/** * Whether user can delete a post. * * @since 1.5 * @deprecated 2.0 * @deprecated Use current_user_can() * @see current_user_can() * * @param int $user_id * @param int $post_id * @param int $blog_id Not Used * @return bool returns true if $user_id can edit $post_id's comments */ function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) { _deprecated_function(__FUNCTION__, '2.0', 'current_user_can()'); // right now if one can edit a post, one can edit comments made on it return user_can_edit_post($user_id, $post_id, $blog_id); }
function mt_publishPost($args) { $this->escape($args); $post_ID = $args[0]; $user_login = $args[1]; $user_pass = $args[2]; if (!$this->login_pass_ok($user_login, $user_pass)) { return $this->error; } $user_data = get_userdatabylogin($user_login); if (!user_can_edit_post($user_data->ID, $post_ID)) { return new IXR_Error(401, 'Sorry, you can not edit this post.'); } $postdata = wp_get_single_post($post_ID,ARRAY_A); $postdata['post_status'] = 'publish'; // retain old cats $cats = wp_get_post_cats('',$post_ID); $postdata['post_category'] = $cats; $this->escape($postdata); $result = wp_update_post($postdata); return $result; }
function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) { // right now if one can edit a post, one can edit comments made on it return user_can_edit_post($user_id, $post_id, $blog_id); }
$posts = get_records_sql_array('SELECT p.id, p.parent, p.path, p.poster, p.subject, p.body, ' . db_format_tsfield('p.ctime', 'ctime') . ', p.deleted FROM {interaction_forum_post} p WHERE p.topic = ? ORDER BY ' . $order, array($topicid), $offset, $limit); // This is only needed for the 'no_indent' option $lastpostid = null; if ($indentmode == 'no_indent') { $lastpost = get_record_select('interaction_forum_post', 'topic = ? ORDER by ctime DESC, id DESC LIMIT 1', array($topicid)); $lastpostid = $lastpost->id; } // Get extra info of posts $prevdeletedid = false; foreach ($posts as $postid => $post) { // Get the number of posts $post->postcount = get_postcount($post->poster); $post->canedit = $post->parent && ($moderator || user_can_edit_post($post->poster, $post->ctime)) && $ineditwindow; $post->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $post->ctime); // Get post edit records $post->edit = get_postedits($post->id); // Get moderator info $post->moderator = is_moderator($post->poster) ? $post->poster : null; // Update the subject of posts $post->subject = !empty($post->subject) ? $post->subject : get_string('re', 'interaction.forum', get_ancestorpostsubject($post->id)); // If this is the own post $post->ownpost = $USER->get('id') == $post->poster ? true : false; // Reported reason data $post->reports = get_records_select_array('objectionable', 'objecttype = ? AND objectid = ? AND resolvedby IS NULL AND resolvedtime IS NULL', array('forum', $post->id)); // Consolidate deleted message posts by the same author into one "X posts by Spammer Joe were deleted" if ($post->deleted) { if ($prevdeletedid && $posts[$prevdeletedid]->poster == $post->poster) { $posts[$prevdeletedid]->deletedcount++;
$membership = user_can_access_forum((int) $parent->forum); $moderator = (bool) ($membership & INTERACTION_FORUM_MOD); if (!isset($postid)) { // post reply if (!$membership) { throw new AccessDeniedException(get_string('cantaddposttoforum', 'interaction.forum')); } if (!$moderator && $parent->topicclosed) { throw new AccessDeniedException(get_string('cantaddposttotopic', 'interaction.forum')); } $action = get_string('postreply', 'interaction.forum'); define('TITLE', $parent->topicsubject . ' - ' . $action); } else { // edit post // no record for edits to own posts with 30 minutes if (user_can_edit_post($post->poster, $post->ctime)) { $post->editrecord = false; } else { if ($moderator) { $post->editrecord = true; } else { throw new AccessDeniedException(get_string('canteditpost', 'interaction.forum')); } } $action = get_string('editpost', 'interaction.forum'); define('TITLE', $parent->topicsubject . ' - ' . $action); } $parent->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $parent->ctime); // Javascript to hide the subject box if it has nothing in it, with a link you // click to expand it. $clicksetsubject = json_encode(get_string('clicksetsubject', 'interaction.forum'));
