public function do_execute() { $variables = array(); // Handle updating of theme options. if (isset($_POST[Ai1ec_View_Theme_Options::SUBMIT_ID])) { $_POST = stripslashes_deep($_POST); $lessphp = $this->_registry->get('less.lessphp'); $variables = $lessphp->get_saved_variables(); foreach ($variables as $variable_name => $variable_params) { if (isset($_POST[$variable_name])) { // Avoid problems for those who are foolish enough to leave php.ini // settings at their defaults, which has magic quotes enabled. if (get_magic_quotes_gpc()) { $_POST[$variable_name] = stripslashes($_POST[$variable_name]); } if (Ai1ec_Less_Variable_Font::CUSTOM_FONT === $_POST[$variable_name]) { $_POST[$variable_name] = $_POST[$variable_name . Ai1ec_Less_Variable_Font::CUSTOM_FONT_ID_SUFFIX]; } // update the original array $variables[$variable_name]['value'] = $_POST[$variable_name]; } } $_POST = add_magic_quotes($_POST); } elseif (isset($_POST[Ai1ec_View_Theme_Options::RESET_ID])) { $option = $this->_registry->get('model.option'); $option->delete('ai1ec_less_variables'); $option->delete('ai1ec_render_css'); do_action('ai1ec_reset_less_variables'); } $css = $this->_registry->get('css.frontend'); $css->update_variables_and_compile_css($variables, isset($_POST[Ai1ec_View_Theme_Options::RESET_ID])); return array('url' => ai1ec_admin_url('edit.php?post_type=ai1ec_event&page=all-in-one-event-calendar-edit-css'), 'query_args' => array()); }
/** * Tests the controller function that expects slashed data * */ function test_edit_post() { $id = $this->factory->post->create(); $_POST = array(); $_POST['post_ID'] = $id; $_POST['post_title'] = $this->slash_1; $_POST['content'] = $this->slash_5; $_POST['excerpt'] = $this->slash_7; $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes $post_id = edit_post(); $post = get_post($post_id); $this->assertEquals($this->slash_1, $post->post_title); $this->assertEquals($this->slash_5, $post->post_content); $this->assertEquals($this->slash_7, $post->post_excerpt); $_POST = array(); $_POST['post_ID'] = $id; $_POST['post_title'] = $this->slash_2; $_POST['content'] = $this->slash_4; $_POST['excerpt'] = $this->slash_6; $_POST = add_magic_quotes($_POST); $post_id = edit_post(); $post = get_post($post_id); $this->assertEquals($this->slash_2, $post->post_title); $this->assertEquals($this->slash_4, $post->post_content); $this->assertEquals($this->slash_6, $post->post_excerpt); }
function wp_update_user($userdata) { global $wpdb, $current_user; $ID = (int) $userdata['ID']; // First, get all of the original fields $user = get_userdata($ID); // Escape data pulled from DB. $user = add_magic_quotes(get_object_vars($user)); // If password is changing, hash it now. if (!empty($userdata['user_pass'])) { $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = md5($userdata['user_pass']); } // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge($user, $userdata); $user_id = wp_insert_user($userdata); // Update the cookies if the password changed. if ($current_user->id == $ID) { if (isset($plaintext_pass)) { wp_clearcookie(); wp_setcookie($userdata['user_login'], $plaintext_pass); } } return $user_id; }
/** * Tests the controller function that expects slashed data * */ function test_edit_comment() { $post_id = self::factory()->post->create(); $comment_id = self::factory()->comment->create(array('comment_post_ID' => $post_id)); // not testing comment_author_email or comment_author_url // as slashes are not permitted in that data $_POST = array(); $_POST['comment_ID'] = $comment_id; $_POST['comment_status'] = ''; $_POST['newcomment_author'] = $this->slash_1; $_POST['newcomment_author_url'] = ''; $_POST['newcomment_author_email'] = ''; $_POST['content'] = $this->slash_7; $_POST = add_magic_quotes($_POST); edit_comment(); $comment = get_comment($comment_id); $this->assertEquals($this->slash_1, $comment->comment_author); $this->assertEquals($this->slash_7, $comment->comment_content); $_POST = array(); $_POST['comment_ID'] = $comment_id; $_POST['comment_status'] = ''; $_POST['newcomment_author'] = $this->slash_2; $_POST['newcomment_author_url'] = ''; $_POST['newcomment_author_email'] = ''; $_POST['content'] = $this->slash_4; $_POST = add_magic_quotes($_POST); edit_comment(); $comment = get_comment($comment_id); $this->assertEquals($this->slash_2, $comment->comment_author); $this->assertEquals($this->slash_4, $comment->comment_content); }
function add_magic_quotes($string) { if (!is_array($string)) { return addslashes($string); } foreach ($string as $key => $val) { $string[$key] = add_magic_quotes($val); } return $string; }
function add_magic_quotes($array) { foreach ($array as $k => $v) { if (is_array($v)) { $array[$k] = add_magic_quotes($v); } else { $array[$k] = addslashes($v); } } return $array; }
/** * @param array $current_import */ function import(array $current_import) { try { $imscc = new IMSCCParser($current_import['file']); } catch (\Exception $e) { return FALSE; } $items = $imscc->manifestGetItems(); $match_ids = array_flip(array_keys($current_import['chapters'])); $total = 0; if (!empty($items)) { $current_post_parent = -1; foreach ($items as $id => $item) { // Skip if (!$this->flaggedForImport($id)) { continue; } if (!isset($match_ids[$id])) { continue; } $post_type = $this->determinePostType($id); $new_post = array('post_title' => wp_strip_all_tags($item['title']), 'post_type' => $post_type, 'post_status' => 'part' == $post_type ? 'publish' : 'draft'); if ('part' != $post_type) { $new_post['post_content'] = $imscc->getContent($id); } if ('chapter' == $post_type) { if ($current_post_parent == -1) { $new_post['post_parent'] = $this->getChapterParent(); } else { $new_post['post_parent'] = $current_post_parent; } } $pid = wp_insert_post(add_magic_quotes($new_post)); //store part post ID to use as parent for subsequent chapters if ('part' == $post_type) { $current_post_parent = $pid; } // @todo postmeta like author update_post_meta($pid, 'pb_show_title', 'on'); update_post_meta($pid, 'pb_export', 'on'); if ('part' == $post_type && $imscc->getContent($id)) { update_post_meta($pid, 'pb_part_content', $imscc->getContent($id)); } Book::consolidatePost($pid, get_post($pid)); ++$total; } } // Done $_SESSION['pb_notices'][] = sprintf(__('Imported %d chapters.', 'pressbooks'), $total); $imscc->cleanUp(); return $this->revokeCurrentImport(); }
function DreamCMS_plugins($arguments, &$DreamCMS) { add_magic_quotes($arguments); strpos($arguments['name'], '..') !== false && exit('Forbidden'); $fn = 'DreamCMS_plugins_' . $arguments['name']; if (!function_exists($fn)) { $funpath = DC_PLUGINS_PATH . "/{$arguments['name']}.php"; if (file_exists($funpath)) { require_once $funpath; } } return call_user_func_array($fn, array($arguments, $DreamCMS)); }
function add_magic_quotes($array) { if (empty($array)) { return NULL; } foreach ((array) $array as $k => $v) { if (is_array($v)) { $array[$k] = add_magic_quotes($v); } else { $array[$k] = addslashes($v); } } return $array; }
