wp_attachment_image_alt', addslashes($image_alt));
}
}
add_meta($post_ID);
update_post_meta($post_ID, '_edit_last', $GLOBALS['current_user']->ID);
wp_update_post($post_data);
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID);
if (current_user_can($ptype->cap->edit_others_posts)) {
if (!empty($post_data['sticky'])) {
stick_post($post_ID);
} else {
unstick_post($post_ID);
}
}
return $post_ID;
}
/**
* Saves information about enclosures
*/
function saveForm($postID)
{
global $wpdb;
// Security prevention
if (!current_user_can('edit_post', $postID)) {
return $postID;
}
// Extra security prevention
if (isset($_POST['comment_post_ID'])) {
return $postID;
}
if (isset($_POST['not_spam'])) {
return $postID;
}
// akismet fix
if (isset($_POST['comment'])) {
return $postID;
}
// moderation.php fix
// Ignore save_post action for revisions and autosave
if (wp_is_post_revision($postID) || wp_is_post_autosave($postID)) {
return $postID;
}
// Add new enclosures
if ($_POST['pod_new_enclosure_ids'] != '') {
$pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1));
$pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1));
$added_enclosure_ids = array();
foreach ($pod_new_enclosure_ids as $pod_enclosure_id) {
$pod_enclosure_id = (int) $pod_enclosure_id;
// Check if the enclosure is on the ignore list
if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) {
$pod_content = $this->prepareEnclosure($_POST['pod_new_file_' . $pod_enclosure_id]);
$pod_format = $_POST['pod_new_format_' . $pod_enclosure_id];
$enclosed = get_enclosed($postID);
// Enclose the file using a custom method
$headers = $this->getHttpHeaders($pod_content);
# Check if the headers processed the file correctly, if they didn't try to clean up the file
if ($headers['response'] != '200') {
$pod_content = podcasting_urlencode($pod_content);
$headers = $this->getHttpHeaders($pod_content);
}
$length = (int) $headers['content-length'];
$type = addslashes($headers['content-type']);
if ($headers['response'] != '404' && is_array($headers)) {
add_post_meta($postID, 'enclosure', "{$pod_content}\n{$length}\n{$type}\n");
// Add relationship if new enclosure
if (!in_array($pod_content, $enclosed)) {
$pod_enclosure_id2 = $wpdb->get_var("SELECT meta_id FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id DESC");
// Find the enclosure we just added
wp_set_object_terms($pod_enclosure_id2, $pod_format, 'podcast_format', false);
}
$added_enclosure_ids[] = $pod_enclosure_id;
}
}
}
}
// Update enclosures
if (isset($_POST['pod_enclosure_ids'])) {
$pod_enclosure_ids = explode(',', $_POST['pod_enclosure_ids']);
$pod_new_enclosure_ids = explode(',', substr($_POST['pod_new_enclosure_ids'], 0, -1));
$pod_ignore_enclosure_ids = explode(',', substr($_POST['pod_ignore_enclosure_ids'], 0, -1));
$pod_delete_enclosure_ids = explode(',', substr($_POST['pod_delete_enclosure_ids'], 0, -1));
$enclosures = $wpdb->get_results("SELECT meta_id, meta_value FROM {$wpdb->postmeta} WHERE post_id = {$postID} AND meta_key = 'enclosure' ORDER BY meta_id", ARRAY_A);
$i = 0;
if ($_POST['pod_enclosure_ids'] != '') {
foreach ($pod_enclosure_ids as $pod_enclosure_id) {
// Ensure we're dealing with an ID
$pod_enclosure_id = (int) $pod_enclosure_id;
$itunes = serialize(array('format' => $_POST['pod_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_author_' . $pod_enclosure_id], 'length' => $_POST['pod_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_explicit_' . $pod_enclosure_id]));
// Update format
wp_set_object_terms($pod_enclosure_id, $_POST['pod_format_' . $pod_enclosure_id], 'podcast_format', false);
// Update enclsoure
$enclosure = explode("\n", $enclosures[$i]['meta_value']);
$enclosure[3] = $itunes;
// Check that we have the full enclosure before updating it
if (is_array($enclosures)) {
update_post_meta($postID, 'enclosure', implode("\n", $enclosure), $enclosures[$i]['meta_value']);
}
$i++;
// Delete enclosure
if (in_array($pod_enclosure_id, $pod_delete_enclosure_ids)) {
// Remove format
wp_delete_object_term_relationships($pod_enclosure_id, 'podcast_format');
// Remove enclosure
delete_meta($pod_enclosure_id);
}
}
}
if (count($added_enclosure_ids) > 0) {
