/wp-admin/includes/class-wp-press-this.php

  1. <?php 
  2. /** 
  3. * Press This class and display functionality 
  4. * 
  5. * @package WordPress 
  6. * @subpackage Press_This 
  7. * @since 4.2.0 
  8. */ 
  9.  
  10. /** 
  11. * Press This class. 
  12. * 
  13. * @since 4.2.0 
  14. */ 
  15. class WP_Press_This { 
  16. // Used to trigger the bookmarklet update notice. 
  17. const VERSION = 8; 
  18. public $version = 8; 
  19.  
  20. private $images = array(); 
  21.  
  22. private $embeds = array(); 
  23.  
  24. private $domain = ''; 
  25.  
  26. /** 
  27. * Constructor. 
  28. * 
  29. * @since 4.2.0 
  30. * @access public 
  31. */ 
  32. public function __construct() {} 
  33.  
  34. /** 
  35. * App and site settings data, including i18n strings for the client-side. 
  36. * 
  37. * @since 4.2.0 
  38. * @access public 
  39. * 
  40. * @return array Site settings. 
  41. */ 
  42. public function site_settings() { 
  43. return array( 
  44. /** 
  45. * Filters whether or not Press This should redirect the user in the parent window upon save. 
  46. * 
  47. * @since 4.2.0 
  48. * 
  49. * @param bool $redirect Whether to redirect in parent window or not. Default false. 
  50. */ 
  51. 'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),  
  52. ); 
  53.  
  54. /** 
  55. * Get the source's images and save them locally, for posterity, unless we can't. 
  56. * 
  57. * @since 4.2.0 
  58. * @access public 
  59. * 
  60. * @param int $post_id Post ID. 
  61. * @param string $content Optional. Current expected markup for Press This. Expects slashed. Default empty. 
  62. * @return string New markup with old image URLs replaced with the local attachment ones if swapped. 
  63. */ 
  64. public function side_load_images( $post_id, $content = '' ) { 
  65. $content = wp_unslash( $content ); 
  66.  
  67. if ( preg_match_all( '/<img [^>]+>/', $content, $matches ) && current_user_can( 'upload_files' ) ) { 
  68. foreach ( (array) $matches[0] as $image ) { 
  69. // This is inserted from our JS so HTML attributes should always be in double quotes. 
  70. if ( ! preg_match( '/src="([^"]+)"/', $image, $url_matches ) ) { 
  71. continue; 
  72.  
  73. $image_src = $url_matches[1]; 
  74.  
  75. // Don't try to sideload a file without a file extension, leads to WP upload error. 
  76. if ( ! preg_match( '/[^\?]+\.(?:jpe?g|jpe|gif|png)(?:\?|$)/i', $image_src ) ) { 
  77. continue; 
  78.  
  79. // Sideload image, which gives us a new image src. 
  80. $new_src = media_sideload_image( $image_src, $post_id, null, 'src' ); 
  81.  
  82. if ( ! is_wp_error( $new_src ) ) { 
  83. // Replace the POSTED content <img> with correct uploaded ones. 
  84. // Need to do it in two steps so we don't replace links to the original image if any. 
  85. $new_image = str_replace( $image_src, $new_src, $image ); 
  86. $content = str_replace( $image, $new_image, $content ); 
  87.  
  88. // Expected slashed 
  89. return wp_slash( $content ); 
  90.  
  91. /** 
  92. * Ajax handler for saving the post as draft or published. 
  93. * 
  94. * @since 4.2.0 
  95. * @access public 
  96. */ 
  97. public function save_post() { 
  98. if ( empty( $_POST['post_ID'] ) || ! $post_id = (int) $_POST['post_ID'] ) { 
  99. wp_send_json_error( array( 'errorMessage' => __( 'Missing post ID.' ) ) ); 
  100.  
  101. if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-post_' . $post_id ) || 
  102. ! current_user_can( 'edit_post', $post_id ) ) { 
  103.  
  104. wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) ); 
  105.  
  106. $post_data = array( 
  107. 'ID' => $post_id,  
  108. 'post_title' => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',  
  109. 'post_content' => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',  
  110. 'post_type' => 'post',  
  111. 'post_status' => 'draft',  
  112. 'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',  
  113. ); 
  114.  
  115. // Only accept categories if the user actually can assign 
  116. $category_tax = get_taxonomy( 'category' ); 
  117. if ( current_user_can( $category_tax->cap->assign_terms ) ) { 
  118. $post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(); 
  119.  
  120. // Only accept taxonomies if the user can actually assign 
  121. if ( ! empty( $_POST['tax_input'] ) ) { 
  122. $tax_input = $_POST['tax_input']; 
  123. foreach ( $tax_input as $tax => $_ti ) { 
  124. $tax_object = get_taxonomy( $tax ); 
  125. if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) { 
  126. unset( $tax_input[ $tax ] ); 
  127.  
  128. $post_data['tax_input'] = $tax_input; 
  129.  
  130. // Toggle status to pending if user cannot actually publish 
  131. if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) { 
  132. if ( current_user_can( 'publish_posts' ) ) { 
  133. $post_data['post_status'] = 'publish'; 
  134. } else { 
  135. $post_data['post_status'] = 'pending'; 
  136.  
  137. $post_data['post_content'] = $this->side_load_images( $post_id, $post_data['post_content'] ); 
  138.  
  139. /** 
  140. * Filters the post data of a Press This post before saving/updating. 
  141. * 
  142. * The {@see 'side_load_images'} action has already run at this point. 
  143. * 
  144. * @since 4.5.0 
  145. * 
  146. * @param array $post_data The post data. 
  147. */ 
  148. $post_data = apply_filters( 'press_this_save_post', $post_data ); 
  149.  
  150. $updated = wp_update_post( $post_data, true ); 
  151.  
  152. if ( is_wp_error( $updated ) ) { 
  153. wp_send_json_error( array( 'errorMessage' => $updated->get_error_message() ) ); 
  154. } else { 
  155. if ( isset( $post_data['post_format'] ) ) { 
  156. if ( current_theme_supports( 'post-formats', $post_data['post_format'] ) ) { 
  157. set_post_format( $post_id, $post_data['post_format'] ); 
  158. } elseif ( $post_data['post_format'] ) { 
  159. set_post_format( $post_id, false ); 
  160.  
  161. $forceRedirect = false; 
  162.  
  163. if ( 'publish' === get_post_status( $post_id ) ) { 
  164. $redirect = get_post_permalink( $post_id ); 
  165. } elseif ( isset( $_POST['pt-force-redirect'] ) && $_POST['pt-force-redirect'] === 'true' ) { 
  166. $forceRedirect = true; 
  167. $redirect = get_edit_post_link( $post_id, 'js' ); 
  168. } else { 
  169. $redirect = false; 
  170.  
  171. /** 
  172. * Filters the URL to redirect to when Press This saves. 
  173. * 
  174. * @since 4.2.0 
  175. * 
  176. * @param string $url Redirect URL. If `$status` is 'publish', this will be the post permalink. 
  177. * Otherwise, the default is false resulting in no redirect. 
  178. * @param int $post_id Post ID. 
  179. * @param string $status Post status. 
  180. */ 
  181. $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post_data['post_status'] ); 
  182.  
  183. if ( $redirect ) { 
  184. wp_send_json_success( array( 'redirect' => $redirect, 'force' => $forceRedirect ) ); 
  185. } else { 
  186. wp_send_json_success( array( 'postSaved' => true ) ); 
  187.  
  188. /** 
  189. * Ajax handler for adding a new category. 
  190. * 
  191. * @since 4.2.0 
  192. * @access public 
  193. */ 
  194. public function add_category() { 
  195. if ( false === wp_verify_nonce( $_POST['new_cat_nonce'], 'add-category' ) ) { 
  196. wp_send_json_error(); 
  197.  
  198. $taxonomy = get_taxonomy( 'category' ); 
  199.  
