Make WordPress Core

Context Navigation

source: trunk/wp-admin/admin-ajax.php @ 15259

Visit:

Last change on this file since 15259 was 15259, checked in by ryan, 15 years ago
Remove trailing whites
Property svn:eol-style set to `native`
File size: 46.3 KB

Line
1	<?php
2	/**
3	* WordPress AJAX Process Execution.
4	*
5	* @package WordPress
6	* @subpackage Administration
7	*/
8
9	/**
10	* Executing AJAX process.
11	*
12	* @since unknown
13	*/
14	define('DOING_AJAX', true);
15	define('WP_ADMIN', true);
16
17	require_once('../wp-load.php');
18
19	if ( ! isset( $_REQUEST['action'] ) )
20	die('-1');
21
22	require_once('./includes/admin.php');
23	@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
24	send_nosniff_header();
25
26	do_action('admin_init');
27
28	if ( ! is_user_logged_in() ) {
29
30	if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
31	$id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
32
33	if ( ! $id )
34	die('-1');
35
36	$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
37	$x = new WP_Ajax_Response( array(
38	'what' => 'autosave',
39	'id' => $id,
40	'data' => $message
41	) );
42	$x->send();
43	}
44
45	if ( !empty( $_REQUEST['action'] ) )
46	do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
47
48	die('-1');
49	}
50
51	if ( isset( $_GET['action'] ) ) :
52	switch ( $action = $_GET['action'] ) :
53	case 'ajax-tag-search' :
54	if ( !current_user_can( 'edit_posts' ) )
55	die('-1');
56
57	$s = $_GET['q']; // is this slashed already?
58
59	if ( isset($_GET['tax']) )
60	$taxonomy = sanitize_title($_GET['tax']);
61	else
62	die('0');
63
64	if ( false !== strpos( $s, ',' ) ) {
65	$s = explode( ',', $s );
66	$s = $s[count( $s ) - 1];
67	}
68	$s = trim( $s );
69	if ( strlen( $s ) < 2 )
70	die; // require 2 chars for matching
71
72	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
73
74	echo join( $results, "\n" );
75	die;
76	break;
77	case 'wp-compression-test' :
78	if ( !current_user_can( 'manage_options' ) )
79	die('-1');
80
81	if ( ini_get('zlib.output_compression') \|\| 'ob_gzhandler' == ini_get('output_handler') ) {
82	update_site_option('can_compress_scripts', 0);
83	die('0');
84	}
85
86	if ( isset($_GET['test']) ) {
87	header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
88	header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
89	header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
90	header( 'Pragma: no-cache' );
91	header('Content-Type: application/x-javascript; charset=UTF-8');
92	$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
93	$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
94
95	if ( 1 == $_GET['test'] ) {
96	echo $test_str;
97	die;
98	} elseif ( 2 == $_GET['test'] ) {
99	if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
100	die('-1');
101	if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
102	header('Content-Encoding: deflate');
103	$out = gzdeflate( $test_str, 1 );
104	} elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
105	header('Content-Encoding: gzip');
106	$out = gzencode( $test_str, 1 );
107	} else {
108	die('-1');
109	}
110	echo $out;
111	die;
112	} elseif ( 'no' == $_GET['test'] ) {
113	update_site_option('can_compress_scripts', 0);
114	} elseif ( 'yes' == $_GET['test'] ) {
115	update_site_option('can_compress_scripts', 1);
116	}
117	}
118
119	die('0');
120	break;
121	case 'imgedit-preview' :
122	$post_id = intval($_GET['postid']);
123	if ( empty($post_id) \|\| !current_user_can('edit_post', $post_id) )
124	die('-1');
125
126	check_ajax_referer( "image_editor-$post_id" );
127
128	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
129	if ( ! stream_preview_image($post_id) )
130	die('-1');
131
132	die();
133	break;
134	case 'menu-quick-search':
135	if ( ! current_user_can( 'edit_theme_options' ) )
136	die('-1');
137
138	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
139
140	_wp_ajax_menu_quick_search( $_REQUEST );
141
142	exit;
143	break;
144	case 'oembed-cache' :
145	$return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
146	die( $return );
147	break;
148	default :
149	do_action( 'wp_ajax_' . $_GET['action'] );
150	die('0');
151	break;
152	endswitch;
153	endif;
154
155	/**
156	* Sends back current comment total and new page links if they need to be updated.
157	*
158	* Contrary to normal success AJAX response ("1"), die with time() on success.
159	*
160	* @since 2.7
161	*
162	* @param int $comment_id
163	* @return die
164	*/
165	function _wp_ajax_delete_comment_response( $comment_id ) {
166	$total = (int) @$_POST['_total'];
167	$per_page = (int) @$_POST['_per_page'];
168	$page = (int) @$_POST['_page'];
169	$url = esc_url_raw( @$_POST['_url'] );
170	// JS didn't send us everything we need to know. Just die with success message
171	if ( !$total \|\| !$per_page \|\| !$page \|\| !$url )
172	die( (string) time() );
173
174	if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
175	$total = 0;
176
177	if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
178	die( (string) time() );
179
180	$post_id = 0;
181	$status = 'total_comments'; // What type of comment count are we looking for?
