private function set_commenting($posts, $onoff)
{
$changed = 0;
foreach ($posts as $post) {
if (ACL::access_check($post->get_access(), 'edit')) {
$post->info->comments_disabled = $onoff;
$post->info->commit();
$changed++;
}
}
$return = '';
if ($changed != count($posts)) {
$return .= _t("You did not have permission to modify some posts.\n");
}
if (!$onoff) {
$return .= sprintf(_n('Enabled commenting on %d post', 'Enabled commenting on %d posts', $changed), $changed);
} else {
$return .= sprintf(_n('Disabled commenting on %d post', 'Disabled commenting on %d posts', $changed), $changed);
}
return $return;
}
/**
* Handles AJAX from /comments.
* Used to edit comments inline.
*/
public function action_auth_ajax_in_edit(ActionHandler $handler)
{
Utils::check_request_method(array('POST'));
$handler_vars = $handler->handler_vars;
$wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']);
if ($handler_vars['digest'] != $wsse['digest']) {
Session::error(_t('WSSE authentication failed.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
$comment = Comment::get($handler_vars['id']);
if (!ACL::access_check($comment->get_access(), 'edit')) {
Session::error(_t('You do not have permission to edit this comment.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
if (isset($handler_vars['author']) && $handler_vars['author'] != '') {
$comment->name = $handler_vars['author'];
}
if (isset($handler_vars['url'])) {
$comment->url = $handler_vars['url'];
}
if (isset($handler_vars['email']) && $handler_vars['email'] != '') {
$comment->email = $handler_vars['email'];
}
if (isset($handler_vars['content']) && $handler_vars['content'] != '') {
$comment->content = $handler_vars['content'];
}
if (isset($handler_vars['time']) && $handler_vars['time'] != '' && isset($handler_vars['date']) && $handler_vars['date'] != '') {
$seconds = date('s', strtotime($comment->date));
$date = date('Y-m-d H:i:s', strtotime($handler_vars['date'] . ' ' . $handler_vars['time'] . ':' . $seconds));
$comment->date = $date;
}
$comment->update();
Session::notice(_t('Updated 1 comment.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
}
/**
* Determine whether members of a group can do something.
* This function should not be used to determine composite permissions among several groups
* @param mixed a permission ID or name
* @return boolean If this group has been granted and not denied this permission, return true. Otherwise, return false.
* @see ACL::group_can()
* @see ACL::user_can()
*/
public function can( $token, $access = 'full' )
{
$token = ACL::token_id( $token );
$this->load_permissions_cache();
if ( isset( $this->permissions[$token] ) && ACL::access_check( $this->permissions[$token], $access ) ) {
return true;
}
return false;
}
public function form_publish_success( FormUI $form )
{
$post_id = 0;
if ( isset( $this->handler_vars['id'] ) ) {
$post_id = intval( $this->handler_vars['id'] );
}
// If an id has been passed in, we're updating an existing post, otherwise we're creating one
if ( 0 !== $post_id ) {
$post = Post::get( array( 'id' => $post_id, 'status' => Post::status( 'any' ) ) );
// Verify that the post hasn't already been updated since the form was loaded
if ( $post->modified != $form->modified->value ) {
Session::notice( _t( 'The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array( sprintf( '<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars( $post->title ) ) ) ) );
Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) );
exit;
}
// REFACTOR: this is duplicated in the insert code below, move it outside of the conditions
// Don't try to update form values that have been removed by plugins
$expected = array('title', 'tags', 'content');
foreach ( $expected as $field ) {
if ( isset( $form->$field ) ) {
$post->$field = $form->$field->value;
}
}
if ( $form->newslug->value == '' && $post->status == Post::status( 'published' ) ) {
Session::notice( _t( 'A post slug cannot be empty. Keeping old slug.' ) );
}
elseif ( $form->newslug->value != $form->slug->value ) {
$post->slug = $form->newslug->value;
}
// REFACTOR: the permissions checks should go before any of this other logic
// sorry, we just don't allow changing posts you don't have rights to
if ( ! ACL::access_check( $post->get_access(), 'edit' ) ) {
Session::error( _t( 'You don\'t have permission to edit that post' ) );
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$user = User::identify();
$type = 'post_' . Post::type_name( $form->content_type->value );
if ( $form->content_type->value != $post->content_type && ( $user->cannot( $type ) || ! $user->can_any( array( 'own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit' ) ) ) ) {
Session::error( _t( 'Changing content types is not allowed' ) );
$this->get_blank();
}
$post->content_type = $form->content_type->value;
// if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set
if ( ( $post->status != Post::status( 'published' ) )
&& ( $form->status->value == Post::status( 'published' ) )
&& ( HabariDateTime::date_create( $form->pubdate->value )->int == $form->updated->value )
) {
$post->pubdate = HabariDateTime::date_create();
}
// else let the user change the publication date.
