Exemplo n.º 1
0
 function ajax_post()
 {
     require_once ABSPATH . '/wp-admin/includes/post.php';
     if (!wp_verify_nonce($_POST['_wpnonce'], 'update-post_' . $_POST['post_ID'])) {
         wp_send_json_error(array('message' => __('You are not allowed to edit this item.')));
     }
     $_POST['post_title'] = strip_tags($_POST['post_title']);
     $post_id = edit_post();
     if (isset($_POST['save']) || isset($_POST['publish'])) {
         $status = get_post_status($post_id);
         if (isset($_POST['publish'])) {
             switch ($status) {
                 case 'pending':
                     $message = 8;
                     break;
                 case 'future':
                     $message = 9;
                     break;
                 default:
                     $message = 6;
             }
         } else {
             $message = 'draft' == $status ? 10 : 1;
         }
     } else {
         $message = 4;
     }
     $post = get_post($post_id);
     wp_send_json_success(array('message' => $this->get_message($post, $message), 'post' => $post, 'processedPostContent' => apply_filters('the_content', $post->post_content)));
 }
Exemplo n.º 2
0
function edit_action($id)
{
    edit_post($id);
    $posts = get_all_posts();
    $html = render_template('View/Templates/admin.php', array('posts' => $posts));
    return $html;
}
Exemplo n.º 3
0
 /**
  * Tests the controller function that expects slashed data
  *
  */
 function test_edit_post()
 {
     $id = $this->factory->post->create();
     $_POST = array();
     $_POST['post_ID'] = $id;
     $_POST['post_title'] = $this->slash_1;
     $_POST['content'] = $this->slash_5;
     $_POST['excerpt'] = $this->slash_7;
     $_POST = add_magic_quotes($_POST);
     // the edit_post() function will strip slashes
     $post_id = edit_post();
     $post = get_post($post_id);
     $this->assertEquals($this->slash_1, $post->post_title);
     $this->assertEquals($this->slash_5, $post->post_content);
     $this->assertEquals($this->slash_7, $post->post_excerpt);
     $_POST = array();
     $_POST['post_ID'] = $id;
     $_POST['post_title'] = $this->slash_2;
     $_POST['content'] = $this->slash_4;
     $_POST['excerpt'] = $this->slash_6;
     $_POST = add_magic_quotes($_POST);
     $post_id = edit_post();
     $post = get_post($post_id);
     $this->assertEquals($this->slash_2, $post->post_title);
     $this->assertEquals($this->slash_4, $post->post_content);
     $this->assertEquals($this->slash_6, $post->post_excerpt);
 }
Exemplo n.º 4
0
 /**
  * Tests the controller function that expects slashed data
  *
  */
 function test_edit_post()
 {
     $id = self::factory()->post->create();
     if (function_exists('wp_add_post_meta')) {
         $meta_1 = wp_add_post_meta($id, 'slash_test_1', 'foo');
         $meta_2 = wp_add_post_meta($id, 'slash_test_2', 'foo');
         $meta_3 = wp_add_post_meta($id, 'slash_test_3', 'foo');
     } else {
         // expects slashed data
         $meta_1 = add_post_meta($id, 'slash_test_1', addslashes('foo'));
         $meta_2 = add_post_meta($id, 'slash_test_2', addslashes('foo'));
         $meta_3 = add_post_meta($id, 'slash_test_3', addslashes('foo'));
     }
     $_POST = array();
     $_POST['post_ID'] = $id;
     $_POST['metakeyselect'] = '#NONE#';
     $_POST['metakeyinput'] = 'slash_test_0';
     $_POST['metavalue'] = $this->slash_6;
     $_POST['meta'] = array($meta_1 => array('key' => 'slash_test_1', 'value' => $this->slash_1), $meta_2 => array('key' => 'slash_test_2', 'value' => $this->slash_3), $meta_3 => array('key' => 'slash_test_3', 'value' => $this->slash_4));
     $_POST = add_magic_quotes($_POST);
     // the edit_post() function will strip slashes
     edit_post();
     $post = get_post($id);
     $this->assertEquals($this->slash_6, get_post_meta($id, 'slash_test_0', true));
     $this->assertEquals($this->slash_1, get_post_meta($id, 'slash_test_1', true));
     $this->assertEquals($this->slash_3, get_post_meta($id, 'slash_test_2', true));
     $this->assertEquals($this->slash_4, get_post_meta($id, 'slash_test_3', true));
     $_POST = array();
     $_POST['post_ID'] = $id;
     $_POST['metakeyselect'] = '#NONE#';
     $_POST['metakeyinput'] = 'slash_test_0';
     $_POST['metavalue'] = $this->slash_7;
     $_POST['meta'] = array($meta_1 => array('key' => 'slash_test_1', 'value' => $this->slash_2), $meta_2 => array('key' => 'slash_test_2', 'value' => $this->slash_4), $meta_3 => array('key' => 'slash_test_3', 'value' => $this->slash_5));
     $_POST = add_magic_quotes($_POST);
     // the edit_post() function will strip slashes
     edit_post();
     $post = get_post($id);
     $this->assertEquals($this->slash_2, get_post_meta($id, 'slash_test_1', true));
     $this->assertEquals($this->slash_4, get_post_meta($id, 'slash_test_2', true));
     $this->assertEquals($this->slash_5, get_post_meta($id, 'slash_test_3', true));
 }
 function callback($path = '', $blog_id = 0, $post_id = 0)
 {
     $blog_id = $this->api->switch_to_blog_and_validate_user($this->api->get_blog_id($blog_id));
     if (is_wp_error($blog_id)) {
         return $blog_id;
     }
     $args = $this->query_args();
     $input = $this->input(false);
     if (!is_array($input) || !$input) {
         return new WP_Error('invalid_input', 'Invalid request input', 400);
     }
     $post = get_post($post_id);
     if (!$post || is_wp_error($post)) {
         return new WP_Error('unknown_post', 'Unknown post', 404);
     }