182	$parsed = parse_url( $url );
183	if ( isset( $parsed['query'] ) ) {
184	parse_str( $parsed['query'], $query_vars );
185	if ( !empty( $query_vars['comment_status'] ) )
186	$status = $query_vars['comment_status'];
187	if ( !empty( $query_vars['p'] ) )
188	$post_id = (int) $query_vars['p'];
189	}
190
191	$comment_count = wp_count_comments($post_id);
192	$time = time(); // The time since the last comment count
193
194	if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
195	$total = $comment_count->$status;
196	// else use the decremented value from above
197
198	$page_links = paginate_links( array(
199	'base' => add_query_arg( 'apage', '%#%', $url ),
200	'format' => '',
201	'prev_text' => __('«'),
202	'next_text' => __('»'),
203	'total' => ceil($total / $per_page),
204	'current' => $page
205	) );
206	$x = new WP_Ajax_Response( array(
207	'what' => 'comment',
208	'id' => $comment_id, // here for completeness - not used
209	'supplemental' => array(
210	'pageLinks' => $page_links,
211	'total' => $total,
212	'time' => $time
213	)
214	) );
215	$x->send();
216	}
217
218	function _wp_ajax_add_hierarchical_term() {
219	$action = $_POST['action'];
220	$taxonomy = get_taxonomy(substr($action, 4));
221	check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
222	if ( !current_user_can( $taxonomy->cap->edit_terms ) )
223	die('-1');
224	$names = explode(',', $_POST['new'.$taxonomy->name]);
225	$parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
226	if ( 0 > $parent )
227	$parent = 0;
228	if ( $taxonomy->name == 'category' )
229	$post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
230	else
231	$post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
232	$checked_categories = array_map( 'absint', (array) $post_category );
233	$popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
234
235	foreach ( $names as $cat_name ) {
236	$cat_name = trim($cat_name);
237	$category_nicename = sanitize_title($cat_name);
238	if ( '' === $category_nicename )
239	continue;
240	if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) {
241	$new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent));
242	$cat_id = $new_term['term_id'];
243	}
244	$checked_categories[] = $cat_id;
245	if ( $parent ) // Do these all at once in a second
246	continue;
247	$category = get_term( $cat_id, $taxonomy->name );
248	ob_start();
249	wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
250	$data = ob_get_contents();
251	ob_end_clean();
252	$add = array(
253	'what' => $taxonomy->name,
254	'id' => $cat_id,
255	'data' => str_replace( array("\n", "\t"), '', $data),
256	'position' => -1
257	);
258	}
259
260	if ( $parent ) { // Foncy - replace the parent and all its children
261	$parent = get_term( $parent, $taxonomy->name );
262	$term_id = $parent->term_id;
263
264	while ( $parent->parent ) { // get the top parent
265	$parent = &get_term( $parent->parent, $taxonomy->name );
266	if ( is_wp_error( $parent ) )
267	break;
268	$term_id = $parent->term_id;
269	}
270
271	ob_start();
272	wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
273	$data = ob_get_contents();
274	ob_end_clean();
275	$add = array(
276	'what' => $taxonomy->name,
277	'id' => $term_id,
278	'data' => str_replace( array("\n", "\t"), '', $data),
279	'position' => -1
280	);
281	}
282
283	ob_start();
284	wp_dropdown_categories( array(
285	'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
286	'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —'
287	) );
288	$sup = ob_get_contents();
289	ob_end_clean();
290	$add['supplemental'] = array( 'newcat_parent' => $sup );
291
292	$x = new WP_Ajax_Response( $add );
293	$x->send();
294	}
295
296	$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
297	switch ( $action = $_POST['action'] ) :
298	case 'delete-comment' : // On success, die with time() instead of 1
299	if ( !$comment = get_comment( $id ) )
300	die( (string) time() );
301	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
302	die('-1');
303
304	check_ajax_referer( "delete-comment_$id" );
305	$status = wp_get_comment_status( $comment->comment_ID );
306
307	if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
308	if ( 'trash' == $status )
309	die( (string) time() );
310	$r = wp_trash_comment( $comment->comment_ID );
311	} elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
312	if ( 'trash' != $status )
313	die( (string) time() );
314	$r = wp_untrash_comment( $comment->comment_ID );
315	} elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
316	if ( 'spam' == $status )
317	die( (string) time() );
318	$r = wp_spam_comment( $comment->comment_ID );
319	} elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
320	if ( 'spam' != $status )
321	die( (string) time() );
322	$r = wp_unspam_comment( $comment->comment_ID );
323	} elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
324	$r = wp_delete_comment( $comment->comment_ID );
325	} else {
326	die('-1');
327	}
328
329	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
330	_wp_ajax_delete_comment_response( $comment->comment_ID );
331	die( '0' );
332	break;
333	case 'delete-tag' :
334	$tag_id = (int) $_POST['tag_ID'];
335	check_ajax_referer( "delete-tag_$tag_id" );
336
337	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
338	$tax = get_taxonomy($taxonomy);
339
340	if ( !current_user_can( $tax->cap->delete_terms ) )
341	die('-1');
342
343	$tag = get_term( $tag_id, $taxonomy );
344	if ( !$tag \|\| is_wp_error( $tag ) )
345	die('1');
346
347	if ( wp_delete_term($tag_id, $taxonomy))
348	die('1');
349	else
350	die('0');
351	break;
352	case 'delete-link-cat' :
353	check_ajax_referer( "delete-link-category_$id" );
354	if ( !current_user_can( 'manage_categories' ) )
355	die('-1');
356
357	$cat = get_term( $id, 'link_category' );
358	if ( !$cat \|\| is_wp_error( $cat ) )
359	die('1');
360
361	$cat_name = get_term_field('name', $id, 'link_category');
362
363	$default = get_option('default_link_category');
364
365	// Don't delete the default cats.
