function anno_popup_images_iframe_html()
{
$errors = array();
if (isset($_POST['html-upload']) && !empty($_FILES)) {
check_admin_referer('media-form');
// Upload File button was clicked
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
unset($_FILES);
if (is_wp_error($id)) {
$errors['upload_error'] = $id;
$id = false;
}
}
global $tab;
$post_id = anno_get_post_id();
$attachments = get_posts(array('post_type' => 'attachment', 'posts_per_page' => -1, 'post_parent' => $post_id, 'post_mime_type' => 'image', 'order' => 'ASC'));
?>
<body id="anno-popup-images">
<div id="anno-popup-images-inside" class="anno-mce-popup">
<div class="anno-mce-popup-fields">
<?php
if (!empty($id)) {
if (is_wp_error($id)) {
echo '<div id="media-upload-error">' . esc_html($id->get_error_message()) . '</div>';
exit;
}
}
?>
<table class="anno-images">
<thead>
<tr>
<th scope="col" class="img-list-img"></th>
<th scope="col" class="img-list-title"></th>
<th scope="col" class="img-list-actions"></th>
</tr>
</thead>
<tbody id="media-items">
<?php
foreach ($attachments as $attachment_key => $attachment) {
anno_popup_images_row_display($attachment);
anno_popup_images_row_edit($attachment);
}
?>
</tbody>
</table>
<?php
anno_upload_form();
?>
</div>
</body>
<?php
}
/**
* Draft state markup for major actions.
*/
function annowf_major_action_draft_markup()
{
global $anno_post_save;
$post_id = anno_get_post_id();
if (anno_user_can('trash_post')) {
$wrap_class = '';
?>
<div id="delete-action">
<a class="submitdelete deletion" href="<?php
echo get_delete_post_link($post_id);
?>
"><?php
_ex('Move To Trash', 'Publishing box trash action link text', 'anno');
?>
</a>
</div>
<?php
} else {
$wrap_class = ' class="center-wrap"';
}
?>
<div id="publishing-action"<?php
echo $wrap_class;
?>
>
<img src="<?php
echo esc_url(admin_url('images/wpspin_light.gif'));
?>
" class="ajax-loading" id="ajax-loading" alt="" />
<input name="original_publish" type="hidden" id="original_publish" value="<?php
esc_attr_e($anno_post_save['review']);
?>
" />
<?php
submit_button($anno_post_save['review'], 'primary', 'publish', false, array('tabindex' => '5', 'accesskey' => 'p'));
?>
</div>
<div class="clear"></div>
<?php
}
/**
* Utility function to convert our HTML into XML
* By default, this doesn't do anything by itself, but it runs the
* 'anno_to_xml' action to allow various actions to change
* small specific portions of the HTML
*
* @see anno_xml_to_html_replace_bold() for simple example on usage
*
* @param string $xml_content
* @return void
*/
function anno_to_xml($html_content)
{
$post_id = anno_get_post_id();
if (strpos($html_content, 'data-xmlel') === false) {
# Already an XML document (or at least not an editable-HTML translation of an XML document)
return $html_content;
}
// Load the XML source
$xml = new DOMDocument();
$xml->loadXML('<div data-xmlel="textorum">' . $html_content . '</div>');
$xsl = new DOMDocument();
$xsl->load(trailingslashit(get_template_directory()) . 'js/textorum/dist/textorum/xsl/cke2xml.xsl');
// Configure the transformer
$proc = new XSLTProcessor();
$proc->importStyleSheet($xsl);
// attach the xsl rules
$content = $proc->transformToXML($xml);
$content = preg_replace('/^.*?<textorum>/ms', '', $content);
$content = preg_replace('/<\\/textorum>.*?$/ms', '', $content);
return $content;
// Strip out Textorum's DOCTYPE declaration
$html_content = preg_replace("/^<!DOCTYPE[^>]*?>/", "", $html_content);
return $html_content;
// Load our phpQuery document up, so filters should be able to use the pq() function to access its elements
phpQuery::newDocument($html_content);
// Let our various actions alter the document into XML
do_action('anno_to_xml', $html_content);
$imported = get_post_meta($post_id, '_anno_knol_import', true);
if ($imported) {
do_action('anno_to_xml_imported', $html_content);
}
// Return the newly formed HTML
return phpQuery::getDocument()->__toString();
}
/**
* Admin request handler. Handles backend permission enforcement, cloning.