     if (!current_user_can('edit_post', $post->ID)) {
         return new WP_Error('unauthorized', 'User cannot edit post', 403);
     }
     $post_data = array('post_ID' => $post_id, 'post_title' => $input['title'], 'post_content' => $input['content'], 'post_excerpt' => $input['excerpt']);
     $preview_url = add_query_arg('preview', 'true', get_permalink($post->ID));
     if (!wp_check_post_lock($post->ID) && get_current_user_id() == $post->post_author && ('auto-draft' == $post->post_status || 'draft' == $post->post_status)) {
         // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
         $auto_ID = edit_post(wp_slash($post_data));
     } else {
         // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user.
         $auto_ID = wp_create_post_autosave(wp_slash($post_data));
         $nonce = wp_create_nonce('post_preview_' . $post->ID);
         $preview_url = add_query_arg(array('preview_id' => $auto_ID, 'preview_nonce' => $nonce), $preview_url);
     }
     $updated_post = get_post($auto_ID);
     if ($updated_post && $updated_post->ID && $updated_post->post_modified) {
         return array('ID' => $auto_ID, 'post_ID' => $post->ID, 'modified' => $this->format_date($updated_post->post_modified), 'preview_URL' => $preview_url);
     } else {
         return new WP_Error('autosave_error', __('Autosave encountered an unexpected error', 'jetpack'), 500);
     }
 }
Exemplo n.º 6
0
         $data['parent_id'] = $data['post_parent'];
     }
     // status
     if (isset($data['keep_private']) && 'private' == $data['keep_private']) {
         $data['post_status'] = 'private';
     } else {
         $data['post_status'] = $data['_status'];
     }
     if (empty($data['comment_status'])) {
         $data['comment_status'] = 'closed';
     }
     if (empty($data['ping_status'])) {
         $data['ping_status'] = 'closed';
     }
     // update the post
     edit_post();
     $post = array();
     if ('page' == $_POST['post_type']) {
         $post[] = get_post($_POST['post_ID']);
         page_rows($post);
     } elseif ('post' == $_POST['post_type']) {
         $mode = $_POST['post_view'];
         $post[] = get_post($_POST['post_ID']);
         post_rows($post);
     }
     exit;
     break;
 case 'inline-save-tax':
     check_ajax_referer('taxinlineeditnonce', '_inline_edit');
     if (!current_user_can('manage_categories')) {
         die(__('Cheatin’ uh?'));
Exemplo n.º 7
0
function wp_ajax_wp_fullscreen_save_post()
{
    $post_id = isset($_POST['post_ID']) ? (int) $_POST['post_ID'] : 0;
    $post = $post_type = null;
    if ($post_id) {
        $post = get_post($post_id);
    }
    if ($post) {
        $post_type = $post->post_type;
    } elseif (isset($_POST['post_type']) && post_type_exists($_POST['post_type'])) {
        $post_type = $_POST['post_type'];
    }
    check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce');
    $post_id = edit_post();
    if (is_wp_error($post_id)) {
        if ($post_id->get_error_message()) {
            $message = $post_id->get_error_message();
        } else {
            $message = __('Save failed');
        }
        echo json_encode(array('message' => $message, 'last_edited' => ''));
        wp_die();
    } else {
        $message = __('Saved.');
    }
    if ($post) {
        $last_date = mysql2date(get_option('date_format'), $post->post_modified);
        $last_time = mysql2date(get_option('time_format'), $post->post_modified);
    } else {
        $last_date = date_i18n(get_option('date_format'));
        $last_time = date_i18n(get_option('time_format'));
    }
    if ($last_id = get_post_meta($post_id, '_edit_last', true)) {
        $last_user = get_userdata($last_id);
        $last_edited = sprintf(__('Last edited by %1$s on %2$s at %3$s'), esc_html($last_user->display_name), $last_date, $last_time);
    } else {
        $last_edited = sprintf(__('Last edited on %1$s at %2$s'), $last_date, $last_time);
    }
    echo json_encode(array('message' => $message, 'last_edited' => $last_edited));
    wp_die();
}
 /**
  * Default handling for updating content types.  This should be overridden if special handling is needed
  *
  * @param int $post_ID
  * @param array $post_data
  */
 public function update_content($post_ID, $post_data)
 {
     $page_ID = edit_post($post_data);
     if (isset($_POST['wp-preview']) && $_POST['wp-preview'] == 'dopreview') {
         wp_redirect(get_permalink($post_ID));
         exit;
     }
     $this->redirect_content($page_ID);
 }
Exemplo n.º 9
0
/**
 * Save a post submitted with XHR
 *
 * Intended for use with heartbeat and autosave.js
 *
 * @since 3.9.0
 *
 * @param array $post_data Associative array of the submitted post data.
 * @return mixed The value 0 or WP_Error on failure. The saved post ID on success.
 *               The ID can be the draft post_id or the autosave revision post_id.
 */
function wp_autosave($post_data)
{
    // Back-compat
    if (!defined('DOING_AUTOSAVE')) {
        define('DOING_AUTOSAVE', true);
    }
    $post_id = (int) $post_data['post_id'];
    $post_data['ID'] = $post_data['post_ID'] = $post_id;
    if (false === wp_verify_nonce($post_data['_wpnonce'], 'update-post_' . $post_id)) {
        return new WP_Error('invalid_nonce', __('Error while saving.'));
    }
    $post = get_post($post_id);
    if (!current_user_can('edit_post', $post->ID)) {
        return new WP_Error('edit_posts', __('Sorry, you are not allowed to edit this item.'));
    }
    if ('auto-draft' == $post->post_status) {