  200. if ( ! current_user_can( $taxonomy->cap->edit_terms ) || empty( $_POST['name'] ) ) { 
  201. wp_send_json_error(); 
  202.  
  203. $parent = isset( $_POST['parent'] ) && (int) $_POST['parent'] > 0 ? (int) $_POST['parent'] : 0; 
  204. $names = explode( ', ', $_POST['name'] ); 
  205. $added = $data = array(); 
  206.  
  207. foreach ( $names as $cat_name ) { 
  208. $cat_name = trim( $cat_name ); 
  209. $cat_nicename = sanitize_title( $cat_name ); 
  210.  
  211. if ( empty( $cat_nicename ) ) { 
  212. continue; 
  213.  
  214. // @todo Find a more performant way to check existence, maybe get_term() with a separate parent check. 
  215. if ( term_exists( $cat_name, $taxonomy->name, $parent ) ) { 
  216. if ( count( $names ) === 1 ) { 
  217. wp_send_json_error( array( 'errorMessage' => __( 'This category already exists.' ) ) ); 
  218. } else { 
  219. continue; 
  220.  
  221. $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) ); 
  222.  
  223. if ( is_wp_error( $cat_id ) ) { 
  224. continue; 
  225. } elseif ( is_array( $cat_id ) ) { 
  226. $cat_id = $cat_id['term_id']; 
  227.  
  228. $added[] = $cat_id; 
  229.  
  230. if ( empty( $added ) ) { 
  231. wp_send_json_error( array( 'errorMessage' => __( 'This category cannot be added. Please change the name and try again.' ) ) ); 
  232.  
  233. foreach ( $added as $new_cat_id ) { 
  234. $new_cat = get_category( $new_cat_id ); 
  235.  
  236. if ( is_wp_error( $new_cat ) ) { 
  237. wp_send_json_error( array( 'errorMessage' => __( 'Error while adding the category. Please try again later.' ) ) ); 
  238.  
  239. $data[] = array( 
  240. 'term_id' => $new_cat->term_id,  
  241. 'name' => $new_cat->name,  
  242. 'parent' => $new_cat->parent,  
  243. ); 
  244. wp_send_json_success( $data ); 
  245.  
  246. /** 
  247. * Downloads the source's HTML via server-side call for the given URL. 
  248. * 
  249. * @since 4.2.0 
  250. * @access public 
  251. * 
  252. * @param string $url URL to scan. 
  253. * @return string Source's HTML sanitized markup 
  254. */ 
  255. public function fetch_source_html( $url ) { 
  256. if ( empty( $url ) ) { 
  257. return new WP_Error( 'invalid-url', __( 'A valid URL was not provided.' ) ); 
  258.  
  259. $remote_url = wp_safe_remote_get( $url, array( 
  260. 'timeout' => 30,  
  261. // Use an explicit user-agent for Press This 
  262. 'user-agent' => 'Press This (WordPress/' . get_bloginfo( 'version' ) . '); ' . get_bloginfo( 'url' ) 
  263. ) ); 
  264.  
  265. if ( is_wp_error( $remote_url ) ) { 
  266. return $remote_url; 
  267.  
  268. $allowed_elements = array( 
  269. 'img' => array( 
  270. 'src' => true,  
  271. 'width' => true,  
  272. 'height' => true,  
  273. ),  
  274. 'iframe' => array( 
  275. 'src' => true,  
  276. ),  
  277. 'link' => array( 
  278. 'rel' => true,  
  279. 'itemprop' => true,  
  280. 'href' => true,  
  281. ),  
  282. 'meta' => array( 
  283. 'property' => true,  
  284. 'name' => true,  
  285. 'content' => true,  
  286. ); 
  287.  
  288. $source_content = wp_remote_retrieve_body( $remote_url ); 
  289. $source_content = wp_kses( $source_content, $allowed_elements ); 
  290.  
  291. return $source_content; 
  292.  
  293. /** 
  294. * Utility method to limit an array to 50 values. 
  295. * 
  296. * @ignore 
  297. * @since 4.2.0 
  298. * 
  299. * @param array $value Array to limit. 
  300. * @return array Original array if fewer than 50 values, limited array, empty array otherwise. 
  301. */ 
  302. private function _limit_array( $value ) { 
  303. if ( is_array( $value ) ) { 
  304. if ( count( $value ) > 50 ) { 
  305. return array_slice( $value, 0, 50 ); 
  306.  
  307. return $value; 
  308.  
  309. return array(); 
  310.  
  311. /** 
  312. * Utility method to limit the length of a given string to 5, 000 characters. 
  313. * 
  314. * @ignore 
  315. * @since 4.2.0 
  316. * 
  317. * @param string $value String to limit. 
  318. * @return bool|int|string If boolean or integer, that value. If a string, the original value 
  319. * if fewer than 5, 000 characters, a truncated version, otherwise an 
  320. * empty string. 
  321. */ 
  322. private function _limit_string( $value ) { 
  323. $return = ''; 
  324.  
  325. if ( is_numeric( $value ) || is_bool( $value ) ) { 
  326. $return = $value; 
  327. } else if ( is_string( $value ) ) { 
  328. if ( mb_strlen( $value ) > 5000 ) { 
  329. $return = mb_substr( $value, 0, 5000 ); 
  330. } else { 
  331. $return = $value; 
  332.  
  333. $return = html_entity_decode( $return, ENT_QUOTES, 'UTF-8' ); 
  334. $return = sanitize_text_field( trim( $return ) ); 
  335.  
  336. return $return; 
  337.  
  338. /** 
  339. * Utility method to limit a given URL to 2, 048 characters. 
  340. * 
  341. * @ignore 
  342. * @since 4.2.0 
  343. * 
  344. * @param string $url URL to check for length and validity. 
  345. * @return string Escaped URL if of valid length (< 2048) and makeup. Empty string otherwise. 
  346. */ 
  347. private function _limit_url( $url ) { 
  348. if ( ! is_string( $url ) ) { 
  349. return ''; 
  350.  
  351. // HTTP 1.1 allows 8000 chars but the "de-facto" standard supported in all current browsers is 2048. 
  352. if ( strlen( $url ) > 2048 ) { 
  353. return ''; // Return empty rather than a truncated/invalid URL 
  354.  
  355. // Does not look like a URL. 
  356. if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) { 
  357. return ''; 
  358.  
  359. // If the URL is root-relative, prepend the protocol and domain name 
  360. if ( $url && $this->domain && preg_match( '%^/[^/]+%', $url ) ) { 
  361. $url = $this->domain . $url; 
  362.  
  363. // Not absolute or protocol-relative URL. 
  364. if ( ! preg_match( '%^(?:https?:)?//[^/]+%', $url ) ) { 
  365. return ''; 
  366.  
  367. return esc_url_raw( $url, array( 'http', 'https' ) ); 
  368.  
  369. /** 
  370. * Utility method to limit image source URLs. 
  371. * 
  372. * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WordPress interface images,  
  373. * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WordPress.com stats gif. 
  374. * 
  375. * @ignore 
  376. * @since 4.2.0 
  377. * 
  378. * @param string $src Image source URL. 
  379. * @return string If not matched an excluded URL type, the original URL, empty string otherwise. 
  380. */ 
  381. private function _limit_img( $src ) { 
  382. $src = $this->_limit_url( $src ); 
  383.  
  384. if ( preg_match( '!/ad[sx]?/!i', $src ) ) { 
  385. // Ads 
  386. return ''; 
  387. } else if ( preg_match( '!(/share-?this[^.]+?\.[a-z0-9]{3, 4})(\?.*)?$!i', $src ) ) { 
  388. // Share-this type button 
  389. return ''; 
  390. } else if ( preg_match( '!/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)!i', $src ) ) { 
  391. // Loaders, spinners, spacers 
  392. return ''; 
  393. } else if ( preg_match( '!/([^./]+[-_])?(spinner|loading|spacer|blank)s?([-_][^./]+)?\.[a-z0-9]{3, 4}!i', $src ) ) { 
  394. // Fancy loaders, spinners, spacers 
  395. return ''; 
  396. } else if ( preg_match( '!([^./]+[-_])?thumb[^.]*\.(gif|jpg|png)$!i', $src ) ) { 
  397. // Thumbnails, too small, usually irrelevant to context 
  398. return ''; 
  399. } else if ( false !== stripos( $src, '/wp-includes/' ) ) { 
  400. // Classic WordPress interface images 
  401. return ''; 
  402. } else if ( preg_match( '![^\d]\d{1, 2}x\d+\.(gif|jpg|png)$!i', $src ) ) { 
  403. // Most often tiny buttons/thumbs (< 100px wide) 
  404. return ''; 
  405. } else if ( preg_match( '!/pixel\.(mathtag|quantserve)\.com!i', $src ) ) { 
  406. // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/ 
  407. return ''; 
  408. } else if ( preg_match( '!/[gb]\.gif(\?.+)?$!i', $src ) ) { 
  409. // WordPress.com stats gif 
  410. return ''; 
  411.  
  412. return $src; 
  413.  
  414. /** 
  415. * Limit embed source URLs to specific providers. 
  416. * 
  417. * Not all core oEmbed providers are supported. Supported providers include YouTube, Vimeo,  
  418. * Vine, Daily Motion, SoundCloud, and Twitter. 
  419. * 
  420. * @ignore 
  421. * @since 4.2.0 
  422. * 
  423. * @param string $src Embed source URL. 
  424. * @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL. 
  425. */ 
  426. private function _limit_embed( $src ) { 
  427. $src = $this->_limit_url( $src ); 
  428.  
  429. if ( empty( $src ) ) 
  430. return ''; 
  431.  
  432. if ( preg_match( '!//(m|www)\.youtube\.com/(embed|v)/([^?]+)\?.+$!i', $src, $src_matches ) ) { 
  433. // Embedded Youtube videos (www or mobile) 
  434. $src = 'https://www.youtube.com/watch?v=' . $src_matches[3]; 
  435. } else if ( preg_match( '!//player\.vimeo\.com/video/([\d]+)([?/].*)?$!i', $src, $src_matches ) ) { 
  436. // Embedded Vimeo iframe videos 
  437. $src = 'https://vimeo.com/' . (int) $src_matches[1]; 
  438. } else if ( preg_match( '!//vimeo\.com/moogaloop\.swf\?clip_id=([\d]+)$!i', $src, $src_matches ) ) { 
  439. // Embedded Vimeo Flash videos 
  440. $src = 'https://vimeo.com/' . (int) $src_matches[1]; 
  441. } else if ( preg_match( '!//vine\.co/v/([^/]+)/embed!i', $src, $src_matches ) ) { 
  442. // Embedded Vine videos 
  443. $src = 'https://vine.co/v/' . $src_matches[1]; 
  444. } else if ( preg_match( '!//(www\.)?dailymotion\.com/embed/video/([^/?]+)([/?].+)?!i', $src, $src_matches ) ) { 
  445. // Embedded Daily Motion videos 
  446. $src = 'https://www.dailymotion.com/video/' . $src_matches[2]; 
  447. } else { 
  448. $oembed = _wp_oembed_get_object(); 
  449.  
  450. if ( ! $oembed->get_provider( $src, array( 'discover' => false ) ) ) { 
  451. $src = ''; 
  452.  
  453. return $src; 
  454.  
  455. /** 
  456. * Process a meta data entry from the source. 
  457. * 
  458. * @ignore 
  459. * @since 4.2.0 
  460. * 
  461. * @param string $meta_name Meta key name. 
  462. * @param mixed $meta_value Meta value. 
  463. * @param array $data Associative array of source data. 
  464. * @return array Processed data array. 
  465. */ 
  466. private function _process_meta_entry( $meta_name, $meta_value, $data ) { 
  467. if ( preg_match( '/:?(title|description|keywords|site_name)$/', $meta_name ) ) { 
  468. $data['_meta'][ $meta_name ] = $meta_value; 
  469. } else { 
  470. switch ( $meta_name ) { 
  471. case 'og:url': 
  472. case 'og:video': 
  473. case 'og:video:secure_url': 
  474. $meta_value = $this->_limit_embed( $meta_value ); 
  475.  
  476. if ( ! isset( $data['_embeds'] ) ) { 
  477. $data['_embeds'] = array(); 
  478.  
  479. if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_embeds'] ) ) { 
  480. $data['_embeds'][] = $meta_value; 
  481.  
  482. break; 
  483. case 'og:image': 
  484. case 'og:image:secure_url': 
  485. case 'twitter:image0:src': 
  486. case 'twitter:image0': 
  487. case 'twitter:image:src': 
  488. case 'twitter:image': 
  489. $meta_value = $this->_limit_img( $meta_value ); 
  490.  
  491. if ( ! isset( $data['_images'] ) ) { 
  492. $data['_images'] = array(); 
  493.  
  494. if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_images'] ) ) { 
  495. $data['_images'][] = $meta_value; 
  496.  
  497. break; 
  498.  
  499. return $data; 
  500.  
  501. /** 
  502. * Fetches and parses _meta, _images, and _links data from the source. 
  503. * 
  504. * @since 4.2.0 
  505. * @access public 
  506. * 
  507. * @param string $url URL to scan. 
  508. * @param array $data Optional. Existing data array if you have one. Default empty array. 
  509. * @return array New data array. 
  510. */ 
  511. public function source_data_fetch_fallback( $url, $data = array() ) { 
  512. if ( empty( $url ) ) { 
  513. return array(); 
  514.  
  515. // Download source page to tmp file. 
  516. $source_content = $this->fetch_source_html( $url ); 
  517. if ( is_wp_error( $source_content ) ) { 
  518. return array( 'errors' => $source_content->get_error_messages() ); 
  519.  
  520. // Fetch and gather <meta> data first, so discovered media is offered 1st to user. 
  521. if ( empty( $data['_meta'] ) ) { 
  522. $data['_meta'] = array(); 
  523.  
  524. if ( preg_match_all( '/<meta [^>]+>/', $source_content, $matches ) ) { 
  525. $items = $this->_limit_array( $matches[0] ); 
  526.  
  527. foreach ( $items as $value ) { 
  528. if ( preg_match( '/(property|name)="([^"]+)"[^>]+content="([^"]+)"/', $value, $new_matches ) ) { 
  529. $meta_name = $this->_limit_string( $new_matches[2] ); 
  530. $meta_value = $this->_limit_string( $new_matches[3] ); 
  531.  
  532. // Sanity check. $key is usually things like 'title', 'description', 'keywords', etc. 
  533. if ( strlen( $meta_name ) > 100 ) { 
  534. continue; 
  535.  
  536. $data = $this->_process_meta_entry( $meta_name, $meta_value, $data ); 
  537.  
  538. // Fetch and gather <img> data. 
  539. if ( empty( $data['_images'] ) ) { 
  540. $data['_images'] = array(); 
  541.  
  542. if ( preg_match_all( '/<img [^>]+>/', $source_content, $matches ) ) { 
  543. $items = $this->_limit_array( $matches[0] ); 
  544.  
  545. foreach ( $items as $value ) { 
  546. if ( ( preg_match( '/width=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 256 ) || 
  547. ( preg_match( '/height=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 128 ) ) { 
  548.  
  549. continue; 
  550.  
  551. if ( preg_match( '/src=(\'|")([^\'"]+)\\1/i', $value, $new_matches ) ) { 
  552. $src = $this->_limit_img( $new_matches[2] ); 
  553. if ( ! empty( $src ) && ! in_array( $src, $data['_images'] ) ) { 
  554. $data['_images'][] = $src; 
  555.  
  556. // Fetch and gather <iframe> data. 
  557. if ( empty( $data['_embeds'] ) ) { 
  558. $data['_embeds'] = array(); 
  559.  
  560. if ( preg_match_all( '/<iframe [^>]+>/', $source_content, $matches ) ) { 
  561. $items = $this->_limit_array( $matches[0] ); 
  562.  
  563. foreach ( $items as $value ) { 
  564. if ( preg_match( '/src=(\'|")([^\'"]+)\\1/', $value, $new_matches ) ) { 
  565. $src = $this->_limit_embed( $new_matches[2] ); 
  566.  
  567. if ( ! empty( $src ) && ! in_array( $src, $data['_embeds'] ) ) { 
  568. $data['_embeds'][] = $src; 
  569.  
  570. // Fetch and gather <link> data. 
  571. if ( empty( $data['_links'] ) ) { 
  572. $data['_links'] = array(); 
  573.  
  574. if ( preg_match_all( '/<link [^>]+>/', $source_content, $matches ) ) { 
  575. $items = $this->_limit_array( $matches[0] ); 
  576.  
  577. foreach ( $items as $value ) { 
  578. if ( preg_match( '/rel=["\'](canonical|shortlink|icon)["\']/i', $value, $matches_rel ) && preg_match( '/href=[\'"]([^\'" ]+)[\'"]/i', $value, $matches_url ) ) { 
  579. $rel = $matches_rel[1]; 
  580. $url = $this->_limit_url( $matches_url[1] ); 
  581.  
  582. if ( ! empty( $url ) && empty( $data['_links'][ $rel ] ) ) { 
  583. $data['_links'][ $rel ] = $url; 
  584.  
  585. return $data; 
  586.  
  587. /** 
  588. * Handles backward-compat with the legacy version of Press This by supporting its query string params. 
  589. * 
  590. * @since 4.2.0 
  591. * @access public 
  592. * 
  593. * @return array 
  594. */ 
  595. public function merge_or_fetch_data() { 
  596. // Get data from $_POST and $_GET, as appropriate ($_POST > $_GET), to remain backward compatible. 
  597. $data = array(); 
  598.  
  599. // Only instantiate the keys we want. Sanity check and sanitize each one. 
  600. foreach ( array( 'u', 's', 't', 'v' ) as $key ) { 
  601. if ( ! empty( $_POST[ $key ] ) ) { 
  602. $value = wp_unslash( $_POST[ $key ] ); 
  603. } else if ( ! empty( $_GET[ $key ] ) ) { 
  604. $value = wp_unslash( $_GET[ $key ] ); 
  605. } else { 
  606. continue; 
  607.  
  608. if ( 'u' === $key ) { 
  609. $value = $this->_limit_url( $value ); 
  610.  
  611. if ( preg_match( '%^(?:https?:)?//[^/]+%i', $value, $domain_match ) ) { 
  612. $this->domain = $domain_match[0]; 
  613. } else { 
  614. $value = $this->_limit_string( $value ); 
  615.  
  616. if ( ! empty( $value ) ) { 
  617. $data[ $key ] = $value; 
  618.  
  619. /** 
  620. * Filters whether to enable in-source media discovery in Press This. 
  621. * 
  622. * @since 4.2.0 
  623. * 
  624. * @param bool $enable Whether to enable media discovery. 
  625. */ 
  626. if ( apply_filters( 'enable_press_this_media_discovery', true ) ) { 
  627. /** 
  628. * If no title, _images, _embed, and _meta was passed via $_POST, fetch data from source as fallback,  
  629. * making PT fully backward compatible with the older bookmarklet. 
  630. */ 
  631. if ( empty( $_POST ) && ! empty( $data['u'] ) ) { 
  632. if ( isset( $_GET['_wpnonce'] ) && wp_verify_nonce( $_GET['_wpnonce'], 'scan-site' ) ) { 
  633. $data = $this->source_data_fetch_fallback( $data['u'], $data ); 
  634. } else { 
  635. $data['errors'] = 'missing nonce'; 
  636. } else { 
  637. foreach ( array( '_images', '_embeds' ) as $type ) { 
  638. if ( empty( $_POST[ $type ] ) ) { 
  639. continue; 
  640.  
  641. $data[ $type ] = array(); 
  642. $items = $this->_limit_array( $_POST[ $type ] ); 
  643.  
  644. foreach ( $items as $key => $value ) { 
  645. if ( $type === '_images' ) { 
  646. $value = $this->_limit_img( wp_unslash( $value ) ); 
  647. } else { 
  648. $value = $this->_limit_embed( wp_unslash( $value ) ); 
  649.  
  650. if ( ! empty( $value ) ) { 
  651. $data[ $type ][] = $value; 
  652.  
  653. foreach ( array( '_meta', '_links' ) as $type ) { 
  654. if ( empty( $_POST[ $type ] ) ) { 
  655. continue; 
  656.  
  657. $data[ $type ] = array(); 
  658. $items = $this->_limit_array( $_POST[ $type ] ); 
  659.  
  660. foreach ( $items as $key => $value ) { 
  661. // Sanity check. These are associative arrays, $key is usually things like 'title', 'description', 'keywords', etc. 
  662. if ( empty( $key ) || strlen( $key ) > 100 ) { 
  663. continue; 
  664.  
  665. if ( $type === '_meta' ) { 
  666. $value = $this->_limit_string( wp_unslash( $value ) ); 
  667.  
  668. if ( ! empty( $value ) ) { 
  669. $data = $this->_process_meta_entry( $key, $value, $data ); 
  670. } else { 
  671. if ( in_array( $key, array( 'canonical', 'shortlink', 'icon' ), true ) ) { 
  672. $data[ $type ][ $key ] = $this->_limit_url( wp_unslash( $value ) ); 
  673.  
  674. // Support passing a single image src as `i` 
  675. if ( ! empty( $_REQUEST['i'] ) && ( $img_src = $this->_limit_img( wp_unslash( $_REQUEST['i'] ) ) ) ) { 
  676. if ( empty( $data['_images'] ) ) { 
  677. $data['_images'] = array( $img_src ); 
  678. } elseif ( ! in_array( $img_src, $data['_images'], true ) ) { 
  679. array_unshift( $data['_images'], $img_src ); 
  680.  
  681. /** 
  682. * Filters the Press This data array. 
  683. * 
  684. * @since 4.2.0 
  685. * 
  686. * @param array $data Press This Data array. 
  687. */ 
  688. return apply_filters( 'press_this_data', $data ); 
  689.  
  690. /** 
  691. * Adds another stylesheet inside TinyMCE. 
  692. * 
  693. * @since 4.2.0 
  694. * @access public 
  695. * 
  696. * @param string $styles URL to editor stylesheet. 
  697. * @return string Possibly modified stylesheets list. 
  698. */ 
  699. public function add_editor_style( $styles ) { 
  700. if ( ! empty( $styles ) ) { 
  701. $styles .= ', '; 
  702.  
  703. $press_this = admin_url( 'css/press-this-editor.css' ); 
  704. if ( is_rtl() ) { 
  705. $press_this = str_replace( '.css', '-rtl.css', $press_this ); 
  706.  
  707. return $styles . $press_this; 
  708.  
  709. /** 
  710. * Outputs the post format selection HTML. 
  711. * 
  712. * @since 4.2.0 
  713. * @access public 
  714. * 
  715. * @param WP_Post $post Post object. 
  716. */ 
  717. public function post_formats_html( $post ) { 
  718. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) ) { 
  719. $post_formats = get_theme_support( 'post-formats' ); 
  720.  
  721. if ( is_array( $post_formats[0] ) ) { 
  722. $post_format = get_post_format( $post->ID ); 
  723.  
  724. if ( ! $post_format ) { 
  725. $post_format = '0'; 
  726.  
  727. // Add in the current one if it isn't there yet, in case the current theme doesn't support it. 
  728. if ( $post_format && ! in_array( $post_format, $post_formats[0] ) ) { 
  729. $post_formats[0][] = $post_format; 
  730.  
  731. ?> 
  732. <div id="post-formats-select"> 
  733. <fieldset><legend class="screen-reader-text"><?php _e( 'Post Formats' ); ?></legend> 
  734. <input type="radio" name="post_format" class="post-format" id="post-format-0" value="0" <?php checked( $post_format, '0' ); ?> /> 
  735. <label for="post-format-0" class="post-format-icon post-format-standard"><?php echo get_post_format_string( 'standard' ); ?></label> 
  736. <?php 
  737.  
  738. foreach ( $post_formats[0] as $format ) { 
  739. $attr_format = esc_attr( $format ); 
  740. ?> 
  741. <br /> 
  742. <input type="radio" name="post_format" class="post-format" id="post-format-<?php echo $attr_format; ?>" value="<?php echo $attr_format; ?>" <?php checked( $post_format, $format ); ?> /> 
  743. <label for="post-format-<?php echo $attr_format ?>" class="post-format-icon post-format-<?php echo $attr_format; ?>"><?php echo esc_html( get_post_format_string( $format ) ); ?></label> 
  744. <?php 
  745.  
  746. ?> 
  747. </fieldset> 
  748. </div> 
  749. <?php 
  750.  
  751. /** 
  752. * Outputs the categories HTML. 
  753. * 
  754. * @since 4.2.0 
  755. * @access public 
  756. * 
  757. * @param WP_Post $post Post object. 
  758. */ 
  759. public function categories_html( $post ) { 
  760. $taxonomy = get_taxonomy( 'category' ); 
  761.  
  762. // Bail if user cannot assign terms 
  763. if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) { 
  764. return; 
  765.  
  766. // Only show "add" if user can edit terms 
  767. if ( current_user_can( $taxonomy->cap->edit_terms ) ) { 
  768. ?> 
  769. <button type="button" class="add-cat-toggle button-link" aria-expanded="false"> 
  770. <span class="dashicons dashicons-plus"></span><span class="screen-reader-text"><?php _e( 'Toggle add category' ); ?></span> 
  771. </button> 
  772. <div class="add-category is-hidden"> 
  773. <label class="screen-reader-text" for="new-category"><?php echo $taxonomy->labels->add_new_item; ?></label> 
  774. <input type="text" id="new-category" class="add-category-name" placeholder="<?php echo esc_attr( $taxonomy->labels->new_item_name ); ?>" value="" aria-required="true"> 
  775. <label class="screen-reader-text" for="new-category-parent"><?php echo $taxonomy->labels->parent_item_colon; ?></label> 
  776. <div class="postform-wrapper"> 
  777. <?php 
  778. wp_dropdown_categories( array( 
  779. 'taxonomy' => 'category',  
  780. 'hide_empty' => 0,  
  781. 'name' => 'new-category-parent',  
  782. 'orderby' => 'name',  
  783. 'hierarchical' => 1,  
  784. 'show_option_none' => '— ' . $taxonomy->labels->parent_item . ' —' 
  785. ) ); 
  786. ?> 
  787. </div> 
  788. <button type="button" class="add-cat-submit"><?php _e( 'Add' ); ?></button> 
  789. </div> 
  790. <?php 
  791.  
  792. ?> 
  793. <div class="categories-search-wrapper"> 
  794. <input id="categories-search" type="search" class="categories-search" placeholder="<?php esc_attr_e( 'Search categories by name' ) ?>"> 
  795. <label for="categories-search"> 
  796. <span class="dashicons dashicons-search"></span><span class="screen-reader-text"><?php _e( 'Search categories' ); ?></span> 
  797. </label> 
  798. </div> 
  799. <div aria-label="<?php esc_attr_e( 'Categories' ); ?>"> 
  800. <ul class="categories-select"> 
  801. <?php wp_terms_checklist( $post->ID, array( 'taxonomy' => 'category', 'list_only' => true ) ); ?> 
  802. </ul> 
  803. </div> 
  804. <?php 
  805.  
  806. /** 
  807. * Outputs the tags HTML. 
  808. * 
  809. * @since 4.2.0 
  810. * @access public 
  811. * 
  812. * @param WP_Post $post Post object. 
  813. */ 
  814. public function tags_html( $post ) { 
  815. $taxonomy = get_taxonomy( 'post_tag' ); 
  816. $user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms ); 
  817. $esc_tags = get_terms_to_edit( $post->ID, 'post_tag' ); 
  818.  
  819. if ( ! $esc_tags || is_wp_error( $esc_tags ) ) { 
  820. $esc_tags = ''; 
  821.  
  822. ?> 
  823. <div class="tagsdiv" id="post_tag"> 
  824. <div class="jaxtag"> 
  825. <input type="hidden" name="tax_input[post_tag]" class="the-tags" value="<?php echo $esc_tags; // escaped in get_terms_to_edit() ?>"> 
  826. <?php 
  827.  
  828. if ( $user_can_assign_terms ) { 
  829. ?> 
  830. <div class="ajaxtag hide-if-no-js"> 
  831. <label class="screen-reader-text" for="new-tag-post_tag"><?php _e( 'Tags' ); ?></label> 
  832. <p> 
  833. <input type="text" id="new-tag-post_tag" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="" aria-describedby="new-tag-desc" /> 
  834. <button type="button" class="tagadd"><?php _e( 'Add' ); ?></button> 
  835. </p> 
  836. </div> 
  837. <p class="howto" id="new-tag-desc"> 
  838. <?php echo $taxonomy->labels->separate_items_with_commas; ?> 
  839. </p> 
  840. <?php 
  841.  
  842. ?> 
  843. </div> 
  844. <div class="tagchecklist"></div> 
  845. </div> 
  846. <?php 
  847.  
  848. if ( $user_can_assign_terms ) { 
  849. ?> 
  850. <button type="button" class="button-link tagcloud-link" id="link-post_tag" aria-expanded="false"><?php echo $taxonomy->labels->choose_from_most_used; ?></button> 
  851. <?php 
  852.  
  853. /** 
  854. * Get a list of embeds with no duplicates. 
  855. * 
  856. * @since 4.2.0 
  857. * @access public 
  858. * 
  859. * @param array $data The site's data. 
  860. * @return array Embeds selected to be available. 
  861. */ 
  862. public function get_embeds( $data ) { 
  863. $selected_embeds = array(); 
  864.  
  865. // Make sure to add the Pressed page if it's a valid oembed itself 
  866. if ( ! empty ( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) { 
  867. $data['_embeds'][] = $data['u']; 
  868.  
  869. if ( ! empty( $data['_embeds'] ) ) { 
  870. foreach ( $data['_embeds'] as $src ) { 
  871. $prot_relative_src = preg_replace( '/^https?:/', '', $src ); 
  872.  
  873. if ( in_array( $prot_relative_src, $this->embeds ) ) { 
  874. continue; 
  875.  
  876. $selected_embeds[] = $src; 
  877. $this->embeds[] = $prot_relative_src; 
  878.  
  879. return $selected_embeds; 
  880.  
  881. /** 
  882. * Get a list of images with no duplicates. 
  883. * 
  884. * @since 4.2.0 
  885. * @access public 
  886. * 
  887. * @param array $data The site's data. 
  888. * @return array 
  889. */ 
  890. public function get_images( $data ) { 
  891. $selected_images = array(); 
  892.  
  893. if ( ! empty( $data['_images'] ) ) { 
  894. foreach ( $data['_images'] as $src ) { 
  895. if ( false !== strpos( $src, 'gravatar.com' ) ) { 
  896. $src = preg_replace( '%http://[\d]+\.gravatar\.com/%', 'https://secure.gravatar.com/', $src ); 
  897.  
  898. $prot_relative_src = preg_replace( '/^https?:/', '', $src ); 
  899.  
  900. if ( in_array( $prot_relative_src, $this->images ) || 
  901. ( false !== strpos( $src, 'avatar' ) && count( $this->images ) > 15 ) ) { 
  902. // Skip: already selected or some type of avatar and we've already gathered more than 15 images. 
  903. continue; 
  904.  
  905. $selected_images[] = $src; 
  906. $this->images[] = $prot_relative_src; 
  907.  
  908. return $selected_images; 
  909.  
  910. /** 
  911. * Gets the source page's canonical link, based on passed location and meta data. 
  912. * 
  913. * @since 4.2.0 
  914. * @access public 
  915. * 
  916. * @param array $data The site's data. 
  917. * @return string Discovered canonical URL, or empty 
  918. */ 
  919. public function get_canonical_link( $data ) { 
  920. $link = ''; 
  921.  
  922. if ( ! empty( $data['_links']['canonical'] ) ) { 
  923. $link = $data['_links']['canonical']; 
  924. } elseif ( ! empty( $data['u'] ) ) { 
  925. $link = $data['u']; 
  926. } elseif ( ! empty( $data['_meta'] ) ) { 
  927. if ( ! empty( $data['_meta']['twitter:url'] ) ) { 
  928. $link = $data['_meta']['twitter:url']; 
  929. } else if ( ! empty( $data['_meta']['og:url'] ) ) { 
  930. $link = $data['_meta']['og:url']; 
  931.  
  932. if ( empty( $link ) && ! empty( $data['_links']['shortlink'] ) ) { 
  933. $link = $data['_links']['shortlink']; 
  934.  
  935. return $link; 
  936.  
  937. /** 
  938. * Gets the source page's site name, based on passed meta data. 
  939. * 
  940. * @since 4.2.0 
  941. * @access public 
  942. * 
  943. * @param array $data The site's data. 
  944. * @return string Discovered site name, or empty 
  945. */ 
  946. public function get_source_site_name( $data ) { 
  947. $name = ''; 
  948.  
  949. if ( ! empty( $data['_meta'] ) ) { 
  950. if ( ! empty( $data['_meta']['og:site_name'] ) ) { 
  951. $name = $data['_meta']['og:site_name']; 
  952. } else if ( ! empty( $data['_meta']['application-name'] ) ) { 
  953. $name = $data['_meta']['application-name']; 
  954.  
  955. return $name; 
  956.  
  957. /** 
  958. * Gets the source page's title, based on passed title and meta data. 
  959. * 
  960. * @since 4.2.0 
  961. * @access public 
  962. * 
  963. * @param array $data The site's data. 
  964. * @return string Discovered page title, or empty 
  965. */ 
  966. public function get_suggested_title( $data ) { 
  967. $title = ''; 
  968.  
  969. if ( ! empty( $data['t'] ) ) { 
  970. $title = $data['t']; 
  971. } elseif ( ! empty( $data['_meta'] ) ) { 
  972. if ( ! empty( $data['_meta']['twitter:title'] ) ) { 
  973. $title = $data['_meta']['twitter:title']; 
  974. } else if ( ! empty( $data['_meta']['og:title'] ) ) { 
  975. $title = $data['_meta']['og:title']; 
  976. } else if ( ! empty( $data['_meta']['title'] ) ) { 
  977. $title = $data['_meta']['title']; 
  978.  
  979. return $title; 
  980.  
  981. /** 
  982. * Gets the source page's suggested content, based on passed data (description, selection, etc). 
  983. * 
  984. * Features a blockquoted excerpt, as well as content attribution, if any. 
  985. * 
  986. * @since 4.2.0 
  987. * @access public 
  988. * 
  989. * @param array $data The site's data. 
  990. * @return string Discovered content, or empty 
  991. */ 
  992. public function get_suggested_content( $data ) { 
  993. $content = $text = ''; 
  994.  
  995. if ( ! empty( $data['s'] ) ) { 
  996. $text = $data['s']; 
  997. } else if ( ! empty( $data['_meta'] ) ) { 
  998. if ( ! empty( $data['_meta']['twitter:description'] ) ) { 
  999. $text = $data['_meta']['twitter:description']; 
  1000. } else if ( ! empty( $data['_meta']['og:description'] ) ) { 
  1001. $text = $data['_meta']['og:description']; 
  1002. } else if ( ! empty( $data['_meta']['description'] ) ) { 
  1003. $text = $data['_meta']['description']; 
  1004.  
  1005. // If there is an ellipsis at the end, the description is very likely auto-generated. Better to ignore it. 
  1006. if ( $text && substr( $text, -3 ) === '...' ) { 
  1007. $text = ''; 
  1008.  
  1009. $default_html = array( 'quote' => '', 'link' => '', 'embed' => '' ); 
  1010.  
  1011. if ( ! empty( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) { 
  1012. $default_html['embed'] = '<p></p>'; 
  1013.  
  1014. if ( ! empty( $data['s'] ) ) { 
  1015. // If the user has selected some text, do quote it. 
  1016. $default_html['quote'] = '<blockquote>%1$s</blockquote>'; 
  1017. } else { 
  1018. $default_html['quote'] = '<blockquote>%1$s</blockquote>'; 
  1019. $default_html['link'] = '<p>' . _x( 'Source:', 'Used in Press This to indicate where the content comes from.' ) . 
  1020. ' <em><a href="%1$s">%2$s</a></em></p>'; 
  1021.  
  1022. /** 
  1023. * Filters the default HTML tags used in the suggested content for the editor. 
  1024. * 
  1025. * The HTML strings use printf format. After filtering the content is added at the specified places with `sprintf()`. 
  1026. * 
  1027. * @since 4.2.0 
  1028. * 
  1029. * @param array $default_html Associative array with three possible keys: 
  1030. * - 'quote' where %1$s is replaced with the site description or the selected content. 
  1031. * - 'link' where %1$s is link href, %2$s is link text, usually the source page title. 
  1032. * - 'embed' which contains an shortcode when the source page offers embeddable content. 
  1033. * @param array $data Associative array containing the data from the source page. 
  1034. */ 
  1035. $default_html = apply_filters( 'press_this_suggested_html', $default_html, $data ); 
  1036.  
  1037. if ( ! empty( $default_html['embed'] ) ) { 
  1038. $content .= $default_html['embed']; 
  1039.  
  1040. // Wrap suggested content in the specified HTML. 
  1041. if ( ! empty( $default_html['quote'] ) && $text ) { 
  1042. $content .= sprintf( $default_html['quote'], $text ); 
  1043.  
  1044. // Add source attribution if there is one available. 
  1045. if ( ! empty( $default_html['link'] ) ) { 
  1046. $title = $this->get_suggested_title( $data ); 
  1047. $url = $this->get_canonical_link( $data ); 
  1048.  
  1049. if ( ! $title ) { 
  1050. $title = $this->get_source_site_name( $data ); 
  1051.  
  1052. if ( $url && $title ) { 
  1053. $content .= sprintf( $default_html['link'], $url, $title ); 
  1054.  
  1055. return $content; 
  1056.  
  1057. /** 
  1058. * Serves the app's base HTML, which in turns calls the load script. 
  1059. * 
  1060. * @since 4.2.0 
  1061. * @access public 
  1062. * 
  1063. * @global WP_Locale $wp_locale 
  1064. * @global bool $is_IE 
  1065. */ 
  1066. public function html() { 
  1067. global $wp_locale; 
  1068.  
  1069. $wp_version = get_bloginfo( 'version' ); 
  1070.  
  1071. // Get data, new (POST) and old (GET). 
  1072. $data = $this->merge_or_fetch_data(); 
  1073.  
  1074. $post_title = $this->get_suggested_title( $data ); 
  1075.  
  1076. $post_content = $this->get_suggested_content( $data ); 
  1077.  
  1078. // Get site settings array/data. 
  1079. $site_settings = $this->site_settings(); 
  1080.  
  1081. // Pass the images and embeds 
  1082. $images = $this->get_images( $data ); 
  1083. $embeds = $this->get_embeds( $data ); 
  1084.  
  1085. $site_data = array( 
  1086. 'v' => ! empty( $data['v'] ) ? $data['v'] : '',  
  1087. 'u' => ! empty( $data['u'] ) ? $data['u'] : '',  
  1088. 'hasData' => ! empty( $data ) && ! isset( $data['errors'] ),  
  1089. ); 
  1090.  
  1091. if ( ! empty( $images ) ) { 
  1092. $site_data['_images'] = $images; 
  1093.  
  1094. if ( ! empty( $embeds ) ) { 
  1095. $site_data['_embeds'] = $embeds; 
  1096.  
  1097. // Add press-this-editor.css and remove theme's editor-style.css, if any. 
  1098. remove_editor_styles(); 
  1099.  
  1100. add_filter( 'mce_css', array( $this, 'add_editor_style' ) ); 
  1101.  
  1102. if ( ! empty( $GLOBALS['is_IE'] ) ) { 
  1103. @header( 'X-UA-Compatible: IE=edge' ); 
  1104.  
  1105. @header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) ); 
  1106.  
  1107. ?> 
  1108. <!DOCTYPE html> 
  1109. <!--[if IE 7]> <html class="lt-ie9 lt-ie8" <?php language_attributes(); ?>> <![endif]--> 
  1110. <!--[if IE 8]> <html class="lt-ie9" <?php language_attributes(); ?>> <![endif]--> 
  1111. <!--[if gt IE 8]><!--> <html <?php language_attributes(); ?>> <!--<![endif]--> 
  1112. <head> 
  1113. <meta http-equiv="Content-Type" content="<?php echo esc_attr( get_bloginfo( 'html_type' ) ); ?>; charset=<?php echo esc_attr( get_option( 'blog_charset' ) ); ?>" /> 
  1114. <meta name="viewport" content="width=device-width"> 
  1115. <title><?php esc_html_e( 'Press This!' ) ?></title> 
  1116.  
  1117. <script> 
  1118. window.wpPressThisData = <?php echo wp_json_encode( $site_data ); ?>; 
  1119. window.wpPressThisConfig = <?php echo wp_json_encode( $site_settings ); ?>; 
  1120. </script> 
  1121.  
  1122. <script type="text/javascript"> 
  1123. var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',  
  1124. pagenow = 'press-this',  
  1125. typenow = 'post',  
  1126. adminpage = 'press-this-php',  
  1127. thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',  
  1128. decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',  
  1129. isRtl = <?php echo (int) is_rtl(); ?>; 
  1130. </script> 
  1131.  
  1132. <?php 
  1133. /** 
  1134. * $post->ID is needed for the embed shortcode so we can show oEmbed previews in the editor. 
  1135. * Maybe find a way without it. 
  1136. */ 
  1137. $post = get_default_post_to_edit( 'post', true ); 
  1138. $post_ID = (int) $post->ID; 
  1139.  
  1140. wp_enqueue_media( array( 'post' => $post_ID ) ); 
  1141. wp_enqueue_style( 'press-this' ); 
  1142. wp_enqueue_script( 'press-this' ); 
  1143. wp_enqueue_script( 'json2' ); 
  1144. wp_enqueue_script( 'editor' ); 
  1145.  
  1146. $categories_tax = get_taxonomy( 'category' ); 
  1147. $show_categories = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms ); 
  1148.  
  1149. $tag_tax = get_taxonomy( 'post_tag' ); 
  1150. $show_tags = current_user_can( $tag_tax->cap->assign_terms ); 
  1151.  
  1152. $supports_formats = false; 
  1153. $post_format = 0; 
  1154.  
  1155. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) ) { 
  1156. $supports_formats = true; 
  1157.  
  1158. if ( ! ( $post_format = get_post_format( $post_ID ) ) ) { 
  1159. $post_format = 0; 
  1160.  
  1161. /** This action is documented in wp-admin/admin-header.php */ 
  1162. do_action( 'admin_enqueue_scripts', 'press-this.php' ); 
  1163.  
  1164. /** This action is documented in wp-admin/admin-header.php */ 
  1165. do_action( 'admin_print_styles-press-this.php' ); 
  1166.  
  1167. /** This action is documented in wp-admin/admin-header.php */ 
  1168. do_action( 'admin_print_styles' ); 
  1169.  
  1170. /** This action is documented in wp-admin/admin-header.php */ 
  1171. do_action( 'admin_print_scripts-press-this.php' ); 
  1172.  
  1173. /** This action is documented in wp-admin/admin-header.php */ 
  1174. do_action( 'admin_print_scripts' ); 
  1175.  
  1176. /** This action is documented in wp-admin/admin-header.php */ 
  1177. do_action( 'admin_head-press-this.php' ); 
  1178.  
  1179. /** This action is documented in wp-admin/admin-header.php */ 
  1180. do_action( 'admin_head' ); 
  1181. ?> 
  1182. </head> 
  1183. <?php 
  1184.  
  1185. $admin_body_class = 'press-this'; 
  1186. $admin_body_class .= ( is_rtl() ) ? ' rtl' : ''; 
  1187. $admin_body_class .= ' branch-' . str_replace( array( '.', ', ' ), '-', floatval( $wp_version ) ); 
  1188. $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) ); 
  1189. $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' ); 
  1190. $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) ); 
  1191.  
  1192. /** This filter is documented in wp-admin/admin-header.php */ 
  1193. $admin_body_classes = apply_filters( 'admin_body_class', '' ); 
  1194.  
  1195. ?> 
  1196. <body class="wp-admin wp-core-ui <?php echo $admin_body_classes . ' ' . $admin_body_class; ?>"> 
  1197. <div id="adminbar" class="adminbar"> 
  1198. <h1 id="current-site" class="current-site"> 
  1199. <a class="current-site-link" href="<?php echo esc_url( home_url( '/' ) ); ?>" target="_blank" rel="home"> 
  1200. <span class="dashicons dashicons-wordpress"></span> 
  1201. <span class="current-site-name"><?php bloginfo( 'name' ); ?></span> 
  1202. </a> 
  1203. </h1> 
  1204. <button type="button" class="options button-link closed"> 
  1205. <span class="dashicons dashicons-tag on-closed"></span> 
  1206. <span class="screen-reader-text on-closed"><?php _e( 'Show post options' ); ?></span> 
  1207. <span aria-hidden="true" class="on-open"><?php _e( 'Done' ); ?></span> 
  1208. <span class="screen-reader-text on-open"><?php _e( 'Hide post options' ); ?></span> 
  1209. </button> 
  1210. </div> 
  1211.  
  1212. <div id="scanbar" class="scan"> 
  1213. <form method="GET"> 
  1214. <label for="url-scan" class="screen-reader-text"><?php _e( 'Scan site for content' ); ?></label> 
  1215. <input type="url" name="u" id="url-scan" class="scan-url" value="<?php echo esc_attr( $site_data['u'] ) ?>" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" /> 
  1216. <input type="submit" name="url-scan-submit" id="url-scan-submit" class="scan-submit" value="<?php esc_attr_e( 'Scan' ) ?>" /> 
  1217. <?php wp_nonce_field( 'scan-site' ); ?> 
  1218. </form> 
  1219. </div> 
  1220.  
  1221. <form id="pressthis-form" method="post" action="post.php" autocomplete="off"> 
  1222. <input type="hidden" name="post_ID" id="post_ID" value="<?php echo $post_ID; ?>" /> 
  1223. <input type="hidden" name="action" value="press-this-save-post" /> 
  1224. <input type="hidden" name="post_status" id="post_status" value="draft" /> 
  1225. <input type="hidden" name="wp-preview" id="wp-preview" value="" /> 
  1226. <input type="hidden" name="post_title" id="post_title" value="" /> 
  1227. <input type="hidden" name="pt-force-redirect" id="pt-force-redirect" value="" /> 
  1228. <?php 
  1229.  
  1230. wp_nonce_field( 'update-post_' . $post_ID, '_wpnonce', false ); 
  1231. wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false ); 
  1232.  
  1233. ?> 
  1234.  
  1235. <div class="wrapper"> 
  1236. <div class="editor-wrapper"> 
  1237. <div class="alerts" role="alert" aria-live="assertive" aria-relevant="all" aria-atomic="true"> 
  1238. <?php 
  1239.  
  1240. if ( isset( $data['v'] ) && $this->version > $data['v'] ) { 
  1241. ?> 
  1242. <p class="alert is-notice"> 
  1243. <?php printf( __( 'You should upgrade <a href="%s" target="_blank">your bookmarklet</a> to the latest version!' ), admin_url( 'tools.php' ) ); ?> 
  1244. </p> 
  1245. <?php 
  1246.  
  1247. ?> 
  1248. </div> 
  1249.  
  1250. <div id="app-container" class="editor"> 
  1251. <span id="title-container-label" class="post-title-placeholder" aria-hidden="true"><?php _e( 'Post title' ); ?></span> 
  1252. <h2 id="title-container" class="post-title" contenteditable="true" spellcheck="true" aria-label="<?php esc_attr_e( 'Post title' ); ?>" tabindex="0"><?php echo esc_html( $post_title ); ?></h2> 
  1253.  
  1254. <div class="media-list-container"> 
  1255. <div class="media-list-inner-container"> 
  1256. <h2 class="screen-reader-text"><?php _e( 'Suggested media' ); ?></h2> 
  1257. <ul class="media-list"></ul> 
  1258. </div> 
  1259. </div> 
  1260.  
  1261. <?php 
  1262. wp_editor( $post_content, 'pressthis', array( 
  1263. 'drag_drop_upload' => true,  
  1264. 'editor_height' => 600,  
  1265. 'media_buttons' => false,  
  1266. 'textarea_name' => 'post_content',  
  1267. 'teeny' => true,  
  1268. 'tinymce' => array( 
  1269. 'resize' => false,  
  1270. 'wordpress_adv_hidden' => false,  
  1271. 'add_unload_trigger' => false,  
  1272. 'statusbar' => false,  
  1273. 'autoresize_min_height' => 600,  
  1274. 'wp_autoresize_on' => true,  
  1275. 'plugins' => 'lists, media, paste, tabfocus, fullscreen, wordpress, wpautoresize, wpeditimage, wpgallery, wplink, wptextpattern, wpview',  
  1276. 'toolbar1' => 'bold, italic, bullist, numlist, blockquote, link, unlink',  
  1277. 'toolbar2' => 'undo, redo',  
  1278. ),  
  1279. 'quicktags' => array( 
  1280. 'buttons' => 'strong, em, link, block, del, ins, img, ul, ol, li, code, more',  
  1281. ),  
  1282. ) ); 
  1283.  
  1284. ?> 
  1285. </div> 
  1286. </div> 
  1287.  
  1288. <div class="options-panel-back is-hidden" tabindex="-1"></div> 
  1289. <div class="options-panel is-off-screen is-hidden" tabindex="-1"> 
  1290. <div class="post-options"> 
  1291.  
  1292. <?php if ( $supports_formats ) : ?> 
  1293. <button type="button" class="button-link post-option"> 
  1294. <span class="dashicons dashicons-admin-post"></span> 
  1295. <span class="post-option-title"><?php _ex( 'Format', 'post format' ); ?></span> 
  1296. <span class="post-option-contents" id="post-option-post-format"><?php echo esc_html( get_post_format_string( $post_format ) ); ?></span> 
  1297. <span class="dashicons post-option-forward"></span> 
  1298. </button> 
  1299. <?php endif; ?> 
  1300.  
  1301. <?php if ( $show_categories ) : ?> 
  1302. <button type="button" class="button-link post-option"> 
  1303. <span class="dashicons dashicons-category"></span> 
  1304. <span class="post-option-title"><?php _e( 'Categories' ); ?></span> 
  1305. <span class="dashicons post-option-forward"></span> 
  1306. </button> 
  1307. <?php endif; ?> 
  1308.  
  1309. <?php if ( $show_tags ) : ?> 
  1310. <button type="button" class="button-link post-option"> 
  1311. <span class="dashicons dashicons-tag"></span> 
  1312. <span class="post-option-title"><?php _e( 'Tags' ); ?></span> 
  1313. <span class="dashicons post-option-forward"></span> 
  1314. </button> 
  1315. <?php endif; ?> 
  1316. </div> 
  1317.  
  1318. <?php if ( $supports_formats ) : ?> 
  1319. <div class="setting-modal is-off-screen is-hidden"> 
  1320. <button type="button" class="button-link modal-close"> 
  1321. <span class="dashicons post-option-back"></span> 
  1322. <span class="setting-title" aria-hidden="true"><?php _ex( 'Format', 'post format' ); ?></span> 
  1323. <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span> 
  1324. </button> 
  1325. <?php $this->post_formats_html( $post ); ?> 
  1326. </div> 
  1327. <?php endif; ?> 
  1328.  
  1329. <?php if ( $show_categories ) : ?> 
  1330. <div class="setting-modal is-off-screen is-hidden"> 
  1331. <button type="button" class="button-link modal-close"> 
  1332. <span class="dashicons post-option-back"></span> 
  1333. <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span> 
  1334. <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span> 
  1335. </button> 
  1336. <?php $this->categories_html( $post ); ?> 
  1337. </div> 
  1338. <?php endif; ?> 
  1339.  
  1340. <?php if ( $show_tags ) : ?> 
  1341. <div class="setting-modal tags is-off-screen is-hidden"> 
  1342. <button type="button" class="button-link modal-close"> 
  1343. <span class="dashicons post-option-back"></span> 
  1344. <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span> 
  1345. <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span> 
  1346. </button> 
  1347. <?php $this->tags_html( $post ); ?> 
  1348. </div> 
  1349. <?php endif; ?> 
  1350. </div><!-- .options-panel --> 
  1351. </div><!-- .wrapper --> 
  1352.  
  1353. <div class="press-this-actions"> 
  1354. <div class="pressthis-media-buttons"> 
  1355. <button type="button" class="insert-media button-link" data-editor="pressthis"> 
  1356. <span class="dashicons dashicons-admin-media"></span> 
  1357. <span class="screen-reader-text"><?php _e( 'Add Media' ); ?></span> 
  1358. </button> 
  1359. </div> 
  1360. <div class="post-actions"> 
  1361. <span class="spinner"> </span> 
  1362. <div class="split-button"> 
  1363. <div class="split-button-head"> 
  1364. <button type="button" class="publish-button split-button-primary" aria-live="polite"> 
  1365. <span class="publish"><?php echo ( current_user_can( 'publish_posts' ) ) ? __( 'Publish' ) : __( 'Submit for Review' ); ?></span> 
  1366. <span class="saving-draft"><?php _e( 'Saving…' ); ?></span> 
  1367. </button><button type="button" class="split-button-toggle" aria-haspopup="true" aria-expanded="false"> 
  1368. <i class="dashicons dashicons-arrow-down-alt2"></i> 
  1369. <span class="screen-reader-text"><?php _e('More actions'); ?></span> 
  1370. </button> 
  1371. </div> 
  1372. <ul class="split-button-body"> 
  1373. <li><button type="button" class="button-link draft-button split-button-option"><?php _e( 'Save Draft' ); ?></button></li> 
  1374. <li><button type="button" class="button-link standard-editor-button split-button-option"><?php _e( 'Standard Editor' ); ?></button></li> 
  1375. <li><button type="button" class="button-link preview-button split-button-option"><?php _e( 'Preview' ); ?></button></li> 
  1376. </ul> 
  1377. </div> 
  1378. </div> 
  1379. </div> 
  1380. </form> 
  1381.  
  1382. <?php 
  1383. /** This action is documented in wp-admin/admin-footer.php */ 
  1384. do_action( 'admin_footer' ); 
  1385.  
  1386. /** This action is documented in wp-admin/admin-footer.php */ 
  1387. do_action( 'admin_print_footer_scripts-press-this.php' ); 
  1388.  
  1389. /** This action is documented in wp-admin/admin-footer.php */ 
  1390. do_action( 'admin_print_footer_scripts' ); 
  1391.  
  1392. /** This action is documented in wp-admin/admin-footer.php */ 
  1393. do_action( 'admin_footer-press-this.php' ); 
  1394. ?> 
  1395. </body> 
  1396. </html> 
  1397. <?php 
  1398. die(); 
.