static function save_meta($post_ID) { // Meta Stuff if (!isset($_POST['bbpmeta_no_js'])) { return; } if (isset($_POST['meta']) && $_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (!current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, 'bbpmeta_params', $value); } } if (isset($_POST['deletemeta']) && $_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (!current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } self::add_meta($post_ID); }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @global wpdb $wpdb WordPress database abstraction object. * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { global $wpdb; if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; if (!empty($post_data['post_status'])) { $post_data['post_status'] = sanitize_key($post_data['post_status']); if ('inherit' == $post_data['post_status']) { unset($post_data['post_status']); } } $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can('edit_post', $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('Sorry, you are not allowed to edit this page.')); } else { wp_die(__('Sorry, you are not allowed to edit this post.')); } } if (post_type_supports($ptype->name, 'revisions')) { $revisions = wp_get_post_revisions($post_ID, array('order' => 'ASC', 'posts_per_page' => 1)); $revision = current($revisions); // Check if the revisions have been upgraded if ($revisions && _wp_get_post_revision_version($revision) < 1) { _wp_upgrade_revisions_of_post($post, wp_get_post_revisions($post_ID)); } } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } // Post Formats if (isset($post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } $format_meta_urls = array('url', 'link_url', 'quote_source_url'); foreach ($format_meta_urls as $format_meta_url) { $keyed = '_format_' . $format_meta_url; if (isset($post_data[$keyed])) { update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed])))); } } $format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed'); foreach ($format_keys as $key) { $keyed = '_format_' . $key; if (isset($post_data[$keyed])) { if (current_user_can('unfiltered_html')) { update_post_meta($post_ID, $keyed, $post_data[$keyed]); } else { update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed])); } } } if ('attachment' === $post_data['post_type'] && preg_match('#^(audio|video)/#', $post_data['post_mime_type'])) { $id3data = wp_get_attachment_metadata($post_ID); if (!is_array($id3data)) { $id3data = array(); } foreach (wp_get_attachment_id3_keys($post, 'edit') as $key => $label) { if (isset($post_data['id3_' . $key])) { $id3data[$key] = sanitize_text_field(wp_unslash($post_data['id3_' . $key])); } } wp_update_attachment_metadata($post_ID, $id3data); } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type']) { if (isset($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_unslash($post_data['_wp_attachment_image_alt']); if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) { $image_alt = wp_strip_all_tags($image_alt, true); // update_meta expects slashed. update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt)); } } $attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array(); /** This filter is documented in wp-admin/includes/media.php */ $post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data); } // Convert taxonomy input to term IDs, to avoid ambiguity. if (isset($post_data['tax_input'])) { foreach ((array) $post_data['tax_input'] as $taxonomy => $terms) { // Hierarchical taxonomy data is already sent as term IDs, so no conversion is necessary. if (is_taxonomy_hierarchical($taxonomy)) { continue; } /* * Assume that a 'tax_input' string is a comma-separated list of term names. * Some languages may use a character other than a comma as a delimiter, so we standardize on * commas before parsing the list. */ if (!is_array($terms)) { $comma = _x(',', 'tag delimiter'); if (',' !== $comma) { $terms = str_replace($comma, ',', $terms); } $terms = explode(',', trim($terms, " \n\t\r\v,")); } $clean_terms = array(); foreach ($terms as $term) { // Empty terms are invalid input. if (empty($term)) { continue; } $_term = get_terms($taxonomy, array('name' => $term, 'fields' => 'ids', 'hide_empty' => false)); if (!empty($_term)) { $clean_terms[] = intval($_term[0]); } else { // No existing term was found, so pass the string. A new term will be created. $clean_terms[] = $term; } } $post_data['tax_input'][$taxonomy] = $clean_terms; } } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', get_current_user_id()); $success = wp_update_post($post_data); // If the save failed, see if we can sanity check the main fields and try again if (!