// If previously published and the new date is in the future, the post will be unpublished and scheduled. Any other status, and the post will just get the new pubdate.
// This will result in the post being scheduled for future publication if the date/time is in the future and the new status is published.
else {
$post->pubdate = HabariDateTime::date_create( $form->pubdate->value );
}
$minor = $form->minor_edit->value && ( $post->status != Post::status( 'draft' ) );
$post->status = $form->status->value;
}
else {
// REFACTOR: don't do this here, it's duplicated in Post::create()
$post = new Post();
// check the user can create new posts of the set type.
$user = User::identify();
$type = 'post_' . Post::type_name( $form->content_type->value );
if ( ACL::user_cannot( $user, $type ) || ( ! ACL::user_can( $user, 'post_any', 'create' ) && ! ACL::user_can( $user, $type, 'create' ) ) ) {
Session::error( _t( 'Creating that post type is denied' ) );
$this->get_blank();
}
// REFACTOR: why is this on_success here? We don't even display a form
$form->on_success( array( $this, 'form_publish_success' ) );
if ( HabariDateTime::date_create( $form->pubdate->value )->int != $form->updated->value ) {
$post->pubdate = HabariDateTime::date_create( $form->pubdate->value );
}
$postdata = array(
'slug' => $form->newslug->value,
'user_id' => User::identify()->id,
'pubdate' => $post->pubdate,
'status' => $form->status->value,
'content_type' => $form->content_type->value,
);
// Don't try to add form values that have been removed by plugins
$expected = array( 'title', 'tags', 'content' );
foreach ( $expected as $field ) {
if ( isset( $form->$field ) ) {
$postdata[$field] = $form->$field->value;
}
}
$minor = false;
// REFACTOR: consider using new Post( $postdata ) instead and call ->insert() manually
$post = Post::create( $postdata );
}
$post->info->comments_disabled = !$form->comments_enabled->value;
// REFACTOR: admin should absolutely not have a hook for this here
Plugins::act( 'publish_post', $post, $form );
// REFACTOR: we should not have to update a post we just created, this should be moved to the post-update functionality above and only called if changes have been made
// alternately, perhaps call ->update() or ->insert() as appropriate here, so things that apply to each operation (like comments_disabled) can still be included once outside the conditions above
$post->update( $minor );
$permalink = ( $post->status != Post::status( 'published' ) ) ? $post->permalink . '?preview=1' : $post->permalink;
Session::notice( sprintf( _t( 'The post %1$s has been saved as %2$s.' ), sprintf( '<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars( $post->title ) ), Post::status_name( $post->status ) ) );
Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) );
}
/**
* Returns a form for editing this post
* @param string $context The context the form is being created in, most often 'admin'
* @return FormUI A form appropriate for creating and updating this post.