        $post_data['post_status'] = 'draft';
    }
    if ($post_data['post_type'] != 'page' && !empty($post_data['catslist'])) {
        $post_data['post_category'] = explode(',', $post_data['catslist']);
    }
    if (!wp_check_post_lock($post->ID) && get_current_user_id() == $post->post_author && ('auto-draft' == $post->post_status || 'draft' == $post->post_status)) {
        // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
        return edit_post(wp_slash($post_data));
    } else {
        // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user.
        return wp_create_post_autosave(wp_slash($post_data));
    }
}
Exemplo n.º 10
0
         enqueue_comment_hotkeys_js();
     }
     include ABSPATH . 'wp-admin/edit-form-advanced.php';
     break;
 case 'editattachment':
     check_admin_referer('update-post_' . $post_id);
     // Don't let these be changed
     unset($_POST['guid']);
     $_POST['post_type'] = 'attachment';
     // Update the thumbnail filename
     $newmeta = wp_get_attachment_metadata($post_id, true);
     $newmeta['thumb'] = $_POST['thumb'];
     wp_update_attachment_metadata($post_id, $newmeta);
 case 'editpost':
     check_admin_referer('update-post_' . $post_id);
     $post_id = edit_post();
     // Session cookie flag that the post was saved
     if (isset($_COOKIE['wp-saving-post']) && $_COOKIE['wp-saving-post'] === $post_id . '-check') {
         setcookie('wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl());
     }
     redirect_post($post_id);
     // Send user on their way while we keep working
     exit;
 case 'trash':
     check_admin_referer('trash-post_' . $post_id);
     if (!$post) {
         wp_die(__('The item you are trying to move to the Trash no longer exists.'));
     }
     if (!$post_type_object) {
         wp_die(__('Unknown post type.'));
     }
Exemplo n.º 11
0
/**
 * Save draft or manually autosave for showing preview.
 *
 * @package WordPress
 * @since 2.7
 *
 * @uses wp_write_post()
 * @uses edit_post()
 * @uses get_post()
 * @uses current_user_can()
 * @uses wp_create_post_autosave()
 *
 * @return str URL to redirect to show the preview
 */
function post_preview()
{
    $post_ID = (int) $_POST['post_ID'];
    if ($post_ID < 1) {
        wp_die(__('Preview not available. Please save as a draft first.'));
    }
    if (isset($_POST['catslist'])) {
        $_POST['post_category'] = explode(",", $_POST['catslist']);
    }
    if (isset($_POST['tags_input'])) {
        $_POST['tags_input'] = explode(",", $_POST['tags_input']);
    }
    if ($_POST['post_type'] == 'page' || empty($_POST['post_category'])) {
        unset($_POST['post_category']);
    }
    $_POST['ID'] = $post_ID;
    $post = get_post($post_ID);
    if ('page' == $post->post_type) {
        if (!current_user_can('edit_page', $post_ID)) {
            wp_die(__('You are not allowed to edit this page.'));
        }
    } else {
        if (!current_user_can('edit_post', $post_ID)) {
            wp_die(__('You are not allowed to edit this post.'));
        }
    }
    if ('draft' == $post->post_status) {
        $id = edit_post();
    } else {
        // Non drafts are not overwritten.  The autosave is stored in a special post revision.
        $id = wp_create_post_autosave($post->ID);
        if (!is_wp_error($id)) {
            $id = $post->ID;
        }
    }
    if (is_wp_error($id)) {
        wp_die($id->get_error_message());
    }
    if ($_POST['post_status'] == 'draft') {
        $url = add_query_arg('preview', 'true', get_permalink($id));
    } else {
        $nonce = wp_create_nonce('post_preview_' . $id);
        $url = add_query_arg(array('preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce), get_permalink($id));
    }
    return $url;
}
Exemplo n.º 12
0
 $url = from($_REQUEST, 'url');
 $content = from($_REQUEST, 'content');
 $oldfile = from($_REQUEST, 'oldfile');
 $destination = from($_GET, 'destination');
 $description = from($_REQUEST, 'description');
 $date = from($_REQUEST, 'date');
 $time = from($_REQUEST, 'time');
 $dateTime = null;
 if ($date !== null && $time !== null) {
     $dateTime = $date . ' ' . $time;
 }
 if ($proper && !empty($title) && !empty($tag) && !empty($content)) {
     if (empty($url)) {
         $url = $title;
     }
     edit_post($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $fi, $vid);
 } else {
     $message['error'] = '';
     if (empty($title)) {
         $message['error'] .= '<li>Title field is required.</li>';
     }
     if (empty($tag)) {
         $message['error'] .= '<li>Tag field is required.</li>';
     }
     if (empty($content)) {
         $message['error'] .= '<li>Content field is required.</li>';
     }
     if (!$proper) {
         $message['error'] .= '<li>CSRF Token not correct.</li>';
     }
     config('views.root', 'system/admin/views');
Exemplo n.º 13
0
    $contents = trim($_POST['contents']);
    if (empty($title)) {
        $errors[] = "You need to supply a title.";
    } else {
        if (strlen($title) > 255) {
            $errors[] = "The title cannot be longer than 255 characters.";
        }
    }
    if (empty($contents)) {
        $errors[] = "You need to supply some text.";
    }
    if (!category_exits('id', $_POST['category'])) {
        $errors[] = "The category does not exit.";
    }
    if (empty($errors)) {
        edit_post($_GET['id'], $title, $contents, $_POST['category']);
        Header("Location: index.php?id={$post[0]['post_id']}");
        die;
    }
}
?>

