function ajax_post() { require_once ABSPATH . '/wp-admin/includes/post.php'; if (!wp_verify_nonce($_POST['_wpnonce'], 'update-post_' . $_POST['post_ID'])) { wp_send_json_error(array('message' => __('You are not allowed to edit this item.'))); } $_POST['post_title'] = strip_tags($_POST['post_title']); $post_id = edit_post(); if (isset($_POST['save']) || isset($_POST['publish'])) { $status = get_post_status($post_id); if (isset($_POST['publish'])) { switch ($status) { case 'pending': $message = 8; break; case 'future': $message = 9; break; default: $message = 6; } } else { $message = 'draft' == $status ? 10 : 1; } } else { $message = 4; } $post = get_post($post_id); wp_send_json_success(array('message' => $this->get_message($post, $message), 'post' => $post, 'processedPostContent' => apply_filters('the_content', $post->post_content))); }
function edit_action($id) { edit_post($id); $posts = get_all_posts(); $html = render_template('View/Templates/admin.php', array('posts' => $posts)); return $html; }
/** * Tests the controller function that expects slashed data * */ function test_edit_post() { $id = $this->factory->post->create(); $_POST = array(); $_POST['post_ID'] = $id; $_POST['post_title'] = $this->slash_1; $_POST['content'] = $this->slash_5; $_POST['excerpt'] = $this->slash_7; $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes $post_id = edit_post(); $post = get_post($post_id); $this->assertEquals($this->slash_1, $post->post_title); $this->assertEquals($this->slash_5, $post->post_content); $this->assertEquals($this->slash_7, $post->post_excerpt); $_POST = array(); $_POST['post_ID'] = $id; $_POST['post_title'] = $this->slash_2; $_POST['content'] = $this->slash_4; $_POST['excerpt'] = $this->slash_6; $_POST = add_magic_quotes($_POST); $post_id = edit_post(); $post = get_post($post_id); $this->assertEquals($this->slash_2, $post->post_title); $this->assertEquals($this->slash_4, $post->post_content); $this->assertEquals($this->slash_6, $post->post_excerpt); }
/** * Tests the controller function that expects slashed data * */ function test_edit_post() { $id = self::factory()->post->create(); if (function_exists('wp_add_post_meta')) { $meta_1 = wp_add_post_meta($id, 'slash_test_1', 'foo'); $meta_2 = wp_add_post_meta($id, 'slash_test_2', 'foo'); $meta_3 = wp_add_post_meta($id, 'slash_test_3', 'foo'); } else { // expects slashed data $meta_1 = add_post_meta($id, 'slash_test_1', addslashes('foo')); $meta_2 = add_post_meta($id, 'slash_test_2', addslashes('foo')); $meta_3 = add_post_meta($id, 'slash_test_3', addslashes('foo')); } $_POST = array(); $_POST['post_ID'] = $id; $_POST['metakeyselect'] = '#NONE#'; $_POST['metakeyinput'] = 'slash_test_0'; $_POST['metavalue'] = $this->slash_6; $_POST['meta'] = array($meta_1 => array('key' => 'slash_test_1', 'value' => $this->slash_1), $meta_2 => array('key' => 'slash_test_2', 'value' => $this->slash_3), $meta_3 => array('key' => 'slash_test_3', 'value' => $this->slash_4)); $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes edit_post(); $post = get_post($id); $this->assertEquals($this->slash_6, get_post_meta($id, 'slash_test_0', true)); $this->assertEquals($this->slash_1, get_post_meta($id, 'slash_test_1', true)); $this->assertEquals($this->slash_3, get_post_meta($id, 'slash_test_2', true)); $this->assertEquals($this->slash_4, get_post_meta($id, 'slash_test_3', true)); $_POST = array(); $_POST['post_ID'] = $id; $_POST['metakeyselect'] = '#NONE#'; $_POST['metakeyinput'] = 'slash_test_0'; $_POST['metavalue'] = $this->slash_7; $_POST['meta'] = array($meta_1 => array('key' => 'slash_test_1', 'value' => $this->slash_2), $meta_2 => array('key' => 'slash_test_2', 'value' => $this->slash_4), $meta_3 => array('key' => 'slash_test_3', 'value' => $this->slash_5)); $_POST = add_magic_quotes($_POST); // the edit_post() function will strip slashes edit_post(); $post = get_post($id); $this->assertEquals($this->slash_2, get_post_meta($id, 'slash_test_1', true)); $this->assertEquals($this->slash_4, get_post_meta($id, 'slash_test_2', true)); $this->assertEquals($this->slash_5, get_post_meta($id, 'slash_test_3', true)); }