*/
public function get_form($context)
{
$form = new FormUI('create-content');
$form->class[] = 'create';
$newpost = 0 === $this->id;
// If the post has already been saved, add a link to its permalink
if (!$newpost) {
$post_links = $form->append('wrapper', 'post_links');
$permalink = $this->status != Post::status('published') ? $this->permalink . '?preview=1' : $this->permalink;
$post_links->append('static', 'post_permalink', '<a href="' . $permalink . '" class="viewpost" >' . ($this->status != Post::status('published') ? _t('Preview Post') : _t('View Post')) . '</a>');
$post_links->class = 'container';
}
// Create the Title field
$form->append('text', 'title', 'null:null', _t('Title'), 'admincontrol_text');
$form->title->class[] = 'important';
$form->title->class[] = 'check-change';
$form->title->tabindex = 1;
$form->title->value = $this->title;
// Create the silos
if (count(Plugins::get_by_interface('MediaSilo'))) {
$form->append('silos', 'silos');
$form->silos->silos = Media::dir();
}
// Create the Content field
$form->append('textarea', 'content', 'null:null', _t('Content'), 'admincontrol_textarea');
$form->content->class[] = 'resizable';
$form->content->class[] = 'check-change';
$form->content->tabindex = 2;
$form->content->value = $this->content;
$form->content->raw = true;
// Create the tags field
$form->append('text', 'tags', 'null:null', _t('Tags, separated by, commas'), 'admincontrol_text');
$form->tags->class = 'check-change';
$form->tags->tabindex = 3;
$form->tags->value = implode(', ', (array) $this->get_tags());
// Create the splitter
$publish_controls = $form->append('tabs', 'publish_controls');
// Create the publishing controls
// pass "false" to list_post_statuses() so that we don't include internal post statuses
$statuses = Post::list_post_statuses($this);
unset($statuses[array_search('any', $statuses)]);
$statuses = Plugins::filter('admin_publish_list_post_statuses', $statuses);
$settings = $publish_controls->append('fieldset', 'settings', _t('Settings'));
$settings->append('select', 'status', 'null:null', _t('Content State'), array_flip($statuses), 'tabcontrol_select');
$settings->status->value = $this->status;
// hide the minor edit checkbox if the post is new
if ($newpost) {
$settings->append('hidden', 'minor_edit', 'null:null');
$settings->minor_edit->value = false;
} else {
$settings->append('checkbox', 'minor_edit', 'null:null', _t('Minor Edit'), 'tabcontrol_checkbox');
$settings->minor_edit->value = true;
$form->append('hidden', 'modified', 'null:null')->value = $this->modified;
}
$settings->append('checkbox', 'comments_enabled', 'null:null', _t('Comments Allowed'), 'tabcontrol_checkbox');
$settings->comments_enabled->value = $this->info->comments_disabled ? false : true;
$settings->append('text', 'pubdate', 'null:null', _t('Publication Time'), 'tabcontrol_text');
$settings->pubdate->value = $this->pubdate->format('Y-m-d H:i:s');
$settings->append('hidden', 'updated', 'null:null');
$settings->updated->value = $this->updated->int;
$settings->append('text', 'newslug', 'null:null', _t('Content Address'), 'tabcontrol_text');
$settings->newslug->value = $this->slug;
// Create the button area
$buttons = $form->append('fieldset', 'buttons');
$buttons->template = 'admincontrol_buttons';
$buttons->class[] = 'container';
$buttons->class[] = 'buttons';
$buttons->class[] = 'publish';
// Create the Save button
$require_any = array('own_posts' => 'create', 'post_any' => 'create', 'post_' . Post::type_name($this->content_type) => 'create');
if ($newpost && User::identify()->can_any($require_any) || !$newpost && ACL::access_check($this->get_access(), 'edit')) {
$buttons->append('submit', 'save', _t('Save'), 'admincontrol_submit');
$buttons->save->tabindex = 4;
}
// Add required hidden controls
$form->append('hidden', 'content_type', 'null:null');
$form->content_type->id = 'content_type';
$form->content_type->value = $this->content_type;
$form->append('hidden', 'post_id', 'null:null');
$form->post_id->id = 'id';
$form->post_id->value = $this->id;
$form->append('hidden', 'slug', 'null:null');
$form->slug->value = $this->slug;
// Let plugins alter this form
Plugins::act('form_publish', $form, $this, $context);
// Return the form object
return $form;
}
private function delete_all()
{
$posts = Posts::get(array('status' => Post::status('deleted'), 'nolimit' => true));
$count = 0;
foreach ($posts as $post) {
if (ACL::access_check($post->get_access(), 'delete')) {
$post->delete();
$count++;
}
}
return $count;
}
$checked = isset($token->access) && ACL::access_check($token->access, 'any') ? ' checked' : '';
?>
<td class="token_access pct10">
<input type="checkbox" id="token_<?php
echo $token->id . '_full';
?>
" class="bitflag-full" name="tokens[<?php
echo $token->id;
?>
][full]" <?php
echo $checked;
?>
>
</td>
<?php
$checked = isset($token->access) && ACL::access_check($token->access, 'deny') ? ' checked' : '';
?>
<td class="token_access pct10">
<input type="checkbox" id="token_<?php
echo $token->id . '_deny';
?>
" class="bitflag-deny" name="tokens[<?php
echo $token->id;
?>
][deny]" <?php
echo $checked;
?>
>
</td>
</tr>
<?php
echo $wsse['digest'];
?>
">'))
.attr('action', '<?php
URL::out('admin', array('page' => 'delete_post', 'id' => $post->id));
?>
')
.submit();
});
<?php
}
?>
// If the post hasn't been published, add a publish button
<?php
$show_publish = $post->id == 0 && User::identify()->can_any(array('own_posts' => 'create', 'post_any' => 'create', 'post_' . Post::type_name($post->content_type) => 'create')) || $post->id != 0 && ACL::access_check($post->get_access(), 'edit');
