private function set_commenting($posts, $onoff) { $changed = 0; foreach ($posts as $post) { if (ACL::access_check($post->get_access(), 'edit')) { $post->info->comments_disabled = $onoff; $post->info->commit(); $changed++; } } $return = ''; if ($changed != count($posts)) { $return .= _t("You did not have permission to modify some posts.\n"); } if (!$onoff) { $return .= sprintf(_n('Enabled commenting on %d post', 'Enabled commenting on %d posts', $changed), $changed); } else { $return .= sprintf(_n('Disabled commenting on %d post', 'Disabled commenting on %d posts', $changed), $changed); } return $return; }
/** * Handles AJAX from /comments. * Used to edit comments inline. */ public function action_auth_ajax_in_edit(ActionHandler $handler) { Utils::check_request_method(array('POST')); $handler_vars = $handler->handler_vars; $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $comment = Comment::get($handler_vars['id']); if (!ACL::access_check($comment->get_access(), 'edit')) { Session::error(_t('You do not have permission to edit this comment.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } if (isset($handler_vars['author']) && $handler_vars['author'] != '') { $comment->name = $handler_vars['author']; } if (isset($handler_vars['url'])) { $comment->url = $handler_vars['url']; } if (isset($handler_vars['email']) && $handler_vars['email'] != '') { $comment->email = $handler_vars['email']; } if (isset($handler_vars['content']) && $handler_vars['content'] != '') { $comment->content = $handler_vars['content']; } if (isset($handler_vars['time']) && $handler_vars['time'] != '' && isset($handler_vars['date']) && $handler_vars['date'] != '') { $seconds = date('s', strtotime($comment->date)); $date = date('Y-m-d H:i:s', strtotime($handler_vars['date'] . ' ' . $handler_vars['time'] . ':' . $seconds)); $comment->date = $date; } $comment->update(); Session::notice(_t('Updated 1 comment.')); echo Session::messages_get(true, array('Format', 'json_messages')); }
/** * Determine whether members of a group can do something. * This function should not be used to determine composite permissions among several groups * @param mixed a permission ID or name * @return boolean If this group has been granted and not denied this permission, return true. Otherwise, return false. * @see ACL::group_can() * @see ACL::user_can() */ public function can( $token, $access = 'full' ) { $token = ACL::token_id( $token ); $this->load_permissions_cache(); if ( isset( $this->permissions[$token] ) && ACL::access_check( $this->permissions[$token], $access ) ) { return true; } return false; }
public function form_publish_success( FormUI $form ) { $post_id = 0; if ( isset( $this->handler_vars['id'] ) ) { $post_id = intval( $this->handler_vars['id'] ); } // If an id has been passed in, we're updating an existing post, otherwise we're creating one if ( 0 !== $post_id ) { $post = Post::get( array( 'id' => $post_id, 'status' => Post::status( 'any' ) ) ); // Verify that the post hasn't already been updated since the form was loaded if ( $post->modified != $form->modified->value ) { Session::notice( _t( 'The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array( sprintf( '<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars( $post->title ) ) ) ) ); Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) ); exit; } // REFACTOR: this is duplicated in the insert code below, move it outside of the conditions // Don't try to update form values that have been removed by plugins $expected = array('title', 'tags', 'content'); foreach ( $expected as $field ) { if ( isset( $form->$field ) ) { $post->$field = $form->$field->value; } } if ( $form->newslug->value == '' && $post->status == Post::status( 'published' ) ) { Session::notice( _t( 'A post slug cannot be empty. Keeping old slug.' ) ); } elseif ( $form->newslug->value != $form->slug->value ) { $post->slug = $form->newslug->value; } // REFACTOR: the permissions checks should go before any of this other logic // sorry, we just don't allow changing posts you don't have rights to if ( ! ACL::access_check( $post->get_access(), 'edit' ) ) { Session::error( _t( 'You don\'t have permission to edit that post' ) ); $this->get_blank(); } // sorry, we just don't allow changing content types to types you don't have rights to $user = User::identify(); $type = 'post_' . Post::type_name( $form->content_type->value ); if ( $form->content_type->value != $post->content_type && ( $user->cannot( $type ) || ! $user->can_any( array( 'own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit' ) ) ) ) { Session::error( _t( 'Changing content types is not allowed' ) ); $this->get_blank(); } $post->content_type = $form->content_type->value; // if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set if ( ( $post->status != Post::status( 'published' ) ) && ( $form->status->value == Post::status( 'published' ) ) && ( HabariDateTime::date_create( $form->pubdate->value )->int == $form->updated->value ) ) { $post->pubdate = HabariDateTime::date_create(); } // else let the user change the publication date. // If previously published and the new date is in the future, the post will be unpublished and scheduled. Any other status, and the post will just get the new pubdate. // This will result in the post being scheduled for future publication if the date/time is in the future and the new status is published. else { $post->pubdate = HabariDateTime::date_create( $form->pubdate->value ); } $minor = $form->minor_edit->value && ( $post->status != Post::status( 'draft' ) ); $post->status = $form->status->value; } else { // REFACTOR: don't do this here, it's duplicated in Post::create() $post = new Post(); // check the user can create new posts of the set type. $user = User::identify(); $type = 'post_' . Post::type_name( $form->content_type->value ); if ( ACL::user_cannot( $user, $type ) || ( ! ACL::user_can( $user, 'post_any', 'create' ) && ! ACL::user_can( $user, $type, 'create' ) ) ) { Session::error( _t( 'Creating that post type is denied' ) ); $this->get_blank(); } // REFACTOR: why is this on_success here? We don't even display a form $form->on_success( array( $this, 'form_publish_success' ) ); if ( HabariDateTime::date_create( $form->pubdate->value )->int != $form->updated->value ) { $post->pubdate = HabariDateTime::date_create( $form->pubdate->value ); } $postdata = array( 'slug' => $form->newslug->value, 'user_id' => User::identify()->id, 'pubdate' => $post->pubdate, 'status' => $form->status->value, 'content_type' => $form->content_type->value, ); // Don't try to add form values that have been removed by plugins $expected = array( 'title', 'tags', 'content' ); foreach ( $expected as $field ) { if ( isset( $form->$field ) ) { $postdata[$field] = $form->$field->value; } } $minor = false; // REFACTOR: consider using new Post( $postdata ) instead and call ->insert() manually $post = Post::create( $postdata ); } $post->info->comments_disabled = !$form->comments_enabled->value; // REFACTOR: admin should absolutely not have a hook for this here Plugins::act( 'publish_post', $post, $form ); // REFACTOR: we should not have to update a post we just created, this should be moved to the post-update functionality above and only called if changes have been made // alternately, perhaps call ->update() or ->insert() as appropriate here, so things that apply to each operation (like comments_disabled) can still be included once outside the conditions above $post->update( $minor ); $permalink = ( $post->status != Post::status( 'published' ) ) ? $post->permalink . '?preview=1' : $post->permalink; Session::notice( sprintf( _t( 'The post %1$s has been saved as %2$s.' ), sprintf( '<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars( $post->title ) ), Post::status_name( $post->status ) ) ); Utils::redirect( URL::get( 'admin', 'page=publish&id=' . $post->id ) ); }
/** * Returns a form for editing this post * @param string $context The context the form is being created in, most often 'admin' * @return FormUI A form appropriate for creating and updating this post. */ public function get_form($context) { $form = new FormUI('create-content'); $form->class[] = 'create'; $newpost = 0 === $this->id; // If the post has already been saved, add a link to its permalink if (!