$success && is_callable(array($wpdb, 'strip_invalid_text_for_column'))) { $fields = array('post_title', 'post_content', 'post_excerpt'); foreach ($fields as $field) { if (isset($post_data[$field])) { $post_data[$field] = $wpdb->strip_invalid_text_for_column($wpdb->posts, $field, $post_data[$field]); } } wp_update_post($post_data); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts) && current_user_can($ptype->cap->publish_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can('edit_post', $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if ((empty($post_data['action']) || 'autosave' != $post_data['action']) && 'auto-draft' == $post_data['post_status']) { $post_data['post_status'] = 'draft'; } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Post Formats if (isset($post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } $format_meta_urls = array('url', 'link_url', 'quote_source_url'); foreach ($format_meta_urls as $format_meta_url) { $keyed = '_format_' . $format_meta_url; if (isset($post_data[$keyed])) { update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed])))); } } $format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed'); foreach ($format_keys as $key) { $keyed = '_format_' . $key; if (isset($post_data[$keyed])) { if (current_user_can('unfiltered_html')) { update_post_meta($post_ID, $keyed, $post_data[$keyed]); } else { update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed])); } } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type']) { if (isset($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_unslash($post_data['_wp_attachment_image_alt']); if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) { $image_alt = wp_strip_all_tags($image_alt, true); // update_meta expects slashed update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt)); } } $attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array(); $post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data); } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', get_current_user_id()); wp_update_post($post_data); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if (!current_user_can('edit_post', $post_ID)) { die(__('You are not allowed to edit this post.')); } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty($_POST['post_author_override'])) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else { if (!empty($_POST['post_author'])) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } } if ($_POST['post_author'] != $_POST['user_ID'] && !current_user_can('edit_others_posts')) { die(__('You cannot post as this user.')); } // What to do based on which button they pressed if ('' != $_POST['saveasdraft']) { $_POST['post_status'] = 'draft'; } if ('' != $_POST['saveasprivate']) { $_POST['post_status'] = 'private'; } if ('' != $_POST['publish']) { $_POST['post_status'] = 'publish'; } if ('' != $_POST['advanced']) { $_POST['post_status'] = 'draft'; } if ('' != $_POST['savepage']) { $_POST['post_status'] = 'static'; } if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) { $_POST['post_status'] = 'draft'; } if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) { die(__('This user cannot edit pages.')); } if (!isset($_POST['comment_status'])) { $_POST['comment_status'] = 'closed'; } if (!isset($_POST['ping_status'])) { $_POST['ping_status'] = 'closed'; } if (!empty($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = $jj > 31 ? 