function wp_magic_quotes() { // If already slashed, strip. if (get_magic_quotes_gpc()) { $_GET = stripslashes_deep($_GET); $_POST = stripslashes_deep($_POST); $_COOKIE = stripslashes_deep($_COOKIE); } // Escape with wpdb. $_GET = add_magic_quotes($_GET); $_POST = add_magic_quotes($_POST); $_COOKIE = add_magic_quotes($_COOKIE); $_SERVER = add_magic_quotes($_SERVER); // Force REQUEST to be GET + POST. $_REQUEST = array_merge($_GET, $_POST); }
/** * Tests the controller function that expects slashed data * */ function test_edit_post() { $id = self::factory()->post->create(); if (function_exists('wp_add_post_meta')) { $meta_1 = wp_add_post_meta($id, 'slash_test_1', 'foo'); $meta_2 = wp_add_post_meta($id, 'slash_test_2', 'foo'); $meta_3 = wp_add_post_meta($id, 'slash_test_3', 'foo'); } else { // expects slashed data $meta_1 = add_post_meta($id, 'slash_test_1', addslashes('foo')); $meta_2 = add_post_meta($id, 'slash_test_2', addslashes('foo')); $meta_3 = add_post_meta($id, 'slash_test_3', addslashes('foo')); } $_POST = array(); $_POST['post_ID'] = $id; $_POST['metakeyselect'] = '#NONE#'; $_POST['metakeyinput'] = 'slash_test_0'; $_POST['metavalue'] = $this->slash_6; $_POST['meta'] = array($meta_1 => array('key' => 'slash_test_1', 'value' => $this->slash_1), $meta_2 => array('key' => 'slash_test_2', 'value' => $this->slash_3), $meta_3 => array('key' => 'slash_test_3', 'value' => $this->slash_4)); $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes edit_post(); $post = get_post($id); $this->assertEquals($this->slash_6, get_post_meta($id, 'slash_test_0', true)); $this->assertEquals($this->slash_1, get_post_meta($id, 'slash_test_1', true)); $this->assertEquals($this->slash_3, get_post_meta($id, 'slash_test_2', true)); $this->assertEquals($this->slash_4, get_post_meta($id, 'slash_test_3', true)); $_POST = array(); $_POST['post_ID'] = $id; $_POST['metakeyselect'] = '#NONE#'; $_POST['metakeyinput'] = 'slash_test_0'; $_POST['metavalue'] = $this->slash_7; $_POST['meta'] = array($meta_1 => array('key' => 'slash_test_1', 'value' => $this->slash_2), $meta_2 => array('key' => 'slash_test_2', 'value' => $this->slash_4), $meta_3 => array('key' => 'slash_test_3', 'value' => $this->slash_5)); $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes edit_post(); $post = get_post($id); $this->assertEquals($this->slash_2, get_post_meta($id, 'slash_test_1', true)); $this->assertEquals($this->slash_4, get_post_meta($id, 'slash_test_2', true)); $this->assertEquals($this->slash_5, get_post_meta($id, 'slash_test_3', true)); }
function insert($token) { // Avoid duplicates by checking to see if this exists already $found = get_posts(array('numberposts' => 1, 'post_type' => 'kr_' . $token->type() . '_token', 'meta_key' => 'service', 'meta_value' => $token->get_name(), 'author' => get_current_user_id(), 's' => serialize($token->token), 'exact' => true)); if ($found) { $token->unique_id = $found[0]->ID; return $this->update($token); } $post = array('post_type' => 'kr_' . $token->type() . '_token', 'post_status' => 'publish', 'post_content' => serialize($token->token)); $id = wp_insert_post(add_magic_quotes($post)); if ($id) { // Always record what service this token is for update_post_meta($id, 'service', $token->get_name()); // Optionally include any meta related to this token foreach ((array) $token->get_meta(false, true) as $key => $val) { update_post_meta($id, $key, $val); } return $id; } return false; }
function iCMS_plugins($arguments, &$iCMS) { add_magic_quotes($arguments); $plugName = $arguments['name']; strpos($plugName, '..') !== false && exit('Forbidden'); $plugins = $iCMS->getCache('system/plugins', $plugName); //!$plugins['status'] && $iCMS->trigger_error("'" . $plugName . "' plugins status is 0 ", E_USER_ERROR,__FILE__,__LINE__); if (!$plugins['status'] || !$plugins['isSetup']) { return; } $fn = 'iCMS_plugins_' . $plugName; if (!function_exists($fn)) { !plugin::fn($plugName) && $iCMS->trigger_error("function '" . $fn . "' does not exist in iCMS plugins", E_USER_ERROR, __FILE__, __LINE__); } $iCMS->pluginName = $plugName; $rs = $fn($arguments, $iCMS); $iCMS->value($plugName, $rs); return $rs; // $iCMS->output($plugName,plugin::path($plugName,'templates/'.$plugName),'file:'); // return call_user_func_array($fn,array($arguments,$iCMS)); }
/** * @package iCMS V3.1 * @copyright 2007-2009, iDreamSoft * @license http://www.idreamsoft.cn iDreamSoft * @author coolmoo <*****@*****.**> */ function iCMS_plugins($arguments, &$iCMS) { add_magic_quotes($arguments); strpos($arguments['name'], '..') !== false && exit('Forbidden'); $fn = 'iCMS_plugins_' . $arguments['name']; if (!function_exists($fn)) { $plugpath = iCMS_PLUGINS_PATH . '/' . $arguments['name']; $confpath = $plugpath . '/config.php'; $funpath = $plugpath . '/function.php'; $arguments['tpl'] = $plugpath . '/templates'; if (file_exists($funpath)) { // $arguments['config']= $iCMS->cache('config',"plugins/".$arguments['name'],0,true); require_once $confpath; require_once $funpath; // $iCMS->output($arguments['name'],$arguments['tpl']); } else { $iCMS->trigger_error("function '" . $fn . "' does not exist in iCMS plugins", E_USER_ERROR, __FILE__, __LINE__); } } return $fn($arguments, $iCMS); // return call_user_func_array($fn,array($arguments,$iCMS)); }
/** * Pummel then insert HTML into our database * * @param string $href * @param string $post_type * @param int $chapter_parent * @param string $domain domain name of the webpage */ function kneadandInsert($html, $post_type, $chapter_parent, $domain) { $matches = array(); $meta = $this->getLicenseAttribution($html); $author = isset($meta['authors']) ? $meta['authors'] : $this->getAuthors($html); $license = isset($meta['license']) ? $this->extractCCLicense($meta['license']) : ''; // get the title, preference to title set by PB preg_match('/<h2 class="entry-title">(.*)<\\/h2>/', $html, $matches); if (!empty($matches[1])) { $title = wp_strip_all_tags($matches[1]); } else { preg_match('/<title>(.+)<\\/title>/', $html, $matches); $title = !empty($matches[1]) ? wp_strip_all_tags($matches[1]) : '__UNKNOWN__'; } // just get the body preg_match('/(?:<body[^>]*>)(.*)<\\/body>/isU', $html, $matches); // get rid of stuff we don't need $body = $this->regexSearchReplace($matches[1]); // clean it up $xhtml = $this->tidy($body); $body = $this->kneadHtml($xhtml, $post_type, $domain); $new_post = array('post_title' => $title, 'post_content' => $body, 'post_type' => $post_type, 'post_status' => 'draft'); if ('chapter' == $post_type) { $new_post['post_parent'] = $chapter_parent; } $pid = wp_insert_post(add_magic_quotes($new_post)); if (!empty($author)) { update_post_meta($pid, 'pb_section_author', $author); } if (!empty($license)) { update_post_meta($pid, 'pb_section_license', $license); } update_post_meta($pid, 'pb_show_title', 'on'); update_post_meta($pid, 'pb_export', 'on'); Book::consolidatePost($pid, get_post($pid)); // Reorder }