$newpost) { $post_links = $form->append('wrapper', 'post_links'); $permalink = $this->status != Post::status('published') ? $this->permalink . '?preview=1' : $this->permalink; $post_links->append('static', 'post_permalink', '<a href="' . $permalink . '" class="viewpost" >' . ($this->status != Post::status('published') ? _t('Preview Post') : _t('View Post')) . '</a>'); $post_links->class = 'container'; } // Create the Title field $form->append('text', 'title', 'null:null', _t('Title'), 'admincontrol_text'); $form->title->class[] = 'important'; $form->title->class[] = 'check-change'; $form->title->tabindex = 1; $form->title->value = $this->title; // Create the silos if (count(Plugins::get_by_interface('MediaSilo'))) { $form->append('silos', 'silos'); $form->silos->silos = Media::dir(); } // Create the Content field $form->append('textarea', 'content', 'null:null', _t('Content'), 'admincontrol_textarea'); $form->content->class[] = 'resizable'; $form->content->class[] = 'check-change'; $form->content->tabindex = 2; $form->content->value = $this->content; $form->content->raw = true; // Create the tags field $form->append('text', 'tags', 'null:null', _t('Tags, separated by, commas'), 'admincontrol_text'); $form->tags->class = 'check-change'; $form->tags->tabindex = 3; $form->tags->value = implode(', ', (array) $this->get_tags()); // Create the splitter $publish_controls = $form->append('tabs', 'publish_controls'); // Create the publishing controls // pass "false" to list_post_statuses() so that we don't include internal post statuses $statuses = Post::list_post_statuses($this); unset($statuses[array_search('any', $statuses)]); $statuses = Plugins::filter('admin_publish_list_post_statuses', $statuses); $settings = $publish_controls->append('fieldset', 'settings', _t('Settings')); $settings->append('select', 'status', 'null:null', _t('Content State'), array_flip($statuses), 'tabcontrol_select'); $settings->status->value = $this->status; // hide the minor edit checkbox if the post is new if ($newpost) { $settings->append('hidden', 'minor_edit', 'null:null'); $settings->minor_edit->value = false; } else { $settings->append('checkbox', 'minor_edit', 'null:null', _t('Minor Edit'), 'tabcontrol_checkbox'); $settings->minor_edit->value = true; $form->append('hidden', 'modified', 'null:null')->value = $this->modified; } $settings->append('checkbox', 'comments_enabled', 'null:null', _t('Comments Allowed'), 'tabcontrol_checkbox'); $settings->comments_enabled->value = $this->info->comments_disabled ? false : true; $settings->append('text', 'pubdate', 'null:null', _t('Publication Time'), 'tabcontrol_text'); $settings->pubdate->value = $this->pubdate->format('Y-m-d H:i:s'); $settings->append('hidden', 'updated', 'null:null'); $settings->updated->value = $this->updated->int; $settings->append('text', 'newslug', 'null:null', _t('Content Address'), 'tabcontrol_text'); $settings->newslug->value = $this->slug; // Create the button area $buttons = $form->append('fieldset', 'buttons'); $buttons->template = 'admincontrol_buttons'; $buttons->class[] = 'container'; $buttons->class[] = 'buttons'; $buttons->class[] = 'publish'; // Create the Save button $require_any = array('own_posts' => 'create', 'post_any' => 'create', 'post_' . Post::type_name($this->content_type) => 'create'); if ($newpost && User::identify()->can_any($require_any) || !$newpost && ACL::access_check($this->get_access(), 'edit')) { $buttons->append('submit', 'save', _t('Save'), 'admincontrol_submit'); $buttons->save->tabindex = 4; } // Add required hidden controls $form->append('hidden', 'content_type', 'null:null'); $form->content_type->id = 'content_type'; $form->content_type->value = $this->content_type; $form->append('hidden', 'post_id', 'null:null'); $form->post_id->id = 'id'; $form->post_id->value = $this->id; $form->append('hidden', 'slug', 'null:null'); $form->slug->value = $this->slug; // Let plugins alter this form Plugins::act('form_publish', $form, $this, $context); // Return the form object return $form; }
private function delete_all() { $posts = Posts::get(array('status' => Post::status('deleted'), 'nolimit' => true)); $count = 0; foreach ($posts as $post) { if (ACL::access_check($post->get_access(), 'delete')) { $post->delete(); $count++; } } return $count; }
$checked = isset($token->access) && ACL::access_check($token->access, 'any') ? ' checked' : ''; ?> <td class="token_access pct10"> <input type="checkbox" id="token_<?php echo $token->id . '_full'; ?> " class="bitflag-full" name="tokens[<?php echo $token->id; ?> ][full]" <?php echo $checked; ?> > </td> <?php $checked = isset($token->access) && ACL::access_check($token->access, 'deny') ? ' checked' : ''; ?> <td class="token_access pct10"> <input type="checkbox" id="token_<?php echo $token->id . '_deny'; ?> " class="bitflag-deny" name="tokens[<?php echo $token->id; ?> ][deny]" <?php echo $checked; ?> > </td> </tr> <?php