<div class="storycontent"> <?php $content = apply_filters('the_content', $post->post_content); echo $content; ?> </div> </div> <?php break; case 'editpost': // die(var_dump('<pre>', $_POST)); if (!isset($blog_ID)) { $blog_ID = 1; } $post_ID = (int) $_POST['post_ID']; if (!user_can_edit_post($user_ID, $post_ID, $blog_ID)) { die(__('You are not allowed to edit this post.')); } $post_categories = $_POST['post_category']; if (!$post_categories) { $post_categories[] = 1; } $content = apply_filters('content_save_pre', $_POST['content']); $excerpt = apply_filters('excerpt_save_pre', $_POST['excerpt']); $post_title = $_POST['post_title']; $prev_status = $_POST['prev_status']; $post_status = $_POST['post_status']; $menu_order = (int) $_POST['menu_order']; if (!empty($_POST['post_author_override'])) { $post_author = (int) $_POST['post_author_override']; } else {
} if (!isset($topicid)) { // new topic define('TITLE', $forum->title . ' - ' . get_string('addtopic', 'interaction.forum')); } else { // edit topic define('TITLE', $forum->title . ' - ' . get_string('edittopic', 'interaction.forum')); // no record for edits to own posts with 30 minutes if (user_can_edit_post($topic->poster, $topic->ctime)) { $topic->editrecord = false; $timeleft = (int) get_config_plugin('interaction', 'forum', 'postdelay') - round((time() - $topic->ctime) / 60); } else { if ($moderator) { $topic->editrecord = true; } else { if (user_can_edit_post($topic->poster, $topic->ctime, $USER->get('id'), false)) { $SESSION->add_error_msg(get_string('postaftertimeout', 'interaction.forum', get_config_plugin('interaction', 'forum', 'postdelay'))); redirect('/interaction/forum/topic.php?id=' . $topicid); } else { throw new AccessDeniedException(get_string('cantedittopic', 'interaction.forum')); } } } } $editform = array('name' => isset($topic) ? 'edittopic' : 'addtopic', 'method' => 'post', 'autofocus' => isset($topic) ? 'body' : 'subject', 'elements' => array('subject' => array('type' => 'text', 'title' => get_string('Subject', 'interaction.forum'), 'defaultvalue' => isset($topic) ? $topic->subject : null, 'rules' => array('required' => true, 'maxlength' => 255)), 'body' => array('type' => 'wysiwyg', 'title' => get_string('Body', 'interaction.forum'), 'rows' => 18, 'cols' => 70, 'defaultvalue' => isset($topic) ? $topic->body : null, 'rules' => array('required' => true, 'maxlength' => 65536)), 'sticky' => array('type' => 'switchbox', 'title' => get_string('Sticky', 'interaction.forum'), 'description' => get_string('stickydescription', 'interaction.forum'), 'defaultvalue' => isset($topic) && $topic->sticky == 1 ? 'checked' : null), 'closed' => array('type' => 'switchbox', 'title' => get_string('Closed', 'interaction.forum'), 'description' => get_string('closeddescription', 'interaction.forum'), 'defaultvalue' => isset($topic) ? $topic->closed : !empty($forumconfig['closetopics']->value)), 'sendnow' => array('type' => 'switchbox', 'title' => get_string('sendnow', 'interaction.forum'), 'description' => get_string('sendnowdescription', 'interaction.forum', get_config_plugin('interaction', 'forum', 'postdelay')), 'defaultvalue' => false), 'submit' => array('type' => 'submitcancel', 'value' => array(isset($topic) ? get_string('save') : get_string('Post', 'interaction.forum'), get_string('cancel')), 'goto' => get_config('wwwroot') . 'interaction/forum/' . (isset($topic) && $returnto != 'view' ? 'topic.php?id=' . $topicid : 'view.php?id=' . $forumid)), 'post' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->postid : false), 'editrecord' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->editrecord : false))); if (!$moderator) { if (!group_sendnow($forum->groupid) && !$admintutor) { unset($editform['elements']['sendnow']); } unset($editform['elements']['sticky']); unset($editform['elements']['closed']);
LEFT JOIN {interaction_forum_topic} t3 ON t3.id = p3.topic LEFT JOIN ( SELECT m.forum, m.user FROM {interaction_forum_moderator} m INNER JOIN {usr} u ON (m.user = u.id AND u.deleted = 0) ) m2 ON (m2.forum = t3.forum AND m2.user = e.user) WHERE p1.topic = ? GROUP BY 1, 2, 3, 4, 5, p1.ctime, 7, 8, 10, 11, 12, e.ctime ORDER BY p1.ctime, p1.id, e.ctime', array($topic->groupid, $topicid)); // $posts has an object for every edit to a post // this combines all the edits into a single object for each post // also formats the edits a bit $count = count($posts); for ($i = 0; $i < $count; $i++) { $posts[$i]->postcount = get_string('postsvariable', 'interaction.forum', $posts[$i]->postcount); $posts[$i]->canedit = $posts[$i]->parent && ($moderator || user_can_edit_post($posts[$i]->poster, $posts[$i]->ctime)); $posts[$i]->ctime = relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $posts[$i]->ctime); $postedits = array(); if ($posts[$i]->editor) { $postedits[] = array('editor' => $posts[$i]->editor, 'edittime' => relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $posts[$i]->edittime), 'moderator' => $posts[$i]->editormoderator); } $temp = $i; while (isset($posts[$i + 1]) && $posts[$i + 1]->id == $posts[$temp]->id) { // while the next object is the same post $i++; $postedits[] = array('editor' => $posts[$i]->editor, 'edittime' => relative_date(get_string('strftimerecentfullrelative', 'interaction.forum'), get_string('strftimerecentfull'), $posts[$i]->edittime), 'moderator' => $posts[$i]->editormoderator); unset($posts[$i]); } $posts[$temp]->edit = $postedits; } // builds the first post (with index 0) which has as children all the posts in the topic
comment_text(); ?> <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A'); if (user_can_edit_post_comments($user_ID, $comment->comment_post_ID)) { echo " | <a href=\"post.php?action=editcomment&comment=" . $comment->comment_ID . "\">" . __('Edit Comment') . "</a>"; } if (user_can_delete_post_comments($user_ID, $comment->comment_post_ID)) { echo " | <a href=\"post.php?action=deletecomment&p=" . $comment->comment_post_ID . "&comment=" . $comment->comment_ID . "\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \\'%s\\'\\n \\'Cancel\\' to stop, \\'OK\\' to delete."), $comment->comment_author) . "')\">" . __('Delete Comment') . "</a> — "; } // end if any comments to show // Get post title if (user_can_edit_post($user_ID, $comment->comment_post_ID)) { $post_title = $wpdb->get_var("SELECT post_title FROM {$wpdb->posts} WHERE ID = {$comment->comment_post_ID}"); $post_title = '' == $post_title ? "# {$comment->comment_post_ID}" : $post_title; ?> <a href="post.php?action=edit&post=<?php echo $comment->comment_post_ID; ?> "><?php printf(__('Edit Post “%s”'), stripslashes($post_title)); ?> </a> <?php } ?> | <a href="<?php echo get_permalink($comment->comment_post_ID);
throw new NotFoundException(get_string('cantfindforum', 'interaction.forum', $forumid)); } define('GROUP', $forum->groupid); $membership = user_can_access_forum((int) $forumid); $moderator = (bool) ($membership & INTERACTION_FORUM_MOD); if (!$membership) { throw new AccessDeniedException(get_string('cantaddtopic', 'interaction.forum')); } if (!isset($topicid)) { // new topic define('TITLE', $forum->title . ' - ' . get_string('addtopic', 'interaction.forum')); } else { // edit topic define('TITLE', $forum->title . ' - ' . get_string('edittopic', 'interaction.forum')); // no record for edits to own posts with 30 minutes if (user_can_edit_post($topic->poster, $topic->ctime)) { $topic->editrecord = false; } else { if ($moderator) { $topic->editrecord = true; } else { throw new AccessDeniedException(get_string('cantedittopic', 'interaction.forum')); } } } $editform = array('name' => isset($topic) ? 'edittopic' : 'addtopic', 'method' => 'post', 'autofocus' => false, 'elements' => array('subject' => array('type' => 'text', 'title' => get_string('Subject', 'interaction.forum'), 'defaultvalue' => isset($topic) ? $topic->subject : null, 'rules' => array('required' => true, 'maxlength' => 255)), 'body' => array('type' => 'wysiwyg', 'title' => get_string('Body', 'interaction.forum'), 'rows' => 10, 'cols' => 70, 'defaultvalue' => isset($topic) ? $topic->body : null, 'rules' => array('required' => true)), 'sticky' => array('type' => 'checkbox', 'title' => get_string('Sticky', 'interaction.forum'), 'description' => get_string('stickydescription', 'interaction.forum'), 'defaultvalue' => isset($topic) && $topic->sticky == 1 ? 'checked' : null), 'closed' => array('type' => 'checkbox', 'title' => get_string('Closed', 'interaction.forum'), 'description' => get_string('closeddescription', 'interaction.forum'), 'defaultvalue' => isset($topic) && $topic->closed == 1 ? 'checked' : null), 'submit' => array('type' => 'submitcancel', 'value' => array(isset($topic) ? get_string('edit') : get_string('Post', 'interaction.forum'), get_string('cancel')), 'goto' => get_config('wwwroot') . 'interaction/forum/' . (isset($topic) && $returnto != 'view' ? 'topic.php?id=' . $topicid : 'view.php?id=' . $forumid)), 'post' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->postid : false), 'editrecord' => array('type' => 'hidden', 'value' => isset($topic) ? $topic->editrecord : false))); if (!$moderator) { unset($editform['elements']['sticky']); unset($editform['elements']['closed']); } $editform = pieform($editform);
<?php break; case 'control_edit': ?> <td><?php if (user_can_edit_post($user_ID, $post->ID)) { echo "<a href='post.php?action=edit&post={$id}' class='edit'>" . __('Edit') . "</a>"; } ?> </td> <?php break; case 'control_delete': ?> <td><?php if (user_can_edit_post($user_ID, $post->ID)) { echo "<a href='post.php?action=delete&post={$id}' class='delete' onclick=\"return confirm('" . sprintf(__("You are about to delete this post \\'%s\\'\\n \\'OK\\' to delete, \\'Cancel\\' to stop."), wp_specialchars(get_the_title('', ''), 1)) . "')\">" . __('Delete') . "</a>"; } ?> </td> <?php break; default: ?> <td><?php do_action('manage_posts_custom_column', $column_name, $id); ?> </td> <?php break; }
function &get_posts() { global $wpdb, $pagenow, $request, $user_ID; // Shorthand. $q = $this->query_vars; // First let's clear some variables $whichcat = ''; $whichauthor = ''; $result = ''; $where = ''; $limits = ''; $distinct = ''; $join = ''; if (!isset($q['posts_per_page']) || $q['posts_per_page'] == 0) { $q['posts_per_page'] = get_settings('posts_per_page'); } if (!isset($q['what_to_show'])) { $q['what_to_show'] = get_settings('what_to_show'); } if (isset($q['showposts']) && $q['showposts']) { $q['showposts'] = (int) $q['showposts']; $q['posts_per_page'] = $q['showposts']; } if (isset($q['posts_per_archive_page']) && $q['posts_per_archive_page'] != 0 && ($this->is_archive || $this->is_search)) { $q['posts_per_page'] = $q['posts_per_archive_page']; } if (!isset($q['nopaging'])) { if ($q['posts_per_page'] == -1) { $q['nopaging'] = true; } else { $q['nopaging'] = false; } } if ($this->is_feed) { $q['posts_per_page'] = get_settings('posts_per_rss'); $q['what_to_show'] = 'posts'; } if (isset($q['page'])) { $q['page'] = trim($q['page'], '/'); $q['page'] = (int) $q['page']; } $add_hours = intval(get_settings('gmt_offset')); $add_minutes = intval(60 * (get_settings('gmt_offset') - $add_hours)); $wp_posts_post_date_field = "post_date"; // "DATE_ADD(post_date, INTERVAL '$add_hours:$add_minutes' HOUR_MINUTE)"; // If a month is specified in the querystring, load that month if ((int) $q['m']) { $q['m'] = '' . preg_replace('|[^0-9]|', '', $q['m']); $where .