if (isset($statuses['published']) && $post->status != $statuses['published'] && $show_publish) {
?>
$('.container.buttons').prepend($('<input type="button" id="publish" class="button publish" tabindex="5" value="<?php
_e('Publish');
?>
">'));
$('#publish').click( function() {
// alert("asdasd");
$('#status').val(<?php
echo $statuses['published'];
?>
);
});
<?php
}
/**
* A helper function for fetch_comments()
* Filters a list of comments by ACL access
* @param object $comments an array of Comment objects
* @param string $access the access type to check for
* @return a filtered array of Comment objects.
*/
public function comment_access_filter( $comments, $access )
{
$result = array();
foreach ( $comments as $comment ) {
if ( ACL::access_check( $comment->get_access(), $access ) ) {
$result[] = $comment;
}
}
return $result;
}
public function form_publish_success(FormUI $form)
{
// var_dump( $form->post->storage);
$user = User::identify();
// Get the Post object from the hidden 'post' control on the form
/** @var Post $post */
$post = $form->post->storage;
// Do some permission checks
// @todo REFACTOR: These probably don't work and should be refactored to use validators on the form fields instead
// sorry, we just don't allow changing posts you don't have rights to
if ($post->id != 0 && !ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('You don\'t have permission to edit that post'));
$this->get_blank();
}
// sorry, we just don't allow changing content types to types you don't have rights to
$type = 'post_' . Post::type_name($form->content_type->value);
if ($form->content_type->value != $post->content_type && ($user->cannot($type) || !$user->can_any(array('own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit')))) {
Session::error(_t('Changing content types is not allowed'));
// @todo This isn't ideal at all, since it loses all of the changes...
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// If we're creating a new post...
if ($post->id == 0) {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) {
Session::error(_t('Creating that post type is denied'));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Only the original author is associated with a new post
$post->user_id = $user->id;
} else {
// check the user can create new posts of the set type.
$type = 'post_' . Post::type_name($form->content_type->value);
if (!ACL::access_check($post->get_access(), 'edit')) {
Session::error(_t('Editing that post type is denied'));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Verify that the post hasn't already been updated since the form was loaded
if ($post->modified != $form->modified->value) {
Session::notice(_t('The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars($post->title)))));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
exit;
}
// Prevent a published post from having its slug zeroed
if ($form->newslug->value == '' && $post->status == Post::status('published')) {
Session::notice(_t('A post slug cannot be empty. Keeping old slug.'));
$form->newslug->value = $form->slug->value;
}
}
// if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set
if ($post->status != Post::status('published') && $form->status->value == Post::status('published') && HabariDateTime::date_create($form->pubdate->value)->int == $form->updated->value) {
$post->pubdate = HabariDateTime::date_create();
} else {
$post->pubdate = HabariDateTime::date_create($form->pubdate->value);
}
// Minor updates are when the user has checked the minor update box and the post isn't in draft or new
$minor = $form->minor_edit->value && $post->status != Post::status('draft') && $post->id != 0;
// Don't try to update form values that have been removed by plugins,
// look for these fields before committing their values to the post
$expected = array('title' => 'title', 'tags' => 'tags', 'content' => 'content', 'slug' => 'newslug', 'content_type' => 'content_type', 'status' => 'status');
// var_dump($form->$field);
// exit;
foreach ($expected as $field => $control) {
if (isset($form->{$field})) {
//var_dump( $form->$control->value);
// exit;
//echo $field."----------".$control;
$post->{$field} = $form->{$control}->value;
// $post->title = '新的的標題1111';
// $post->tags = '標籤1111';
// $post->content = '我的文章內容測試';
// $post->slug = '我的文章內容測試-1';
// // $post->content_type = 'kkk-2';
// $post->status = 2;
// print_r($post);
// echo "<br/>";
// print_r($post->$field);
// echo "<br/>";
// exit;
}
}
// $post->insert();
// exit;
// This seems cheesy
$post->info->comments_disabled = !$form->comments_enabled->value;
// var_dump($post->info->comments_disabled);
// var_dump($form->comments_enabled->value);
// exit;
// This plugin hook allows changes to be made to the post object prior to its save to the database
Plugins::act('publish_post', $post, $form);
// Insert or Update
if ($post->id == 0) {
$post->insert();
} else {
$post->update($minor);
}
// Calling $form->save() calls ->save() on any controls that might have been added to the form by plugins
$form->save();
$permalink = $post->status != Post::status('published') ? $post->permalink . '?preview=1' : $post->permalink;
Session::notice(_t('The post %1$s has been saved as %2$s.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars($post->title)), Post::status_name($post->status))));
Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id));
}
/**
* Handles AJAX from /manage/entries.
* Used to delete entries.
*/
public function ajax_update_entries($handler_vars)
{
Utils::check_request_method(array('POST'));
$wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']);
if ($handler_vars['digest'] != $wsse['digest']) {
Session::error(_t('WSSE authentication failed.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
$ids = array();
foreach ($_POST as $id => $delete) {
// skip POST elements which are not post ids
if (preg_match('/^p\\d+$/', $id) && $delete) {
$ids[] = (int) substr($id, 1);
}
}
$posts = Posts::get(array('id' => $ids, 'nolimit' => true));
Plugins::act('admin_update_posts', $handler_vars['action'], $posts, $this);
$status_msg = _t('Unknown action "%s"', array($handler_vars['action']));
switch ($handler_vars['action']) {
case 'delete':
$deleted = 0;
foreach ($posts as $post) {
if (ACL::access_check($post->get_access(), 'delete')) {
$post->delete();
$deleted++;
}
}
if ($deleted != count($posts)) {
$status_msg = _t('You did not have permission to delete some entries.');
} else {
$status_msg = sprintf(_n('Deleted %d post', 'Deleted %d posts', count($ids)), count($ids));
}
break;
default:
// Specific plugin-supplied action
$status_msg = Plugins::filter('admin_entries_action', $status_msg, $handler_vars['action'], $posts);
break;
}
Session::notice($status_msg);
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
<span class="time pct10"><span class="dim"><?php
_e('at');
?>
<?php
$post->pubdate->out(HabariDateTime::get_default_time_format());
?>
</span></span>
<ul class="dropbutton">
<?php
$actions = array('edit' => array('url' => URL::get('admin', 'page=publish&id=' . $post->id), 'title' => _t('Edit \'%s\'', array($post->title)), 'label' => _t('Edit'), 'permission' => 'edit'), 'view' => array('url' => $post->permalink . '?preview=1', 'title' => _t('View \'%s\'', array($post->title)), 'label' => _t('View')), 'remove' => array('url' => 'javascript:itemManage.remove(' . $post->id . ', \'post\');', 'title' => _t('Delete this item'), 'label' => _t('Delete'), 'permission' => 'delete'));
$actions = Plugins::filter('post_actions', $actions, $post);
foreach ($actions as $action) {
?>
<?php
if (!isset($action['permission']) || ACL::access_check($post_permissions, $action['permission'])) {
?>
<li><a href="<?php
echo $action['url'];
?>
" title="<?php
echo $action['title'];
?>
"><?php
echo $action['label'];
?>
</a></li>
<?php
}
?>
<?php
<span class="time"><?php
_e('at');
?>
<?php
$post->pubdate->out(DateTime::get_default_time_format());
?>
</span>
<div class="actions">
<?php
$post_actions = FormControlDropbutton::create('post' . $post->id . '_postactions');
$post_actions->append(FormControlSubmit::create('edit')->set_caption(_t('Edit'))->set_url(URL::get('display_publish', $post, false))->set_property('title', _t('Edit \'%s\'', array($post->title)))->set_enable(function ($control) use($post) {
return ACL::access_check($post->get_access(), 'edit');
}));
$post_actions->append(FormControlSubmit::create('view')->set_caption(_t('View'))->set_url($post->permalink . '?preview=1')->set_property('title', _t('View \'%s\'', array($post->title))));
$post_actions->append(FormControlSubmit::create('delete')->set_caption(_t('Delete'))->set_url('javascript:itemManage.remove(' . $post->id . ', \'post\');')->set_property('title', _t('Delete \'%s\'', array($post->title)))->set_enable(function ($control) use($post) {
return ACL::access_check($post->get_access(), 'delete');
}));
Plugins::act('post_actions', $post_actions, $post);
echo $post_actions->pre_out();
echo $post_actions->get($theme);
?>
</div>
</div>
</div>
<div class="content">
<span class="excerpt" ><?php
echo MultiByte::substr(strip_tags($post->content), 0, 250);
?>
…</span>
</div>
</li>
/**
* handles AJAX from /manage/entries
* used to delete entries
*/
public function ajax_delete_entries($handler_vars)
{
Utils::check_request_method(array('POST'));
$wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']);
if ($handler_vars['digest'] != $wsse['digest']) {
Session::error(_t('WSSE authentication failed.'));
echo Session::messages_get(true, array('Format', 'json_messages'));
return;
}
$ids = array();
foreach ($_POST as $id => $delete) {
// skip POST elements which are not post ids
if (preg_match('/^p\\d+/', $id) && $delete) {
$ids[] = substr($id, 1);
}
}
$posts = Posts::get(array('id' => $ids, 'nolimit' => true));
$deleted = 0;
foreach ($posts as $post) {
if (ACL::access_check($post->get_access(), 'delete')) {
$post->delete();
$deleted++;
}
}
Session::notice(sprintf(_t('Deleted %d entries.'), $deleted));
if ($deleted != count($posts)) {
Session::notice(_t('You did not have permission to delete some entries.'));
}
echo Session::messages_get(true, array('Format', 'json_messages'));
}
/**
* The on_success handler for the delete button on the post editing form
* @param FormUI $form The submitted post editing form
*/
public function form_publish_delete(FormUI $form)
{
$post = $form->post->value;
if (ACL::access_check($post->get_access(), 'delete')) {
$post->delete();
Session::notice(_t('Deleted the %1$s titled "%2$s".', array(Post::type_name($post->content_type), Utils::htmlspecialchars($post->title))));
}
Utils::redirect(URL::get('display_posts', 'type=' . $post->content_type));
}
/**
* Handles AJAX from /manage/posts.
* Used to delete posts.
*/
public function ajax_update_posts( $handler_vars )
{
Utils::check_request_method( array( 'POST' ) );
$response = new AjaxResponse();
$wsse = Utils::WSSE( $handler_vars['nonce'], $handler_vars['timestamp'] );
if ( $handler_vars['digest'] != $wsse['digest'] ) {
$response->message = _t( 'WSSE authentication failed.' );
$response->out();
return;
}
$ids = array();
foreach ( $_POST as $id => $delete ) {
// skip POST elements which are not post ids
if ( preg_match( '/^p\d+$/', $id ) && $delete ) {
$ids[] = (int) substr( $id, 1 );
}
}
if ( count( $ids ) == 0 ) {
$posts = new Posts();
}
else {
$posts = Posts::get( array( 'id' => $ids, 'nolimit' => true ) );
}
Plugins::act( 'admin_update_posts', $handler_vars['action'], $posts, $this );
$status_msg = _t( 'Unknown action "%s"', array( $handler_vars['action'] ) );
switch ( $handler_vars['action'] ) {
case 'delete':
$deleted = 0;
foreach ( $posts as $post ) {
if ( ACL::access_check( $post->get_access(), 'delete' ) ) {
$post->delete();
$deleted++;
}
}
if ( $deleted != count( $posts ) ) {
$response->message = _t( 'You did not have permission to delete some posts.' );
}
else {
$response->message = sprintf( _n( 'Deleted %d post', 'Deleted %d posts', count( $ids ) ), count( $ids ) );
}
break;
default:
// Specific plugin-supplied action
Plugins::act( 'admin_posts_action', $response, $handler_vars['action'], $posts );
break;
}
$response->out();
exit;
}