31 : $jj; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"; $_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"); } // Meta Stuff if ($_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if ($_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links($post_ID); return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { global $wpdb; if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; if (!empty($post_data['post_status'])) { $post_data['post_status'] = sanitize_key($post_data['post_status']); if ('inherit' == $post_data['post_status']) { unset($post_data['post_status']); } } $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can('edit_post', $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } if (post_type_supports($ptype->name, 'revisions')) { $revisions = wp_get_post_revisions($post_ID, array('order' => 'ASC', 'posts_per_page' => 1)); $revision = current($revisions); // Check if the revisions have been upgraded if ($revisions && _wp_get_post_revision_version($revision) < 1) { _wp_upgrade_revisions_of_post($post, wp_get_post_revisions($post_ID)); } } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } // Post Formats if (isset($post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } $format_meta_urls = array('url', 'link_url', 'quote_source_url'); foreach ($format_meta_urls as $format_meta_url) { $keyed = '_format_' . $format_meta_url; if (isset($post_data[$keyed])) { update_post_meta($post_ID, $keyed, wp_slash(esc_url_raw(wp_unslash($post_data[$keyed])))); } } $format_keys = array('quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed'); foreach ($format_keys as $key) { $keyed = '_format_' . $key; if (isset($post_data[$keyed])) { if (current_user_can('unfiltered_html')) { update_post_meta($post_ID, $keyed, $post_data[$keyed]); } else { update_post_meta($post_ID, $keyed, wp_filter_post_kses($post_data[$keyed])); } } } if ('attachment' === $post_data['post_type'] && preg_match('#^(audio|video)/#', $post_data['post_mime_type'])) { $id3data = wp_get_attachment_metadata($post_ID); if (!is_array($id3data)) { $id3data = array(); } foreach (wp_get_attachment_id3_keys($post, 'edit') as $key => $label) { if (isset($post_data['id3_' . $key])) { $id3data[$key] = sanitize_text_field(wp_unslash($post_data['id3_' . $key])); } } wp_update_attachment_metadata($post_ID, $id3data); } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type']) { if (isset($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_unslash($post_data['_wp_attachment_image_alt']); if ($image_alt != get_post_meta($post_ID, '_wp_attachment_image_alt', true)) { $image_alt = wp_strip_all_tags($image_alt, true); // update_meta expects slashed. update_post_meta($post_ID, '_wp_attachment_image_alt', wp_slash($image_alt)); } } $attachment_data = isset($post_data['attachments'][$post_ID]) ? $post_data['attachments'][$post_ID] : array(); /** This filter is documented in wp-admin/includes/media.php */ $post_data = apply_filters('attachment_fields_to_save', $post_data, $attachment_data); } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', get_current_user_id()); $success = wp_update_post($post_data); // If the save failed, see if we can sanity check the main fields and try again if (!$success && is_callable(array($wpdb, 'strip_invalid_text_for_column'))) { $fields = array('post_title', 'post_content', 'post_excerpt'); foreach ($fields as $field) { if (isset($post_data[$field])) { $post_data[$field] = $wpdb->strip_invalid_text_for_column($wpdb->posts, $field, $post_data[$field]); } } wp_update_post($post_data); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since unknown * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } $post_ID = (int) $post_data['post_ID']; if ('page' == $post_data['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $post_data['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($post_data); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); if (current_user_can('edit_others_posts')) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_page', $post_ID ) ) wp_die( __('You are not allowed to edit this page.' )); } else { if ( !current_user_can( 'edit_post', $post_ID ) ) wp_die( __('You are not allowed to edit this post.' )); } // Autosave shouldn't save too soon after a real save if ( 'autosave' == $_POST['action'] ) { $post =& get_post( $post_ID ); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); // Keep autosave_interval in sync with autosave-js.php. $delta = apply_filters( 'autosave_interval', 120 ) / 2; if ( ($now - $then) < $delta ) return $post_ID; } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ( $_POST['post_author_override'] ) ) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else if (!empty ( $_POST['post_author'] ) ) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_others_pages' ) ) wp_die( __('You are not allowed to edit pages as this user.' )); } else { if ( !current_user_can( 