366	if ( $id == $default ) {
367	$x = new WP_AJAX_Response( array(
368	'what' => 'link-cat',
369	'id' => $id,
370	'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
371	) );
372	$x->send();
373	}
374
375	$r = wp_delete_term($id, 'link_category', array('default' => $default));
376	if ( !$r )
377	die('0');
378	if ( is_wp_error($r) ) {
379	$x = new WP_AJAX_Response( array(
380	'what' => 'link-cat',
381	'id' => $id,
382	'data' => $r
383	) );
384	$x->send();
385	}
386	die('1');
387	break;
388	case 'delete-link' :
389	check_ajax_referer( "delete-bookmark_$id" );
390	if ( !current_user_can( 'manage_links' ) )
391	die('-1');
392
393	$link = get_bookmark( $id );
394	if ( !$link \|\| is_wp_error( $link ) )
395	die('1');
396
397	if ( wp_delete_link( $id ) )
398	die('1');
399	else
400	die('0');
401	break;
402	case 'delete-meta' :
403	check_ajax_referer( "delete-meta_$id" );
404	if ( !$meta = get_post_meta_by_id( $id ) )
405	die('1');
406
407	if ( !current_user_can( 'edit_post', $meta->post_id ) )
408	die('-1');
409	if ( delete_meta( $meta->meta_id ) )
410	die('1');
411	die('0');
412	break;
413	case 'delete-post' :
414	check_ajax_referer( "{$action}_$id" );
415	if ( !current_user_can( 'delete_post', $id ) )
416	die('-1');
417
418	if ( !get_post( $id ) )
419	die('1');
420
421	if ( wp_delete_post( $id ) )
422	die('1');
423	else
424	die('0');
425	break;
426	case 'trash-post' :
427	case 'untrash-post' :
428	check_ajax_referer( "{$action}_$id" );
429	if ( !current_user_can( 'delete_post', $id ) )
430	die('-1');
431
432	if ( !get_post( $id ) )
433	die('1');
434
435	if ( 'trash-post' == $action )
436	$done = wp_trash_post( $id );
437	else
438	$done = wp_untrash_post( $id );
439
440	if ( $done )
441	die('1');
442
443	die('0');
444	break;
445	case 'delete-page' :
446	check_ajax_referer( "{$action}_$id" );
447	if ( !current_user_can( 'delete_page', $id ) )
448	die('-1');
449
450	if ( !get_page( $id ) )
451	die('1');
452
453	if ( wp_delete_post( $id ) )
454	die('1');
455	else
456	die('0');
457	break;
458	case 'dim-comment' : // On success, die with time() instead of 1
459
460	if ( !$comment = get_comment( $id ) ) {
461	$x = new WP_Ajax_Response( array(
462	'what' => 'comment',
463	'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
464	) );
465	$x->send();
466	}
467
468	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
469	die('-1');
470
471	$current = wp_get_comment_status( $comment->comment_ID );
472	if ( $_POST['new'] == $current )
473	die( (string) time() );
474
475	check_ajax_referer( "approve-comment_$id" );
476	if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
477	$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
478	else
479	$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
480
481	if ( is_wp_error($result) ) {
482	$x = new WP_Ajax_Response( array(
483	'what' => 'comment',
484	'id' => $result
485	) );
486	$x->send();
487	}
488
489	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
490	_wp_ajax_delete_comment_response( $comment->comment_ID );
491	die( '0' );
492	break;
493	case 'add-link-category' : // On the Fly
494	check_ajax_referer( $action );
495	if ( !current_user_can( 'manage_categories' ) )
496	die('-1');
497	$names = explode(',', $_POST['newcat']);
498	$x = new WP_Ajax_Response();
499	foreach ( $names as $cat_name ) {
500	$cat_name = trim($cat_name);
501	$slug = sanitize_title($cat_name);
502	if ( '' === $slug )
503	continue;
504	if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) {
505	$cat_id = wp_insert_term( $cat_name, 'link_category' );
506	}
507	$cat_id = $cat_id['term_id'];
508	$cat_name = esc_html(stripslashes($cat_name));
509	$x->add( array(
510	'what' => 'link-category',
511	'id' => $cat_id,
512	'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
513	'position' => -1
514	) );
515	}
516	$x->send();
517	break;
518	case 'add-link-cat' : // From Blogroll -> Categories
519	check_ajax_referer( 'add-link-category' );
520	if ( !current_user_can( 'manage_categories' ) )
521	die('-1');
522
523	if ( '' === trim($_POST['name']) ) {
524	$x = new WP_Ajax_Response( array(
525	'what' => 'link-cat',
526	'id' => new WP_Error( 'name', __('You did not enter a category name.') )
527	) );
528	$x->send();
529	}
530
531	$r = wp_insert_term($_POST['name'], 'link_category', $_POST );
532	if ( is_wp_error( $r ) ) {
533	$x = new WP_AJAX_Response( array(
534	'what' => 'link-cat',
535	'id' => $r
536	) );
537	$x->send();
538	}
539
540	extract($r, EXTR_SKIP);
541
542	if ( !$link_cat = link_cat_row( $term_id ) )
543	die('0');
544
545	$x = new WP_Ajax_Response( array(
546	'what' => 'link-cat',
547	'id' => $term_id,
548	'position' => -1,
549	'data' => $link_cat
550	) );
551	$x->send();
552	break;
553	case 'add-tag' : // From Manage->Tags
554	check_ajax_referer( 'add-tag' );
555
556	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
557	$tax = get_taxonomy($taxonomy);
558
559	$x = new WP_Ajax_Response();
560
561	if ( !current_user_can( $tax->cap->edit_terms ) )
562	die('-1');
563
564	$tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
565
566	if ( !$tag \|\| is_wp_error($tag) \|\| (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
567	$message = __('An error has occured. Please reload the page and try again.');
568	if ( is_wp_error($tag) && $tag->get_error_message() )
569	$message = $tag->get_error_message();
570
571	$x->add( array(
572	'what' => 'taxonomy',
573	'data' => new WP_Error('error', $message )
574	) );
575	$x->send();
576	}
577
578	if ( isset($_POST['screen']) )
579	set_current_screen($_POST['screen']);
580
581	$level = 0;
582	$tag_full_name = false;
583	$tag_full_name = $tag->name;
584	if ( is_taxonomy_hierarchical($taxonomy) ) {
585	$_tag = $tag;
586	while ( $_tag->parent ) {
587	$_tag = get_term( $_tag->parent, $taxonomy );
588	$tag_full_name = $_tag->name . ' — ' . $tag_full_name;
589	$level++;
590	}
591	$noparents = _tag_row( $tag, $level, $taxonomy );
592	}
593	$tag->name = $tag_full_name;
594	$parents = _tag_row( $tag, 0, $taxonomy);
595
596	$x->add( array(
597	'what' => 'taxonomy',
598	'supplemental' => compact('parents', 'noparents')
599	) );
600	$x->add( array(
601	'what' => 'term',
602	'position' => $level,
603	'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name.
