/wp-admin/post.php

  1. <?php 
  2. /** 
  3. * Edit post administration panel. 
  4. * 
  5. * Manage Post actions: post, edit, delete, etc. 
  6. * 
  7. * @package WordPress 
  8. * @subpackage Administration 
  9. */ 
  10.  
  11. /** WordPress Administration Bootstrap */ 
  12. require_once( dirname( __FILE__ ) . '/admin.php' ); 
  13.  
  14. $parent_file = 'edit.php'; 
  15. $submenu_file = 'edit.php'; 
  16.  
  17. wp_reset_vars( array( 'action' ) ); 
  18.  
  19. if ( isset( $_GET['post'] ) ) 
  20. $post_id = $post_ID = (int) $_GET['post']; 
  21. elseif ( isset( $_POST['post_ID'] ) ) 
  22. $post_id = $post_ID = (int) $_POST['post_ID']; 
  23. else 
  24. $post_id = $post_ID = 0; 
  25.  
  26. /** 
  27. * @global string $post_type 
  28. * @global object $post_type_object 
  29. * @global WP_Post $post 
  30. */ 
  31. global $post_type, $post_type_object, $post; 
  32.  
  33. if ( $post_id ) 
  34. $post = get_post( $post_id ); 
  35.  
  36. if ( $post ) { 
  37. $post_type = $post->post_type; 
  38. $post_type_object = get_post_type_object( $post_type ); 
  39.  
  40. if ( isset( $_POST['deletepost'] ) ) 
  41. $action = 'delete'; 
  42. elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] ) 
  43. $action = 'preview'; 
  44.  
  45. $sendback = wp_get_referer(); 
  46. if ( ! $sendback || 
  47. strpos( $sendback, 'post.php' ) !== false || 
  48. strpos( $sendback, 'post-new.php' ) !== false ) { 
  49. if ( 'attachment' == $post_type ) { 
  50. $sendback = admin_url( 'upload.php' ); 
  51. } else { 
  52. $sendback = admin_url( 'edit.php' ); 
  53. if ( ! empty( $post_type ) ) { 
  54. $sendback = add_query_arg( 'post_type', $post_type, $sendback ); 
  55. } else { 
  56. $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), $sendback ); 
  57.  
  58. switch($action) { 
  59. case 'post-quickdraft-save': 
  60. // Check nonce and capabilities 
  61. $nonce = $_REQUEST['_wpnonce']; 
  62. $error_msg = false; 
  63.  
  64. // For output of the quickdraft dashboard widget 
  65. require_once ABSPATH . 'wp-admin/includes/dashboard.php'; 
  66.  
  67. if ( ! wp_verify_nonce( $nonce, 'add-post' ) ) 
  68. $error_msg = __( 'Unable to submit this form, please refresh and try again.' ); 
  69.  
  70. if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) { 
  71. exit; 
  72.  
  73. if ( $error_msg ) 
  74. return wp_dashboard_quick_press( $error_msg ); 
  75.  
  76. $post = get_post( $_REQUEST['post_ID'] ); 
  77. check_admin_referer( 'add-' . $post->post_type ); 
  78.  
  79. $_POST['comment_status'] = get_default_comment_status( $post->post_type ); 
  80. $_POST['ping_status'] = get_default_comment_status( $post->post_type, 'pingback' ); 
  81.  
  82. edit_post(); 
  83. wp_dashboard_quick_press(); 
  84. exit; 
  85.  
  86. case 'postajaxpost': 
  87. case 'post': 
  88. check_admin_referer( 'add-' . $post_type ); 
  89. $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); 
  90. redirect_post( $post_id ); 
  91. exit(); 
  92.  
  93. case 'edit': 
  94. $editing = true; 
  95.  
  96. if ( empty( $post_id ) ) { 
  97. wp_redirect( admin_url('post.php') ); 
  98. exit(); 
  99.  
  100. if ( ! $post ) 
  101. wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); 
  102.  
  103. if ( ! $post_type_object ) 
  104. wp_die( __( 'Unknown post type.' ) ); 
  105.  
  106. if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ) ) ) { 
  107. wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ) ); 
  108.  
  109. if ( ! current_user_can( 'edit_post', $post_id ) ) 
  110. wp_die( __( 'Sorry, you are not allowed to edit this item.' ) ); 
  111.  
  112. if ( 'trash' == $post->post_status ) 
  113. wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) ); 
  114.  
  115. if ( ! empty( $_GET['get-post-lock'] ) ) { 
  116. check_admin_referer( 'lock-post_' . $post_id ); 
  117. wp_set_post_lock( $post_id ); 
  118. wp_redirect( get_edit_post_link( $post_id, 'url' ) ); 
  119. exit(); 
  120.  
  121. $post_type = $post->post_type; 
  122. if ( 'post' == $post_type ) { 
  123. $parent_file = "edit.php"; 
  124. $submenu_file = "edit.php"; 
  125. $post_new_file = "post-new.php"; 
  126. } elseif ( 'attachment' == $post_type ) { 
  127. $parent_file = 'upload.php'; 
  128. $submenu_file = 'upload.php'; 
  129. $post_new_file = 'media-new.php'; 
  130. } else { 
  131. if ( isset( $post_type_object ) && $post_type_object->show_in_menu && $post_type_object->show_in_menu !== true ) 
  132. $parent_file = $post_type_object->show_in_menu; 
  133. else 
  134. $parent_file = "edit.php?post_type=$post_type"; 
  135. $submenu_file = "edit.php?post_type=$post_type"; 
  136. $post_new_file = "post-new.php?post_type=$post_type"; 
  137.  
  138. if ( ! wp_check_post_lock( $post->ID ) ) { 
  139. $active_post_lock = wp_set_post_lock( $post->ID ); 
  140.  
  141. if ( 'attachment' !== $post_type ) 
  142. wp_enqueue_script('autosave'); 
  143.  
  144. if ( is_multisite() ) { 
  145. add_action( 'admin_footer', '_admin_notice_post_locked' ); 
  146. } else { 
  147. $check_users = get_users( array( 'fields' => 'ID', 'number' => 2 ) ); 
  148.  
  149. if ( count( $check_users ) > 1 ) 
  150. add_action( 'admin_footer', '_admin_notice_post_locked' ); 
  151.  
  152. unset( $check_users ); 
  153.  
  154. $title = $post_type_object->labels->edit_item; 
  155. $post = get_post($post_id, OBJECT, 'edit'); 
  156.  
  157. if ( post_type_supports($post_type, 'comments') ) { 
  158. wp_enqueue_script('admin-comments'); 
  159. enqueue_comment_hotkeys_js(); 
  160.  
  161. include( ABSPATH . 'wp-admin/edit-form-advanced.php' ); 
  162.  
  163. break; 
  164.  
  165. case 'editattachment': 
  166. check_admin_referer('update-post_' . $post_id); 
  167.  
  168. // Don't let these be changed 
  169. unset($_POST['guid']); 
  170. $_POST['post_type'] = 'attachment'; 
  171.  
  172. // Update the thumbnail filename 
  173. $newmeta = wp_get_attachment_metadata( $post_id, true ); 
  174. $newmeta['thumb'] = $_POST['thumb']; 
  175.  
  176. wp_update_attachment_metadata( $post_id, $newmeta ); 
  177.  
  178. case 'editpost': 
  179. check_admin_referer('update-post_' . $post_id); 
  180.  
  181. $post_id = edit_post(); 
  182.  
  183. // Session cookie flag that the post was saved 
  184. if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) { 
  185. setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() ); 
  186.  
  187. redirect_post($post_id); // Send user on their way while we keep working 
  188.  
  189. exit(); 
  190.  
  191. case 'trash': 
  192. check_admin_referer('trash-post_' . $post_id); 
  193.  
  194. if ( ! $post ) 
  195. wp_die( __( 'The item you are trying to move to the Trash no longer exists.' ) ); 
  196.  
  197. if ( ! $post_type_object ) 
  198. wp_die( __( 'Unknown post type.' ) ); 
  199.  
  200. if ( ! current_user_can( 'delete_post', $post_id ) ) 
  201. wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) ); 
  202.  
  203. if ( $user_id = wp_check_post_lock( $post_id ) ) { 
  204. $user = get_userdata( $user_id ); 
  205. wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) ); 
  206.  
  207. if ( ! wp_trash_post( $post_id ) ) 
  208. wp_die( __( 'Error in moving to Trash.' ) ); 
  209.  
  210. wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) ); 
  211. exit(); 
  212.  
  213. case 'untrash': 
  214. check_admin_referer('untrash-post_' . $post_id); 
  215.  
  216. if ( ! $post ) 
  217. wp_die( __( 'The item you are trying to restore from the Trash no longer exists.' ) ); 
  218.  
  219. if ( ! $post_type_object ) 
  220. wp_die( __( 'Unknown post type.' ) ); 
  221.  
  222. if ( ! current_user_can( 'delete_post', $post_id ) ) 
  223. wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) ); 
  224.  
  225. if ( ! wp_untrash_post( $post_id ) ) 
  226. wp_die( __( 'Error in restoring from Trash.' ) ); 
  227.  
  228. wp_redirect( add_query_arg('untrashed', 1, $sendback) ); 
  229. exit(); 
  230.  
  231. case 'delete': 
  232. check_admin_referer('delete-post_' . $post_id); 
  233.  
  234. if ( ! $post ) 
  235. wp_die( __( 'This item has already been deleted.' ) ); 
  236.  
  237. if ( ! $post_type_object ) 
  238. wp_die( __( 'Unknown post type.' ) ); 
  239.  
  240. if ( ! current_user_can( 'delete_post', $post_id ) ) 
  241. wp_die( __( 'Sorry, you are not allowed to delete this item.' ) ); 
  242.  
  243. if ( $post->post_type == 'attachment' ) { 
  244. $force = ( ! MEDIA_TRASH ); 
  245. if ( ! wp_delete_attachment( $post_id, $force ) ) 
  246. wp_die( __( 'Error in deleting.' ) ); 
  247. } else { 
  248. if ( ! wp_delete_post( $post_id, true ) ) 
  249. wp_die( __( 'Error in deleting.' ) ); 
  250.  
  251. wp_redirect( add_query_arg('deleted', 1, $sendback) ); 
  252. exit(); 
  253.  
  254. case 'preview': 
  255. check_admin_referer( 'update-post_' . $post_id ); 
  256.  
  257. $url = post_preview(); 
  258.  
  259. wp_redirect($url); 
  260. exit(); 
  261.  
  262. default: 
  263. /** 
  264. * Fires for a given custom post action request. 
  265. * 
  266. * The dynamic portion of the hook name, `$action`, refers to the custom post action. 
  267. * 
  268. * @since 4.6.0 
  269. * 
  270. * @param int $post_id Post ID sent with the request. 
  271. */ 
  272. do_action( "post_action_{$action}", $post_id ); 
  273.  
  274. wp_redirect( admin_url('edit.php') ); 
  275. exit(); 
  276. } // end switch 
  277. include( ABSPATH . 'wp-admin/admin-footer.php' ); 
.