function callback($path = '', $blog_id = 0, $post_id = 0) { $blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id)); if (is_wp_error($blog_id)) { return $blog_id; } $args = $this->query_args(); $input = $this->input(false); if (!is_array($input) || !$input) { return new WP_Error('invalid_input', 'Invalid request input', 400); } $post = get_post($post_id); if (!$post || is_wp_error($post)) { return new WP_Error('unknown_post', 'Unknown post', 404); } if (!current_user_can('edit_post', $post->ID)) { return new WP_Error('unauthorized', 'User cannot edit post', 403); } $post_data = array('post_ID' => $post_id, 'post_title' => $input['title'], 'post_content' => $input['content'], 'post_excerpt' => $input['excerpt']); $preview_url = add_query_arg('preview', 'true', get_permalink($post->ID)); if (!wp_check_post_lock($post->ID) && get_current_user_id() == $post->post_author && ('auto-draft' == $post->post_status || 'draft' == $post->post_status)) { // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked $auto_ID = edit_post(wp_slash($post_data)); } else { // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user. $auto_ID = wp_create_post_autosave(wp_slash($post_data)); $nonce = wp_create_nonce('post_preview_' . $post->ID); $preview_url = add_query_arg(array('preview_id' => $auto_ID, 'preview_nonce' => $nonce), $preview_url); } $updated_post = get_post($auto_ID); if ($updated_post && $updated_post->ID && $updated_post->post_modified) { return array('ID' => $auto_ID, 'post_ID' => $post->ID, 'modified' => $this->format_date($updated_post->post_modified), 'preview_URL' => $preview_url); } else { return new WP_Error('autosave_error', __('Autosave encountered an unexpected error', 'jetpack'), 500); } }
$data['parent_id'] = $data['post_parent']; } // status if (isset($data['keep_private']) && 'private' == $data['keep_private']) { $data['post_status'] = 'private'; } else { $data['post_status'] = $data['_status']; } if (empty($data['comment_status'])) { $data['comment_status'] = 'closed'; } if (empty($data['ping_status'])) { $data['ping_status'] = 'closed'; } // update the post edit_post(); $post = array(); if ('page' == $_POST['post_type']) { $post[] = get_post($_POST['post_ID']); page_rows($post); } elseif ('post' == $_POST['post_type']) { $mode = $_POST['post_view']; $post[] = get_post($_POST['post_ID']); post_rows($post); } exit; break; case 'inline-save-tax': check_ajax_referer('taxinlineeditnonce', '_inline_edit'); if (!current_user_can('manage_categories')) { die(__('Cheatin’ uh?'));
function wp_ajax_wp_fullscreen_save_post() { $post_id = isset($_POST['post_ID']) ? (int) $_POST['post_ID'] : 0; $post = $post_type = null; if ($post_id) { $post = get_post($post_id); } if ($post) { $post_type = $post->post_type; } elseif (isset($_POST['post_type']) && post_type_exists($_POST['post_type'])) { $post_type = $_POST['post_type']; } check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce'); $post_id = edit_post(); if (is_wp_error($post_id)) { if ($post_id->get_error_message()) { $message = $post_id->get_error_message(); } else { $message = __('Save failed'); } echo json_encode(array('message' => $message, 'last_edited' => '')); wp_die(); } else { $message = __('Saved.'); } if ($post) { $last_date = mysql2date(get_option('date_format'), $post->post_modified); $last_time = mysql2date(get_option('time_format'), $post->post_modified); } else { $last_date = date_i18n(get_option('date_format')); $last_time = date_i18n(get_option('time_format')); } if ($last_id = get_post_meta($post_id, '_edit_last', true)) { $last_user = get_userdata($last_id); $last_edited = sprintf(__('Last edited by %1$s on %2$s at %3$s'), esc_html($last_user->display_name), $last_date, $last_time); } else { $last_edited = sprintf(__('Last edited on %1$s at %2$s'), $last_date, $last_time); } echo json_encode(array('message' => $message, 'last_edited' => $last_edited)); wp_die(); }
/** * Default handling for updating content types. This should be overridden if special handling is needed * * @param int $post_ID * @param array $post_data */ public function update_content($post_ID, $post_data) { $page_ID = edit_post($post_data); if (isset($_POST['wp-preview']) && $_POST['wp-preview'] == 'dopreview') { wp_redirect(get_permalink($post_ID)); exit; } $this->redirect_content($page_ID); }