<html>
	<head>
		<style>
		   label{display : block; }
		</style>
		
	    <title>Edit a post</title>
	</head>
	
Exemplo n.º 14
0
$uid = $_SESSION['uid'];
$old_cid = isset($_POST['old_cid']) ? $_POST['old_cid'] : $post['Course_ID'];
$old_week = isset($_POST['old_week']) ? $_POST['old_week'] : $post['Post_Week'];
$old_title = isset($_POST['old_title']) ? $_POST['old_title'] : $post['Post_Title'];
$old_url = isset($_POST['old_url']) ? $_POST['old_url'] : $post['Post_URL'];
$old_body = isset($_POST['old_body']) ? $_POST['old_body'] : $post['Post_Question'];
$old_answer = isset($_POST['old_answer']) ? $_POST['old_answer'] : $post['Post_Answer'];
$cid = isset($_POST['cid']) ? $_POST['cid'] : '';
$week = isset($_POST['week']) ? $_POST['week'] : '';
$title = isset($_POST['title']) ? $_POST['title'] : '';
$url = isset($_POST['url']) ? $_POST['url'] : '';
$body = isset($_POST['body']) ? $_POST['body'] : '';
$answer = isset($_POST['answer']) ? $_POST['answer'] : '';
if (isset($_POST['submit'])) {
    if ($uid == $post['User_ID'] || $_SESSION['rid'] == 1 || $_SESSION['rid'] == 3) {
        edit_post($_POST['pid'], $cid, $week, $title, $url, $body, $answer);
        sleep(1);
        header('location: ' . currentURL() . '?p=question/' . $url);
        print 'Post edited. Click <a href="?p=post">here</a> to view posts';
    } else {
        print 'Not authorized';
    }
}
?>
<link rel="stylesheet" type="text/css" href="markitup/skins/markitup/style.css" />
<link rel="stylesheet" type="text/css" href="markitup/sets/html/style.css" />
<script type="text/javascript" src="js/jquery.js"></script>
<script type="text/javascript" src="markitup/jquery.markitup.js"></script>
<script type="text/javascript" src="markitup/sets/html/set.js"></script>
<script language="javascript">
$(document).ready(function()	{
 /**
  * Default handling for updating content types.  This should be overridden if special handling is needed
  *
  * @param int $post_ID
  * @param array $post_data
  */
 public function update_content($post_ID, $post_data)
 {
     $page_ID = edit_post($post_data);
     $this->redirect_content($page_ID);
 }
Exemplo n.º 16
0
 function savePost()
 {
     /*
     $content = stripslashes($this->post('content'));
     $post_id = $this->post('post_id');
     $post = get_post($post_id);
     // $post_type_object = get_post_type_object($post->post_type);
     $post_status = $this->post('post_status');
     $post_data = array('ID' => $post_id, 'post_content' => $content);
     if($post_status) $post_data['post_status'] =
     if($post_status && $post_status === 'publish') {
         $post_data['post_status'] = !current_user_can( $post_type_object->cap->publish_posts ) ? 'pending' : $post_status;
     }
     if(is_string($this->post('title'))) $post_data['post_title'] = $this->post('title');
     */
     // edit_post($_POST);
     $post_id = $this->post('post_ID');
     check_admin_referer('update-post_' . $post_id);
     $post_id = edit_post();
     // Session cookie flag that the post was saved
     if (isset($_COOKIE['wp-saving-post-' . $post_id])) {
         setcookie('wp-saving-post-' . $post_id, 'saved');
     }
     // Post custom css settings.
     $post_custom_css = $this->post('post_custom_css');
     if (empty($post_custom_css)) {
         delete_post_meta($post_id, '_wpb_post_custom_css');
     } else {
         update_post_meta($post_id, '_wpb_post_custom_css', $post_custom_css);
     }
     echo true;
     die;
 }
Exemplo n.º 17
0
     if (empty($url)) {
         $url = $title;
     }
     edit_quote($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $quote, $revertPost, $publishDraft, $category);
 } else {
     if ($proper && !empty($title) && !empty($tag) && !empty($content) && !empty($audio)) {
         if (empty($url)) {
             $url = $title;
         }
         edit_audio($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $audio, $revertPost, $publishDraft, $category);
     } else {
         if ($proper && !empty($title) && !empty($tag) && !empty($content) && !empty($is_post)) {
             if (empty($url)) {
                 $url = $title;
             }
             edit_post($title, $tag, $url, $content, $oldfile, $destination, $description, $dateTime, $revertPost, $publishDraft, $category);
         } else {
             $message['error'] = '';
             if (empty($title)) {
                 $message['error'] .= '<li>Title field is required.</li>';
             }
             if (empty($tag)) {
                 $message['error'] .= '<li>Tag field is required.</li>';
             }
             if (empty($content)) {
                 $message['error'] .= '<li>Content field is required.</li>';
             }
             if (!$proper) {
                 $message['error'] .= '<li>CSRF Token not correct.</li>';
             }
             if (!empty($is_image)) {
function wp_write_post() {
	global $user_ID;