function wp_ajax_inline_save() { global $wp_list_table; check_ajax_referer('inlineeditnonce', '_inline_edit'); if (!isset($_POST['post_ID']) || !($post_ID = (int) $_POST['post_ID'])) { wp_die(); } if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } set_current_screen($_POST['screen']); if ($last = wp_check_post_lock($post_ID)) { $last_user = get_userdata($last); $last_user_name = $last_user ? $last_user->display_name : __('Someone'); printf($_POST['post_type'] == 'page' ? __('Saving is disabled: %s is currently editing this page.') : __('Saving is disabled: %s is currently editing this post.'), esc_html($last_user_name)); wp_die(); } $data =& $_POST; $post = get_post($post_ID, ARRAY_A); $post = add_magic_quotes($post); //since it is from db $data['content'] = $post['post_content']; $data['excerpt'] = $post['post_excerpt']; // rename $data['user_ID'] = $GLOBALS['user_ID']; if (isset($data['post_parent'])) { $data['parent_id'] = $data['post_parent']; } // status if (isset($data['keep_private']) && 'private' == $data['keep_private']) { $data['post_status'] = 'private'; } else { $data['post_status'] = $data['_status']; } if (empty($data['comment_status'])) { $data['comment_status'] = 'closed'; } if (empty($data['ping_status'])) { $data['ping_status'] = 'closed'; } // update the post edit_post(); $wp_list_table = _get_list_table('WP_Posts_List_Table'); $mode = $_POST['post_view']; $wp_list_table->display_rows(array(get_post($_POST['post_ID']))); wp_die(); }
function wp_update_post($postarr = array()) { global $wpdb; if ( is_object($postarr) ) $postarr = get_object_vars($postarr); // First, get all of the original fields $post = wp_get_single_post($postarr['ID'], ARRAY_A); // Escape data pulled from DB. $post = add_magic_quotes($post); // Passed post category list overwrites existing category list if not empty. if ( isset($postarr['post_category']) && is_array($postarr['post_category']) && 0 != count($postarr['post_category']) ) $post_cats = $postarr['post_category']; else $post_cats = $post['post_category']; // Drafts shouldn't be assigned a date unless explicitly done so by the user if ( 'draft' == $post['post_status'] && empty($postarr['edit_date']) && empty($postarr['post_date']) && ('0000-00-00 00:00:00' == $post['post_date']) ) $clear_date = true; else $clear_date = false; // Merge old and new fields with new fields overwriting old ones. $postarr = array_merge($post, $postarr); $postarr['post_category'] = $post_cats; if ( $clear_date ) { $postarr['post_date'] = ''; $postarr['post_date_gmt'] = ''; } if ($postarr['post_status'] == 'attachment') return wp_insert_attachment($postarr); return wp_insert_post($postarr); }
/** * Update an user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If $userdata does not contain an 'ID' key, then a new user will be created * and the new user's ID will be returned. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * @see wp_insert_user() For what fields can be set in $userdata * @uses wp_insert_user() Used to update existing user or add new one if user doesn't exist already * * @param array $userdata An array of user data. * @return int The updated user's ID. */ function wp_update_user($userdata) { $ID = (int) $userdata['ID']; // First, get all of the original fields $user_obj = get_userdata($ID); $user = get_object_vars($user_obj->data); // Add additional custom fields foreach (_get_additional_user_keys($user_obj) as $key) { $user[$key] = get_user_meta($ID, $key, true); } // Escape data pulled from DB. $user = add_magic_quotes($user); // If password is changing, hash it now. if (!empty($userdata['user_pass'])) { $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = wp_hash_password($userdata['user_pass']); } wp_cache_delete($user['user_email'], 'useremail'); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge($user, $userdata); $user_id = wp_insert_user($userdata); // Update the cookies if the password changed. $current_user = wp_get_current_user(); if ($current_user->ID == $ID) { if (isset($plaintext_pass)) { wp_clear_auth_cookie(); wp_set_auth_cookie($ID); } } return $user_id; }
/** * wp_update_term() - Update term based on arguments provided * * The $args will indiscriminately override all values with the same field name. Care * must be taken to not override important information need to update or update will * fail (or perhaps create a new term, neither would be acceptable). * * Defaults will set 'alias_of', 'description', 'parent', and 'slug' if not defined * in $args already. * * 'alias_of' will create a term group, if it doesn't already exist, and update it for * the $term. * * If the 'slug' argument in $args is missing, then the 'name' in $args will be used. * It should also be noted that if you set 'slug' and it isn't unique then a WP_Error * will be passed back. If you don't pass any slug, then a unique one will be created * for you. * * For what can be overrode in $args, check the term scheme can contain and stay away * from the term keys. * * @package WordPress * @subpackage Taxonomy * @since 2.3 * * @uses $wpdb * @uses do_action() Will call both 'edit_term' and 'edit_$taxonomy' twice. * @uses apply_filters() Will call the 'term_id_filter' filter and pass the term id and * taxonomy id. * * @param int $term The ID of the term * @param string $taxonomy The context in which to relate the term to the object. * @param array|string $args Overwrite term field values * @return array|WP_Error Returns Term ID and Taxonomy Term ID */ function wp_update_term( $term, $taxonomy, $args = array() ) { global $wpdb; if ( ! is_taxonomy($taxonomy) ) return new WP_Error('invalid_taxonomy', __('Invalid taxonomy')); $term_id = (int) $term; // First, get all of the original args $term = get_term ($term_id, $taxonomy, ARRAY_A); // Escape data pulled from DB. $term = add_magic_quotes($term); // Merge old and new args with new args overwriting old ones. $args = array_merge($term, $args); $defaults = array( 'alias_of' => '', 'description' => '', 'parent' => 0, 'slug' => ''); $args = wp_parse_args($args, $defaults); $args = sanitize_term($args, $taxonomy, 'db'); extract($args, EXTR_SKIP); // expected_slashed ($name) $name = stripslashes($name); $description = stripslashes($description); $empty_slug = false; if ( empty($slug) ) { $empty_slug = true; $slug = sanitize_title($name); } if ( $alias_of ) { $alias = $wpdb->get_row( $wpdb->prepare( "SELECT term_id, term_group FROM $wpdb->terms WHERE slug = %s", $alias_of) ); if ( $alias->term_group ) { // The alias we want is already in a group, so let's use that one. $term_group = $alias->term_group; } else { // The alias isn't in a group, so let's create a new one and firstly add the alias term to it. $term_group = $wpdb->get_var("SELECT MAX(term_group) FROM $wpdb->terms") + 1; $wpdb->update( $wpdb->terms, compact('term_group'), array( 'term_id' => $alias->term_id ) ); } } // Check for duplicate slug $id = $wpdb->get_var( $wpdb->prepare( "SELECT term_id FROM $wpdb->terms WHERE slug = %s", $slug ) ); if ( $id && ($id != $term_id) ) { // If an empty slug was passed or the parent changed, reset the slug to something unique. // Otherwise, bail. if ( $empty_slug || ( $parent != $term->parent) ) $slug = wp_unique_term_slug($slug, (object) $args); else return new WP_Error('duplicate_term_slug', sprintf(__('The slug "%s" is already in use by another term'), $slug)); } $wpdb->update($wpdb->terms, compact( 'name', 'slug', 'term_group' ), compact( 'term_id' ) ); if ( empty($slug) ) { $slug = sanitize_title($name, $term_id); $wpdb->update( $wpdb->terms, compact( 'slug' ), compact( 'term_id' ) ); } $tt_id = $wpdb->get_var( $wpdb->prepare( "SELECT tt.term_taxonomy_id FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.term_id = %d", $taxonomy, $term_id) ); $wpdb->update( $wpdb->term_taxonomy, compact( 'term_id', 'taxonomy', 'description', 'parent' ), array( 'term_taxonomy_id' => $tt_id ) ); do_action("edit_term", $term_id, $tt_id); do_action("edit_$taxonomy", $term_id, $tt_id); $term_id = apply_filters('term_id_filter', $term_id, $tt_id); clean_term_cache($term_id, $taxonomy); do_action("edited_term", $term_id, $tt_id); do_action("edited_$taxonomy", $term_id, $tt_id); return array('term_id' => $term_id, 'term_taxonomy_id' => $tt_id); }