/** * Save a post submitted with XHR * * Intended for use with heartbeat and autosave.js * * @since 3.9.0 * * @param array $post_data Associative array of the submitted post data. * @return mixed The value 0 or WP_Error on failure. The saved post ID on success. * The ID can be the draft post_id or the autosave revision post_id. */ function wp_autosave($post_data) { // Back-compat if (!defined('DOING_AUTOSAVE')) { define('DOING_AUTOSAVE', true); } $post_id = (int) $post_data['post_id']; $post_data['ID'] = $post_data['post_ID'] = $post_id; if (false === wp_verify_nonce($post_data['_wpnonce'], 'update-post_' . $post_id)) { return new WP_Error('invalid_nonce', __('Error while saving.')); } $post = get_post($post_id); if (!current_user_can('edit_post', $post->ID)) { return new WP_Error('edit_posts', __('Sorry, you are not allowed to edit this item.')); } if ('auto-draft' == $post->post_status) { $post_data['post_status'] = 'draft'; } if ($post_data['post_type'] != 'page' && !empty($post_data['catslist'])) { $post_data['post_category'] = explode(',', $post_data['catslist']); } if (!wp_check_post_lock($post->ID) && get_current_user_id() == $post->post_author && ('auto-draft' == $post->post_status || 'draft' == $post->post_status)) { // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked return edit_post(wp_slash($post_data)); } else { // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user. return wp_create_post_autosave(wp_slash($post_data)); } }
enqueue_comment_hotkeys_js(); } include ABSPATH . 'wp-admin/edit-form-advanced.php'; break; case 'editattachment': check_admin_referer('update-post_' . $post_id); // Don't let these be changed unset($_POST['guid']); $_POST['post_type'] = 'attachment'; // Update the thumbnail filename $newmeta = wp_get_attachment_metadata($post_id, true); $newmeta['thumb'] = $_POST['thumb']; wp_update_attachment_metadata($post_id, $newmeta); case 'editpost': check_admin_referer('update-post_' . $post_id); $post_id = edit_post(); // Session cookie flag that the post was saved if (isset($_COOKIE['wp-saving-post']) && $_COOKIE['wp-saving-post'] === $post_id . '-check') { setcookie('wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl()); } redirect_post($post_id); // Send user on their way while we keep working exit; case 'trash': check_admin_referer('trash-post_' . $post_id); if (!$post) { wp_die(__('The item you are trying to move to the Trash no longer exists.')); } if (!$post_type_object) { wp_die(__('Unknown post type.')); }
/** * Save draft or manually autosave for showing preview. * * @package WordPress * @since 2.7 * * @uses wp_write_post() * @uses edit_post() * @uses get_post() * @uses current_user_can() * @uses wp_create_post_autosave() * * @return str URL to redirect to show the preview */ function post_preview() { $post_ID = (int) $_POST['post_ID']; if ($post_ID < 1) { wp_die(__('Preview not available. Please save as a draft first.')); } if (isset($_POST['catslist'])) { $_POST['post_category'] = explode(",", $_POST['catslist']); } if (isset($_POST['tags_input'])) { $_POST['tags_input'] = explode(",", $_POST['tags_input']); } if ($_POST['post_type'] == 'page' || empty($_POST['post_category'])) { unset($_POST['post_category']); } $_POST['ID'] = $post_ID; $post = get_post($post_ID); if ('page' == $post->post_type) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } if ('draft' == $post->post_status) { $id = edit_post(); } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. $id = wp_create_post_autosave($post->ID); if (!is_wp_error($id)) { $id = $post->ID; } } if (is_wp_error($id)) { wp_die($id->get_error_message()); } if ($_POST['post_status'] == 'draft') { $url = add_query_arg('preview', 'true', get_permalink($id)); } else { $nonce = wp_create_nonce('post_preview_' . $id); $url = add_query_arg(array('preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce), get_permalink($id)); } return $url; }