'edit_others_posts' ) ) wp_die( __('You are not allowed to edit posts as this user.' )); } } // What to do based on which button they pressed if ('' != $_POST['saveasdraft'] ) $_POST['post_status'] = 'draft'; if ('' != $_POST['saveasprivate'] ) $_POST['post_status'] = 'private'; if ('' != $_POST['publish'] ) $_POST['post_status'] = 'publish'; if ('' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' )) $_POST['post_status'] = 'draft'; } else { if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' )) $_POST['post_status'] = 'draft'; } if (!isset( $_POST['comment_status'] )) $_POST['comment_status'] = 'closed'; if (!isset( $_POST['ping_status'] )) $_POST['ping_status'] = 'closed'; if (!empty ( $_POST['edit_date'] ) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); } // Meta Stuff if ( $_POST['meta'] ) { foreach ( $_POST['meta'] as $key => $value ) update_meta( $key, $value['key'], $value['value'] ); } if ( $_POST['deletemeta'] ) { foreach ( $_POST['deletemeta'] as $key => $value ) delete_meta( $key ); } add_meta( $post_ID ); wp_update_post( $_POST ); // Reunite any orphaned attachments with their parent if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) relocate_children( $draft_temp_id, $post_ID ); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links( $post_ID ); return $post_ID; }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can($ptype->cap->edit_post, $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $post_data['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if ('autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status']) { $post_data['post_status'] = 'draft'; } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Post Formats if (isset($post_data['post_format'])) { if (current_theme_supports('post-formats', $post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } elseif ('0' == $post_data['post_format']) { set_post_format($post_ID, false); } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', $GLOBALS['current_user']->ID); wp_update_post($post_data); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
} pingWeblogs(); pingBlogs(); } // end if moving from draft/private to published if ($post_status == 'publish') { if ($post_pingback) { pingback($postObject->getVar('post_content', 'e'), $post_ID); } do_action('publish_post', $post_ID); do_trackback($postObject, $useutf8); } // Meta Stuff if ($meta) { foreach ($meta as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if ($deletemeta) { foreach ($deletemeta as $key => $value) { delete_meta($key); } } add_meta($post_ID); do_action('edit_post', $post_ID); exit; break; //Show Delete Cofirmation Screen //Show Delete Cofirmation Screen case 'confirmdelete': //Check User_Level
function edit_post() { $post_ID = (int) $_POST['post_ID']; if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $_POST['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } $translated = _wp_translate_postdata(true); if (is_wp_error($translated)) { wp_die($translated->get_error_message()); } // Meta Stuff if (isset($_POST['meta']) && $_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if (isset($_POST['deletemeta']) && $_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); return $post_ID; }
/** * Set custom fields for post. * * @since 2.5.0 * * @param int $post_id Post ID. * @param array $fields Custom fields. */ function set_custom_fields($post_id, $fields) { $post_id = (int) $post_id; foreach ((array) $fields as $meta) { if (isset($meta['id'])) { $meta['id'] = (int) $meta['id']; if (isset($meta['key'])) { update_meta($meta['id'], $meta['key'], $meta['value']); } else { delete_meta($meta['id']); } } else { $_POST['metakeyinput'] = $meta['key']; $_POST['metavalue'] = $meta['value']; add_meta($post_id); } } }