604	) );
605	$x->send();
606	break;
607	case 'get-tagcloud' :
608	if ( !current_user_can( 'edit_posts' ) )
609	die('-1');
610
611	if ( isset($_POST['tax']) )
612	$taxonomy = sanitize_title($_POST['tax']);
613	else
614	die('0');
615
616	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
617
618	if ( empty( $tags ) ) {
619	$tax = get_taxonomy( $taxonomy );
620	die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
621	}
622
623	if ( is_wp_error($tags) )
624	die($tags->get_error_message());
625
626	foreach ( $tags as $key => $tag ) {
627	$tags[ $key ]->link = '#';
628	$tags[ $key ]->id = $tag->term_id;
629	}
630
631	// We need raw tag names here, so don't filter the output
632	$return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
633
634	if ( empty($return) )
635	die('0');
636
637	echo $return;
638
639	exit;
640	break;
641	case 'add-comment' :
642	check_ajax_referer( $action );
643	if ( !current_user_can( 'edit_posts' ) )
644	die('-1');
645	$search = isset($_POST['s']) ? $_POST['s'] : false;
646	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
647	$per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
648	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
649	if ( 1 > $start )
650	$start = 27;
651
652	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
653	$p = isset($_POST['p']) ? $_POST['p'] : 0;
654	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
655	list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
656
657	if ( get_option('show_avatars') )
658	add_filter( 'comment_author', 'floated_admin_avatar' );
659
660	if ( !$comments )
661	die('1');
662	$x = new WP_Ajax_Response();
663	foreach ( (array) $comments as $comment ) {
664	get_comment( $comment );
665	ob_start();
666	_wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
667	$comment_list_item = ob_get_contents();
668	ob_end_clean();
669	$x->add( array(
670	'what' => 'comment',
671	'id' => $comment->comment_ID,
672	'data' => $comment_list_item
673	) );
674	}
675	$x->send();
676	break;
677	case 'get-comments' :
678	check_ajax_referer( $action );
679
680	$post_ID = (int) $_POST['post_ID'];
681	if ( !current_user_can( 'edit_post', $post_ID ) )
682	die('-1');
683
684	$start = isset($_POST['start']) ? intval($_POST['start']) : 0;
685	$num = isset($_POST['num']) ? intval($_POST['num']) : 10;
686
687	list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
688
689	if ( !$comments )
690	die('1');
691
692	$comment_list_item = '';
693	$x = new WP_Ajax_Response();
694	foreach ( (array) $comments as $comment ) {
695	get_comment( $comment );
696	ob_start();
697	_wp_comment_row( $comment->comment_ID, 'single', false, false );
698	$comment_list_item .= ob_get_contents();
699	ob_end_clean();
700	}
701	$x->add( array(
702	'what' => 'comments',
703	'data' => $comment_list_item
704	) );
705	$x->send();
706	break;
707	case 'replyto-comment' :
708	check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
709
710	$comment_post_ID = (int) $_POST['comment_post_ID'];
711	if ( !current_user_can( 'edit_post', $comment_post_ID ) )
712	die('-1');
713
714	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
715
716	if ( empty($status) )
717	die('1');
718	elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
719	die( __('Error: you are replying to a comment on a draft post.') );
720
721	$user = wp_get_current_user();
722	if ( $user->ID ) {
723	$comment_author = $wpdb->escape($user->display_name);
724	$comment_author_email = $wpdb->escape($user->user_email);
725	$comment_author_url = $wpdb->escape($user->user_url);
726	$comment_content = trim($_POST['content']);
727	if ( current_user_can('unfiltered_html') ) {
728	if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
729	kses_remove_filters(); // start with a clean slate
730	kses_init_filters(); // set up the filters
731	}
732	}
733	} else {
734	die( __('Sorry, you must be logged in to reply to a comment.') );
735	}
736
737	if ( '' == $comment_content )
738	die( __('Error: please type a comment.') );
739
740	$comment_parent = absint($_POST['comment_ID']);
741	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
742
743	$comment_id = wp_new_comment( $commentdata );
744	$comment = get_comment($comment_id);
745	if ( ! $comment ) die('1');
746
747	$modes = array( 'single', 'detail', 'dashboard' );
748	$mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
749	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
750	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
751
752	if ( get_option('show_avatars') && 'single' != $mode )
753	add_filter( 'comment_author', 'floated_admin_avatar' );
754
755	$x = new WP_Ajax_Response();
756
757	ob_start();
758	if ( 'dashboard' == $mode ) {
759	require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
760	_wp_dashboard_recent_comments_row( $comment, false );
761	} else {
762	_wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
763	}
764	$comment_list_item = ob_get_contents();
765	ob_end_clean();
766
767	$x->add( array(
768	'what' => 'comment',
769	'id' => $comment->comment_ID,
770	'data' => $comment_list_item,
771	'position' => $position
772	));
773
774	$x->send();
775	break;
776	case 'edit-comment' :
777	check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
778
779	$comment_post_ID = (int) $_POST['comment_post_ID'];
780	if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
781	die('-1');
782
783	if ( '' == $_POST['content'] )
784	die( __('Error: please type a comment.') );
785
786	$comment_id = (int) $_POST['comment_ID'];
787	$_POST['comment_status'] = $_POST['status'];
788	edit_comment();
789
790	$mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
791	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