$url = from($_REQUEST, 'url'); $content = from($_REQUEST, 'content'); $oldfile = from($_REQUEST, 'oldfile'); $destination = from($_GET, 'destination'); $description = from($_REQUEST, 'description'); $date = from($_REQUEST, 'date'); $time = from($_REQUEST, 'time'); $dateTime = null; if ($date !== null && $time !== null) { $dateTime = $date . ' ' . $time; } if ($proper && !empty($title) && !empty($tag) && !empty($content)) { if (empty($url)) { $url = $title; } edit_post($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $fi, $vid); } else { $message['error'] = ''; if (empty($title)) { $message['error'] .= '<li>Title field is required.</li>'; } if (empty($tag)) { $message['error'] .= '<li>Tag field is required.</li>'; } if (empty($content)) { $message['error'] .= '<li>Content field is required.</li>'; } if (!$proper) { $message['error'] .= '<li>CSRF Token not correct.</li>'; } config('views.root', 'system/admin/views');
$contents = trim($_POST['contents']); if (empty($title)) { $errors[] = "You need to supply a title."; } else { if (strlen($title) > 255) { $errors[] = "The title cannot be longer than 255 characters."; } } if (empty($contents)) { $errors[] = "You need to supply some text."; } if (!category_exits('id', $_POST['category'])) { $errors[] = "The category does not exit."; } if (empty($errors)) { edit_post($_GET['id'], $title, $contents, $_POST['category']); Header("Location: index.php?id={$post[0]['post_id']}"); die; } } ?> <html> <head> <style> label{display : block; } </style> <title>Edit a post</title> </head>
$uid = $_SESSION['uid']; $old_cid = isset($_POST['old_cid']) ? $_POST['old_cid'] : $post['Course_ID']; $old_week = isset($_POST['old_week']) ? $_POST['old_week'] : $post['Post_Week']; $old_title = isset($_POST['old_title']) ? $_POST['old_title'] : $post['Post_Title']; $old_url = isset($_POST['old_url']) ? $_POST['old_url'] : $post['Post_URL']; $old_body = isset($_POST['old_body']) ? $_POST['old_body'] : $post['Post_Question']; $old_answer = isset($_POST['old_answer']) ? $_POST['old_answer'] : $post['Post_Answer']; $cid = isset($_POST['cid']) ? $_POST['cid'] : ''; $week = isset($_POST['week']) ? $_POST['week'] : ''; $title = isset($_POST['title']) ? $_POST['title'] : ''; $url = isset($_POST['url']) ? $_POST['url'] : ''; $body = isset($_POST['body']) ? $_POST['body'] : ''; $answer = isset($_POST['answer']) ? $_POST['answer'] : ''; if (isset($_POST['submit'])) { if ($uid == $post['User_ID'] || $_SESSION['rid'] == 1 || $_SESSION['rid'] == 3) { edit_post($_POST['pid'], $cid, $week, $title, $url, $body, $answer); sleep(1); header('location: ' . currentURL() . '?p=question/' . $url); print 'Post edited. Click <a href="?p=post">here</a> to view posts'; } else { print 'Not authorized'; } } ?> <link rel="stylesheet" type="text/css" href="markitup/skins/markitup/style.css" /> <link rel="stylesheet" type="text/css" href="markitup/sets/html/style.css" /> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="markitup/jquery.markitup.js"></script> <script type="text/javascript" src="markitup/sets/html/set.js"></script> <script language="javascript"> $(document).ready(function() {
/** * Default handling for updating content types. This should be overridden if special handling is needed * * @param int $post_ID * @param array $post_data */ public function update_content($post_ID, $post_data) { $page_ID = edit_post($post_data); $this->redirect_content($page_ID); }
function savePost() { /* $content = stripslashes($this->post('content')); $post_id = $this->post('post_id'); $post = get_post($post_id); // $post_type_object = get_post_type_object($post->post_type); $post_status = $this->post('post_status'); $post_data = array('ID' => $post_id, 'post_content' => $content); if($post_status) $post_data['post_status'] = if($post_status && $post_status === 'publish') { $post_data['post_status'] = !current_user_can( $post_type_object->cap->publish_posts ) ? 'pending' : $post_status; } if(is_string($this->post('title'))) $post_data['post_title'] = $this->post('title'); */ // edit_post($_POST); $post_id = $this->post('post_ID'); check_admin_referer('update-post_' . $post_id); $post_id = edit_post(); // Session cookie flag that the post was saved if (isset($_COOKIE['wp-saving-post-' . $post_id])) { setcookie('wp-saving-post-' . $post_id, 'saved'); } // Post custom css settings. $post_custom_css = $this->post('post_custom_css'); if (empty($post_custom_css)) { delete_post_meta($post_id, '_wpb_post_custom_css'); } else { update_post_meta($post_id, '_wpb_post_custom_css', $post_custom_css); } echo true; die; }
