private function edit_comment($comment_ID, $comment_post_ID) { if (!current_user_can('edit_post', $comment_post_ID)) { $this->base->ks_die(__('You are not allowed to edit comments on this post, so you cannot edit this comment.')); } $charset = ks_detect_encoding(); if (!$this->base->get('encoding_converted')) { foreach (array('newcomment_author', 'content') as $f) { $_POST[$f] = $this->base->decode_from_ktai($_POST[$f], $charset); } } $comment_data = array(); $comment_data['comment_author'] = trim(strip_tags($_POST['newcomment_author'])); $comment_data['comment_author_email'] = trim(strip_tags($_POST['newcomment_author_email'])); $comment_data['comment_author_url'] = trim(strip_tags($_POST['newcomment_author_url'])); $comment_data['comment_approved'] = trim(strip_tags($_POST['comment_status'])); $comment_data['comment_content'] = trim($_POST['content']); $comment_data['comment_ID'] = intval($_POST['comment_ID']); wp_update_comment($comment_data); }
public function edit_post($post_ID, $post_type = 'post') { global $current_user; if (!$post_ID) { $this->base->ks_die(__("You attempted to edit a post that doesn't exist. Perhaps it was deleted?")); exit; } elseif ('page' == $post_type) { if (!current_user_can('edit_page', $post_ID)) { $this->base->ks_die(__('You are not allowed to edit this page.')); exit; } } elseif (!current_user_can('edit_post', $post_ID)) { $this->base->ks_die(__('You are not allowed to edit this post.')); exit; } $charset = ks_detect_encoding(); if (!$this->base->get('encoding_converted')) { foreach (array('post_title', 'post_name', 'content', 'tags_input') as $f) { $_POST[$f] = $this->base->decode_from_ktai($_POST[$f], $charset); } } $post = wp_get_single_post($post_ID, ARRAY_A); $post_data =& $_POST; $post_data['ID'] = intval($post_ID); if (!isset($post_data['post_type'])) { $post_data['post_type'] = $post_type; } $post_data['post_title'] = trim(strip_tags($post_data['post_title'])); $post_data['post_name'] = trim(strip_tags($post_data['post_name'])); $post_data['post_content'] = trim($post_data['content']); $post_data['tags_input'] = trim(strip_tags($post_data['tags_input'])); $post_data['post_parent'] = isset($post_data['parent_id']) ? intval($post_data['parent_id']) : ''; if ($post['post_author'] != $current_user->ID) { if ('page' == $post_type) { if (!current_user_can('edit_others_pages')) { $this->base->ks_die(__('You are not allowed to edit pages as this user.')); } } elseif (!current_user_can('edit_others_posts')) { $this->base->ks_die(__('You are not allowed to edit posts as this user.')); } } if (isset($post_data['post_cats'])) { $post_data['post_category'] = array_map('intval', explode(',', $post_data['post_cats'])); } if (!isset($post_data['comment_status'])) { $post_data['comment_status'] = 'closed'; } if (!isset($post_data['ping_status'])) { $post_data['ping_status'] = 'closed'; } // What to do based on which button they pressed if (isset($post_data['publish']) && '' != $post_data['publish']) { $post_data['post_status'] = 'publish'; if (empty($post_data['post_name'])) { $post_data['post_name'] = $post->post_name ? $post->post_name : $this->create_post_name($post_type, $post_data['post_title']); } } $previous_status = get_post_field('post_status', isset($post_data['ID']) ? $post_data['ID'] : $post_data['temp_ID']); if ('page' == $post_type) { $publish_cap = 'publish_pages'; $edit_cap = 'edit_published_pages'; } else { $publish_cap = 'publish_posts'; $edit_cap = 'edit_published_posts'; } if (isset($post_data['post_status']) && ('publish' == $post_data['post_status'] && !current_user_can($publish_cap))) { if ($previous_status != 'publish' || !current_user_can($edit_cap)) { $post_data['post_status'] = 'pending'; } } if (!isset($post_data['post_status'])) { $post_data['post_status'] = $previous_status; } if (isset($post_data['visibility']) && 'private' == $post_data['visibility']) { $post_data['post_status'] = 'private'; $post_data['post_password'] = ''; unset($post_data['sticky']); } wp_update_post($post_data); return intval($post_ID); }
private function select_cats() { global $title, $post_ID, $parent_file; $parent_file = 'edit.php'; if ($_POST['originalaction'] == 'editpost') { $post_ID = (int) $_POST['post_ID']; if ($post_ID < 1) { $this->base->ks_die(__("You attempted to edit a post that doesn't exist. Perhaps it was deleted?")); } check_admin_referer('update-post_' . $post_ID); } else { $post_ID = 0; check_admin_referer('add-post'); } foreach (array('post_ID', 'post_cats', 'originalaction', 'referredby', '_wp_original_http_referer') as $k) { if (isset($_POST[$k])) { $this->admin->set_data($k, $_POST[$k]); } } $charset = ks_detect_encoding(); $this->admin->set_data('post_title', ks_mb_get_form('post_title', $charset)); $this->admin->set_data('post_name', ks_mb_get_form('post_name', $charset)); $this->admin->set_data('post_content', ks_mb_get_form('content', $charset)); $this->admin->set_data('tags_input', ks_mb_get_form('tags_input', $charset)); $title = __('Select Category', 'ktai_style'); include dirname(__FILE__) . '/admin-header.php'; ?> <form action="post.php" method="post"> <input type="hidden" name="action" value="changecats" /> <?php $this->admin->sid_field(); wp_nonce_field('change-cats_' . $post_ID, "_wpnonce", false); $this->category_checklist(array_map('intval', explode(',', $_POST['post_cats']))); ?> <input type="submit" name="cancel" value="<?php _e('Cancel'); ?> " /> <input type="submit" value="<?php _e('Set Category', 'ktai_style'); ?> " /> </form> <?php include dirname(__FILE__) . '/admin-footer.php'; }
function ks_mb_get_form($key, $charset = NULL) { if (!isset($_POST[$key])) { return NULL; } global $Ktai_Style; $value = $_POST[$key]; if (function_exists('mb_convert_encoding') && !$Ktai_Style->get('encoding_converted')) { $charset = $charset ? $charset : ks_detect_encoding(); $value = $Ktai_Style->decode_from_ktai($value, $charset); } return stripslashes($value); }