/** * Pummel then insert HTML into our database * * @param string $html * @param string $title * @param string $post_type (front-matter', 'chapter', 'back-matter') * @param int $chapter_parent */ protected function kneadAndInsert($html, $title, $post_type, $chapter_parent) { $body = $this->tidy($html); $body = $this->kneadHTML($body); $title = wp_strip_all_tags($title); $new_post = array('post_title' => $title, 'post_content' => $body, 'post_type' => $post_type, 'post_status' => 'draft'); if ('chapter' == $post_type) { $new_post['post_parent'] = $chapter_parent; } $pid = wp_insert_post(add_magic_quotes($new_post)); update_post_meta($pid, 'pb_show_title', 'on'); update_post_meta($pid, 'pb_export', 'on'); Book::consolidatePost($pid, get_post($pid)); // Reorder }
/** * Update a user in the database. * * It is possible to update a user's password by specifying the 'user_pass' * value in the $userdata parameter array. * * If current user's password is being updated, then the cookies will be * cleared. * * @since 2.0.0 * * @see wp_insert_user() For what fields can be set in $userdata. * * @param mixed $userdata An array of user data or a user object of type stdClass or WP_User. * @return int|WP_Error The updated user's ID or a WP_Error object if the user could not be updated. */ function wp_update_user($userdata) { if ($userdata instanceof stdClass) { $userdata = get_object_vars($userdata); } elseif ($userdata instanceof WP_User) { $userdata = $userdata->to_array(); } $ID = isset($userdata['ID']) ? (int) $userdata['ID'] : 0; if (!$ID) { return new WP_Error('invalid_user_id', __('Invalid user ID.')); } // First, get all of the original fields $user_obj = get_userdata($ID); if (!$user_obj) { return new WP_Error('invalid_user_id', __('Invalid user ID.')); } $user = $user_obj->to_array(); // Add additional custom fields foreach (_get_additional_user_keys($user_obj) as $key) { $user[$key] = get_user_meta($ID, $key, true); } // Escape data pulled from DB. $user = add_magic_quotes($user); if (!empty($userdata['user_pass']) && $userdata['user_pass'] !== $user_obj->user_pass) { // If password is changing, hash it now $plaintext_pass = $userdata['user_pass']; $userdata['user_pass'] = wp_hash_password($userdata['user_pass']); /** * Filter whether to send the password change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. * */ $send_password_change_email = apply_filters('send_password_change_email', true, $user, $userdata); } if (isset($userdata['user_email']) && $user['user_email'] !== $userdata['user_email']) { /** * Filter whether to send the email change email. * * @since 4.3.0 * * @see wp_insert_user() For `$user` and `$userdata` fields. * * @param bool $send Whether to send the email. * @param array $user The original user array. * @param array $userdata The updated user array. * */ $send_email_change_email = apply_filters('send_email_change_email', true, $user, $userdata); } wp_cache_delete($user['user_email'], 'useremail'); // Merge old and new fields with new fields overwriting old ones. $userdata = array_merge($user, $userdata); $user_id = wp_insert_user($userdata); if (!is_wp_error($user_id)) { $blog_name = wp_specialchars_decode(get_option('blogname')); if (!empty($send_password_change_email)) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $pass_change_text = __('Hi ###USERNAME###, This notice confirms that your password was changed on ###SITENAME###. If you did not change your password, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###'); $pass_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Password Change'), 'message' => $pass_change_text, 'headers' => ''); /** * Filter the contents of the email sent when the user's password is changed. * * @since 4.3.0 * * @param array $pass_change_email { * Used to build wp_mail(). * @type string $to The intended recipients. Add emails in a comma separated string. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - ###USERNAME### The current user's username. * - ###ADMIN_EMAIL### The admin email in case this was unexpected. * - ###EMAIL### The old email. * - ###SITENAME### The name of the site. * - ###SITEURL### The URL to the site. * @type string $headers Headers. Add headers in a newline (\r\n) separated string. * } * @param array $user The original user array. * @param array $userdata The updated user array. * */ $pass_change_email = apply_filters('password_change_email', $pass_change_email, $user, $userdata); $pass_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $pass_change_email['message']); $pass_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $pass_change_email['message']); $pass_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $pass_change_email['message']); $pass_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $pass_change_email['message']); $pass_change_email['message'] = str_replace('###SITEURL###', home_url(), $pass_change_email['message']); wp_mail($pass_change_email['to'], sprintf($pass_change_email['subject'], $blog_name), $pass_change_email['message'], $pass_change_email['headers']); } if (!empty($send_email_change_email)) { /* translators: Do not translate USERNAME, ADMIN_EMAIL, EMAIL, SITENAME, SITEURL: those are placeholders. */ $email_change_text = __('Hi ###USERNAME###, This notice confirms that your email was changed on ###SITENAME###. If you did not change your email, please contact the Site Administrator at ###ADMIN_EMAIL### This email has been sent to ###EMAIL### Regards, All at ###SITENAME### ###SITEURL###'); $email_change_email = array('to' => $user['user_email'], 'subject' => __('[%s] Notice of Email Change'), 'message' => $email_change_text, 'headers' => ''); /** * Filter the contents of the email sent when the user's email is changed. * * @since 4.3.0 * * @param array $email_change_email { * Used to build wp_mail(). * @type string $to The intended recipients. * @type string $subject The subject of the email. * @type string $message The content of the email. * The following strings have a special meaning and will get replaced dynamically: * - ###USERNAME### The current user's username. * - ###ADMIN_EMAIL### The admin email in case this was unexpected. * - ###EMAIL### The old email. * - ###SITENAME### The