= ' AND YEAR(post_date)=' . substr($q['m'], 0, 4); if (strlen($q['m']) > 5) { $where .= ' AND MONTH(post_date)=' . substr($q['m'], 4, 2); } if (strlen($q['m']) > 7) { $where .= ' AND DAYOFMONTH(post_date)=' . substr($q['m'], 6, 2); } if (strlen($q['m']) > 9) { $where .= ' AND HOUR(post_date)=' . substr($q['m'], 8, 2); } if (strlen($q['m']) > 11) { $where .= ' AND MINUTE(post_date)=' . substr($q['m'], 10, 2); } if (strlen($q['m']) > 13) { $where .= ' AND SECOND(post_date)=' . substr($q['m'], 12, 2); } } if ((int) $q['hour']) { $q['hour'] = '' . intval($q['hour']); $where .= " AND HOUR(post_date)='" . $q['hour'] . "'"; } if ((int) $q['minute']) { $q['minute'] = '' . intval($q['minute']); $where .= " AND MINUTE(post_date)='" . $q['minute'] . "'"; } if ((int) $q['second']) { $q['second'] = '' . intval($q['second']); $where .= " AND SECOND(post_date)='" . $q['second'] . "'"; } if ((int) $q['year']) { $q['year'] = '' . intval($q['year']); $where .= " AND YEAR(post_date)='" . $q['year'] . "'"; } if ((int) $q['monthnum']) { $q['monthnum'] = '' . intval($q['monthnum']); $where .= " AND MONTH(post_date)='" . $q['monthnum'] . "'"; } if ((int) $q['day']) { $q['day'] = '' . intval($q['day']); $where .= " AND DAYOFMONTH(post_date)='" . $q['day'] . "'"; } if ('' != $q['name']) { $q['name'] = sanitize_title($q['name']); $where .= " AND post_name = '" . $q['name'] . "'"; } else { if ('' != $q['pagename']) { $q['pagename'] = sanitize_title(basename(str_replace('%2F', '/', urlencode($q['pagename'])))); $q['name'] = $q['pagename']; $where .= " AND post_name = '" . $q['pagename'] . "'"; } } if ((int) $q['w']) { $q['w'] = '' . intval($q['w']); $where .= " AND WEEK(post_date, 1)='" . $q['w'] . "'"; } if (intval($q['comments_popup'])) { $q['p'] = intval($q['comments_popup']); } // If a post number is specified, load that post if ($q['p'] != '' && intval($q['p']) != 0) { $q['p'] = (int) $q['p']; $where = ' AND ID = ' . $q['p']; } if ($q['page_id'] != '' && intval($q['page_id']) != 0) { $q['page_id'] = intval($q['page_id']); $q['p'] = $q['page_id']; $where = ' AND ID = ' . $q['page_id']; } // If a search pattern is specified, load the posts that match if (!empty($q['s'])) { $q['s'] = addslashes_gpc($q['s']); $search = ' AND ('; $q['s'] = preg_replace('/, +/', ' ', $q['s']); $q['s'] = str_replace(',', ' ', $q['s']); $q['s'] = str_replace('"', ' ', $q['s']); $q['s'] = trim($q['s']); if ($q['exact']) { $n = ''; } else { $n = '%'; } if (!$q['sentence']) { $s_array = explode(' ', $q['s']); $q['search_terms'] = $s_array; $search .= '((post_title LIKE \'' . $n . $s_array[0] . $n . '\') OR (post_content LIKE \'' . $n . $s_array[0] . $n . '\'))'; for ($i = 1; $i < count($s_array); $i = $i + 1) { $search .= ' AND ((post_title LIKE \'' . $n . $s_array[$i] . $n . '\') OR (post_content LIKE \'' . $n . $s_array[$i] . $n . '\'))'; } $search .= ' OR (post_title LIKE \'' . $n . $q['s'] . $n . '\') OR (post_content LIKE \'' . $n . $q['s'] . $n . '\')'; $search .= ')'; } else { $search = ' AND ((post_title LIKE \'' . $n . $q['s'] . $n . '\') OR (post_content LIKE \'' . $n . $q['s'] . $n . '\'))'; } } // Category stuff if (empty($q['cat']) || $q['cat'] == '0' || ($this->is_single || $this->is_page)) { $whichcat = ''; } else { $q['cat'] = '' . urldecode($q['cat']) . ''; $q['cat'] = addslashes_gpc($q['cat']); if (stristr($q['cat'], '-')) { // Note: if we have a negative, we ignore all the positives. It must // always mean 'everything /except/ this one'. We should be able to do // multiple negatives but we don't :-( $eq = '!