792	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
793	$comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
794
795	if ( get_option('show_avatars') && 'single' != $mode )
796	add_filter( 'comment_author', 'floated_admin_avatar' );
797
798	$x = new WP_Ajax_Response();
799
800	ob_start();
801	_wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
802	$comment_list_item = ob_get_contents();
803	ob_end_clean();
804
805	$x->add( array(
806	'what' => 'edit_comment',
807	'id' => $comment->comment_ID,
808	'data' => $comment_list_item,
809	'position' => $position
810	));
811
812	$x->send();
813	break;
814	case 'add-menu-item' :
815	if ( ! current_user_can( 'edit_theme_options' ) )
816	die('-1');
817
818	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
819
820	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
821
822	$item_ids = wp_save_nav_menu_items( 0, $_POST['menu-item'] );
823	if ( is_wp_error( $item_ids ) )
824	die('-1');
825
826	foreach ( (array) $item_ids as $menu_item_id ) {
827	$menu_obj = get_post( $menu_item_id );
828	if ( ! empty( $menu_obj->ID ) ) {
829	$menu_obj = wp_setup_nav_menu_item( $menu_obj );
830	$menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
831	$menu_items[] = $menu_obj;
832	}
833	}
834
835	if ( ! empty( $menu_items ) ) {
836	$args = array(
837	'after' => '',
838	'before' => '',
839	'link_after' => '',
840	'link_before' => '',
841	'walker' => new Walker_Nav_Menu_Edit,
842	);
843	echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
844	}
845	break;
846	case 'add-meta' :
847	check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
848	$c = 0;
849	$pid = (int) $_POST['post_id'];
850	$post = get_post( $pid );
851
852	if ( isset($_POST['metakeyselect']) \|\| isset($_POST['metakeyinput']) ) {
853	if ( !current_user_can( 'edit_post', $pid ) )
854	die('-1');
855	if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
856	die('1');
857	if ( $post->post_status == 'auto-draft' ) {
858	$save_POST = $_POST; // Backup $_POST
859	$_POST = array(); // Make it empty for edit_post()
860	$_POST['action'] = 'draft'; // Warning fix
861	$_POST['post_ID'] = $pid;
862	$_POST['post_type'] = $post->post_type;
863	$_POST['post_status'] = 'draft';
864	$now = current_time('timestamp', 1);
865	$_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
866
867	if ( $pid = edit_post() ) {
868	if ( is_wp_error( $pid ) ) {
869	$x = new WP_Ajax_Response( array(
870	'what' => 'meta',
871	'data' => $pid
872	) );
873	$x->send();
874	}
875	$_POST = $save_POST; // Now we can restore original $_POST again
876	if ( !$mid = add_meta( $pid ) )
877	die(__('Please provide a custom field value.'));
878	} else {
879	die('0');
880	}
881	} else if ( !$mid = add_meta( $pid ) ) {
882	die(__('Please provide a custom field value.'));
883	}
884
885	$meta = get_post_meta_by_id( $mid );
886	$pid = (int) $meta->post_id;
887	$meta = get_object_vars( $meta );
888	$x = new WP_Ajax_Response( array(
889	'what' => 'meta',
890	'id' => $mid,
891	'data' => _list_meta_row( $meta, $c ),
892	'position' => 1,
893	'supplemental' => array('postid' => $pid)
894	) );
895	} else { // Update?
896	$mid = (int) array_pop(array_keys($_POST['meta']));
897	$key = $_POST['meta'][$mid]['key'];
898	$value = $_POST['meta'][$mid]['value'];
899	if ( '' == trim($key) )
900	die(__('Please provide a custom field name.'));
901	if ( '' == trim($value) )
902	die(__('Please provide a custom field value.'));
903	if ( !$meta = get_post_meta_by_id( $mid ) )
904	die('0'); // if meta doesn't exist
905	if ( !current_user_can( 'edit_post', $meta->post_id ) )
906	die('-1');
907	if ( $meta->meta_value != stripslashes($value) \|\| $meta->meta_key != stripslashes($key) ) {
908	if ( !$u = update_meta( $mid, $key, $value ) )
909	die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
910	}
911
912	$key = stripslashes($key);
913	$value = stripslashes($value);
914	$x = new WP_Ajax_Response( array(
915	'what' => 'meta',
916	'id' => $mid, 'old_id' => $mid,
917	'data' => _list_meta_row( array(
918	'meta_key' => $key,
919	'meta_value' => $value,
920	'meta_id' => $mid
921	), $c ),
922	'position' => 0,
923	'supplemental' => array('postid' => $meta->post_id)
924	) );
925	}
926	$x->send();
927	break;
928	case 'add-user' :
929	check_ajax_referer( $action );
930	if ( !current_user_can('create_users') )
931	die('-1');
932	require_once(ABSPATH . WPINC . '/registration.php');
933	if ( !$user_id = add_user() )
934	die('0');
935	elseif ( is_wp_error( $user_id ) ) {
936	$x = new WP_Ajax_Response( array(
937	'what' => 'user',
938	'id' => $user_id
939	) );
940	$x->send();
941	}
942	$user_object = new WP_User( $user_id );
943
944	$x = new WP_Ajax_Response( array(
945	'what' => 'user',
946	'id' => $user_id,
947	'data' => user_row( $user_object, '', $user_object->roles[0] ),
948	'supplemental' => array(
949	'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
950	'role' => $user_object->roles[0]
951	)
952	) );
953	$x->send();
954	break;
955	case 'autosave' : // The name of this action is hardcoded in edit_post()
956	define( 'DOING_AUTOSAVE', true );
957
958	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
959	global $current_user;
960
961	$_POST['post_category'] = explode(",", $_POST['catslist']);
962	if ( $_POST['post_type'] == 'page' \|\| empty($_POST['post_category']) )
963	unset($_POST['post_category']);
964
965	$do_autosave = (bool) $_POST['autosave'];
966	$do_lock = true;
967
968	$data = '';
969	/* translators: draft saved date format, see http://php.net/date */
970	$draft_saved_date_format = __('g:i:s a');
971	/* translators: %s: date and time */
972	$message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
973
974	$supplemental = array();
975	if ( isset($login_grace_period) )