	if ( 'page' == $_POST['post_type'] ) {
		if ( !current_user_can( 'edit_pages' ) )
			return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) );
	} else {
		if ( !current_user_can( 'edit_posts' ) )
			return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) );
	}


	// Check for autosave collisions
	$temp_id = false;
	if ( isset($_POST['temp_ID']) ) {
		$temp_id = (int) $_POST['temp_ID'];
		if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
			$draft_ids = array();
		foreach ( $draft_ids as $temp => $real )
			if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then )
				unset($draft_ids[$temp]);

		if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write
			$_POST['post_ID'] = $draft_ids[$temp_id];
			unset($_POST['temp_ID']);
			update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
			return edit_post();
		}
	}

	// Rename.
	$_POST['post_content'] = $_POST['content'];
	$_POST['post_excerpt'] = $_POST['excerpt'];
	$_POST['post_parent'] = $_POST['parent_id'];
	$_POST['to_ping'] = $_POST['trackback_url'];

	if (!empty ( $_POST['post_author_override'] ) ) {
		$_POST['post_author'] = (int) $_POST['post_author_override'];
	} else {
		if (!empty ( $_POST['post_author'] ) ) {
			$_POST['post_author'] = (int) $_POST['post_author'];
		} else {
			$_POST['post_author'] = (int) $_POST['user_ID'];
		}

	}

	if ( $_POST['post_author'] != $_POST['user_ID'] ) {
		if ( 'page' == $_POST['post_type'] ) {
			if ( !current_user_can( 'edit_others_pages' ) )
				return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
		} else {
			if ( !current_user_can( 'edit_others_posts' ) )
				return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) );

		}
	}

	// What to do based on which button they pressed
	if ('' != $_POST['saveasdraft'] )
		$_POST['post_status'] = 'draft';
	if ('' != $_POST['saveasprivate'] )
		$_POST['post_status'] = 'private';
	if ('' != $_POST['publish'] )
		$_POST['post_status'] = 'publish';
	if ('' != $_POST['advanced'] )
		$_POST['post_status'] = 'draft';

	if ( 'page' == $_POST['post_type'] ) {
		if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) )
			$_POST['post_status'] = 'draft';
	} else {
		if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) )
			$_POST['post_status'] = 'draft';
	}

	if (!isset( $_POST['comment_status'] ))
		$_POST['comment_status'] = 'closed';

	if (!isset( $_POST['ping_status'] ))
		$_POST['ping_status'] = 'closed';

	if (!empty ( $_POST['edit_date'] ) ) {
		$aa = $_POST['aa'];
		$mm = $_POST['mm'];
		$jj = $_POST['jj'];
		$hh = $_POST['hh'];
		$mn = $_POST['mn'];
		$ss = $_POST['ss'];
		$jj = ($jj > 31 ) ? 31 : $jj;
		$hh = ($hh > 23 ) ? $hh -24 : $hh;
		$mn = ($mn > 59 ) ? $mn -60 : $mn;
		$ss = ($ss > 59 ) ? $ss -60 : $ss;
		$_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
		$_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
	}

	// Create the post.
	$post_ID = wp_insert_post( $_POST );

	add_meta( $post_ID );

	// Reunite any orphaned attachments with their parent
	if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
		$draft_ids = array();
	if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
		relocate_children( $draft_temp_id, $post_ID );
	if ( $temp_id && $temp_id != $draft_temp_id )
		relocate_children( $temp_id, $post_ID );

	// Update autosave collision detection
	if ( $temp_id ) {
		$draft_ids[$temp_id] = $post_ID;
		update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
	}

	// Now that we have an ID we can fix any attachment anchor hrefs
	fix_attachment_links( $post_ID );

	return $post_ID;
}
Exemplo n.º 19
0
 /**
  * @ticket 30615
  */
 public function test_edit_post_should_not_create_terms_for_an_empty_tag_input_field()
 {
     wp_set_current_user(self::$editor_id);
     register_taxonomy('wptests_tax', array('post'));
     self::factory()->term->create(array('taxonomy' => 'wptests_tax', 'name' => 'foo', 'slug' => 'bar'));
     $post_data = array('post_ID' => self::$post_id, 'tax_input' => array('wptests_tax' => ' '));
     edit_post($post_data);
     $found = wp_get_post_terms(self::$post_id, 'wptests_tax');
     $this->assertEmpty($found);
 }
 public function wp_fee_post()
 {
     require_once ABSPATH . '/wp-admin/includes/post.php';
     if (!wp_verify_nonce($_POST['_wpnonce'], 'update-post_' . $_POST['post_ID'])) {
         $this->response(__('You are not allowed to edit this item.'));
     }
     $_POST['post_title'] = strip_tags($_POST['post_title']);
     $post_id = edit_post();
     if (isset($_POST['save']) || isset($_POST['publish'])) {
         $status = get_post_status($post_id);
         if (isset($_POST['publish'])) {
             switch ($status) {
                 case 'pending':
                     $message = 8;
                     break;
                 case 'future':
                     $message = 9;
                     break;
                 default:
                     $message = 6;
             }
         } else {
             $message = 'draft' == $status ? 10 : 1;
         }
         $location = esc_url(add_query_arg('message', $message, $this->edit_link($post_id)));
     } elseif (isset($_POST['addmeta']) && $_POST['addmeta']) {
         $location = esc_url(add_query_arg('message', 2, wp_get_referer()));
         $location = explode('#', $location);
         $location = $location[0] . '#postcustom';
     } elseif (isset($_POST['deletemeta']) && $_POST['deletemeta']) {
         $location = esc_url(add_query_arg('message', 3, wp_get_referer()));
         $location = explode('#', $location);
         $location = $location[0] . '#postcustom';
     } else {
         $location = esc_url(add_query_arg('message', 4, $this->edit_link($post_id)));
     }
     $location = apply_filters('redirect_post_location', $location, $post_id);
     $this->response($location);
 }
	/**
	 * @ticket 30615
	 */
	public function test_edit_post_should_not_create_terms_for_an_empty_tag_input_field() {
		$u = $this->factory->user->create( array( 'role' => 'editor' ) );
		wp_set_current_user( $u );

		register_taxonomy( 'wptests_tax', array( 'post' ) );
		$t1 = $this->factory->term->create( array(
			'taxonomy' => 'wptests_tax',
			'name' => 'foo',
			'slug' => 'bar',
		) );

		$p = $this->factory->post->create();

		$post_data = array(
			'post_ID' => $p,
			'tax_input' => array(
				'wptests_tax' => ' ',
			),
		);

		edit_post( $post_data );

		$found = wp_get_post_terms( $p, 'wptests_tax' );

		$this->assertEmpty( $found );
	}
         $last_user = get_userdata($last);
         $last_user_name = $last_user ? $last_user->display_name : __('Someone');
         $data = new WP_Error('locked', sprintf($_POST['post_type'] == 'page' ? __('Autosave disabled: %s is currently editing this page.') : __('Autosave disabled: %s is currently editing this post.'), wp_specialchars($last_user_name)));
         $supplemental['disable_autosave'] = 'disable';
     }
     if ('page' == $post->post_type) {
         if (!current_user_can('edit_page', $post_ID)) {
             die(__('You are not allowed to edit this page.'));
         }
     } else {
         if (!current_user_can('edit_post', $post_ID)) {
             die(__('You are not allowed to edit this post.'));
         }
     }
     if ($do_autosave) {
         $id = edit_post();
         $data = $message;
     } else {
         $id = $post->ID;
     }
 }
 if ($do_lock && $id && is_numeric($id)) {
     wp_set_post_lock($id);
 }
 if ($nonce_age == 2) {
     $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
     $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
     $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
     $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
     if ($id) {
         if ($_POST['post_type'] == 'post') {
Exemplo n.º 23
0
/**
 * Save draft or manually autosave for showing preview.
 *
 * @package WordPress
 * @since 2.7.0
 *
 * @uses get_post_status()
 * @uses edit_post()
 * @uses get_post()
 * @uses current_user_can()
 * @uses wp_die()
 * @uses wp_create_post_autosave()
 * @uses add_query_arg()
 * @uses wp_create_nonce()
 *
 * @return str URL to redirect to show the preview
 */
function post_preview()
{
    $post_ID = (int) $_POST['post_ID'];
    $status = get_post_status($post_ID);
    if ('auto-draft' == $status) {
        wp_die(__('Preview not available. Please save as a draft first.'));
    }
    if (isset($_POST['catslist'])) {
        $_POST['post_category'] = explode(",", $_POST['catslist']);
    }
    if (isset($_POST['tags_input'])) {
        $_POST['tags_input'] = explode(",", $_POST['tags_input']);
    }
    if ($_POST['post_type'] == 'page' || empty($_POST['post_category'])) {
        unset($_POST['post_category']);
    }
    $_POST['ID'] = $post_ID;
    $post = get_post($post_ID);
    if ('page' == $post->post_type) {
        if (!current_user_can('edit_page', $post_ID)) {
            wp_die(__('You are not allowed to edit this page.'));
        }
    } else {
        if (!current_user_can('edit_post', $post_ID)) {
            wp_die(__('You are not allowed to edit this post.'));
        }
    }
    $user_id = get_current_user_id();
    $locked = wp_check_post_lock($post->ID);
    if (!$locked && 'draft' == $post->post_status && $user_id == $post->post_author) {
        $id = edit_post();
    } else {
        // Non drafts are not overwritten. The autosave is stored in a special post revision.
        $id = wp_create_post_autosave($post->ID);
        if (!is_wp_error($id)) {
            $id = $post->ID;
        }
    }
    if (is_wp_error($id)) {
        wp_die($id->get_error_message());
    }
    if (!$locked && $_POST['post_status'] == 'draft' && $user_id == $post->post_author) {
        $url = add_query_arg('preview', 'true', get_permalink($id));
    } else {
        $nonce = wp_create_nonce('post_preview_' . $id);
        $args = array('preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce);
        if (isset($_POST['post_format'])) {
            $args['post_format'] = empty($_POST['post_format']) ? 'standard' : sanitize_key($_POST['post_format']);
        }
        $url = add_query_arg($args, get_permalink($id));
    }
    return apply_filters('preview_post_link', $url);
}
Exemplo n.º 24
0
	/**
	 * If the `edit_post()` method is invoked by a user without publish_posts permission, the sticky status of the post
	 * should not be changed.
	 *
	 * @ticket 24153
	 */
	function test_user_without_publish_cannot_affect_sticky_with_edit_post() {
		// Create a sticky post.
		$post = $this->factory->post->create_and_get( array(
			'post_title'   => 'Will be changed',
			'post_content' => 'Will be changed',
		) );
		stick_post( $post->ID );

		// Sanity Check.
		$this->assertTrue( is_sticky( $post->ID ) );

		// Create a role with edit_others_posts.
		add_role( 'grammarian', 'Grammarian', array(
			'read'                 => true,
			'edit_posts'           => true,
			'edit_others_posts'    => true,
			'edit_published_posts' => true,
		) );
		$editor_user = $this->factory->user->create( array( 'role' => 'grammarian' ) );
		$old_uid = get_current_user_id();
		wp_set_current_user( $editor_user );

		// Sanity Check.
		$this->assertFalse( current_user_can( 'publish_posts' ) );
		$this->assertTrue( current_user_can( 'edit_others_posts' ) );
		$this->assertTrue( current_user_can( 'edit_published_posts' ) );

		// Edit the post - The key 'sticky' is intentionally unset.
		$data = array(
			'post_ID'      => $post->ID,
			'post_title'   => 'Updated',
			'post_content' => 'Updated',
		);
		edit_post( $data );

		// Make sure it's still sticky
		$saved_post = get_post( $post->ID );
		$this->assertTrue( is_sticky( $saved_post->ID ) );
		$this->assertEquals( 'Updated', $saved_post->post_title );
		$this->assertEquals( 'Updated', $saved_post->post_content );

		// Teardown
		wp_set_current_user( $old_uid );
	}
Exemplo n.º 25
0
     include 'edit-page-form.php';
     break;
 case 'editattachment':
     $page_id = $post_ID = (int) $_POST['post_ID'];
     check_admin_referer('update-attachment_' . $page_id);
     // Don't let these be changed
     unset($_POST['guid']);
     $_POST['post_type'] = 'attachment';
     // Update the thumbnail filename
     $newmeta = wp_get_attachment_metadata($page_id, true);
     $newmeta['thumb'] = $_POST['thumb'];
     wp_update_attachment_metadata($newmeta);
 case 'editpost':
     $page_ID = (int) $_POST['post_ID'];
     check_admin_referer('update-page_' . $page_ID);
     $page_ID = edit_post();
     redirect_page($page_ID);
     exit;
     break;
 case 'delete':
     $page_id = isset($_GET['post']) ? intval($_GET['post']) : intval($_POST['post_ID']);
     check_admin_referer('delete-page_' . $page_id);
     $page =& get_post($page_id);
     if (!current_user_can('delete_page', $page_id)) {
         wp_die(__('You are not allowed to delete this page.'));
     }
     if ($page->post_type == 'attachment') {
         if (!wp_delete_attachment($page_id)) {
             wp_die(__('Error in deleting...'));
         }
     } else {
Exemplo n.º 26
0
function wp_write_post()
{
    global $user_ID;
    if ('page' == $_POST['post_type']) {
        if (!current_user_can('edit_pages')) {
            return new WP_Error('edit_pages', __('You are not allowed to create pages on this blog.'));
        }
    } else {
        if (!current_user_can('edit_posts')) {
            return new WP_Error('edit_posts', __('You are not allowed to create posts or drafts on this blog.'));
        }
    }
    // Check for autosave collisions
    $temp_id = false;
    if (isset($_POST['temp_ID'])) {
        $temp_id = (int) $_POST['temp_ID'];
        if (!($draft_ids = get_user_option('autosave_draft_ids'))) {
            $draft_ids = array();
        }
        foreach ($draft_ids as $temp => $real) {
            if (time() + $temp > 86400) {
                // 1 day: $temp is equal to -1 * time( then )
                unset($draft_ids[$temp]);
            }
        }
        if (isset($draft_ids[$temp_id])) {
            // Edit, don't write
            $_POST['post_ID'] = $draft_ids[$temp_id];
            unset($_POST['temp_ID']);
            update_user_option($user_ID, 'autosave_draft_ids', $draft_ids);
            return edit_post();
        }
    }
    $translated = _wp_translate_postdata(false);
    if (is_wp_error($translated)) {
        return $translated;
    }
    // Create the post.
    $post_ID = wp_insert_post($_POST);
    if (is_wp_error($post_ID)) {
        return $post_ID;
    }
    if (empty($post_ID)) {
        return 0;
    }
    add_meta($post_ID);
    // Reunite any orphaned attachments with their parent
    if (!($draft_ids = get_user_option('autosave_draft_ids'))) {
        $draft_ids = array();
    }
    if ($draft_temp_id = (int) array_search($post_ID, $draft_ids)) {
        _relocate_children($draft_temp_id, $post_ID);
    }
    if ($temp_id && $temp_id != $draft_temp_id) {
        _relocate_children($temp_id, $post_ID);
    }
    // Update autosave collision detection
    if ($temp_id) {
        $draft_ids[$temp_id] = $post_ID;
        update_user_option($user_ID, 'autosave_draft_ids', $draft_ids);
    }
    // Now that we have an ID we can fix any attachment anchor hrefs
    _fix_attachment_links($post_ID);
    wp_set_post_lock($post_ID, $GLOBALS['current_user']->ID);
    return $post_ID;
}
Exemplo n.º 27
0
	$_POST['post_status'] = 'attachment';

	// Update the thumbnail filename
	$oldmeta = $newmeta = get_post_meta($post_id, '_wp_attachment_metadata', true);
	$newmeta['thumb'] = $_POST['thumb'];

	if ( '' !== $oldmeta )
		update_post_meta($post_id, '_wp_attachment_metadata', $newmeta, $oldmeta);
	else
		add_post_meta($post_id, '_wp_attachment_metadata', $newmeta);

case 'editpost':
	$post_ID = (int) $_POST['post_ID'];
	check_admin_referer('update-post_' . $post_ID);
	
	$post_ID = edit_post();

	$referredby = '';
	if ( !empty($_POST['referredby']) )
		$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
	$referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
	
	if ($_POST['save']) {
		$location = wp_get_referer();
	} elseif ($_POST['updatemeta']) {
		$location = wp_get_referer() . '&message=2#postcustom';
	} elseif ($_POST['deletemeta']) {
		$location = wp_get_referer() . '&message=3#postcustom';
	} elseif (!empty($referredby) && $referredby != $referer) {
		$location = $_POST['referredby'];
		if ( $_POST['referredby'] == 'redo' )
Exemplo n.º 28
0
	/**
	 * @ticket 21212
	 */
	function test_utf8mb3_post_saves_with_emoji() {
		global $wpdb;
		$_wpdb = new wpdb_exposed_methods_for_testing();

		if ( 'utf8' !== $_wpdb->get_col_charset( $wpdb->posts, 'post_title' ) ) {
			$this->markTestSkipped( 'This test is only useful with the utf8 character set' );
		}

		require_once( ABSPATH . '/wp-admin/includes/post.php' );

		$post_id = $this->factory->post->create();

		$data = array(
			'post_ID'      => $post_id,
			'post_title'   => "foo\xf0\x9f\x98\x88bar",
			'post_content' => "foo\xf0\x9f\x98\x8ebaz",
			'post_excerpt' => "foo\xf0\x9f\x98\x90bat"
		);

		$expected = array(
			'post_title'   => "foobar",
			'post_content' => "foobaz",
			'post_excerpt' => "foobat"
		);

		edit_post( $data );

		$post = get_post( $post_id );

		foreach( $expected as $field => $value ) {
			$this->assertEquals( $post->$field, $value );
		}
	}
Exemplo n.º 29
0
/**
 * Ajax handler for saving posts from the fullscreen editor.
 *
 * @since 3.1.0
 * @deprecated 4.3.0
 */
function wp_ajax_wp_fullscreen_save_post()
{
    $post_id = isset($_POST['post_ID']) ? (int) $_POST['post_ID'] : 0;
    $post = null;
    if ($post_id) {
        $post = get_post($post_id);
    }
    check_ajax_referer('update-post_' . $post_id, '_wpnonce');
    $post_id = edit_post();
    if (is_wp_error($post_id)) {
        wp_send_json_error();
    }
    if ($post) {
        $last_date = mysql2date(get_option('date_format'), $post->post_modified);
        $last_time = mysql2date(get_option('time_format'), $post->post_modified);
    } else {
        $last_date = date_i18n(get_option('date_format'));
        $last_time = date_i18n(get_option('time_format'));
    }
    if ($last_id = get_post_meta($post_id, '_edit_last', true)) {
        $last_user = get_userdata($last_id);
        $last_edited = sprintf(__('Last edited by %1$s on %2$s at %3$s'), esc_html($last_user->display_name), $last_date, $last_time);
    } else {
        $last_edited = sprintf(__('Last edited on %1$s at %2$s'), $last_date, $last_time);
    }
    wp_send_json_success(array('last_edited' => $last_edited));
}
    public function tools_handler()
    {
        $posts= array();
        if ($_POST['submit'] == __('Retag all posts', 'auto-tag')) {
            $args = array(
                'post_type' => 'post',
                'post_status' => 'publish',
            );

            $posts = get_posts($args);

        }elseif ($_POST['submit'] == __('Retag all pages', 'auto-tag')) {
            $args = array(
                'post_type' => 'page',
                'post_status' => 'publish',
            );

            $posts = get_posts($args);
        }

        echo '<ul>';

        foreach($posts as $p) {
            $post = (array) $p;
            $post['post_ID'] = $p->ID;
            $post['action'] = 'save';
            edit_post($post);

            echo '<li>'.sprintf(__('Post <b>%s</b> re-tagged', 'auto-tag'), $p->post_title).'</li>';

            flush();

        }
        echo '</ul>';

    }