foreach ($added_enclosure_ids as $pod_enclosure_id) {
// Ensure we're dealing with an ID
$pod_enclosure_id = (int) $pod_enclosure_id;
// Check if the enclosure is on the ignore list
if (!in_array($pod_enclosure_id, $pod_ignore_enclosure_ids)) {
$itunes = serialize(array('format' => $_POST['pod_new_format_' . $pod_enclosure_id], 'keywords' => $_POST['pod_new_keywords_' . $pod_enclosure_id], 'author' => $_POST['pod_new_author_' . $pod_enclosure_id], 'length' => $_POST['pod_new_length_' . $pod_enclosure_id], 'explicit' => $_POST['pod_new_explicit_' . $pod_enclosure_id]));
// Update format
$meta_id = $enclosures[$i]['meta_id'];
wp_set_object_terms($meta_id, $_POST['pod_new_format_' . $pod_enclosure_id], 'podcast_format', false);
// Update enclsoure
$enclosure = explode("\n", $enclosures[$i]['meta_value']);
$enclosure[3] = $itunes;
$enclosure_insert = implode("\n", $enclosure);
$wpdb->query("UPDATE {$wpdb->postmeta} SET meta_value = '{$enclosure_insert}' WHERE meta_id = '{$meta_id}'");
$i++;
}
}
}
}
return $postID;
}
function edit_post()
{
$post_ID = (int) $_POST['post_ID'];
if ('page' == $_POST['post_type']) {
if (!current_user_can('edit_page', $post_ID)) {
wp_die(__('You are not allowed to edit this page.'));
}
} else {
if (!current_user_can('edit_post', $post_ID)) {
wp_die(__('You are not allowed to edit this post.'));
}
}
// Autosave shouldn't save too soon after a real save
if ('autosave' == $_POST['action']) {
$post =& get_post($post_ID);
$now = time();
$then = strtotime($post->post_date_gmt . ' +0000');
$delta = AUTOSAVE_INTERVAL / 2;
if ($now - $then < $delta) {
return $post_ID;
}
}
// Rename.
$_POST['ID'] = (int) $_POST['post_ID'];
$_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_parent'] = isset($_POST['parent_id']) ? $_POST['parent_id'] : '';
$_POST['to_ping'] = $_POST['trackback_url'];
if (!empty($_POST['post_author_override'])) {
$_POST['post_author'] = (int) $_POST['post_author_override'];
} else {
if (!empty($_POST['post_author'])) {
$_POST['post_author'] = (int) $_POST['post_author'];
} else {
$_POST['post_author'] = (int) $_POST['user_ID'];
}
}
if ($_POST['post_author'] != $_POST['user_ID']) {
if ('page' == $_POST['post_type']) {
if (!current_user_can('edit_others_pages')) {
wp_die(__('You are not allowed to edit pages as this user.'));
}
} else {
if (!current_user_can('edit_others_posts')) {
wp_die(__('You are not allowed to edit posts as this user.'));
}
}
}
// What to do based on which button they pressed
if (isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft']) {
$_POST['post_status'] = 'draft';
}
if (isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate']) {
$_POST['post_status'] = 'private';
}
if (isset($_POST['publish']) && '' != $_POST['publish'] && $_POST['post_status'] != 'private') {
$_POST['post_status'] = 'publish';
}
if (isset($_POST['advanced']) && '' != $_POST['advanced']) {
$_POST['post_status'] = 'draft';
}
if ('page' == $_POST['post_type']) {
if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages')) {
if ($previous_status != 'publish' or !current_user_can('edit_published_pages')) {
$_POST['post_status'] = 'pending';
}
}
} else {
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) {
$_POST['post_status'] = 'pending';
}
}
if (!isset($_POST['comment_status'])) {
$_POST['comment_status'] = 'closed';
}
if (!isset($_POST['ping_status'])) {
$_POST['ping_status'] = 'closed';
}
foreach (array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit) {
if (!empty($_POST['hidden_' . $timeunit]) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit]) {
$_POST['edit_date'] = '1';
break;
}
}
if (!empty($_POST['edit_date'])) {
$aa = $_POST['aa'];
$mm = $_POST['mm'];
$jj = $_POST['jj'];
$hh = $_POST['hh'];
$mn = $_POST['mn'];
$ss = $_POST['ss'];
$jj = $jj > 31 ? 31 : $jj;
$hh = $hh > 23 ? $hh - 24 : $hh;
$mn = $mn > 59 ? $mn - 60 : $mn;
$ss = $ss > 59 ? $ss - 60 : $ss;
$_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}";
$_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}");
}
// Meta Stuff
if (isset($_POST['meta']) && $_POST['meta']) {
foreach ($_POST['meta'] as $key => $value) {