976	$supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
977
978	$id = $revision_id = 0;
979
980	$post_ID = (int) $_POST['post_ID'];
981	$_POST['ID'] = $post_ID;
982	$post = get_post($post_ID);
983	if ( 'auto-draft' == $post->post_status )
984	$_POST['post_status'] = 'draft';
985
986	if ( $last = wp_check_post_lock( $post->ID ) ) {
987	$do_autosave = $do_lock = false;
988
989	$last_user = get_userdata( $last );
990	$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
991	$data = new WP_Error( 'locked', sprintf(
992	$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
993	esc_html( $last_user_name )
994	) );
995
996	$supplemental['disable_autosave'] = 'disable';
997	}
998
999	if ( 'page' == $post->post_type ) {
1000	if ( !current_user_can('edit_page', $post_ID) )
1001	die(__('You are not allowed to edit this page.'));
1002	} else {
1003	if ( !current_user_can('edit_post', $post_ID) )
1004	die(__('You are not allowed to edit this post.'));
1005	}
1006
1007	if ( $do_autosave ) {
1008	// Drafts and auto-drafts are just overwritten by autosave
1009	if ( 'auto-draft' == $post->post_status \|\| 'draft' == $post->post_status ) {
1010	$id = edit_post();
1011	} else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
1012	$revision_id = wp_create_post_autosave( $post->ID );
1013	if ( is_wp_error($revision_id) )
1014	$id = $revision_id;
1015	else
1016	$id = $post->ID;
1017	}
1018	$data = $message;
1019	} else {
1020	if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] )
1021	$id = 0; // This tells us it didn't actually save
1022	else
1023	$id = $post->ID;
1024	}
1025
1026	if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) )
1027	wp_set_post_lock( $id );
1028
1029	if ( $nonce_age == 2 ) {
1030	$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1031	$supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1032	$supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1033	$supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1034	if ( $id ) {
1035	if ( $_POST['post_type'] == 'post' )
1036	$supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1037	elseif ( $_POST['post_type'] == 'page' )
1038	$supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1039	}
1040	}
1041
1042	$x = new WP_Ajax_Response( array(
1043	'what' => 'autosave',
1044	'id' => $id,
1045	'data' => $id ? $data : '',
1046	'supplemental' => $supplemental
1047	) );
1048	$x->send();
1049	break;
1050	case 'closed-postboxes' :
1051	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1052	$closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1053	$closed = array_filter($closed);
1054
1055	$hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1056	$hidden = array_filter($hidden);
1057
1058	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1059
1060	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1061	die('-1');
1062
1063	if ( ! $user = wp_get_current_user() )
1064	die('-1');
1065
1066	if ( is_array($closed) )
1067	update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1068
1069	if ( is_array($hidden) ) {
1070	$hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1071	update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1072	}
1073
1074	die('1');
1075	break;
1076	case 'hidden-columns' :
1077	check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1078	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1079	$hidden = explode( ',', $_POST['hidden'] );
1080	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1081
1082	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1083	die('-1');
1084
1085	if ( ! $user = wp_get_current_user() )
1086	die('-1');
1087
1088	if ( is_array($hidden) )
1089	update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1090
1091	die('1');
1092	break;
1093	case 'menu-get-metabox' :
1094	if ( ! current_user_can( 'edit_theme_options' ) )
1095	die('-1');
1096
1097	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1098
1099	if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1100	$type = 'posttype';
1101	$callback = 'wp_nav_menu_item_post_type_meta_box';
1102	$items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1103	} elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1104	$type = 'taxonomy';
1105	$callback = 'wp_nav_menu_item_taxonomy_meta_box';
1106	$items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1107	}
1108
1109	if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1110	$item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1111	ob_start();
1112	call_user_func_array($callback, array(
1113	null,
1114	array(
1115	'id' => 'add-' . $item->name,
1116	'title' => $item->labels->name,
1117	'callback' => $callback,
1118	'args' => $item,
1119	)
1120	));
1121
1122	$markup = ob_get_clean();
1123
1124	echo json_encode(array(
1125	'replace-id' => $type . '-' . $item->name,
1126	'markup' => $markup,
1127	));
1128	}
1129
1130	exit;
1131	break;
1132	case 'menu-quick-search':
1133	if ( ! current_user_can( 'edit_theme_options' ) )
1134	die('-1');
1135
1136	require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1137
1138	_wp_ajax_menu_quick_search( $_REQUEST );
1139
1140	exit;
1141	break;
1142	case 'menu-locations-save':
1143	if ( ! current_user_can( 'edit_theme_options' ) )
1144	die('-1');
1145	check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1146	if ( ! isset( $_POST['menu-locations'] ) )
1147	die('0');
1148	set_theme_mod( 'nav_menu_locations', $_POST['menu-locations'] );
1149	die('1');
1150	break;
1151	case 'meta-box-order':
1152	check_ajax_referer( 'meta-box-order' );
1153	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1154	$page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1155	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1156