/** * Update an existing post with values provided in $_POST. * * @since 1.5.0 * * @param array $post_data Optional. * @return int Post ID. */ function edit_post($post_data = null) { if (empty($post_data)) { $post_data =& $_POST; } // Clear out any data in internal vars. unset($post_data['filter']); $post_ID = (int) $post_data['post_ID']; $post = get_post($post_ID); $post_data['post_type'] = $post->post_type; $post_data['post_mime_type'] = $post->post_mime_type; $ptype = get_post_type_object($post_data['post_type']); if (!current_user_can($ptype->cap->edit_post, $post_ID)) { if ('page' == $post_data['post_type']) { wp_die(__('You are not allowed to edit this page.')); } else { wp_die(__('You are not allowed to edit this post.')); } } $post_data = _wp_translate_postdata(true, $post_data); if (is_wp_error($post_data)) { wp_die($post_data->get_error_message()); } if ('autosave' != $post_data['action'] && 'auto-draft' == $post_data['post_status']) { $post_data['post_status'] = 'draft'; } if (isset($post_data['visibility'])) { switch ($post_data['visibility']) { case 'public': $post_data['post_password'] = ''; break; case 'password': unset($post_data['sticky']); break; case 'private': $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); break; } } // Post Formats if (isset($post_data['post_format'])) { if (current_theme_supports('post-formats', $post_data['post_format'])) { set_post_format($post_ID, $post_data['post_format']); } elseif ('0' == $post_data['post_format']) { set_post_format($post_ID, false); } } // Featured Images if (isset($post_data['thumbnail_id'])) { if ('-1' == $post_data['thumbnail_id']) { delete_post_thumbnail($post_ID); } else { set_post_thumbnail($post_ID, $post_data['thumbnail_id']); } } // Meta Stuff if (isset($post_data['meta']) && $post_data['meta']) { foreach ($post_data['meta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($value['key'], 'post') || !current_user_can('edit_post_meta', $post_ID, $value['key'])) { continue; } update_meta($key, $value['key'], $value['value']); } } if (isset($post_data['deletemeta']) && $post_data['deletemeta']) { foreach ($post_data['deletemeta'] as $key => $value) { if (!($meta = get_post_meta_by_id($key))) { continue; } if ($meta->post_id != $post_ID) { continue; } if (is_protected_meta($meta->meta_key, 'post') || !current_user_can('delete_post_meta', $post_ID, $meta->meta_key)) { continue; } delete_meta($key); } } // Attachment stuff if ('attachment' == $post_data['post_type'] && isset($post_data['_wp_attachment_image_alt'])) { $image_alt = get_post_meta($post_ID, '_wp_attachment_image_alt', true); if ($image_alt != stripslashes($post_data['_wp_attachment_image_alt'])) { $image_alt = wp_strip_all_tags(stripslashes($post_data['_wp_attachment_image_alt']), true); // update_meta expects slashed update_post_meta($post_ID, '_wp_attachment_image_alt', addslashes($image_alt)); } } add_meta($post_ID); update_post_meta($post_ID, '_edit_last', $GLOBALS['current_user']->ID); wp_update_post($post_data); // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID); if (current_user_can($ptype->cap->edit_others_posts)) { if (!empty($post_data['sticky'])) { stick_post($post_ID); } else { unstick_post($post_ID); } } return $post_ID; }
function edit_post() { $post_ID = (int) $_POST['post_ID']; if ('page' == $_POST['post_type']) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } // Autosave shouldn't save too soon after a real save if ('autosave' == $_POST['action']) { $post =& get_post($post_ID); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); $delta = AUTOSAVE_INTERVAL / 2; if ($now - $then < $delta) { return $post_ID; } } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = isset($_POST['parent_id']) ? $_POST['parent_id'] : ''; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty($_POST['post_author_override'])) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else { if (!empty($_POST['post_author'])) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } } if ($_POST['post_author'] != $_POST['user_ID']) { if ('page' == $_POST['post_type']) { if (!current_user_can('edit_others_pages')) { wp_die(__('You are not allowed to edit pages as this user.')); } } else { if (!current_user_can('edit_others_posts')) { wp_die(__('You are not allowed to edit posts as this user.')); } } } // What to do based on which button they pressed if (isset($_POST['saveasdraft']) && '' != $_POST['saveasdraft']) { $_POST['post_status'] = 'draft'; } if (isset($_POST['saveasprivate']) && '' != $_POST['saveasprivate']) { $_POST['post_status'] = 'private'; } if (isset($_POST['publish']) && '' != $_POST['publish'] && $_POST['post_status'] != 'private') { $_POST['post_status'] = 'publish'; } if (isset($_POST['advanced']) && '' != $_POST['advanced']) { $_POST['post_status'] = 'draft'; } if ('page' == $_POST['post_type']) { if ('publish' == $_POST['post_status'] && !current_user_can('publish_pages')) { if ($previous_status != 'publish' or !current_user_can('edit_published_pages')) { $_POST['post_status'] = 'pending'; } } } else { if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) { $_POST['post_status'] = 'pending'; } } if (!isset($_POST['comment_status'])) { $_POST['comment_status'] = 'closed'; } if (!isset($_POST['ping_status'])) { $_POST['ping_status'] = 'closed'; } foreach (array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit) { if (!empty($_POST['hidden_' . $timeunit]) && $_POST['hidden_' . $timeunit] != $_POST[$timeunit]) { $_POST['edit_date'] = '1'; break; } } if (!empty($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = $jj > 31 ? 31 : $jj; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"; $_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"); } // Meta Stuff if (isset($_POST['meta']) && $_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if (isset($_POST['deletemeta']) && $_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); return $post_ID; }
/** * Saving form ajax. * * @since 1.0.0 * @access public * @param array $post_data * @return json */ public function saving_duplicate_form($post_data) { global $TF, $tf_duplicate; $name = isset($post_data['tf_template_part_name']) ? sanitize_text_field($post_data['tf_template_part_name']) : __('New Template Part', 'themify-flow'); $custom_css = isset($post_data['tf_template_part_custom_css_class']) ? sanitize_text_field($post_data['tf_template_part_custom_css_class']) : ''; $template = get_post($post_data['_template_part_id']); $template->post_title = $name; $template->post_name = $name; $new_id = $tf_duplicate->duplicate($template); if ($new_id) { // Update associated theme update_post_meta($new_id, 'associated_theme', $TF->active_theme->slug); update_meta($new_id, 'tf_template_part_custom_css_class', $custom_css); } }
function test_update_meta() { // Add a unique post meta item $this->assertInternalType('integer', $mid1 = add_post_meta($this->post_id, 'unique_update', 'value', true)); // Add two non unique post meta item $this->assertInternalType('integer', $mid2 = add_post_meta($this->post_id, 'nonunique_update', 'value')); $this->assertInternalType('integer', $mid3 = add_post_meta($this->post_id, 'nonunique_update', 'another value')); //Check they exist $this->assertEquals('value', get_post_meta($this->post_id, 'unique_update', true)); $this->assertEquals(array('value'), get_post_meta($this->post_id, 'unique_update', false)); $this->assertEquals('value', get_post_meta($this->post_id, 'nonunique_update', true)); $this->assertEquals(array('value', 'another value'), get_post_meta($this->post_id, 'nonunique_update', false)); // Update them $this->assertTrue(update_meta($mid1, 'unique_update', 'new')); $this->assertTrue(update_meta($mid2, 'nonunique_update', 'new')); $this->assertTrue(update_meta($mid3, 'nonunique_update', 'another new')); //Check they updated $this->assertEquals('new', get_post_meta($this->post_id, 'unique_update', true)); $this->assertEquals(array('new'), get_post_meta($this->post_id, 'unique_update', false)); $this->assertEquals('new', get_post_meta($this->post_id, 'nonunique_update', true)); $this->assertEquals(array('new', 'another new'), get_post_meta($this->post_id, 'nonunique_update', false)); // Slashed update $data = "'quote and \\slash"; $this->assertTrue(update_meta($mid1, 'unique_update', addslashes($data))); $meta = get_metadata_by_mid('post', $mid1); $this->assertEquals($data, $meta->meta_value); }
$pid = (int) $meta->post_id; $meta = get_object_vars($meta); $x = new WP_Ajax_Response(array('what' => 'meta', 'id' => $mid, 'data' => _list_meta_row($meta, $c), 'position' => 1, 'supplemental' => array('postid' => $pid))); } else { $mid = (int) array_pop(array_keys($_POST['meta'])); $key = $_POST['meta'][$mid]['key']; $value = $_POST['meta'][$mid]['value']; if (!($meta = get_post_meta_by_id($mid))) { die('0'); } // if meta doesn't exist if (!current_user_can('edit_post', $meta->post_id)) { die('-1'); } if ($meta->meta_value != stripslashes($value)) { if (!($u = update_meta($mid, $key, $value))) { die('0'); } // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). } $key = stripslashes($key); $value = stripslashes($value); $x = new WP_Ajax_Response(array('what' => 'meta', 'id' => $mid, 'old_id' => $mid, 'data' => _list_meta_row(array('meta_key' => $key, 'meta_value' => $value, 'meta_id' => $mid), $c), 'position' => 0, 'supplemental' => array('postid' => $meta->post_id))); } $x->send(); break; case 'add-user': check_ajax_referer($action); if (!current_user_can('create_users')) { die('-1'); }
function wps_mass_action_change_variation_option() { global $wpdb; $attribute = wpshop_attributes::getElement($_POST['attribute_id'], "'valid'"); $query = $wpdb->prepare("SELECT * FROM {$wpdb->postmeta} WHERE meta_key = %s AND meta_value LIKE ('%%%s%%')", '_wpshop_variation_defining', $attribute->code); $meta_to_update = $wpdb->get_results($query); $has_error = false; if (!empty($meta_to_update)) { foreach ($meta_to_update as $meta_def) { $meta_value = unserialize($meta_def->meta_value); if (!empty($meta_value) && !empty($meta_value['attributes']) && in_array($attribute->code, $meta_value['attributes'])) { if ($_POST['wps_update_att_for_variation_options_values'] != 'no_changes') { $meta_value['options']['attributes_default_value'][$attribute->code] = $_POST['wps_update_att_for_variation_options_values']; } if (!empty($_POST['wps_update_att_for_variation_required_state']) && $_POST['wps_update_att_for_variation_required_state'] != 'no_changes') { if ($_POST['wps_update_att_for_variation_required_state'] == 'yes') { $meta_value['options']['required_attributes'][$attribute->code] = $attribute->code; } else { if (!empty($meta_value['options']['required_attributes']) && !empty($meta_value['options']['required_attributes'][$attribute->code])) { unset($meta_value['options']['required_attributes'][$attribute->code]); } } } if (!empty($_POST['wps_update_att_for_variation'])) { if (!empty($_POST['wps_update_att_for_variation']['text_from']) && $_POST['wps_update_att_for_variation']['text_from'] != 'no_changes') { if ($_POST['wps_update_att_for_variation']['text_from'] == 'yes') { $meta_value['options']['price_display']['text_from'] = 'on'; } else { if (!empty($meta_value['options']['price_display']['text_from'])) { unset($meta_value['options']['price_display']['text_from']); } } } if (!empty($_POST['wps_update_att_for_variation']['lower_price']) && $_POST['wps_update_att_for_variation']['lower_price'] != 'no_changes') { if ($_POST['wps_update_att_for_variation']['lower_price'] == 'yes') { $meta_value['options']['price_display']['lower_price'] = 'on'; } else { if (!empty($meta_value['options']['price_display']['lower_price'])) { unset($meta_value['options']['price_display']['lower_price']); } } } if (!empty($_POST['wps_update_att_for_variation']['price_behaviour']) && $_POST['wps_update_att_for_variation']['price_behaviour'] != 'no_changes') { $meta_value['options']['price_behaviour'][0] = $_POST['wps_update_att_for_variation']['price_behaviour']; } if (!empty($_POST['wps_update_att_for_variation']['priority']) && $_POST['wps_update_att_for_variation']['priority'] != 'no_changes') { $meta_value['options']['priority'][0] = $_POST['wps_update_att_for_variation']['priority']; } } $meta_save = update_meta($meta_def->meta_id, '_wpshop_variation_defining', $meta_value); if ($meta_save === false) { $has_error = true; } } } } echo json_encode(array('status' => $has_error, 'error' => !$has_error ? __('Product variation parameters have been updated', 'wpshop') : __('An error occured while changing products variations options parameters'))); die; }
exit; } switch ($_POST['accion']) { case 'ver_metas': ver_metas($_POST['id_cons']); break; case 'crear_meta': ver_meta($_POST['accion'], $_POST['id_matr']); break; case 'editar_meta': ver_meta($_POST['accion'], $_POST['id_meta']); break; case 'create_meta': create_meta($_POST['id_matr'], $_POST['metapromedio'], $_POST['promediomomento'], $_POST['riesgo'], $_POST['hice'], $_POST['nodebohacer'], $_POST['debohacer'], $_POST['id_cons']); break; case 'update_meta': update_meta($_POST['id_meta'], $_POST['metapromedio'], $_POST['promediomomento'], $_POST['riesgo'], $_POST['hice'], $_POST['nodebohacer'], $_POST['debohacer'], $_POST['id_cons']); break; case 'delete_meta': delete_meta($_POST['id_meta'], $_POST['id_cons']); break; /*case 'insert_meta': ver_meta($_POST['accion'],$_POST['contexto'],$_POST['id_meta']); break;*/ /*case 'insert_meta': ver_meta($_POST['accion'],$_POST['contexto'],$_POST['id_meta']); break;*/ default: ver_metas(1); break; }