echo $wsse['digest']; ?> ">')) .attr('action', '<?php URL::out('admin', array('page' => 'delete_post', 'id' => $post->id)); ?> ') .submit(); }); <?php } ?> // If the post hasn't been published, add a publish button <?php $show_publish = $post->id == 0 && User::identify()->can_any(array('own_posts' => 'create', 'post_any' => 'create', 'post_' . Post::type_name($post->content_type) => 'create')) || $post->id != 0 && ACL::access_check($post->get_access(), 'edit'); if (isset($statuses['published']) && $post->status != $statuses['published'] && $show_publish) { ?> $('.container.buttons').prepend($('<input type="button" id="publish" class="button publish" tabindex="5" value="<?php _e('Publish'); ?> ">')); $('#publish').click( function() { // alert("asdasd"); $('#status').val(<?php echo $statuses['published']; ?> ); }); <?php }
/** * A helper function for fetch_comments() * Filters a list of comments by ACL access * @param object $comments an array of Comment objects * @param string $access the access type to check for * @return a filtered array of Comment objects. */ public function comment_access_filter( $comments, $access ) { $result = array(); foreach ( $comments as $comment ) { if ( ACL::access_check( $comment->get_access(), $access ) ) { $result[] = $comment; } } return $result; }
public function form_publish_success(FormUI $form) { // var_dump( $form->post->storage); $user = User::identify(); // Get the Post object from the hidden 'post' control on the form /** @var Post $post */ $post = $form->post->storage; // Do some permission checks // @todo REFACTOR: These probably don't work and should be refactored to use validators on the form fields instead // sorry, we just don't allow changing posts you don't have rights to if ($post->id != 0 && !ACL::access_check($post->get_access(), 'edit')) { Session::error(_t('You don\'t have permission to edit that post')); $this->get_blank(); } // sorry, we just don't allow changing content types to types you don't have rights to $type = 'post_' . Post::type_name($form->content_type->value); if ($form->content_type->value != $post->content_type && ($user->cannot($type) || !$user->can_any(array('own_posts' => 'edit', 'post_any' => 'edit', $type => 'edit')))) { Session::error(_t('Changing content types is not allowed')); // @todo This isn't ideal at all, since it loses all of the changes... Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // If we're creating a new post... if ($post->id == 0) { // check the user can create new posts of the set type. $type = 'post_' . Post::type_name($form->content_type->value); if (ACL::user_cannot($user, $type) || !ACL::user_can($user, 'post_any', 'create') && !ACL::user_can($user, $type, 'create')) { Session::error(_t('Creating that post type is denied')); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // Only the original author is associated with a new post $post->user_id = $user->id; } else { // check the user can create new posts of the set type. $type = 'post_' . Post::type_name($form->content_type->value); if (!ACL::access_check($post->get_access(), 'edit')) { Session::error(_t('Editing that post type is denied')); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // Verify that the post hasn't already been updated since the form was loaded if ($post->modified != $form->modified->value) { Session::notice(_t('The post %1$s was updated since you made changes. Please review those changes before overwriting them.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $post->permalink, Utils::htmlspecialchars($post->title))))); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); exit; } // Prevent a published post from having its slug zeroed if ($form->newslug->value == '' && $post->status == Post::status('published')) { Session::notice(_t('A post slug cannot be empty. Keeping old slug.')); $form->newslug->value = $form->slug->value; } } // if not previously published and the user wants to publish now, change the pubdate to the current date/time unless a date has been explicitly set if ($post->status != Post::status('published') && $form->status->value == Post::status('published') && HabariDateTime::date_create($form->pubdate->value)->int == $form->updated->value) { $post->pubdate = HabariDateTime::date_create(); } else { $post->pubdate = HabariDateTime::date_create($form->pubdate->value); } // Minor updates are when the user has checked the minor update box and the post isn't in draft or new $minor = $form->minor_edit->value && $post->status != Post::status('draft') && $post->id != 0; // Don't try to update form values that have been removed by plugins, // look for these fields before committing their values to the post $expected = array('title' => 'title', 'tags' => 'tags', 'content' => 'content', 'slug' => 'newslug', 'content_type' => 'content_type', 'status' => 'status'); // var_dump($form->$field); // exit; foreach ($expected as $field => $control) { if (isset($form->{$field})) { //var_dump( $form->$control->value); // exit; //echo $field."----------".$control; $post->{$field} = $form->{$control}->value; // $post->title = '新的的標題1111'; // $post->tags = '標籤1111'; // $post->content = '我的文章內容測試'; // $post->slug = '我的文章內容測試-1'; // // $post->content_type = 'kkk-2'; // $post->status = 2; // print_r($post); // echo "<br/>"; // print_r($post->$field); // echo "<br/>"; // exit; } } // $post->insert(); // exit; // This seems cheesy $post->info->comments_disabled = !$form->comments_enabled->value; // var_dump($post->info->comments_disabled); // var_dump($form->comments_enabled->value); // exit; // This plugin hook allows changes to be made to the post object prior to its save to the database Plugins::act('publish_post', $post, $form); // Insert or Update if ($post->id == 0) { $post->insert(); } else { $post->update($minor); } // Calling $form->save() calls ->save() on any controls that might have been added to the form by plugins $form->save(); $permalink = $post->status != Post::status('published') ? $post->permalink . '?preview=1' : $post->permalink; Session::notice(_t('The post %1$s has been saved as %2$s.', array(sprintf('<a href="%1$s">\'%2$s\'</a>', $permalink, Utils::htmlspecialchars($post->title)), Post::status_name($post->status)))); Utils::redirect(URL::get('admin', 'page=publish&id=' . $post->id)); }
/** * Handles AJAX from /manage/entries. * Used to delete entries. */ public function ajax_update_entries($handler_vars) { Utils::check_request_method(array('POST')); $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $ids = array(); foreach ($_POST as $id => $delete) { // skip POST elements which are not post ids if (preg_match('/^p\\d+$/', $id) && $delete) { $ids[] = (int) substr($id, 1); } } $posts = Posts::get(array('id' => $ids, 'nolimit' => true)); Plugins::act('admin_update_posts', $handler_vars['action'], $posts, $this); $status_msg = _t('Unknown action "%s"', array($handler_vars['action'])); switch ($handler_vars['action']) { case 'delete': $deleted = 0; foreach ($posts as $post) { if (ACL::access_check($post->get_access(), 'delete')) { $post->delete(); $deleted++; } } if ($deleted != count($posts)) { $status_msg = _t('You did not have permission to delete some entries.'); } else { $status_msg = sprintf(_n('Deleted %d post', 'Deleted %d posts', count($ids)), count($ids)); } break; default: // Specific plugin-supplied action $status_msg = Plugins::filter('admin_entries_action', $status_msg, $handler_vars['action'], $posts); break; } Session::notice($status_msg); echo Session::messages_get(true, array('Format', 'json_messages')); return; }
<span class="time pct10"><span class="dim"><?php _e('at'); ?> <?php $post->pubdate->out(HabariDateTime::get_default_time_format()); ?> </span></span> <ul class="dropbutton"> <?php $actions = array('edit' => array('url' => URL::get('admin', 'page=publish&id=' . $post->id), 'title' => _t('Edit \'%s\'', array($post->title)), 'label' => _t('Edit'), 'permission' => 'edit'), 'view' => array('url' => $post->permalink . '?preview=1', 'title' => _t('View \'%s\'', array($post->title)), 'label' => _t('View')), 'remove' => array('url' => 'javascript:itemManage.remove(' . $post->id . ', \'post\');', 'title' => _t('Delete this item'), 'label' => _t('Delete'), 'permission' => 'delete')); $actions = Plugins::filter('post_actions', $actions, $post); foreach ($actions as $action) { ?> <?php if (!isset($action['permission']) || ACL::access_check($post_permissions, $action['permission'])) { ?> <li><a href="<?php echo $action['url']; ?> " title="<?php echo $action['title']; ?> "><?php echo $action['label']; ?> </a></li> <?php } ?> <?php