1157	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1158	die('-1');
1159
1160	if ( ! $user = wp_get_current_user() )
1161	die('-1');
1162
1163	if ( $order )
1164	update_user_option($user->ID, "meta-box-order_$page", $order, true);
1165
1166	if ( $page_columns )
1167	update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1168
1169	die('1');
1170	break;
1171	case 'get-permalink':
1172	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1173	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1174	die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1175	break;
1176	case 'sample-permalink':
1177	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1178	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1179	$title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1180	$slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1181	die(get_sample_permalink_html($post_id, $title, $slug));
1182	break;
1183	case 'inline-save':
1184	check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1185
1186	if ( ! isset($_POST['post_ID']) \|\| ! ( $post_ID = (int) $_POST['post_ID'] ) )
1187	exit;
1188
1189	if ( 'page' == $_POST['post_type'] ) {
1190	if ( ! current_user_can( 'edit_page', $post_ID ) )
1191	die( __('You are not allowed to edit this page.') );
1192	} else {
1193	if ( ! current_user_can( 'edit_post', $post_ID ) )
1194	die( __('You are not allowed to edit this post.') );
1195	}
1196
1197	if ( isset($_POST['screen']) )
1198	set_current_screen($_POST['screen']);
1199
1200	if ( $last = wp_check_post_lock( $post_ID ) ) {
1201	$last_user = get_userdata( $last );
1202	$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1203	printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1204	exit;
1205	}
1206
1207	$data = &$_POST;
1208
1209	$post = get_post( $post_ID, ARRAY_A );
1210	$post = add_magic_quotes($post); //since it is from db
1211
1212	$data['content'] = $post['post_content'];
1213	$data['excerpt'] = $post['post_excerpt'];
1214
1215	// rename
1216	$data['user_ID'] = $GLOBALS['user_ID'];
1217
1218	if ( isset($data['post_parent']) )
1219	$data['parent_id'] = $data['post_parent'];
1220
1221	// status
1222	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1223	$data['post_status'] = 'private';
1224	else
1225	$data['post_status'] = $data['_status'];
1226
1227	if ( empty($data['comment_status']) )
1228	$data['comment_status'] = 'closed';
1229	if ( empty($data['ping_status']) )
1230	$data['ping_status'] = 'closed';
1231
1232	// update the post
1233	edit_post();
1234
1235	$post = array();
1236	if ( 'page' == $_POST['post_type'] ) {
1237	$post[] = get_post($_POST['post_ID']);
1238	page_rows($post);
1239	} elseif ( 'post' == $_POST['post_type'] \|\| in_array($_POST['post_type'], get_post_types( array('public' => true) ) ) ) {
1240	$mode = $_POST['post_view'];
1241	$post[] = get_post($_POST['post_ID']);
1242	post_rows($post);
1243	}
1244
1245	exit;
1246	break;
1247	case 'inline-save-tax':
1248	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1249
1250	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false;
1251	if ( ! $taxonomy )
1252	die( __('Cheatin’ uh?') );
1253	$tax = get_taxonomy($taxonomy);
1254
1255	if ( ! current_user_can( $tax->cap->edit_terms ) )
1256	die( __('Cheatin’ uh?') );
1257
1258	if ( ! isset($_POST['tax_ID']) \|\| ! ( $id = (int) $_POST['tax_ID'] ) )
1259	die(-1);
1260
1261	switch ($_POST['tax_type']) {
1262	case 'link-cat' :
1263	$updated = wp_update_term($id, 'link_category', $_POST);
1264
1265	if ( $updated && !is_wp_error($updated) )
1266	echo link_cat_row($updated['term_id']);
1267	else
1268	die( __('Category not updated.') );
1269
1270	break;
1271	case 'tag' :
1272	$taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
1273
1274	$tag = get_term( $id, $taxonomy );
1275	$_POST['description'] = $tag->description;
1276
1277	$updated = wp_update_term($id, $taxonomy, $_POST);
1278	if ( $updated && !is_wp_error($updated) ) {
1279	$tag = get_term( $updated['term_id'], $taxonomy );
1280	if ( !$tag \|\| is_wp_error( $tag ) ) {
1281	if ( is_wp_error($tag) && $tag->get_error_message() )
1282	die( $tag->get_error_message() );
1283	die( __('Item not updated.') );
1284	}
1285
1286	set_current_screen( 'edit-' . $taxonomy );
1287
1288	echo _tag_row($tag, 0, $taxonomy);
1289	} else {
1290	if ( is_wp_error($updated) && $updated->get_error_message() )
1291	die( $updated->get_error_message() );
1292	die( __('Item not updated.') );
1293	}
1294
1295	break;
1296	}
1297
1298	exit;
1299	break;
1300	case 'find_posts':
1301	check_ajax_referer( 'find-posts' );
1302
1303	if ( empty($_POST['ps']) )
1304	exit;
1305
1306	if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) )
1307	$what = $_POST['post_type'];
1308	else
1309	$what = 'post';
1310
1311	$s = stripslashes($_POST['ps']);
1312	preg_match_all('/".*?("\|$)\|((?<=[\\s",+])\|^)[^\\s",+]+/', $s, $matches);
1313	$search_terms = array_map('_search_terms_tidy', $matches[0]);
1314
1315	$searchand = $search = '';
1316	foreach ( (array) $search_terms as $term ) {
1317	$term = addslashes_gpc($term);
1318	$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1319	$searchand = ' AND ';
1320	}
1321	$term = $wpdb->escape($s);
1322	if ( count($search_terms) > 1 && $search_terms[0] != $s )
1323	$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1324
1325	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
1326
1327	if ( ! $posts ) {
1328	$posttype = get_post_type_object($what);
1329	exit($posttype->labels->not_found);
1330	}
1331
1332	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1333	foreach ( $posts as $post ) {
1334
1335	switch ( $post->post_status ) {
1336	case 'publish' :
1337	case 'private' :
1338	$stat = __('Published');
1339	break;