='; $andor = 'AND'; $q['cat'] = explode('-', $q['cat']); $q['cat'] = intval($q['cat'][1]); } else { $eq = '='; $andor = 'OR'; } $join = " LEFT JOIN {$wpdb->post2cat} ON ({$wpdb->posts}.ID = {$wpdb->post2cat}.post_id) "; $cat_array = preg_split('/[,\\s]+/', $q['cat']); $whichcat .= ' AND (category_id ' . $eq . ' ' . intval($cat_array[0]); $whichcat .= get_category_children($cat_array[0], ' ' . $andor . ' category_id ' . $eq . ' '); for ($i = 1; $i < count($cat_array); $i = $i + 1) { $whichcat .= ' ' . $andor . ' category_id ' . $eq . ' ' . intval($cat_array[$i]); $whichcat .= get_category_children($cat_array[$i], ' ' . $andor . ' category_id ' . $eq . ' '); } $whichcat .= ')'; if ($eq == '!=') { $q['cat'] = '-' . $q['cat']; // Put back the knowledge that we are excluding a category. } } // Category stuff for nice URIs if ('' != $q['category_name']) { if (stristr($q['category_name'], '/')) { $q['category_name'] = explode('/', $q['category_name']); if ($q['category_name'][count($q['category_name']) - 1]) { $q['category_name'] = $q['category_name'][count($q['category_name']) - 1]; // no trailing slash } else { $q['category_name'] = $q['category_name'][count($q['category_name']) - 2]; // there was a trailling slash } } $q['category_name'] = sanitize_title($q['category_name']); $tables = ", {$wpdb->post2cat}, {$wpdb->categories}"; $join = " LEFT JOIN {$wpdb->post2cat} ON ({$wpdb->posts}.ID = {$wpdb->post2cat}.post_id) LEFT JOIN {$wpdb->categories} ON ({$wpdb->post2cat}.category_id = {$wpdb->categories}.cat_ID) "; $whichcat = " AND (category_nicename = '" . $q['category_name'] . "'"; $q['cat'] = $wpdb->get_var("SELECT cat_ID FROM {$wpdb->categories} WHERE category_nicename = '" . $q['category_name'] . "'"); $whichcat .= get_category_children($q['cat'], " OR category_id = "); $whichcat .= ")"; } // Author/user stuff if (empty($q['author']) || $q['author'] == '0') { $whichauthor = ''; } else { $q['author'] = '' . urldecode($q['author']) . ''; $q['author'] = addslashes_gpc($q['author']); if (stristr($q['author'], '-')) { $eq = '!='; $andor = 'AND'; $q['author'] = explode('-', $q['author']); $q['author'] = '' . intval($q['author'][1]); } else { $eq = '='; $andor = 'OR'; } $author_array = preg_split('/[,\\s]+/', $q['author']); $whichauthor .= ' AND (post_author ' . $eq . ' ' . intval($author_array[0]); for ($i = 1; $i < count($author_array); $i = $i + 1) { $whichauthor .= ' ' . $andor . ' post_author ' . $eq . ' ' . intval($author_array[$i]); } $whichauthor .= ')'; } // Author stuff for nice URIs if ('' != $q['author_name']) { if (stristr($q['author_name'], '/')) { $q['author_name'] = explode('/', $q['author_name']); if ($q['author_name'][count($q['author_name']) - 1]) { $q['author_name'] = $q['author_name'][count($q['author_name']) - 1]; #no trailing slash } else { $q['author_name'] = $q['author_name'][count($q['author_name']) - 2]; #there was a trailling slash } } $q['author_name'] = sanitize_title($q['author_name']); $q['author'] = $wpdb->get_var("SELECT ID FROM {$wpdb->users} WHERE user_nicename='" . $q['author_name'] . "'"); $whichauthor .= ' AND (post_author = ' . intval($q['author']) . ')'; } $where .= $search . $whichcat . $whichauthor; if (empty($q['order']) || strtoupper($q['order']) != 'ASC' && strtoupper($q['order']) != 'DESC') { $q['order'] = 'DESC'; } // Order by if (empty($q['orderby'])) { $q['orderby'] = 'date ' . $q['order']; } else { // Used to filter values $allowed_keys = array('author', 'date', 'category', 'title'); $q['orderby'] = urldecode($q['orderby']); $q['orderby'] = addslashes_gpc($q['orderby']); $orderby_array = explode(' ', $q['orderby']); if (!in_array($orderby_array[0], $allowed_keys)) { $orderby_array[0] = 'date'; } $q['orderby'] = $orderby_array[0] . ' ' . $q['order']; if (count($orderby_array) > 1) { for ($i = 1; $i < count($orderby_array); $i = $i + 1) { // Only allow certain values for safety if (in_array($orderby_array[$i], $allowed_keys)) { $q['orderby'] .