if (empty($url)) { $url = $title; } edit_quote($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $quote, $revertPost, $publishDraft, $category); } else { if ($proper && !empty($title) && !empty($tag) && !empty($content) && !empty($audio)) { if (empty($url)) { $url = $title; } edit_audio($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $audio, $revertPost, $publishDraft, $category); } else { if ($proper && !empty($title) && !empty($tag) && !empty($content) && !empty($is_post)) { if (empty($url)) { $url = $title; } edit_post($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $revertPost, $publishDraft, $category); } else { $message['error'] = ''; if (empty($title)) { $message['error'] .= '<li>Title field is required.</li>'; } if (empty($tag)) { $message['error'] .= '<li>Tag field is required.</li>'; } if (empty($content)) { $message['error'] .= '<li>Content field is required.</li>'; } if (!$proper) { $message['error'] .= '<li>CSRF Token not correct.</li>'; } if (!empty($is_image)) {
function wp_write_post() { global $user_ID; if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_pages' ) ) return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) ); } else { if ( !current_user_can( 'edit_posts' ) ) return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) ); } // Check for autosave collisions $temp_id = false; if ( isset($_POST['temp_ID']) ) { $temp_id = (int) $_POST['temp_ID']; if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); foreach ( $draft_ids as $temp => $real ) if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then ) unset($draft_ids[$temp]); if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write $_POST['post_ID'] = $draft_ids[$temp_id]; unset($_POST['temp_ID']); update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids ); return edit_post(); } } // Rename. $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ( $_POST['post_author_override'] ) ) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else { if (!empty ( $_POST['post_author'] ) ) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } } if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_others_pages' ) ) return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); } else { if ( !current_user_can( 'edit_others_posts' ) ) return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) ); } } // What to do based on which button they pressed if ('' != $_POST['saveasdraft'] ) $_POST['post_status'] = 'draft'; if ('' != $_POST['saveasprivate'] ) $_POST['post_status'] = 'private'; if ('' != $_POST['publish'] ) $_POST['post_status'] = 'publish'; if ('' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) ) $_POST['post_status'] = 'draft'; } else { if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) ) $_POST['post_status'] = 'draft'; } if (!isset( $_POST['comment_status'] )) $_POST['comment_status'] = 'closed'; if (!isset( $_POST['ping_status'] )) $_POST['ping_status'] = 'closed'; if (!empty ( $_POST['edit_date'] ) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] ); } // Create the post. $post_ID = wp_insert_post( $_POST ); add_meta( $post_ID ); // Reunite any orphaned attachments with their parent if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) relocate_children( $draft_temp_id, $post_ID ); if ( $temp_id && $temp_id != $draft_temp_id ) relocate_children( $temp_id, $post_ID ); // Update autosave collision detection if ( $temp_id ) { $draft_ids[$temp_id] = $post_ID; update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids ); } // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links( $post_ID ); return $post_ID; }
/** * @ticket 30615 */ public function test_edit_post_should_not_create_terms_for_an_empty_tag_input_field() { wp_set_current_user(self::$editor_id); register_taxonomy('wptests_tax', array('post')); self::factory()->term->create(array('taxonomy' => 'wptests_tax', 'name' => 'foo', 'slug' => 'bar')); $post_data = array('post_ID' => self::$post_id, 'tax_input' => array('wptests_tax' => ' ')); edit_post($post_data); $found = wp_get_post_terms(self::$post_id, 'wptests_tax'); $this->assertEmpty($found); }
