function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if (!current_user_can('edit_post', $post_ID)) { die(__('You are not allowed to edit this post.')); } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty($_POST['post_author_override'])) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else { if (!empty($_POST['post_author'])) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } } if ($_POST['post_author'] != $_POST['user_ID'] && !current_user_can('edit_others_posts')) { die(__('You cannot post as this user.')); } // What to do based on which button they pressed if ('' != $_POST['saveasdraft']) { $_POST['post_status'] = 'draft'; } if ('' != $_POST['saveasprivate']) { $_POST['post_status'] = 'private'; } if ('' != $_POST['publish']) { $_POST['post_status'] = 'publish'; } if ('' != $_POST['advanced']) { $_POST['post_status'] = 'draft'; } if ('' != $_POST['savepage']) { $_POST['post_status'] = 'static'; } if ('publish' == $_POST['post_status'] && !current_user_can('publish_posts')) { $_POST['post_status'] = 'draft'; } if ('static' == $_POST['post_status'] && !current_user_can('edit_pages')) { die(__('This user cannot edit pages.')); } if (!isset($_POST['comment_status'])) { $_POST['comment_status'] = 'closed'; } if (!isset($_POST['ping_status'])) { $_POST['ping_status'] = 'closed'; } if (!empty($_POST['edit_date'])) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = $jj > 31 ? 31 : $jj; $hh = $hh > 23 ? $hh - 24 : $hh; $mn = $mn > 59 ? $mn - 60 : $mn; $ss = $ss > 59 ? $ss - 60 : $ss; $_POST['post_date'] = "{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"; $_POST['post_date_gmt'] = get_gmt_from_date("{$aa}-{$mm}-{$jj} {$hh}:{$mn}:{$ss}"); } // Meta Stuff if ($_POST['meta']) { foreach ($_POST['meta'] as $key => $value) { update_meta($key, $value['key'], $value['value']); } } if ($_POST['deletemeta']) { foreach ($_POST['deletemeta'] as $key => $value) { delete_meta($key); } } add_meta($post_ID); wp_update_post($_POST); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links($post_ID); return $post_ID; }
function edit_post() { global $user_ID; $post_ID = (int) $_POST['post_ID']; if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_page', $post_ID ) ) wp_die( __('You are not allowed to edit this page.' )); } else { if ( !current_user_can( 'edit_post', $post_ID ) ) wp_die( __('You are not allowed to edit this post.' )); } // Autosave shouldn't save too soon after a real save if ( 'autosave' == $_POST['action'] ) { $post =& get_post( $post_ID ); $now = time(); $then = strtotime($post->post_date_gmt . ' +0000'); // Keep autosave_interval in sync with autosave-js.php. $delta = apply_filters( 'autosave_interval', 120 ) / 2; if ( ($now - $then) < $delta ) return $post_ID; } // Rename. $_POST['ID'] = (int) $_POST['post_ID']; $_POST['post_content'] = $_POST['content']; $_POST['post_excerpt'] = $_POST['excerpt']; $_POST['post_parent'] = $_POST['parent_id']; $_POST['to_ping'] = $_POST['trackback_url']; if (!empty ( $_POST['post_author_override'] ) ) { $_POST['post_author'] = (int) $_POST['post_author_override']; } else if (!empty ( $_POST['post_author'] ) ) { $_POST['post_author'] = (int) $_POST['post_author']; } else { $_POST['post_author'] = (int) $_POST['user_ID']; } if ( $_POST['post_author'] != $_POST['user_ID'] ) { if ( 'page' == $_POST['post_type'] ) { if ( !current_user_can( 'edit_others_pages' ) ) wp_die( __('You are not allowed to edit pages as this user.' )); } else { if ( !current_user_can( 'edit_others_posts' ) ) wp_die( __('You are not allowed to edit posts as this user.' )); } } // What to do based on which button they pressed if ('' != $_POST['saveasdraft'] ) $_POST['post_status'] = 'draft'; if ('' != $_POST['saveasprivate'] ) $_POST['post_status'] = 'private'; if ('' != $_POST['publish'] ) $_POST['post_status'] = 'publish'; if ('' != $_POST['advanced'] ) $_POST['post_status'] = 'draft'; if ( 'page' == $_POST['post_type'] ) { if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' )) $_POST['post_status'] = 'draft'; } else { if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' )) $_POST['post_status'] = 'draft'; } if (!isset( $_POST['comment_status'] )) $_POST['comment_status'] = 'closed'; if (!isset( $_POST['ping_status'] )) $_POST['ping_status'] = 'closed'; if (!empty ( $_POST['edit_date'] ) ) { $aa = $_POST['aa']; $mm = $_POST['mm']; $jj = $_POST['jj']; $hh = $_POST['hh']; $mn = $_POST['mn']; $ss = $_POST['ss']; $jj = ($jj > 31 ) ? 31 : $jj; $hh = ($hh > 23 ) ? $hh -24 : $hh; $mn = ($mn > 59 ) ? $mn -60 : $mn; $ss = ($ss > 59 ) ? $ss -60 : $ss; $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss"; $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" ); } // Meta Stuff if ( $_POST['meta'] ) { foreach ( $_POST['meta'] as $key => $value ) update_meta( $key, $value['key'], $value['value'] ); } if ( $_POST['deletemeta'] ) { foreach ( $_POST['deletemeta'] as $key => $value ) delete_meta( $key ); } add_meta( $post_ID ); wp_update_post( $_POST ); // Reunite any orphaned attachments with their parent if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) ) $draft_ids = array(); if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) ) relocate_children( $draft_temp_id, $post_ID ); // Now that we have an ID we can fix any attachment anchor hrefs fix_attachment_links( $post_ID ); return $post_ID; }