= ',post_' . $orderby_array[$i] . ' ' . $q['order']; } } } } $now = gmdate('Y-m-d H:i:59'); if ($pagenow != 'post.php' && $pagenow != 'edit.php') { $where .= " AND post_date_gmt <= '{$now}'"; $distinct = 'DISTINCT'; } if ($this->is_page) { $where .= ' AND (post_status = "static")'; } elseif ($this->is_single) { $where .= ' AND (post_status != "static")'; } else { $where .= ' AND (post_status = "publish"'; if (isset($user_ID) && '' != intval($user_ID)) { $where .= " OR post_author = {$user_ID} AND post_status != 'draft' AND post_status != 'static')"; } else { $where .= ')'; } } // Apply filters on where and join prior to paging so that any // manipulations to them are reflected in the paging by day queries. $where = apply_filters('posts_where', $where); $join = apply_filters('posts_join', $join); // Paging if (empty($q['nopaging']) && !$this->is_single) { $page = $q['paged']; if (empty($page)) { $page = 1; } if ($q['what_to_show'] == 'posts') { $pgstrt = ''; $pgstrt = (intval($page) - 1) * $q['posts_per_page'] . ', '; $limits = 'LIMIT ' . $pgstrt . $q['posts_per_page']; } elseif ($q['what_to_show'] == 'days') { $startrow = $q['posts_per_page'] * (intval($page) - 1); $start_date = $wpdb->get_var("SELECT max(post_date) FROM {$wpdb->posts} {$join} WHERE (1=1) {$where} GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT {$startrow},1"); $endrow = $startrow + $q['posts_per_page'] - 1; $end_date = $wpdb->get_var("SELECT min(post_date) FROM {$wpdb->posts} {$join} WHERE (1=1) {$where} GROUP BY year(post_date), month(post_date), dayofmonth(post_date) ORDER BY post_date DESC LIMIT {$endrow},1"); if ($page > 1) { $where .= " AND post_date >= '{$end_date}' AND post_date <= '{$start_date}'"; } else { $where .= " AND post_date >= '{$end_date}'"; } } } // Apply post-paging filters on where and join. Only plugins that // manipulate paging queries should use these hooks. $where = apply_filters('posts_where_paged', $where); $where .= " GROUP BY {$wpdb->posts}.ID"; $join = apply_filters('posts_join_paged', $join); $orderby = "post_" . $q['orderby']; $orderby = apply_filters('posts_orderby', $orderby); $request = " SELECT {$distinct} * FROM {$wpdb->posts} {$join} WHERE 1=1" . $where . " ORDER BY " . $orderby . " {$limits}"; $this->posts = $wpdb->get_results($request); // Check post status to determine if post should be displayed. if ($this->is_single) { if ('publish' != $this->posts[0]->post_status) { if (!(isset($user_ID) && '' != intval($user_ID))) { // User must be logged in to view unpublished posts. $this->posts = array(); } else { if ('draft' == $this->posts[0]->post_status) { // User must have edit permissions on the draft to preview. if (!user_can_edit_post($user_ID, $this->posts[0]->ID)) { $this->posts = array(); } } elseif ('private' == $this->posts[0]->post_status) { if ($this->posts[0]->post_author != $user_ID) { $this->posts = array(); } } } } } $this->posts = apply_filters('the_posts', $this->posts); $this->post_count = count($this->posts); if ($this->post_count > 0) { $this->post = $this->posts[0]; } update_post_caches($this->posts); // Save any changes made to the query vars. $this->query_vars = $q; return $this->posts; }
function edit_post_link($link = 'Edit This', $before = '', $after = '') { global $user_ID, $post; get_currentuserinfo(); if ( !user_can_edit_post($user_ID, $post->ID) ) { return; } if ( is_attachment() ) return; else $file = 'post'; $location = get_settings('siteurl') . "/wp-admin/{$file}.php?action=edit&post=$post->ID"; echo $before . "<a href=\"$location\">$link</a>" . $after; }
function edit_post_link($link = 'Edit This', $before = '', $after = '') { global $user_ID, $post; get_currentuserinfo(); if (!user_can_edit_post($user_ID, $post->ID)) { return; } $location = get_settings('siteurl') . "/wp-admin/post.php?action=edit&post=$post->ID"; echo "$before <a href=\"$location\">$link</a> $after"; }