public function wp_fee_post() { require_once ABSPATH . '/wp-admin/includes/post.php'; if (!wp_verify_nonce($_POST['_wpnonce'], 'update-post_' . $_POST['post_ID'])) { $this->response(__('You are not allowed to edit this item.')); } $_POST['post_title'] = strip_tags($_POST['post_title']); $post_id = edit_post(); if (isset($_POST['save']) || isset($_POST['publish'])) { $status = get_post_status($post_id); if (isset($_POST['publish'])) { switch ($status) { case 'pending': $message = 8; break; case 'future': $message = 9; break; default: $message = 6; } } else { $message = 'draft' == $status ? 10 : 1; } $location = esc_url(add_query_arg('message', $message, $this->edit_link($post_id))); } elseif (isset($_POST['addmeta']) && $_POST['addmeta']) { $location = esc_url(add_query_arg('message', 2, wp_get_referer())); $location = explode('#', $location); $location = $location[0] . '#postcustom'; } elseif (isset($_POST['deletemeta']) && $_POST['deletemeta']) { $location = esc_url(add_query_arg('message', 3, wp_get_referer())); $location = explode('#', $location); $location = $location[0] . '#postcustom'; } else { $location = esc_url(add_query_arg('message', 4, $this->edit_link($post_id))); } $location = apply_filters('redirect_post_location', $location, $post_id); $this->response($location); }
/** * @ticket 30615 */ public function test_edit_post_should_not_create_terms_for_an_empty_tag_input_field() { $u = $this->factory->user->create( array( 'role' => 'editor' ) ); wp_set_current_user( $u ); register_taxonomy( 'wptests_tax', array( 'post' ) ); $t1 = $this->factory->term->create( array( 'taxonomy' => 'wptests_tax', 'name' => 'foo', 'slug' => 'bar', ) ); $p = $this->factory->post->create(); $post_data = array( 'post_ID' => $p, 'tax_input' => array( 'wptests_tax' => ' ', ), ); edit_post( $post_data ); $found = wp_get_post_terms( $p, 'wptests_tax' ); $this->assertEmpty( $found ); }
$last_user = get_userdata($last); $last_user_name = $last_user ? $last_user->display_name : __('Someone'); $data = new WP_Error('locked', sprintf($_POST['post_type'] == 'page' ? __('Autosave disabled: %s is currently editing this page.') : __('Autosave disabled: %s is currently editing this post.'), wp_specialchars($last_user_name))); $supplemental['disable_autosave'] = 'disable'; } if ('page' == $post->post_type) { if (!current_user_can('edit_page', $post_ID)) { die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { die(__('You are not allowed to edit this post.')); } } if ($do_autosave) { $id = edit_post(); $data = $message; } else { $id = $post->ID; } } if ($do_lock && $id && is_numeric($id)) { wp_set_post_lock($id); } if ($nonce_age == 2) { $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); if ($id) { if ($_POST['post_type'] == 'post') {
/** * Save draft or manually autosave for showing preview. * * @package WordPress * @since 2.7.0 * * @uses get_post_status() * @uses edit_post() * @uses get_post() * @uses current_user_can() * @uses wp_die() * @uses wp_create_post_autosave() * @uses add_query_arg() * @uses wp_create_nonce() * * @return str URL to redirect to show the preview */ function post_preview() { $post_ID = (int) $_POST['post_ID']; $status = get_post_status($post_ID); if ('auto-draft' == $status) { wp_die(__('Preview not available. Please save as a draft first.')); } if (isset($_POST['catslist'])) { $_POST['post_category'] = explode(",", $_POST['catslist']); } if (isset($_POST['tags_input'])) { $_POST['tags_input'] = explode(",", $_POST['tags_input']); } if ($_POST['post_type'] == 'page' || empty($_POST['post_category'])) { unset($_POST['post_category']); } $_POST['ID'] = $post_ID; $post = get_post($post_ID); if ('page' == $post->post_type) { if (!current_user_can('edit_page', $post_ID)) { wp_die(__('You are not allowed to edit this page.')); } } else { if (!current_user_can('edit_post', $post_ID)) { wp_die(__('You are not allowed to edit this post.')); } } $user_id = get_current_user_id(); $locked = wp_check_post_lock($post->ID); if (!$locked && 'draft' == $post->post_status && $user_id == $post->post_author) { $id = edit_post(); } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. $id = wp_create_post_autosave($post->ID); if (!is_wp_error($id)) { $id = $post->ID; } } if (is_wp_error($id)) { wp_die($id->get_error_message()); } if (!$locked && $_POST['post_status'] == 'draft' && $user_id == $post->post_author) { $url = add_query_arg('preview', 'true', get_permalink($id)); } else { $nonce = wp_create_nonce('post_preview_' . $id); $args = array('preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce); if (isset($_POST['post_format'])) { $args['post_format'] = empty($_POST['post_format']) ? 'standard' : sanitize_key($_POST['post_format']); } $url = add_query_arg($args, get_permalink($id)); } return apply_filters('preview_post_link', $url); }