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($_POST['deletemeta']) && $_POST['deletemeta']) {
foreach ($_POST['deletemeta'] as $key => $value) {
delete_meta($key);
}
}
add_meta($post_ID);
wp_update_post($_POST);
// Reunite any orphaned attachments with their parent
if (!($draft_ids = get_user_option('autosave_draft_ids'))) {
$draft_ids = array();
}
if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) {
_relocate_children($draft_temp_id, $post_ID);
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID);
return $post_ID;
}
/**
* Update an existing post with values provided in $_POST.
*
* @since 1.5.0
*
* @param array $post_data Optional.
* @return int Post ID.
*/
function edit_post($post_data = null)
{
global $wpdb;
if (empty($post_data)) {
$post_data =& $_POST;
}
// Clear out any data in internal vars.
unset($post_data['filter']);
$post_ID = (int) $post_data['post_ID'];
$post = get_post($post_ID);
$post_data['post_type'] = $post->post_type;
$post_data['post_mime_type'] = $post->post_mime_type;
if (!empty($post_data['post_status'])) {
$post_data['post_status'] = sanitize_key($post_data['post_status']);
if ('inherit' == $post_data['post_status']) {
unset($post_data['post_status']);
}
}
$ptype = get_post_type_object($post_data['post_type']);
if (!current_user_can('edit_post', $post_ID)) {
if ('page' == $post_data['post_type']) {
wp_die(__('You are not allowed to edit this page.'));
} else {
wp_die(__('You are not allowed to edit this post.'));
}
}
if (post_type_supports($ptype->name, 'revisions')) {
$revisions = wp_get_post_revisions($post_ID, array('order' => 'ASC', 'posts_per_page' => 1));
$revision = current($revisions);
// Check if the revisions have been upgraded
if ($revisions && _wp_get_post_revision_version($revision) < 1) {
_wp_upgrade_revisions_of_post($post, wp_get_post_revisions($post_ID));
}
}
if (isset($post_data['visibility'])) {
switch ($post_data['visibility']) {
case 'public':
$post_data['post_password'] = '';
break;
case 'password':
unset($post_data['sticky']);
break;
case 'private':
$post_data['post_status'] = 'private';
$post_data['post_password'] = '';
unset($post_data['sticky']);
break;
}
}
$post_data = _wp_translate_postdata(true, $post_data);
if (is_wp_error($post_data)) {
wp_die($post_data->get_error_message());
}
// Post Formats
if (isset($post_data['post_format'])) {
set_post_format($post_ID, $post_data['post_format']);
}
$format_meta_urls = array('url', 'link_url', 'quote_source_url');
foreach ($format_meta_urls as $format_meta_url) {
$keyed = '_format_' . $format_meta_url;
if (isset($post_data[$keyed])) {
update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed]))));
}
}
$format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed');
foreach ($format_keys as $key) {
$keyed = '_format_' . $key;
if (isset($post_data[$keyed])) {
if (current_user_can('unfiltered_html')) {
update_post_meta($post_ID, $keyed, $post_data[$keyed]);
} else {
update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed]));
}
}
}
if ('attachment' === $post_data['post_type'] && preg_match('#^(audio|video)/#', $post_data['post_mime_type'])) {
$id3data = wp_get_attachment_metadata($post_ID);
if (!is_array($id3data)) {
$id3data = array();
}
foreach (wp_get_attachment_id3_keys($post, 'edit') as $key => $label) {
if (isset($post_data['id3_' . $key])) {
$id3data[$key] = sanitize_text_field(wp_unslash($post_data['id3_' . $key]));
}
}
wp_update_attachment_metadata($post_ID, $id3data);
}
// Meta Stuff
if (isset($post_data['meta']) && $post_data['meta']) {
foreach ($post_data['meta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) {
continue;
}
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($post_data['deletemeta']) && $post_data['deletemeta']) {
foreach ($post_data['deletemeta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) {
continue;
}
delete_meta($key);
}
}
// Attachment stuff
if ('attachment' == $post_data['post_type']) {
if (isset($post_data['_wp_attachment_image_alt'])) {
$image_alt = wp_unslash($post_data['_wp_attachment_image_alt']);
if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) {
$image_alt = wp_strip_all_tags($image_alt, true);
// update_meta expects slashed.
update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt));
}
}
$attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array();
/** This filter is documented in wp-admin/includes/media.php */
$post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data);
}
add_meta($post_ID);
update_post_meta($post_ID, '_edit_last', get_current_user_id());
$success = wp_update_post($post_data);
// If the save failed, see if we can sanity check the main fields and try again
if (!$success && is_callable(array($wpdb, 'strip_invalid_text_for_column'))) {
$fields = array('post_title', 'post_content', 'post_excerpt');
foreach ($fields as $field) {
if (isset($post_data[$field])) {
$post_data[$field] = $wpdb->strip_invalid_text_for_column($wpdb->posts, $field, $post_data[$field]);
}
}
wp_update_post($post_data);
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID);
if (current_user_can($ptype->cap->edit_others_posts)) {
if (!empty($post_data['sticky'])) {
stick_post($post_ID);
} else {
unstick_post($post_ID);
}
}
return $post_ID;
}
/**
* Set custom fields for post.
*
* @since 2.5.0
*
* @param int $post_id Post ID.
* @param array $fields Custom fields.
*/
function set_custom_fields($post_id, $fields)
{
$post_id = (int) $post_id;
foreach ((array) $fields as $meta) {
if (isset($meta['id'])) {
$meta['id'] = (int) $meta['id'];
if (isset($meta['key'])) {
update_meta($meta['id'], $meta['key'], $meta['value']);
} else {
delete_meta($meta['id']);
}
} else {
$_POST['metakeyinput'] = $meta['key'];
$_POST['metavalue'] = $meta['value'];
add_meta($post_id);
}
}
}
function edit_post()
{
global $user_ID;
$post_ID = (int) $_POST['post_ID'];
if (!current_user_can('edit_post', $post_ID)) {
die(__('You are not allowed to edit this post.'));
}
// Rename.
$_POST['ID'] = (int) $_POST['post_ID'];
$_POST['post_content'] = $_POST['content'];
$_POST['post_excerpt'] = $_POST['excerpt'];
$_POST['post_parent'] = $_POST['parent_id'];
$_POST['to_ping'] = $_POST['trackback_url'];
if (!empty($_POST['post_author_override'])) {
$_POST['post_author'] = (int) $_POST['post_author_override'];
} else {
if (!empty($_POST['post_author'])) {
$_POST['post_author'] = (int) $_POST['post_author'];
} else {
$_POST['post_author'] = (int) $_POST['user_ID'];
}
}
if ($_POST['post_author'] != $_POST['user_ID'] && !current_user_can('edit_others_posts')) {
die(__('You cannot post as this user.'));
}
// What to do based on which button they pressed
if ('' != $_POST['saveasdraft']) {
$_POST['post_status'] = 'draft';
}
if ('' != $_POST['saveasprivate']) {
$_POST['post_status'] = 'private';
}
if ('' != $_POST['publish']) {
$_POST['post_status'] = 'publish';
}
if ('' != $_POST['advanced']) {
$_POST['post_status'] = 'draft';
}
if ('' != $_POST['savepage']) {
$_POST['post_status'] = 'static';
}
if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) {
$_POST['post_status'] = 'draft';
}
if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) {
die(__('This user cannot edit pages.'));
}
if (!isset($_POST['comment_status'])) {
$_POST['comment_status'] = 'closed';
}
if (!isset($_POST['ping_status'])) {
$_POST['ping_status'] = 'closed';
}
if (!empty($_POST['edit_date'])) {
$aa = $_POST['aa'];
$mm = $_POST['mm'];
$jj = $_POST['jj'];
$hh = $_POST['hh'];
$mn = $_POST['mn'];
$ss = $_POST['ss'];
$jj = $jj > 31 ? 31 : $jj;
$hh = $hh > 23 ? $hh - 24 : $hh;
$mn = $mn > 59 ? $mn - 60 : $mn;
$ss = $ss > 59 ? $ss - 60 : $ss;
$_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}";
$_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}");
}
// Meta Stuff
if ($_POST['meta']) {
foreach ($_POST['meta'] as $key => $value) {
update_meta($key, $value['key'], $value['value']);
}
}
if ($_POST['deletemeta']) {
foreach ($_POST['deletemeta'] as $key => $value) {
delete_meta($key);
}
}
add_meta($post_ID);
wp_update_post($_POST);
// Now that we have an ID we can fix any attachment anchor hrefs
fix_attachment_links($post_ID);
return $post_ID;
}
/**
* Update an existing post with values provided in $_POST.
*
* @since 1.5.0
*
* @param array $post_data Optional.
* @return int Post ID.
*/
function edit_post($post_data = null)
{
if (empty($post_data)) {
$post_data =& $_POST;
}
// Clear out any data in internal vars.
unset($post_data['filter']);
$post_ID = (int) $post_data['post_ID'];
$post = get_post($post_ID);
$post_data['post_type'] = $post->post_type;
$post_data['post_mime_type'] = $post->post_mime_type;
$ptype = get_post_type_object($post_data['post_type']);
if (!current_user_can($ptype->cap->edit_post, $post_ID)) {
if ('page' == $post_data['post_type']) {
wp_die(__('You are not allowed to edit this page.'));
} else {
wp_die(__('You are not allowed to edit this post.'));
}
}
// Autosave shouldn't save too soon after a real save
if ('autosave' == $post_data['action']) {
$post =& get_post($post_ID);
$now = time();
$then = strtotime($post->post_date_gmt . ' +0000');
$delta = AUTOSAVE_INTERVAL / 2;
if ($now - $then < $delta) {
return $post_ID;
}
}
$post_data = _wp_translate_postdata(true, $post_data);
if (is_wp_error($post_data)) {
wp_die($post_data->get_error_message());
}
if ('autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status']) {
$post_data['post_status'] = 'draft';
}
if (isset($post_data['visibility'])) {
switch ($post_data['visibility']) {
case 'public':
$post_data['post_password'] = '';
break;
case 'password':
unset($post_data['sticky']);
break;
case 'private':
$post_data['post_status'] = 'private';
$post_data['post_password'] = '';
unset($post_data['sticky']);
break;
}
}
// Post Formats
if (isset($post_data['post_format'])) {
if (current_theme_supports('post-formats', $post_data['post_format'])) {
set_post_format($post_ID, $post_data['post_format']);
} elseif ('0' == $post_data['post_format']) {
set_post_format($post_ID, false);
}
}
// Meta Stuff
if (isset($post_data['meta']) && $post_data['meta']) {
foreach ($post_data['meta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) {
continue;
}
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($post_data['deletemeta']) && $post_data['deletemeta']) {
foreach ($post_data['deletemeta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) {
continue;
}
delete_meta($key);
}
}
add_meta($post_ID);
update_post_meta($post_ID, '_edit_last', $GLOBALS['current_user']->ID);
wp_update_post($post_data);
// Reunite any orphaned attachments with their parent
if (!($draft_ids = get_user_option('autosave_draft_ids'))) {
$draft_ids = array();
}
if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) {
_relocate_children($draft_temp_id, $post_ID);
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID);
if (current_user_can($ptype->cap->edit_others_posts)) {
if (!empty($post_data['sticky'])) {
stick_post($post_ID);
} else {
unstick_post($post_ID);
}
}
return $post_ID;
}
/**
* Update an existing post with values provided in $_POST.
*
* @since 1.5.0
*
* @global wpdb $wpdb WordPress database abstraction object.
*
* @param array $post_data Optional.
* @return int Post ID.
*/
function edit_post($post_data = null)
{
global $wpdb;
if (empty($post_data)) {
$post_data =& $_POST;
}
// Clear out any data in internal vars.
unset($post_data['filter']);
$post_ID = (int) $post_data['post_ID'];
$post = get_post($post_ID);
$post_data['post_type'] = $post->post_type;
$post_data['post_mime_type'] = $post->post_mime_type;
if (!empty($post_data['post_status'])) {
$post_data['post_status'] = sanitize_key($post_data['post_status']);
if ('inherit' == $post_data['post_status']) {
unset($post_data['post_status']);
}
}
$ptype = get_post_type_object($post_data['post_type']);
if (!current_user_can('edit_post', $post_ID)) {
if ('page' == $post_data['post_type']) {
wp_die(__('Sorry, you are not allowed to edit this page.'));
} else {
wp_die(__('Sorry, you are not allowed to edit this post.'));
}
}
if (post_type_supports($ptype->name, 'revisions')) {
$revisions = wp_get_post_revisions($post_ID, array('order' => 'ASC', 'posts_per_page' => 1));
$revision = current($revisions);
// Check if the revisions have been upgraded
if ($revisions && _wp_get_post_revision_version($revision) < 1) {
_wp_upgrade_revisions_of_post($post, wp_get_post_revisions($post_ID));
}
}
if (isset($post_data['visibility'])) {
switch ($post_data['visibility']) {
case 'public':
$post_data['post_password'] = '';
break;
case 'password':
unset($post_data['sticky']);
break;
case 'private':
$post_data['post_status'] = 'private';
$post_data['post_password'] = '';
unset($post_data['sticky']);
break;
}
}
$post_data = _wp_translate_postdata(true, $post_data);
if (is_wp_error($post_data)) {
wp_die($post_data->get_error_message());
}
// Post Formats
if (isset($post_data['post_format'])) {
set_post_format($post_ID, $post_data['post_format']);
}
$format_meta_urls = array('url', 'link_url', 'quote_source_url');
foreach ($format_meta_urls as $format_meta_url) {
$keyed = '_format_' . $format_meta_url;
if (isset($post_data[$keyed])) {
update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed]))));
}
}
$format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed');
foreach ($format_keys as $key) {
$keyed = '_format_' . $key;
if (isset($post_data[$keyed])) {
if (current_user_can('unfiltered_html')) {
update_post_meta($post_ID, $keyed, $post_data[$keyed]);
} else {
update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed]));
}
}
}
if ('attachment' === $post_data['post_type'] && preg_match('#^(audio|video)/#', $post_data['post_mime_type'])) {
$id3data = wp_get_attachment_metadata($post_ID);
if (!is_array($id3data)) {
$id3data = array();
}
foreach (wp_get_attachment_id3_keys($post, 'edit') as $key => $label) {
if (isset($post_data['id3_' . $key])) {
$id3data[$key] = sanitize_text_field(wp_unslash($post_data['id3_' . $key]));
}
}
wp_update_attachment_metadata($post_ID, $id3data);
}
// Meta Stuff
if (isset($post_data['meta']) && $post_data['meta']) {
foreach ($post_data['meta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) {
continue;
}
update_meta($key, $value['key'], $value['value']);
}
}
if (isset($post_data['deletemeta']) && $post_data['deletemeta']) {
foreach ($post_data['deletemeta'] as $key => $value) {
if (!($meta = get_post_meta_by_id($key))) {
continue;
}
if ($meta->post_id != $post_ID) {
continue;
}
if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) {
continue;
}
delete_meta($key);
}
}
// Attachment stuff
if ('attachment' == $post_data['post_type']) {
if (isset($post_data['_wp_attachment_image_alt'])) {
$image_alt = wp_unslash($post_data['_wp_attachment_image_alt']);
if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) {
$image_alt = wp_strip_all_tags($image_alt, true);
// update_meta expects slashed.
update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt));
}
}
$attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array();
/** This filter is documented in wp-admin/includes/media.php */
$post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data);
}
// Convert taxonomy input to term IDs, to avoid ambiguity.
if (isset($post_data['tax_input'])) {
foreach ((array) $post_data['tax_input'] as $taxonomy => $terms) {
// Hierarchical taxonomy data is already sent as term IDs, so no conversion is necessary.
if (is_taxonomy_hierarchical($taxonomy)) {
continue;
}
/*
* Assume that a 'tax_input' string is a comma-separated list of term names.
* Some languages may use a character other than a comma as a delimiter, so we standardize on
* commas before parsing the list.
*/
if (!is_array($terms)) {
$comma = _x(',', 'tag delimiter');
if (',' !== $comma) {
$terms = str_replace($comma, ',', $terms);
}
$terms = explode(',', trim($terms, " \n\t\r\v,"));
}
$clean_terms = array();
foreach ($terms as $term) {
// Empty terms are invalid input.
if (empty($term)) {
continue;
}
$_term = get_terms($taxonomy, array('name' => $term, 'fields' => 'ids', 'hide_empty' => false));
if (!empty($_term)) {
$clean_terms[] = intval($_term[0]);
} else {
// No existing term was found, so pass the string. A new term will be created.
$clean_terms[] = $term;
}
}
$post_data['tax_input'][$taxonomy] = $clean_terms;
}
}
add_meta($post_ID);
update_post_meta($post_ID, '_edit_last', get_current_user_id());
$success = wp_update_post($post_data);
// If the save failed, see if we can sanity check the main fields and try again
if (!$success && is_callable(array($wpdb, 'strip_invalid_text_for_column'))) {
$fields = array('post_title', 'post_content', 'post_excerpt');
foreach ($fields as $field) {
if (isset($post_data[$field])) {
$post_data[$field] = $wpdb->strip_invalid_text_for_column($wpdb->posts, $field, $post_data[$field]);
}
}
wp_update_post($post_data);
}
// Now that we have an ID we can fix any attachment anchor hrefs
_fix_attachment_links($post_ID);
wp_set_post_lock($post_ID);
if (current_user_can($ptype->cap->edit_others_posts) && current_user_can($ptype->cap->publish_posts)) {
if (!empty($post_data['sticky'])) {
stick_post($post_ID);
} else {
unstick_post($post_ID);
}
}
return $post_ID;
}
if ($post_status == 'publish') {
if ($post_pingback) {
pingback($postObject->getVar('post_content', 'e'), $post_ID);
}
do_action('publish_post', $post_ID);
do_trackback($postObject, $useutf8);
}
// Meta Stuff
if ($meta) {
foreach ($meta as $key => $value) {
update_meta($key, $value['key'], $value['value']);
}
}
if ($deletemeta) {
foreach ($deletemeta as $key => $value) {
delete_meta($key);
}
}
add_meta($post_ID);
do_action('edit_post', $post_ID);
exit;
break;
//Show Delete Cofirmation Screen
//Show Delete Cofirmation Screen
case 'confirmdelete':
//Check User_Level
user_level_check();
//Rendering Admin Screen header
$parent_file = 'edit.php';
$title = 'Delete Post';
$standalone = 0;
/**
* Ajax handler for deleting meta.
*
* @since 3.1.0
*/
function wp_ajax_delete_meta()
{
$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
check_ajax_referer("delete-meta_{$id}");
if (!($meta = get_metadata_by_mid('post', $id))) {
wp_die(1);
}
if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $meta->post_id, $meta->meta_key)) {
wp_die(-1);
}
if (delete_meta($meta->meta_id)) {
wp_die(1);
}
wp_die(0);
}
exit;
}
switch ($_POST['accion']) {
case 'ver_metas':
ver_metas($_POST['id_cons']);
break;
case 'crear_meta':
ver_meta($_POST['accion'], $_POST['id_matr']);
break;
case 'editar_meta':
ver_meta($_POST['accion'], $_POST['id_meta']);
break;
case 'create_meta':
create_meta($_POST['id_matr'], $_POST['metapromedio'], $_POST['promediomomento'], $_POST['riesgo'], $_POST['hice'], $_POST['nodebohacer'], $_POST['debohacer'], $_POST['id_cons']);
break;
case 'update_meta':
update_meta($_POST['id_meta'], $_POST['metapromedio'], $_POST['promediomomento'], $_POST['riesgo'], $_POST['hice'], $_POST['nodebohacer'], $_POST['debohacer'], $_POST['id_cons']);
break;
case 'delete_meta':
delete_meta($_POST['id_meta'], $_POST['id_cons']);
break;
/*case 'insert_meta':
ver_meta($_POST['accion'],$_POST['contexto'],$_POST['id_meta']);
break;*/
/*case 'insert_meta':
ver_meta($_POST['accion'],$_POST['contexto'],$_POST['id_meta']);
break;*/
default:
ver_metas(1);
break;
}