name of the site. * - ###SITEURL### The URL to the site. * @type string $headers Headers. * } * @param array $user The original user array. * @param array $userdata The updated user array. */ $email_change_email = apply_filters('email_change_email', $email_change_email, $user, $userdata); $email_change_email['message'] = str_replace('###USERNAME###', $user['user_login'], $email_change_email['message']); $email_change_email['message'] = str_replace('###ADMIN_EMAIL###', get_option('admin_email'), $email_change_email['message']); $email_change_email['message'] = str_replace('###EMAIL###', $user['user_email'], $email_change_email['message']); $email_change_email['message'] = str_replace('###SITENAME###', get_option('blogname'), $email_change_email['message']); $email_change_email['message'] = str_replace('###SITEURL###', home_url(), $email_change_email['message']); wp_mail($email_change_email['to'], sprintf($email_change_email['subject'], $blog_name), $email_change_email['message'], $email_change_email['headers']); } } // Update the cookies if the password changed. $current_user = wp_get_current_user(); if ($current_user->ID == $ID) { if (isset($plaintext_pass)) { wp_clear_auth_cookie(); // Here we calculate the expiration length of the current auth cookie and compare it to the default expiration. // If it's greater than this, then we know the user checked 'Remember Me' when they logged in. $logged_in_cookie = wp_parse_auth_cookie('', 'logged_in'); /** This filter is documented in wp-includes/pluggable.php */ $default_cookie_life = apply_filters('auth_cookie_expiration', 2 * DAY_IN_SECONDS, $ID, false); $remember = $logged_in_cookie['expiration'] - time() > $default_cookie_life; wp_set_auth_cookie($ID, $remember); } } return $user_id; }
do_action('plugins_loaded'); // If already slashed, strip. if ( get_magic_quotes_gpc() ) { $_GET = stripslashes_deep($_GET ); $_POST = stripslashes_deep($_POST ); $_COOKIE = stripslashes_deep($_COOKIE); $_SERVER = stripslashes_deep($_SERVER); } // Escape with wpdb. $_GET = add_magic_quotes($_GET ); $_POST = add_magic_quotes($_POST ); $_COOKIE = add_magic_quotes($_COOKIE); $_SERVER = add_magic_quotes($_SERVER); $wp_query = new WP_Query(); $wp_rewrite = new WP_Rewrite(); $wp = new WP(); define('TEMPLATEPATH', get_template_directory()); // Load the default text localization domain. load_default_textdomain(); // Pull in locale data after loading text domain. require_once(ABSPATH . WPINC . '/locale.php'); // Load functions for active theme. if ( file_exists(TEMPLATEPATH . "/functions.php") )
/** * Update a row in the table with an array of data. * * @since 2.5.0 * * @param string $table WARNING: not sanitized! * @param array $data Should not already be SQL-escaped * @param array $where A named array of WHERE column => value relationships. Multiple member pairs will be joined with ANDs. WARNING: the column names are not currently sanitized! * @return mixed Results of $this->query() */ function update($table, $data, $where) { $data = add_magic_quotes($data); $bits = $wheres = array(); foreach ((array) array_keys($data) as $k) { $bits[] = "`{$k}` = '{$data[$k]}'"; } if (is_array($where)) { foreach ($where as $c => $v) { $wheres[] = "{$c} = '" . $this->escape($v) . "'"; } } else { return false; } return $this->query("UPDATE {$table} SET " . implode(', ', $bits) . ' WHERE ' . implode(' AND ', $wheres)); }
function fix_attachment_links($post_ID) { global $wp_rewrite; $post =& get_post($post_ID, ARRAY_A); $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie"; // See if we have any rel="attachment" links if (0 == preg_match_all($search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER)) { return; } $i = 0; $search = "# id=(\"|')p(\\d+)\\1#i"; foreach ($anchor_matches[0] as $anchor) { if (0 == preg_match($search, $anchor, $id_matches)) { continue; } $id = $id_matches[2]; // While we have the attachment ID, let's adopt any orphans. $attachment =& get_post($id, ARRAY_A); if (!empty($attachment) && !is_object(get_post($attachment['post_parent']))) { $attachment['post_parent'] = $post_ID; // Escape data pulled from DB. $attachment = add_magic_quotes($attachment); wp_update_post($attachment); } $post_search[$i] = $anchor; $post_replace[$i] = preg_replace("#href=(\"|')[^'\"]*\\1#e", "stripslashes('href=\\1').get_attachment_link({$id}).stripslashes('\\1')", $anchor); ++$i; } $post['post_content'] = str_replace($post_search, $post_replace, $post['post_content']); // Escape data pulled from DB. $post = add_magic_quotes($post); return wp_update_post($post); }
function write_post($path, $blog_id, $post_id) { $new = $this->api->ends_with($path, '/new'); $args = $this->query_args(); // unhook publicize, it's hooked again later -- without this, skipping services is impossible if (defined('IS_WPCOM') && IS_WPCOM) { remove_action('save_post', array($GLOBALS['publicize_ui']->publicize, 'async_publicize_post'), 100, 2); add_action('rest_api_inserted_post', array($GLOBALS['publicize_ui']->publicize, 'async_publicize_post')); } if ($new) { $input = $this->input(true); if ('revision' === $input['type']) { if (!isset($input['parent'])) { return new WP_Error('invalid_input', 'Invalid request input', 400); } $input['status'] = 'inherit'; // force inherit for revision type $input['slug'] = $input['parent'] . '-autosave-v1'; } elseif (!isset($input['title']) && !isset($input['content']) && !isset($input['excerpt'])) { return new WP_Error('invalid_input', 'Invalid request input', 400); } // default to post if (empty($input['type'])) { $input['type'] = 'post'; } $post_type = get_post_type_object($input['type']); if (!$this->is_post_type_allowed($input['type'])) { return new WP_Error('unknown_post_type', 'Unknown post type', 404); } if (!empty($input['author'])) { $author_id = parent::parse_and_set_author($input['author'], $input['type']); unset($input['author']); if (is_wp_error($author_id)) { return $author_id; } } if ('publish' === $input['status']) { if (!current_user_can($post_type->cap->publish_posts)) { if (current_user_can($post_type->cap->edit_posts)) { $input['status'] = 'pending'; } else { return new WP_Error('unauthorized', 'User cannot publish posts', 403); } } } else { if (!current_user_can($post_type->cap->edit_posts)) { return new WP_Error('unauthorized', 'User cannot edit posts', 403); } } } else { $input = $this->input(false); if (!is_array($input) || !$input) { return new WP_Error('invalid_input', 'Invalid request input', 400); } $post = get_post($post_id); $_post_type = !empty($input['type']) ? $input['type'] : $post->post_type; $post_type = get_post_type_object($_post_type); if (!$post || is_wp_error($post)) { return new WP_Error('unknown_post', 'Unknown post', 404); } if (!current_user_can('edit_post', $post->ID)) { return new WP_Error('unauthorized', 'User cannot edit post', 403); } if (!empty($input['author'])) { $author_id = parent::parse_and_set_author($input['author'], $_post_type); unset($input['author']); if (is_wp_error($author_id)) { return $author_id; } } if ('publish' === $input['status'] && 'publish' !== $post->post_status && !current_user_can('publish_post', $post->ID)) { $input['status'] = 'pending'; } $last_status = $post->post_status; $new_status = $input['status']; } // Fix for https://iorequests.wordpress.com/2014/08/13/scheduled-posts-made-in-the/ // See: https://a8c.slack.com/archives/io/p1408047082000273 // If date was set, $this->input will set date_gmt, date still needs to be adjusted for the blog's offset if (isset($input['date_gmt'])) { $gmt_offset = get_option('gmt_offset'); $time_with_offset = strtotime($input['date_gmt']) + $gmt_offset * HOUR_IN_SECONDS; $input['date'] = date('Y-m-d H:i:s', $time_with_offset); } if (!empty($author_id) && get_current_user_id() != $author_id) { if (!current_user_can($post_type->cap->edit_others_posts)) { return new WP_Error('unauthorized', "User is not allowed to publish others' posts.", 403); } elseif (!user_can($author_id, $post_type->cap->edit_posts)) { return new WP_Error('unauthorized', 'Assigned author cannot publish post.', 403); } } if (!is_post_type_hierarchical($post_type->name) && 'revision' !== $post_type->name) { unset($input['parent']); } /* add taxonomies by name */ $tax_input = array(); foreach (array('categories' => 'category', 'tags' => 'post_tag') as $key => $taxonomy) { if (!isset($input[$key])) { continue; } $tax_input[$taxonomy] = array(); $is_hierarchical = is_taxonomy_hierarchical($taxonomy); if (is_array($input[$key])) { $terms = $input[$key]; } else { $terms = explode(',', $input[$key]); } foreach ($terms as $term) { /** * We assume these are names, not IDs, even if they are numeric. * Note: A category named "0" will not work right. * https://core.trac.wordpress.org/ticket/9059 */ $term_info = get_term_by('name', $term, $taxonomy, ARRAY_A); if (!$term_info) { // only add a new tag/cat if the user has access to $tax = get_taxonomy($taxonomy); if (!current_user_can($tax->cap->edit_terms)) { continue; } $term_info = wp_insert_term($term, $taxonomy); } if (!is_wp_error($term_info)) { if ($is_hierarchical) { // Categories must be added by ID $tax_input[$taxonomy][] = (int) $term_info['term_id']; } else { // Tags must be added by name $tax_input[$taxonomy][] = $term; } } } } /* add taxonomies by ID */ foreach (array('categories_by_id' => 'category', 'tags_by_id' => 'post_tag') as $key => $taxonomy) { if (!isset($input[$key])) { continue; } // combine with any previous selections if (!is_array($tax_input[$taxonomy])) { $tax_input[$taxonomy] = array(); } $is_hierarchical = is_taxonomy_hierarchical($taxonomy); if (is_array($input[$key])) { $terms = $input[$key]; } else { $terms = explode(',', $input[$key]); } foreach ($terms as $term) { if (!ctype_digit($term)) { // skip anything that doesn't look like an ID continue; } $term = (int) $term; $term_info = get_term_by('id', $term, $taxonomy, ARRAY_A); if ($term_info && !is_wp_error($term_info)) { if ($is_hierarchical) { // Categories must be added by ID $tax_input[$taxonomy][] = $term; } else { // Tags must be added by name $tax_input[$taxonomy][] = $term_info['name']; } } } } if ((isset($input['categories']) || isset($input['categories_by_id'])) && empty($tax_input['category']) && 'revision' !== $post_type->name) { $tax_input['category'][] = get_option('default_category'); } unset($input['tags'], $input['categories'], $input['tags_by_id'], $input['categories_by_id']); $insert = array(); if (!empty($input['slug'])) { $insert['post_name'] = $input['slug']; unset($input['slug']); } if (isset($input['discussion'])) { $discussion = (array) $input['discussion']; foreach (array('comment', 'ping') as $discussion_type) { $discussion_open = sprintf('%ss_open', $discussion_type); $discussion_status = sprintf('%s_status', $discussion_type); if (isset($discussion[$discussion_open])) { $is_open = WPCOM_JSON_API::is_truthy($discussion[$discussion_open]); $discussion[$discussion_status] = $is_open ? 'open' : 'closed'; } if (in_array($discussion[$discussion_status], array('open', 'closed'))) { $insert[$discussion_status] = $discussion[$discussion_status]; } } } unset($input['discussion']); if (isset($input['menu_order'])) { $insert['menu_order'] = $input['menu_order']; unset($input['menu_order']); } if (isset($input['publicize'])) { $publicize = $input['publicize']; unset($input['publicize']); } if (isset($input['publicize_message'])) { $publicize_custom_message = $input['publicize_message']; unset($input['publicize_message']); } if (isset($input['featured_image'])) { $featured_image = trim($input['featured_image']); $delete_featured_image = empty($featured_image); unset($input['featured_image']); } if (isset($input['metadata'])) { $metadata = $input['metadata']; unset($input['metadata']); } if (isset($input['likes_enabled'])) { $likes = $input['likes_enabled']; unset($input['likes_enabled']); } if (isset($input['sharing_enabled'])) { $sharing = $input['sharing_enabled']; unset($input['sharing_enabled']); } if (isset($input['sticky'])) { $sticky = $input['sticky']; unset($input['sticky']); } foreach ($input as $key => $value) { $insert["post_{$key}"] = $value; } if (!empty($author_id)) { $insert['post_author'] = absint($author_id); } if (!empty($tax_input)) { $insert['tax_input'] = $tax_input; } $has_media = !empty($input['media']) ? count($input['media']) : false; $has_media_by_url = !empty($input['media_urls']) ? count($input['media_urls']) : false; if ($new) { if (false === strpos($input['content'], '[gallery') && ($has_media || $has_media_by_url)) { switch ($has_media + $has_media_by_url) { case 0: // No images - do nothing. break; case 1: // 1 image - make it big $insert['post_content'] = $input['content'] = "[gallery size=full columns=1]\n\n" . $input['content']; break; default: // Several images - 3 column gallery $insert['post_content'] = $input['content'] = "[gallery]\n\n" . $input['content']; break; } } $post_id = wp_insert_post(add_magic_quotes($insert), true); } else { $insert['ID'] = $post->ID; // wp_update_post ignores date unless edit_date is set // See: http://codex.wordpress.org/Function_Reference/wp_update_post#Scheduling_posts // See: https://core.trac.wordpress.org/browser/tags/3.9.2/src/wp-includes/post.php#L3302 if (isset($input['date_gmt']) || isset($input['date'])) { $insert['edit_date'] = true; } $post_id = wp_update_post((object) $insert); } if (!$post_id || is_wp_error($post_id)) { return $post_id; } // make sure this post actually exists and is not an error of some kind (ie, trying to load media in the posts endpoint) $post_check = $this->get_post_by('ID', $post_id, $args['context']); if (is_wp_error($post_check)) { return $post_check; } if ($has_media || $has_media_by_url) { $media_files = !empty($input['media']) ? $input['media'] : array(); $media_urls = !empty($input['media_urls']) ? $input['media_urls'] : array(); $media_attrs = !empty($input['media_attrs']) ? $input['media_attrs'] : array(); $force_parent_id = $post_id; $media_results = $this->handle_media_creation_v1_1($media_files, $media_urls, $media_attrs, $force_parent_id); } // set page template for this post.. if (isset($input['page_template']) && 'page' == $post_type->name) { $page_template = $input['page_template']; $page_templates = wp_get_theme()->get_page_templates(get_post($post_id)); if (empty($page_template) || 'default' == $page_template || isset($page_templates[$page_template])) { update_post_meta($post_id, '_wp_page_template', $page_template); } } // Set like status for the post $sitewide_likes_enabled = (bool) apply_filters('wpl_is_enabled_sitewide', !get_option('disabled_likes')); if ($new) { if ($sitewide_likes_enabled) { if (false === $likes) { update_post_meta($post_id, 'switch_like_status', 1); } else { delete_post_meta($post_id, 'switch_like_status'); } } else { if ($likes) { update_post_meta($post_id, 'switch_like_status', 1); } else { delete_post_meta($post_id, 'switch_like_status'); } } } else { if (isset($likes)) { if ($sitewide_likes_enabled) { if (false === $likes) { update_post_meta($post_id, 'switch_like_status', 1); } else { delete_post_meta($post_id, 'switch_like_status'); } } else { if (true === $likes) { update_post_meta($post_id, 'switch_like_status', 1); } else { delete_post_meta($post_id, 'switch_like_status'); } } } } // Set sharing status of the post if ($new) { $sharing_enabled = isset($sharing) ? (bool) $sharing : true; if (false === $sharing_enabled) { update_post_meta($post_id, 'sharing_disabled', 1); } } else { if (isset($sharing) && true === $sharing) { delete_post_meta($post_id, 'sharing_disabled'); } else { if (isset($sharing) && false == $sharing) { update_post_meta($post_id, 'sharing_disabled', 1); } } } if (true === $sticky) { stick_post($post_id); } else { unstick_post($post_id); } // WPCOM Specific (Jetpack's will get bumped elsewhere // Tracks how many posts are published and sets meta so we can track some other cool stats (like likes & comments on posts published) if ($new && 'publish' == $input['status'] || !$new && isset($last_status) && 'publish' != $last_status && isset($new_status) && 'publish' == $new_status) { if (function_exists('bump_stats_extras')) { bump_stats_extras('api-insights-posts', $this->api->token_details['client_id']); update_post_meta($post_id, '_rest_api_published', 1); update_post_meta($post_id, '_rest_api_client_id', $this->api->token_details['client_id']); } } // We ask the user/dev to pass Publicize services he/she wants activated for the post, but Publicize expects us // to instead flag the ones we don't want to be skipped. proceed with said logic. // any posts coming from Path (client ID 25952) should also not publicize if ($publicize === false || isset($this->api->token_details['client_id']) && 25952 == $this->api->token_details['client_id']) { // No publicize at all, skip all by ID foreach ($GLOBALS['publicize_ui']->publicize->get_services('all') as $name => $service) { delete_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name); $service_connections = $GLOBALS['publicize_ui']->publicize->get_connections($name); if (!$service_connections) { continue; } foreach ($service_connections as $service_connection) { update_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1); } } } else { if (is_array($publicize) && count($publicize) > 0) { foreach ($GLOBALS['publicize_ui']->publicize->get_services('all') as $name => $service) { /* * We support both indexed and associative arrays: * * indexed are to pass entire services * * associative are to pass specific connections per service * * We do support mixed arrays: mixed integer and string keys (see 3rd example below). * * EG: array( 'twitter', 'facebook') will only publicize to those, ignoring the other available services * Form data: publicize[]=twitter&publicize[]=facebook * EG: array( 'twitter' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3', 'facebook' => (int) $pub_conn_id_7 ) will publicize to two Twitter accounts, and one Facebook connection, of potentially many. * Form data: publicize[twitter]=$pub_conn_id_0,$pub_conn_id_3&publicize[facebook]=$pub_conn_id_7 * EG: array( 'twitter', 'facebook' => '(int) $pub_conn_id_0, (int) $pub_conn_id_3' ) will publicize to all available Twitter accounts, but only 2 of potentially many Facebook connections * Form data: publicize[]=twitter&publicize[facebook]=$pub_conn_id_0,$pub_conn_id_3 */ // Delete any stale SKIP value for the service by name. We'll add it back by ID. delete_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $name); // Get the user's connections $service_connections = $GLOBALS['publicize_ui']->publicize->get_connections($name); // if the user doesn't have any connections for this service, move on if (!$service_connections) { continue; } if (!in_array($name, $publicize) && !array_key_exists($name, $publicize)) { // Skip the whole service by adding each connection ID foreach ($service_connections as $service_connection) { update_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1); } } else { if (!empty($publicize[$name])) { // Seems we're being asked to only push to [a] specific connection[s]. // Explode the list on commas, which will also support a single passed ID $requested_connections = explode(',', preg_replace('/[\\s]*/', '', $publicize[$name])); // Flag the connections we can't match with the requested list to be skipped. foreach ($service_connections as $service_connection) { if (!in_array($service_connection->meta['connection_data']->id, $requested_connections)) { update_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id, 1); } else { delete_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id); } } } else { // delete all SKIP values; it's okay to publish to all connected IDs for this service foreach ($service_connections as $service_connection) { delete_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_SKIP . $service_connection->unique_id); } } } } } } if (!empty($publicize_custom_message)) { update_post_meta($post_id, $GLOBALS['publicize_ui']->publicize->POST_MESS, trim($publicize_custom_message)); } set_post_format($post_id, $insert['post_format']); if (isset($featured_image)) { parent::parse_and_set_featured_image($post_id, $delete_featured_image, $featured_image); } if (!empty($metadata)) { foreach ((array) $metadata as $meta) { $meta = (object) $meta; $existing_meta_item = new stdClass(); if (empty($meta->operation)) { $meta->operation = 'update'; } if (!empty($meta->value)) { if ('true' == $meta->value) { $meta->value = true; } if ('false' == $meta->value) { $meta->value = false; } } if (!empty($meta->id)) { $meta->id = absint($meta->id); $existing_meta_item = get_metadata_by_mid('post', $meta->id); } $unslashed_meta_key = wp_unslash($meta->key); // should match what the final key will be $meta->key = wp_slash($meta->key); $unslashed_existing_meta_key = wp_unslash($existing_meta_item->meta_key); $existing_meta_item->meta_key = wp_slash($existing_meta_item->meta_key); // make sure that the meta id passed matches the existing meta key if (!empty($meta->id) && !empty($meta->key)) { $meta_by_id = get_metadata_by_mid('post', $meta->id); if ($meta_by_id->meta_key !== $meta->key) { continue; // skip this meta } } switch ($meta->operation) { case 'delete': if (!empty($meta->id) && !empty($existing_meta_item->meta_key) && current_user_can('delete_post_meta', $post_id, $unslashed_existing_meta_key)) { delete_metadata_by_mid('post', $meta->id); } elseif (!empty($meta->key) && !empty($meta->previous_value) && current_user_can('delete_post_meta', $post_id, $unslashed_meta_key)) { delete_post_meta($post_id, $meta->key, $meta->previous_value); } elseif (!empty($meta->key) && current_user_can('delete_post_meta', $post_id, $unslashed_meta_key)) { delete_post_meta($post_id, $meta->key); } break; case 'add': if (!empty($meta->id) || !empty($meta->previous_value)) { continue; } elseif (!empty($meta->key) && !empty($meta->value) && current_user_can('add_post_meta', $post_id, $unslashed_meta_key) || $this->is_metadata_public($meta->key)) { add_post_meta($post_id, $meta->key, $meta->value); } break; case 'update': if (!isset($meta->value)) { continue; } elseif (!empty($meta->id) && !empty($existing_meta_item->meta_key) && (current_user_can('edit_post_meta', $post_id, $unslashed_existing_meta_key) || $this->is_metadata_public($meta->key))) { update_metadata_by_mid('post', $meta->id, $meta->value); } elseif (!empty($meta->key) && !empty($meta->previous_value) && (current_user_can('edit_post_meta', $post_id, $unslashed_meta_key) || $this->is_metadata_public($meta->key))) { update_post_meta($post_id, $meta->key, $meta->value, $meta->previous_value); } elseif (!empty($meta->key) && (current_user_can('edit_post_meta', $post_id, $unslashed_meta_key) || $this->is_metadata_public($meta->key))) { update_post_meta($post_id, $meta->key, $meta->value); } break; } } } do_action('rest_api_inserted_post', $post_id, $insert, $new); $return = $this->get_post_by('ID', $post_id, $args['context']); if (!$return || is_wp_error($return)) { return $return; } if (isset($input['type']) && 'revision' === $input['type']) { $return['preview_nonce'] = wp_create_nonce('post_preview_' . $input['parent']); } // workaround for sticky test occasionally failing, maybe a race condition with stick_post() above $return['sticky'] = true === $sticky; if (!empty($media_results['errors'])) { $return['media_errors'] = $media_results['errors']; } do_action('wpcom_json_api_objects', 'posts'); return $return; }
function wp_update_link($linkdata) { global $wpdb; $link_id = (int) $linkdata['link_id']; $link = get_link($link_id, ARRAY_A); // Escape data pulled from DB. $link = add_magic_quotes($link); // Merge old and new fields with new fields overwriting old ones. $linkdata = array_merge($link, $linkdata); return wp_insert_link($linkdata); }
/** * Walks the array while sanitizing the contents. * * @uses $wpdb Used to sanitize values * @since 0.71 * * @param array $array Array to used to walk while sanitizing contents. * @return array Sanitized $array. */ function add_magic_quotes($array) { global $wpdb; foreach ((array) $array as $k => $v) { if (is_array($v)) { $array[$k] = add_magic_quotes($v); } else { $array[$k] = $wpdb->escape($v); } } return $array; }
/** * Replace hrefs of attachment anchors with up-to-date permalinks. * * @since 2.3.0 * @access private * * @param int|object $post Post ID or post object. * @return void|int|WP_Error Void if nothing fixed. 0 or WP_Error on update failure. The post ID on update success. */ function _fix_attachment_links($post) { $post = get_post($post, ARRAY_A); $content = $post['post_content']; // Don't run if no pretty permalinks or post is not published, scheduled, or privately published. if (!get_option('permalink_structure') || !in_array($post['post_status'], array('publish', 'future', 'private'))) { return; } // Short if there aren't any links or no '?attachment_id=' strings (strpos cannot be zero) if (!strpos($content, '?attachment_id=') || !preg_match_all('/<a ([^>]+)>[\\s\\S]+?<\\/a>/', $content, $link_matches)) { return; } $site_url = get_bloginfo('url'); $site_url = substr($site_url, (int) strpos($site_url, '://')); // remove the http(s) $replace = ''; foreach ($link_matches[1] as $key => $value) { if (!strpos($value, '?attachment_id=') || !strpos($value, 'wp-att-') || !preg_match('/href=(["\'])[^"\']*\\?attachment_id=(\\d+)[^"\']*\\1/', $value, $url_match) || !preg_match('/rel=["\'][^"\']*wp-att-(\\d+)/', $value, $rel_match)) { continue; } $quote = $url_match[1]; // the quote (single or double) $url_id = (int) $url_match[2]; $rel_id = (int) $rel_match[1]; if (!$url_id || !$rel_id || $url_id != $rel_id || strpos($url_match[0], $site_url) === false) { continue; } $link = $link_matches[0][$key]; $replace = str_replace($url_match[0], 'href=' . $quote . get_attachment_link($url_id) . $quote, $link); $content = str_replace($link, $replace, $content); } if ($replace) { $post['post_content'] = $content; // Escape data pulled from DB. $post = add_magic_quotes($post); return wp_update_post($post); } }
/** * Restores a post to the specified revision. * * Can restore a past revision using all fields of the post revision, or only selected fields. * * @package WordPress * @subpackage Post_Revisions * @since 2.6.0 * * @uses wp_get_post_revision() * @uses wp_update_post() * @uses do_action() Calls 'wp_restore_post_revision' on post ID and revision ID if wp_update_post() * is successful. * * @param int|object $revision_id Revision ID or revision object. * @param array $fields Optional. What fields to restore from. Defaults to all. * @return mixed Null if error, false if no fields to restore, (int) post ID if success. */ function wp_restore_post_revision($revision_id, $fields = null) { if (!($revision = wp_get_post_revision($revision_id, ARRAY_A))) { return $revision; } if (!is_array($fields)) { $fields = array_keys(_wp_post_revision_fields()); } $update = array(); foreach (array_intersect(array_keys($revision), $fields) as $field) { $update[$field] = $revision[$field]; } if (!$update) { return false; } $update['ID'] = $revision['post_parent']; $update = add_magic_quotes($update); //since data is from db $post_id = wp_update_post($update); if (is_wp_error($post_id)) { return $post_id; } if ($post_id) { do_action('wp_restore_post_revision', $post_id, $revision['ID']); } return $post_id; }
// Captures any text in the body after $phone_delim as the body $content = explode($phone_delim, $content); $content = empty( $content[1] ) ? $content[0] : $content[1]; $content = trim($content); $post_content = apply_filters('phone_content', $content); $post_title = xmlrpc_getposttitle($content); if ($post_title == '') $post_title = $subject; $post_category = array(get_option('default_email_category')); $post_data = compact('post_content','post_title','post_date','post_date_gmt','post_author','post_category', 'post_status'); $post_data = add_magic_quotes($post_data); $post_ID = wp_insert_post($post_data); if ( is_wp_error( $post_ID ) ) echo "\n" . $post_ID->get_error_message(); // We couldn't post, for whatever reason. Better move forward to the next email. if ( empty( $post_ID ) ) continue; do_action('publish_phone', $post_ID); echo "\n<p>" . sprintf(__('<strong>Author:</strong> %s'), esc_html($post_author)) . '</p>'; echo "\n<p>" . sprintf(__('<strong>Posted title:</strong> %s'), esc_html($post_title)) . '</p>'; if(!$pop3->delete($i)) {