/** * If the `edit_post()` method is invoked by a user without publish_posts permission, the sticky status of the post * should not be changed. * * @ticket 24153 */ function test_user_without_publish_cannot_affect_sticky_with_edit_post() { // Create a sticky post. $post = $this->factory->post->create_and_get( array( 'post_title' => 'Will be changed', 'post_content' => 'Will be changed', ) ); stick_post( $post->ID ); // Sanity Check. $this->assertTrue( is_sticky( $post->ID ) ); // Create a role with edit_others_posts. add_role( 'grammarian', 'Grammarian', array( 'read' => true, 'edit_posts' => true, 'edit_others_posts' => true, 'edit_published_posts' => true, ) ); $editor_user = $this->factory->user->create( array( 'role' => 'grammarian' ) ); $old_uid = get_current_user_id(); wp_set_current_user( $editor_user ); // Sanity Check. $this->assertFalse( current_user_can( 'publish_posts' ) ); $this->assertTrue( current_user_can( 'edit_others_posts' ) ); $this->assertTrue( current_user_can( 'edit_published_posts' ) ); // Edit the post - The key 'sticky' is intentionally unset. $data = array( 'post_ID' => $post->ID, 'post_title' => 'Updated', 'post_content' => 'Updated', ); edit_post( $data ); // Make sure it's still sticky $saved_post = get_post( $post->ID ); $this->assertTrue( is_sticky( $saved_post->ID ) ); $this->assertEquals( 'Updated', $saved_post->post_title ); $this->assertEquals( 'Updated', $saved_post->post_content ); // Teardown wp_set_current_user( $old_uid ); }
include 'edit-page-form.php'; break; case 'editattachment': $page_id = $post_ID = (int) $_POST['post_ID']; check_admin_referer('update-attachment_' . $page_id); // Don't let these be changed unset($_POST['guid']); $_POST['post_type'] = 'attachment'; // Update the thumbnail filename $newmeta = wp_get_attachment_metadata($page_id, true); $newmeta['thumb'] = $_POST['thumb']; wp_update_attachment_metadata($newmeta); case 'editpost': $page_ID = (int) $_POST['post_ID']; check_admin_referer('update-page_' . $page_ID); $page_ID = edit_post(); redirect_page($page_ID); exit; break; case 'delete': $page_id = isset($_GET['post']) ? intval($_GET['post']) : intval($_POST['post_ID']); check_admin_referer('delete-page_' . $page_id); $page =& get_post($page_id); if (!current_user_can('delete_page', $page_id)) { wp_die(__('You are not allowed to delete this page.')); } if ($page->post_type == 'attachment') { if (!wp_delete_attachment($page_id)) { wp_die(__('Error in deleting...')); } } else {
function wp_write_post() { global $user_ID; if ('page' == $_POST['post_type']) { if (!current_user_can('edit_pages')) { return new WP_Error('edit_pages', __('You are not allowed to create pages on this blog.')); } } else { if (!current_user_can('edit_posts')) { return new WP_Error('edit_posts', __('You are not allowed to create posts or drafts on this blog.')); } } // Check for autosave collisions $temp_id = false; if (isset($_POST['temp_ID'])) { $temp_id = (int) $_POST['temp_ID']; if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } foreach ($draft_ids as $temp => $real) { if (time() + $temp > 86400) { // 1 day: $temp is equal to -1 * time( then ) unset($draft_ids[$temp]); } } if (isset($draft_ids[$temp_id])) { // Edit, don't write $_POST['post_ID'] = $draft_ids[$temp_id]; unset($_POST['temp_ID']); update_user_option($user_ID, 'autosave_draft_ids', $draft_ids); return edit_post(); } } $translated = _wp_translate_postdata(false); if (is_wp_error($translated)) { return $translated; } // Create the post. $post_ID = wp_insert_post($_POST); if (is_wp_error($post_ID)) { return $post_ID; } if (empty($post_ID)) { return 0; } add_meta($post_ID); // Reunite any orphaned attachments with their parent if (!($draft_ids = get_user_option('autosave_draft_ids'))) { $draft_ids = array(); } if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) { _relocate_children($draft_temp_id, $post_ID); } if ($temp_id && $temp_id != $draft_temp_id) { _relocate_children($temp_id, $post_ID); } // Update autosave collision detection if ($temp_id) { $draft_ids[$temp_id] = $post_ID; update_user_option($user_ID, 'autosave_draft_ids', $draft_ids); } // Now that we have an ID we can fix any attachment anchor hrefs _fix_attachment_links($post_ID); wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID); return $post_ID; }
$_POST['post_status'] = 'attachment'; // Update the thumbnail filename $oldmeta = $newmeta = get_post_meta($post_id, '_wp_attachment_metadata', true); $newmeta['thumb'] = $_POST['thumb']; if ( '' !== $oldmeta ) update_post_meta($post_id, '_wp_attachment_metadata', $newmeta, $oldmeta); else add_post_meta($post_id, '_wp_attachment_metadata', $newmeta); case 'editpost': $post_ID = (int) $_POST['post_ID']; check_admin_referer('update-post_' . $post_ID); $post_ID = edit_post(); $referredby = ''; if ( !empty($_POST['referredby']) ) $referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']); $referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer()); if ($_POST['save']) { $location = wp_get_referer(); } elseif ($_POST['updatemeta']) { $location = wp_get_referer() . '&message=2#postcustom'; } elseif ($_POST['deletemeta']) { $location = wp_get_referer() . '&message=3#postcustom'; } elseif (!empty($referredby) && $referredby != $referer) { $location = $_POST['referredby']; if ( $_POST['referredby'] == 'redo' )
/** * @ticket 21212 */ function test_utf8mb3_post_saves_with_emoji() { global $wpdb; $_wpdb = new wpdb_exposed_methods_for_testing(); if ( 'utf8' !== $_wpdb->get_col_charset( $wpdb->posts, 'post_title' ) ) { $this->markTestSkipped( 'This test is only useful with the utf8 character set' ); } require_once( ABSPATH . '/wp-admin/includes/post.php' ); $post_id = $this->factory->post->create(); $data = array( 'post_ID' => $post_id, 'post_title' => "foo\xf0\x9f\x98\x88bar", 'post_content' => "foo\xf0\x9f\x98\x8ebaz", 'post_excerpt' => "foo\xf0\x9f\x98\x90bat" ); $expected = array( 'post_title' => "foobar", 'post_content' => "foobaz", 'post_excerpt' => "foobat" ); edit_post( $data ); $post = get_post( $post_id ); foreach( $expected as $field => $value ) { $this->assertEquals( $post->$field, $value ); } }
/** * Ajax handler for saving posts from the fullscreen editor. * * @since 3.1.0 * @deprecated 4.3.0 */ function wp_ajax_wp_fullscreen_save_post() { $post_id = isset($_POST['post_ID']) ? (int) $_POST['post_ID'] : 0; $post = null; if ($post_id) { $post = get_post($post_id); } check_ajax_referer('update-post_' . $post_id, '_wpnonce'); $post_id = edit_post(); if (is_wp_error($post_id)) { wp_send_json_error(); } if ($post) { $last_date = mysql2date(get_option('date_format'), $post->post_modified); $last_time = mysql2date(get_option('time_format'), $post->post_modified); } else { $last_date = date_i18n(get_option('date_format')); $last_time = date_i18n(get_option('time_format')); } if ($last_id = get_post_meta($post_id, '_edit_last', true)) { $last_user = get_userdata($last_id); $last_edited = sprintf(__('Last edited by %1$s on %2$s at %3$s'), esc_html($last_user->display_name), $last_date, $last_time); } else { $last_edited = sprintf(__('Last edited on %1$s at %2$s'), $last_date, $last_time); } wp_send_json_success(array('last_edited' => $last_edited)); }
public function tools_handler() { $posts= array(); if ($_POST['submit'] == __('Retag all posts', 'auto-tag')) { $args = array( 'post_type' => 'post', 'post_status' => 'publish', ); $posts = get_posts($args); }elseif ($_POST['submit'] == __('Retag all pages', 'auto-tag')) { $args = array( 'post_type' => 'page', 'post_status' => 'publish', ); $posts = get_posts($args); } echo '<ul>'; foreach($posts as $p) { $post = (array) $p; $post['post_ID'] = $p->ID; $post['action'] = 'save'; edit_post($post); echo '<li>'.sprintf(__('Post <b>%s</b> re-tagged', 'auto-tag'), $p->post_title).'</li>'; flush(); } echo '</ul>'; }