<span class="time"><?php _e('at'); ?> <?php $post->pubdate->out(DateTime::get_default_time_format()); ?> </span> <div class="actions"> <?php $post_actions = FormControlDropbutton::create('post' . $post->id . '_postactions'); $post_actions->append(FormControlSubmit::create('edit')->set_caption(_t('Edit'))->set_url(URL::get('display_publish', $post, false))->set_property('title', _t('Edit \'%s\'', array($post->title)))->set_enable(function ($control) use($post) { return ACL::access_check($post->get_access(), 'edit'); })); $post_actions->append(FormControlSubmit::create('view')->set_caption(_t('View'))->set_url($post->permalink . '?preview=1')->set_property('title', _t('View \'%s\'', array($post->title)))); $post_actions->append(FormControlSubmit::create('delete')->set_caption(_t('Delete'))->set_url('javascript:itemManage.remove(' . $post->id . ', \'post\');')->set_property('title', _t('Delete \'%s\'', array($post->title)))->set_enable(function ($control) use($post) { return ACL::access_check($post->get_access(), 'delete'); })); Plugins::act('post_actions', $post_actions, $post); echo $post_actions->pre_out(); echo $post_actions->get($theme); ?> </div> </div> </div> <div class="content"> <span class="excerpt" ><?php echo MultiByte::substr(strip_tags($post->content), 0, 250); ?> …</span> </div> </li>
/** * handles AJAX from /manage/entries * used to delete entries */ public function ajax_delete_entries($handler_vars) { Utils::check_request_method(array('POST')); $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $ids = array(); foreach ($_POST as $id => $delete) { // skip POST elements which are not post ids if (preg_match('/^p\\d+/', $id) && $delete) { $ids[] = substr($id, 1); } } $posts = Posts::get(array('id' => $ids, 'nolimit' => true)); $deleted = 0; foreach ($posts as $post) { if (ACL::access_check($post->get_access(), 'delete')) { $post->delete(); $deleted++; } } Session::notice(sprintf(_t('Deleted %d entries.'), $deleted)); if ($deleted != count($posts)) { Session::notice(_t('You did not have permission to delete some entries.')); } echo Session::messages_get(true, array('Format', 'json_messages')); }
/** * The on_success handler for the delete button on the post editing form * @param FormUI $form The submitted post editing form */ public function form_publish_delete(FormUI $form) { $post = $form->post->value; if (ACL::access_check($post->get_access(), 'delete')) { $post->delete(); Session::notice(_t('Deleted the %1$s titled "%2$s".', array(Post::type_name($post->content_type), Utils::htmlspecialchars($post->title)))); } Utils::redirect(URL::get('display_posts', 'type=' . $post->content_type)); }
/** * Handles AJAX from /manage/posts. * Used to delete posts. */ public function ajax_update_posts( $handler_vars ) { Utils::check_request_method( array( 'POST' ) ); $response = new AjaxResponse(); $wsse = Utils::WSSE( $handler_vars['nonce'], $handler_vars['timestamp'] ); if ( $handler_vars['digest'] != $wsse['digest'] ) { $response->message = _t( 'WSSE authentication failed.' ); $response->out(); return; } $ids = array(); foreach ( $_POST as $id => $delete ) { // skip POST elements which are not post ids if ( preg_match( '/^p\d+$/', $id ) && $delete ) { $ids[] = (int) substr( $id, 1 ); } } if ( count( $ids ) == 0 ) { $posts = new Posts(); } else { $posts = Posts::get( array( 'id' => $ids, 'nolimit' => true ) ); } Plugins::act( 'admin_update_posts', $handler_vars['action'], $posts, $this ); $status_msg = _t( 'Unknown action "%s"', array( $handler_vars['action'] ) ); switch ( $handler_vars['action'] ) { case 'delete': $deleted = 0; foreach ( $posts as $post ) { if ( ACL::access_check( $post->get_access(), 'delete' ) ) { $post->delete(); $deleted++; } } if ( $deleted != count( $posts ) ) { $response->message = _t( 'You did not have permission to delete some posts.' ); } else { $response->message = sprintf( _n( 'Deleted %d post', 'Deleted %d posts', count( $ids ) ), count( $ids ) ); } break; default: // Specific plugin-supplied action Plugins::act( 'admin_posts_action', $response, $handler_vars['action'], $posts ); break; } $response->out(); exit; }