*/
function annowf_admin_request_handler()
{
global $anno_post_save, $post;
// Cloning. This must come before the enforcing of capabilities below.
if (isset($_POST['publish']) && $_POST['publish'] == $anno_post_save['clone']) {
$post_id = anno_get_post_id();
if (!anno_user_can('clone_post') || annowf_has_clone($post_id)) {
wp_die(_x('You are not allowed to clone this post.', 'Cloned article error message', 'anno'));
}
$new_id = annowf_clone_post($post_id);
if (!empty($new_id)) {
$url = add_query_arg('message', 11, get_edit_post_link($new_id, 'url'));
} else {
$url = add_query_arg('message', 12, get_edit_post_link($post_id, 'url'));
}
wp_redirect($url);
die;
}
// Enforce Capabilities on the backend. Determine the action, and its relevant annotum capability
if (isset($_POST['action'])) {
$wp_action = $_POST['action'];
} else {
if (isset($_GET['action'])) {
$wp_action = $_GET['action'];
}
}
if (isset($_POST['deletepost'])) {
$wp_action = 'delete';
}
if (isset($_POST['post_type'])) {
$post_type = $_POST['post_type'];
} else {
if (isset($_GET['post_type'])) {
$post_type = $_GET['post_type'];
} else {
if (isset($_GET['revision'])) {
// We only get revision when restoring a given revision
$rev_id = $_GET['revision'];
$rev = get_post($rev_id);
if (isset($rev->post_parent)) {
$post = get_post($rev->post_parent);
if (isset($post->post_type)) {
$post_type = $post->post_type;
}
}
} else {
$post = get_post(anno_get_post_id());
if (isset($post->post_type)) {
$post_type = $post->post_type;
}
}
}
}
if (!empty($wp_action) && !empty($post_type) && $post_type == 'article') {
switch ($wp_action) {
case 'postajaxpost':
case 'post':
case 'post-quickpress-publish':
case 'post-quickpress-save':
$anno_cap = 'edit_post';
break;
// Creation, editing, restoring from revision
// Creation, editing, restoring from revision
case 'editpost':
case 'editattachment':
case 'autosave':
case 'restore':
case 'inline-save':
$anno_cap = 'edit_post';
break;
// For Viewing post-edit screen
// For Viewing post-edit screen
case 'edit':
$anno_cap = 'view_post';
break;
case 'trash':
case 'untrash':
$anno_cap = 'trash_post';
break;
case 'delete':
$anno_cap = 'admin';
break;
default:
break;
}
if (!empty($anno_cap) && !anno_user_can($anno_cap)) {
add_filter('user_has_cap', 'annowf_user_has_cap_filter');
}
}
}
function anno_upload_form($type = 'image', $errors = null, $id = null)
{
$post_id = anno_get_post_id();
$form_action_url = admin_url("?type={$type}&tab=type&post_id={$post_id}&anno_action=image_popup");
?>
<form enctype="multipart/form-data" method="post" action="<?php
echo esc_attr($form_action_url);
?>
" class="media-upload-form type-form validate" id="<?php
echo $type;
?>
-form">
<?php
submit_button('', 'hidden', 'save', false);
?>
<input type="hidden" name="post_id" id="post_id" value="<?php
echo (int) $post_id;
?>
" />
<?php
wp_nonce_field('media-form');
?>
<?php
anno_media_upload_form($errors);
?>
<script type="text/javascript">
//<![CDATA[
jQuery(function($){
var preloaded = $(".media-item.preloaded");
if ( preloaded.length > 0 ) {
preloaded.each(function(){annoPrepareMediaItem({id:this.id.replace(/[^0-9]/g, '')},'');});
}
updateMediaForm();
});
//]]>
</script>
</form>
<?php
}
/**
* Utility function to convert our HTML into XML
* By default, this doesn't do anything by itself, but it runs the
* 'anno_to_xml' action to allow various actions to change
* small specific portions of the HTML
*
* @see anno_xml_to_html_replace_bold() for simple example on usage
*
* @param string $xml_content
* @return void
*/
function anno_to_xml($html_content)
{
$post_id = anno_get_post_id();
// Load our phpQuery document up, so filters should be able to use the pq() function to access its elements
phpQuery::newDocument($html_content);
// Let our various actions alter the document into XML
do_action('anno_to_xml', $html_content);
$imported = get_post_meta($post_id, '_anno_knol_import', true);
if ($imported) {
do_action('anno_to_xml_imported', $html_content);
}
// Return the newly formed HTML
return phpQuery::getDocument()->__toString();
}
/**
* Opening HTML tags with HTML5 Boilerplate-style conditional comments
*/
function anno_open_html()
{
$post_id = anno_get_post_id();
$template = Anno_Keeper::retrieve('template');
$template->render_open_html($post_id);
}
/**
* Determines whether or not a user has the given abilities for a given post
*
* @param string $cap The capability to check
* @param int $user_id The user id to check for a capability. Defaults to current user (global)
* @param int $post_id The ID of the post to check Defaults to current post (global)
* @param int $comment_id the ID of the comment to check
* @return bool True if user has the given capability for the given post
*/
function anno_user_can($cap, $user_id = null, $post_id = null, $comment_id = null)
{
if (is_null($user_id)) {
$current_user = wp_get_current_user();
$user_id = $current_user->ID;
}
if (is_null($post_id)) {
$post_id = anno_get_post_id();
}
if (!empty($_GET['revision'])) {
$revision = get_post($_GET['revision']);
$post_id = $revision->post_parent;
}
$post_state = annowf_get_post_state($post_id);
$user_role = anno_role($user_id, $post_id);
// Number of times this item has gone back to draft state.
$post_round = get_post_meta($post_id, '_round', true);
// WP role names
$admin = 'administrator';
$editor = 'editor';
switch ($cap) {
case 'administrator':
case 'admin':
if ($user_role == $admin) {
return true;
}
break;
case 'editor':
case 'view_audit':
if (in_array($user_role, array($admin, $editor))) {
return true;
}
break;
case 'trash_post':
// Draft state, author or editor+
if (in_array($user_role, array($admin, $editor))) {
return true;
} else {
if ($post_round < 1 && $post_state == 'draft' && $user_role == 'author') {
return true;
}
}
break;
case 'view_post':
// Published post state, or user is associated with the post
if ($post_state == 'published' || $user_role) {
return true;
}
break;
case 'edit_slug':
if ($user_role == $admin) {
return true;
}
if ($user_role == $editor && $post_state == 'draft') {
return true;
}
break;
case 'edit_post':
global $pagenow;
// Allow edits for things such as typos (in any state)
if ($user_role == $admin) {
return true;
} else {
if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) {
return true;
} else {
if (($user_role == 'author' || $user_role == 'co-author') && $post_state == 'draft') {
return true;
} else {
if ($pagenow == 'post-new.php') {
return true;
}
}
}
}
break;
case 'leave_review':
// Only reviewers, and in_review state
$reviewers = anno_get_reviewers($post_id);
if (in_array($user_id, $reviewers) && $post_state == 'in_review') {
return true;
}
break;
case 'edit_comment':
$comment = get_comment($comment_id);
if ($user_role && in_array($user_role, array($editor, $admin)) || $user_id == $comment->user_id) {
return true;
}
break;
case 'add_general_comment':
// Anyone who isn't a reviewer, attached to the post and not in published state
if ($user_role && $user_role != 'reviewer') {
return true;
}
break;
case 'view_general_comment':
case 'view_general_comments':
if ($user_role) {
return true;
}
break;
case 'add_review_comment':
// if user is reviewer or editor+ and state is in review
if ($user_role && !in_array($user_role, array('author', 'co-author')) && $post_state == 'in_review') {
return true;
}
break;
case 'manage_co_authors':
if ($user_role == $admin) {
return true;
} else {
if ($user_role == $editor && $post_state && !in_array($post_state, array('published', 'rejected'))) {
return true;
} else {
if ($user_role == 'author' && $post_state == 'draft') {
return true;
}
}
}
break;
case 'manage_public_comments':
if (in_array($user_role, array($admin, $editor))) {
return true;
}
break;
case 'view_review_comment':
// if user is or editor+
if (in_array($user_role, array($admin, $editor))) {
return true;
}
// if user is reviewer and comment author = reviewer
$comment = anno_internal_comments_get_comment_root($comment_id);
if ($user_role == 'reviewer' && $comment && $comment->user_id == $user_id) {
return true;
}
break;
case 'view_reviewers':
case 'view_review_comments':
//Reviewer or editor+
if ($user_role && !in_array($user_role, array('author', 'co-author'))) {
return true;
} else {
if ($user_role == 'author' && anno_workflow_enabled('author_reviewer')) {
return true;
}
}
break;
case 'manage_reviewers':
// if in review state and user is editor+
if (in_array($user_role, array($admin, $editor)) && in_array($post_state, array('submitted', 'in_review'))) {
return true;
}
break;
case 'alter_post_state':
switch ($post_state) {
case 'draft':
// If not reviewer, and in draft state
if ($user_role && !in_array($user_role, array('reviewer', 'co-author')) && $post_state == 'draft') {
return true;
}
break;
case 'submitted':
case 'in_review':
// Revert to draft
// Revert to draft
case 'rejected':
// Must be an editor+
if (in_array($user_role, array($admin, $editor))) {
return true;
}
break;
// Must be a part of the publishing staff
// Must be a part of the publishing staff
case 'approved':
if ($user_role == $admin) {
return true;
}
break;
case 'published':
// No one can change a published article's status
return false;
break;
default:
break;
}
break;
case 'clone_post':
// Anyone can clone the post when its published
if ($post_state == 'published' || $post_state == 'rejected') {
return true;
}
break;
case 'select_author':
if ($user_role == $admin) {
return true;
} else {
if ($user_role == $editor && !in_array($post_state, array('published', 'rejected'))) {
return true;
} else {
if ($user_role == 'author' && $post_state == 'draft') {
return true;
}
}
}
default:
break;
}
// if we haven't returned, assume false
return false;
}