1340	case 'future' :
1341	$stat = __('Scheduled');
1342	break;
1343	case 'pending' :
1344	$stat = __('Pending Review');
1345	break;
1346	case 'draft' :
1347	$stat = __('Draft');
1348	break;
1349	}
1350
1351	if ( '0000-00-00 00:00:00' == $post->post_date ) {
1352	$time = '';
1353	} else {
1354	/* translators: date format in table columns, see http://php.net/date */
1355	$time = mysql2date(__('Y/m/d'), $post->post_date);
1356	}
1357
1358	$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1359	$html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1360	}
1361	$html .= '</tbody></table>';
1362
1363	$x = new WP_Ajax_Response();
1364	$x->add( array(
1365	'what' => $what,
1366	'data' => $html
1367	));
1368	$x->send();
1369
1370	break;
1371	case 'lj-importer' :
1372	check_ajax_referer( 'lj-api-import' );
1373	if ( !current_user_can( 'publish_posts' ) )
1374	die('-1');
1375	if ( empty( $_POST['step'] ) )
1376	die( '-1' );
1377	define('WP_IMPORTING', true);
1378	include( ABSPATH . 'wp-admin/import/livejournal.php' );
1379	$result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1380	if ( is_wp_error( $result ) )
1381	echo $result->get_error_message();
1382	die;
1383	break;
1384	case 'widgets-order' :
1385	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1386
1387	if ( !current_user_can('edit_theme_options') )
1388	die('-1');
1389
1390	unset( $_POST['savewidgets'], $_POST['action'] );
1391
1392	// save widgets order for all sidebars
1393	if ( is_array($_POST['sidebars']) ) {
1394	$sidebars = array();
1395	foreach ( $_POST['sidebars'] as $key => $val ) {
1396	$sb = array();
1397	if ( !empty($val) ) {
1398	$val = explode(',', $val);
1399	foreach ( $val as $k => $v ) {
1400	if ( strpos($v, 'widget-') === false )
1401	continue;
1402
1403	$sb[$k] = substr($v, strpos($v, '_') + 1);
1404	}
1405	}
1406	$sidebars[$key] = $sb;
1407	}
1408	wp_set_sidebars_widgets($sidebars);
1409	die('1');
1410	}
1411
1412	die('-1');
1413	break;
1414	case 'save-widget' :
1415	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1416
1417	if ( !current_user_can('edit_theme_options') \|\| !isset($_POST['id_base']) )
1418	die('-1');
1419
1420	unset( $_POST['savewidgets'], $_POST['action'] );
1421
1422	do_action('load-widgets.php');
1423	do_action('widgets.php');
1424	do_action('sidebar_admin_setup');
1425
1426	$id_base = $_POST['id_base'];
1427	$widget_id = $_POST['widget-id'];
1428	$sidebar_id = $_POST['sidebar'];
1429	$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1430	$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1431	$error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1432
1433	$sidebars = wp_get_sidebars_widgets();
1434	$sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1435
1436	// delete
1437	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1438
1439	if ( !isset($wp_registered_widgets[$widget_id]) )
1440	die($error);
1441
1442	$sidebar = array_diff( $sidebar, array($widget_id) );
1443	$_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1444	} elseif ( $settings && preg_match( '/__i__\|%i%/', key($settings) ) ) {
1445	if ( !$multi_number )
1446	die($error);
1447
1448	$_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1449	$widget_id = $id_base . '-' . $multi_number;
1450	$sidebar[] = $widget_id;
1451	}
1452	$_POST['widget-id'] = $sidebar;
1453
1454	foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1455
1456	if ( $name == $id_base ) {
1457	if ( !is_callable( $control['callback'] ) )
1458	continue;
1459
1460	ob_start();
1461	call_user_func_array( $control['callback'], $control['params'] );
1462	ob_end_clean();
1463	break;
1464	}
1465	}
1466
1467	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1468	$sidebars[$sidebar_id] = $sidebar;
1469	wp_set_sidebars_widgets($sidebars);
1470	echo "deleted:$widget_id";
1471	die();
1472	}
1473
1474	if ( !empty($_POST['add_new']) )
1475	die();
1476
1477	if ( $form = $wp_registered_widget_controls[$widget_id] )
1478	call_user_func_array( $form['callback'], $form['params'] );
1479
1480	die();
1481	break;
1482	case 'image-editor':
1483	$attachment_id = intval($_POST['postid']);
1484	if ( empty($attachment_id) \|\| !current_user_can('edit_post', $attachment_id) )
1485	die('-1');
1486
1487	check_ajax_referer( "image_editor-$attachment_id" );
1488	include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
1489
1490	$msg = false;
1491	switch ( $_POST['do'] ) {
1492	case 'save' :
1493	$msg = wp_save_image($attachment_id);
1494	$msg = json_encode($msg);
1495	die($msg);
1496	break;
1497	case 'scale' :
1498	$msg = wp_save_image($attachment_id);
1499	break;
1500	case 'restore' :
1501	$msg = wp_restore_image($attachment_id);
1502	break;
1503	}
1504
1505	wp_image_editor($attachment_id, $msg);
1506	die();
1507	break;
1508	case 'set-post-thumbnail':
1509	$post_ID = intval( $_POST['post_id'] );
1510	if ( !current_user_can( 'edit_post', $post_ID ) )
1511	die( '-1' );
1512	$thumbnail_id = intval( $_POST['thumbnail_id'] );
1513
1514	check_ajax_referer( "set_post_thumbnail-$post_ID" );
1515
1516	if ( $thumbnail_id == '-1' ) {
1517	delete_post_meta( $post_ID, '_thumbnail_id' );
1518	die( _wp_post_thumbnail_html() );
1519	}
1520
1521	if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
1522	$thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
1523	if ( !empty( $thumbnail_html ) ) {
1524	update_post_meta( $post_ID, '_thumbnail_id', $thumbnail_id );
1525	die( _wp_post_thumbnail_html( $thumbnail_id ) );
1526	}
1527	}
1528	die( '0' );
1529	break;
1530	default :
1531	do_action( 'wp_ajax_' . $_POST['action'] );
1532	die('0');
1533	break;
1534	endswitch;
1535	?>

Note: See TracBrowser for help on using the repository browser.

Trac UI Preferences

Download in other formats: