/wp-admin/includes/post.php

  1. <?php 
  2. /** 
  3. * WordPress Post Administration API. 
  4. * 
  5. * @package WordPress 
  6. * @subpackage Administration 
  7. */ 
  8.  
  9. /** 
  10. * Rename $_POST data from form names to DB post columns. 
  11. * 
  12. * Manipulates $_POST directly. 
  13. * 
  14. * @package WordPress 
  15. * @since 2.6.0 
  16. * 
  17. * @param bool $update Are we updating a pre-existing post? 
  18. * @param array $post_data Array of post data. Defaults to the contents of $_POST. 
  19. * @return object|bool WP_Error on failure, true on success. 
  20. */ 
  21. function _wp_translate_postdata( $update = false, $post_data = null ) { 
  22.  
  23. if ( empty($post_data) ) 
  24. $post_data = &$_POST; 
  25.  
  26. if ( $update ) 
  27. $post_data['ID'] = (int) $post_data['post_ID']; 
  28.  
  29. $ptype = get_post_type_object( $post_data['post_type'] ); 
  30.  
  31. if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { 
  32. if ( 'page' == $post_data['post_type'] ) 
  33. return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) ); 
  34. else 
  35. return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) ); 
  36. } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) { 
  37. if ( 'page' == $post_data['post_type'] ) 
  38. return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) ); 
  39. else 
  40. return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) ); 
  41.  
  42. if ( isset( $post_data['content'] ) ) 
  43. $post_data['post_content'] = $post_data['content']; 
  44.  
  45. if ( isset( $post_data['excerpt'] ) ) 
  46. $post_data['post_excerpt'] = $post_data['excerpt']; 
  47.  
  48. if ( isset( $post_data['parent_id'] ) ) 
  49. $post_data['post_parent'] = (int) $post_data['parent_id']; 
  50.  
  51. if ( isset($post_data['trackback_url']) ) 
  52. $post_data['to_ping'] = $post_data['trackback_url']; 
  53.  
  54. $post_data['user_ID'] = get_current_user_id(); 
  55.  
  56. if (!empty ( $post_data['post_author_override'] ) ) { 
  57. $post_data['post_author'] = (int) $post_data['post_author_override']; 
  58. } else { 
  59. if (!empty ( $post_data['post_author'] ) ) { 
  60. $post_data['post_author'] = (int) $post_data['post_author']; 
  61. } else { 
  62. $post_data['post_author'] = (int) $post_data['user_ID']; 
  63.  
  64. if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] ) 
  65. && ! current_user_can( $ptype->cap->edit_others_posts ) ) { 
  66. if ( $update ) { 
  67. if ( 'page' == $post_data['post_type'] ) 
  68. return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) ); 
  69. else 
  70. return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) ); 
  71. } else { 
  72. if ( 'page' == $post_data['post_type'] ) 
  73. return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) ); 
  74. else 
  75. return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) ); 
  76.  
  77. if ( ! empty( $post_data['post_status'] ) ) { 
  78. $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); 
  79.  
  80. // No longer an auto-draft 
  81. if ( 'auto-draft' === $post_data['post_status'] ) { 
  82. $post_data['post_status'] = 'draft'; 
  83.  
  84. if ( ! get_post_status_object( $post_data['post_status'] ) ) { 
  85. unset( $post_data['post_status'] ); 
  86.  
  87. // What to do based on which button they pressed 
  88. if ( isset($post_data['saveasdraft']) && '' != $post_data['saveasdraft'] ) 
  89. $post_data['post_status'] = 'draft'; 
  90. if ( isset($post_data['saveasprivate']) && '' != $post_data['saveasprivate'] ) 
  91. $post_data['post_status'] = 'private'; 
  92. if ( isset($post_data['publish']) && ( '' != $post_data['publish'] ) && ( !isset($post_data['post_status']) || $post_data['post_status'] != 'private' ) ) 
  93. $post_data['post_status'] = 'publish'; 
  94. if ( isset($post_data['advanced']) && '' != $post_data['advanced'] ) 
  95. $post_data['post_status'] = 'draft'; 
  96. if ( isset($post_data['pending']) && '' != $post_data['pending'] ) 
  97. $post_data['post_status'] = 'pending'; 
  98.  
  99. if ( isset( $post_data['ID'] ) ) 
  100. $post_id = $post_data['ID']; 
  101. else 
  102. $post_id = false; 
  103. $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false; 
  104.  
  105. if ( isset( $post_data['post_status'] ) && 'private' == $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) { 
  106. $post_data['post_status'] = $previous_status ? $previous_status : 'pending'; 
  107.  
  108. $published_statuses = array( 'publish', 'future' ); 
  109.  
  110. // Posts 'submitted for approval' present are submitted to $_POST the same as if they were being published. 
  111. // Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts. 
  112. if ( isset($post_data['post_status']) && (in_array( $post_data['post_status'], $published_statuses ) && !current_user_can( $ptype->cap->publish_posts )) ) 
  113. if ( ! in_array( $previous_status, $published_statuses ) || !current_user_can( 'edit_post', $post_id ) ) 
  114. $post_data['post_status'] = 'pending'; 
  115.  
  116. if ( ! isset( $post_data['post_status'] ) ) { 
  117. $post_data['post_status'] = 'auto-draft' === $previous_status ? 'draft' : $previous_status; 
  118.  
  119. if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) { 
  120. unset( $post_data['post_password'] ); 
  121.  
  122. if (!isset( $post_data['comment_status'] )) 
  123. $post_data['comment_status'] = 'closed'; 
  124.  
  125. if (!isset( $post_data['ping_status'] )) 
  126. $post_data['ping_status'] = 'closed'; 
  127.  
  128. foreach ( array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit ) { 
  129. if ( !empty( $post_data['hidden_' . $timeunit] ) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit] ) { 
  130. $post_data['edit_date'] = '1'; 
  131. break; 
  132.  
  133. if ( !empty( $post_data['edit_date'] ) ) { 
  134. $aa = $post_data['aa']; 
  135. $mm = $post_data['mm']; 
  136. $jj = $post_data['jj']; 
  137. $hh = $post_data['hh']; 
  138. $mn = $post_data['mn']; 
  139. $ss = $post_data['ss']; 
  140. $aa = ($aa <= 0 ) ? date('Y') : $aa; 
  141. $mm = ($mm <= 0 ) ? date('n') : $mm; 
  142. $jj = ($jj > 31 ) ? 31 : $jj; 
  143. $jj = ($jj <= 0 ) ? date('j') : $jj; 
  144. $hh = ($hh > 23 ) ? $hh -24 : $hh; 
  145. $mn = ($mn > 59 ) ? $mn -60 : $mn; 
  146. $ss = ($ss > 59 ) ? $ss -60 : $ss; 
  147. $post_data['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); 
  148. $valid_date = wp_checkdate( $mm, $jj, $aa, $post_data['post_date'] ); 
  149. if ( !$valid_date ) { 
  150. return new WP_Error( 'invalid_date', __( 'Invalid date.' ) ); 
  151. $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] ); 
  152.  
  153. if ( isset( $post_data['post_category'] ) ) { 
  154. $category_object = get_taxonomy( 'category' ); 
  155. if ( ! current_user_can( $category_object->cap->assign_terms ) ) { 
  156. unset( $post_data['post_category'] ); 
  157.  
  158. return $post_data; 
  159.  
  160. /** 
  161. * Update an existing post with values provided in $_POST. 
  162. * 
  163. * @since 1.5.0 
  164. * 
  165. * @global wpdb $wpdb WordPress database abstraction object. 
  166. * 
  167. * @param array $post_data Optional. 
  168. * @return int Post ID. 
  169. */ 
  170. function edit_post( $post_data = null ) { 
  171. global $wpdb; 
  172.  
  173. if ( empty($post_data) ) 
  174. $post_data = &$_POST; 
  175.  
  176. // Clear out any data in internal vars. 
  177. unset( $post_data['filter'] ); 
  178.  
  179. $post_ID = (int) $post_data['post_ID']; 
  180. $post = get_post( $post_ID ); 
  181. $post_data['post_type'] = $post->post_type; 
  182. $post_data['post_mime_type'] = $post->post_mime_type; 
  183.  
  184. if ( ! empty( $post_data['post_status'] ) ) { 
  185. $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); 
  186.  
  187. if ( 'inherit' == $post_data['post_status'] ) { 
  188. unset( $post_data['post_status'] ); 
  189.  
  190. $ptype = get_post_type_object($post_data['post_type']); 
  191. if ( !current_user_can( 'edit_post', $post_ID ) ) { 
  192. if ( 'page' == $post_data['post_type'] ) 
  193. wp_die( __('Sorry, you are not allowed to edit this page.' )); 
  194. else 
  195. wp_die( __('Sorry, you are not allowed to edit this post.' )); 
  196.  
  197. if ( post_type_supports( $ptype->name, 'revisions' ) ) { 
  198. $revisions = wp_get_post_revisions( $post_ID, array( 'order' => 'ASC', 'posts_per_page' => 1 ) ); 
  199. $revision = current( $revisions ); 
  200.  
  201. // Check if the revisions have been upgraded 
  202. if ( $revisions && _wp_get_post_revision_version( $revision ) < 1 ) 
  203. _wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) ); 
  204.  
  205. if ( isset($post_data['visibility']) ) { 
  206. switch ( $post_data['visibility'] ) { 
  207. case 'public' : 
  208. $post_data['post_password'] = ''; 
  209. break; 
  210. case 'password' : 
  211. unset( $post_data['sticky'] ); 
  212. break; 
  213. case 'private' : 
  214. $post_data['post_status'] = 'private'; 
  215. $post_data['post_password'] = ''; 
  216. unset( $post_data['sticky'] ); 
  217. break; 
  218.  
  219. $post_data = _wp_translate_postdata( true, $post_data ); 
  220. if ( is_wp_error($post_data) ) 
  221. wp_die( $post_data->get_error_message() ); 
  222.  
  223. // Post Formats 
  224. if ( isset( $post_data['post_format'] ) ) 
  225. set_post_format( $post_ID, $post_data['post_format'] ); 
  226.  
  227. $format_meta_urls = array( 'url', 'link_url', 'quote_source_url' ); 
  228. foreach ( $format_meta_urls as $format_meta_url ) { 
  229. $keyed = '_format_' . $format_meta_url; 
  230. if ( isset( $post_data[ $keyed ] ) ) 
  231. update_post_meta( $post_ID, $keyed, wp_slash( esc_url_raw( wp_unslash( $post_data[ $keyed ] ) ) ) ); 
  232.  
  233. $format_keys = array( 'quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed' ); 
  234.  
  235. foreach ( $format_keys as $key ) { 
  236. $keyed = '_format_' . $key; 
  237. if ( isset( $post_data[ $keyed ] ) ) { 
  238. if ( current_user_can( 'unfiltered_html' ) ) 
  239. update_post_meta( $post_ID, $keyed, $post_data[ $keyed ] ); 
  240. else 
  241. update_post_meta( $post_ID, $keyed, wp_filter_post_kses( $post_data[ $keyed ] ) ); 
  242.  
  243. if ( 'attachment' === $post_data['post_type'] && preg_match( '#^(audio|video)/#', $post_data['post_mime_type'] ) ) { 
  244. $id3data = wp_get_attachment_metadata( $post_ID ); 
  245. if ( ! is_array( $id3data ) ) { 
  246. $id3data = array(); 
  247.  
  248. foreach ( wp_get_attachment_id3_keys( $post, 'edit' ) as $key => $label ) { 
  249. if ( isset( $post_data[ 'id3_' . $key ] ) ) { 
  250. $id3data[ $key ] = sanitize_text_field( wp_unslash( $post_data[ 'id3_' . $key ] ) ); 
  251. wp_update_attachment_metadata( $post_ID, $id3data ); 
  252.  
  253. // Meta Stuff 
  254. if ( isset($post_data['meta']) && $post_data['meta'] ) { 
  255. foreach ( $post_data['meta'] as $key => $value ) { 
  256. if ( !$meta = get_post_meta_by_id( $key ) ) 
  257. continue; 
  258. if ( $meta->post_id != $post_ID ) 
  259. continue; 
  260. if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $meta->meta_key ) ) 
  261. continue; 
  262. if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) ) 
  263. continue; 
  264. update_meta( $key, $value['key'], $value['value'] ); 
  265.  
  266. if ( isset($post_data['deletemeta']) && $post_data['deletemeta'] ) { 
  267. foreach ( $post_data['deletemeta'] as $key => $value ) { 
  268. if ( !$meta = get_post_meta_by_id( $key ) ) 
  269. continue; 
  270. if ( $meta->post_id != $post_ID ) 
  271. continue; 
  272. if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) ) 
  273. continue; 
  274. delete_meta( $key ); 
  275.  
  276. // Attachment stuff 
  277. if ( 'attachment' == $post_data['post_type'] ) { 
  278. if ( isset( $post_data[ '_wp_attachment_image_alt' ] ) ) { 
  279. $image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] ); 
  280. if ( $image_alt != get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) ) { 
  281. $image_alt = wp_strip_all_tags( $image_alt, true ); 
  282. // update_meta expects slashed. 
  283. update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) ); 
  284.  
  285. $attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array(); 
  286.  
  287. /** This filter is documented in wp-admin/includes/media.php */ 
  288. $post_data = apply_filters( 'attachment_fields_to_save', $post_data, $attachment_data ); 
  289.  
  290. // Convert taxonomy input to term IDs, to avoid ambiguity. 
  291. if ( isset( $post_data['tax_input'] ) ) { 
  292. foreach ( (array) $post_data['tax_input'] as $taxonomy => $terms ) { 
  293. // Hierarchical taxonomy data is already sent as term IDs, so no conversion is necessary. 
  294. if ( is_taxonomy_hierarchical( $taxonomy ) ) { 
  295. continue; 
  296.  
  297. /** 
  298. * Assume that a 'tax_input' string is a comma-separated list of term names. 
  299. * Some languages may use a character other than a comma as a delimiter, so we standardize on 
  300. * commas before parsing the list. 
  301. */ 
  302. if ( ! is_array( $terms ) ) { 
  303. $comma = _x( ', ', 'tag delimiter' ); 
  304. if ( ', ' !== $comma ) { 
  305. $terms = str_replace( $comma, ', ', $terms ); 
  306. $terms = explode( ', ', trim( $terms, " \n\t\r\0\x0B, " ) ); 
  307.  
  308. $clean_terms = array(); 
  309. foreach ( $terms as $term ) { 
  310. // Empty terms are invalid input. 
  311. if ( empty( $term ) ) { 
  312. continue; 
  313.  
  314. $_term = get_terms( $taxonomy, array( 
  315. 'name' => $term,  
  316. 'fields' => 'ids',  
  317. 'hide_empty' => false,  
  318. ) ); 
  319.  
  320. if ( ! empty( $_term ) ) { 
  321. $clean_terms[] = intval( $_term[0] ); 
  322. } else { 
  323. // No existing term was found, so pass the string. A new term will be created. 
  324. $clean_terms[] = $term; 
  325.  
  326. $post_data['tax_input'][ $taxonomy ] = $clean_terms; 
  327.  
  328. add_meta( $post_ID ); 
  329.  
  330. update_post_meta( $post_ID, '_edit_last', get_current_user_id() ); 
  331.  
  332. $success = wp_update_post( $post_data ); 
  333. // If the save failed, see if we can sanity check the main fields and try again 
  334. if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) { 
  335. $fields = array( 'post_title', 'post_content', 'post_excerpt' ); 
  336.  
  337. foreach ( $fields as $field ) { 
  338. if ( isset( $post_data[ $field ] ) ) { 
  339. $post_data[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $post_data[ $field ] ); 
  340.  
  341. wp_update_post( $post_data ); 
  342.  
  343. // Now that we have an ID we can fix any attachment anchor hrefs 
  344. _fix_attachment_links( $post_ID ); 
  345.  
  346. wp_set_post_lock( $post_ID ); 
  347.  
  348. if ( current_user_can( $ptype->cap->edit_others_posts ) && current_user_can( $ptype->cap->publish_posts ) ) { 
  349. if ( ! empty( $post_data['sticky'] ) ) 
  350. stick_post( $post_ID ); 
  351. else 
  352. unstick_post( $post_ID ); 
  353.  
  354. return $post_ID; 
  355.  
  356. /** 
  357. * Process the post data for the bulk editing of posts. 
  358. * 
  359. * Updates all bulk edited posts/pages, adding (but not removing) tags and 
  360. * categories. Skips pages when they would be their own parent or child. 
  361. * 
  362. * @since 2.7.0 
  363. * 
  364. * @global wpdb $wpdb WordPress database abstraction object. 
  365. * 
  366. * @param array $post_data Optional, the array of post data to process if not provided will use $_POST superglobal. 
  367. * @return array 
  368. */ 
  369. function bulk_edit_posts( $post_data = null ) { 
  370. global $wpdb; 
  371.  
  372. if ( empty($post_data) ) 
  373. $post_data = &$_POST; 
  374.  
  375. if ( isset($post_data['post_type']) ) 
  376. $ptype = get_post_type_object($post_data['post_type']); 
  377. else 
  378. $ptype = get_post_type_object('post'); 
  379.  
  380. if ( !current_user_can( $ptype->cap->edit_posts ) ) { 
  381. if ( 'page' == $ptype->name ) 
  382. wp_die( __('Sorry, you are not allowed to edit pages.')); 
  383. else 
  384. wp_die( __('Sorry, you are not allowed to edit posts.')); 
  385.  
  386. if ( -1 == $post_data['_status'] ) { 
  387. $post_data['post_status'] = null; 
  388. unset($post_data['post_status']); 
  389. } else { 
  390. $post_data['post_status'] = $post_data['_status']; 
  391. unset($post_data['_status']); 
  392.  
  393. if ( ! empty( $post_data['post_status'] ) ) { 
  394. $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); 
  395.  
  396. if ( 'inherit' == $post_data['post_status'] ) { 
  397. unset( $post_data['post_status'] ); 
  398.  
  399. $post_IDs = array_map( 'intval', (array) $post_data['post'] ); 
  400.  
  401. $reset = array( 
  402. 'post_author', 'post_status', 'post_password',  
  403. 'post_parent', 'page_template', 'comment_status',  
  404. 'ping_status', 'keep_private', 'tax_input',  
  405. 'post_category', 'sticky', 'post_format',  
  406. ); 
  407.  
  408. foreach ( $reset as $field ) { 
  409. if ( isset($post_data[$field]) && ( '' == $post_data[$field] || -1 == $post_data[$field] ) ) 
  410. unset($post_data[$field]); 
  411.  
  412. if ( isset($post_data['post_category']) ) { 
  413. if ( is_array($post_data['post_category']) && ! empty($post_data['post_category']) ) 
  414. $new_cats = array_map( 'absint', $post_data['post_category'] ); 
  415. else 
  416. unset($post_data['post_category']); 
  417.  
  418. $tax_input = array(); 
  419. if ( isset($post_data['tax_input'])) { 
  420. foreach ( $post_data['tax_input'] as $tax_name => $terms ) { 
  421. if ( empty($terms) ) 
  422. continue; 
  423. if ( is_taxonomy_hierarchical( $tax_name ) ) { 
  424. $tax_input[ $tax_name ] = array_map( 'absint', $terms ); 
  425. } else { 
  426. $comma = _x( ', ', 'tag delimiter' ); 
  427. if ( ', ' !== $comma ) 
  428. $terms = str_replace( $comma, ', ', $terms ); 
  429. $tax_input[ $tax_name ] = explode( ', ', trim( $terms, " \n\t\r\0\x0B, " ) ); 
  430.  
  431. if ( isset($post_data['post_parent']) && ($parent = (int) $post_data['post_parent']) ) { 
  432. $pages = $wpdb->get_results("SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'"); 
  433. $children = array(); 
  434.  
  435. for ( $i = 0; $i < 50 && $parent > 0; $i++ ) { 
  436. $children[] = $parent; 
  437.  
  438. foreach ( $pages as $page ) { 
  439. if ( $page->ID == $parent ) { 
  440. $parent = $page->post_parent; 
  441. break; 
  442.  
  443. $updated = $skipped = $locked = array(); 
  444. $shared_post_data = $post_data; 
  445.  
  446. foreach ( $post_IDs as $post_ID ) { 
  447. // Start with fresh post data with each iteration. 
  448. $post_data = $shared_post_data; 
  449.  
  450. $post_type_object = get_post_type_object( get_post_type( $post_ID ) ); 
  451.  
  452. if ( !isset( $post_type_object ) || ( isset($children) && in_array($post_ID, $children) ) || !current_user_can( 'edit_post', $post_ID ) ) { 
  453. $skipped[] = $post_ID; 
  454. continue; 
  455.  
  456. if ( wp_check_post_lock( $post_ID ) ) { 
  457. $locked[] = $post_ID; 
  458. continue; 
  459.  
  460. $post = get_post( $post_ID ); 
  461. $tax_names = get_object_taxonomies( $post ); 
  462. foreach ( $tax_names as $tax_name ) { 
  463. $taxonomy_obj = get_taxonomy($tax_name); 
  464. if ( isset( $tax_input[$tax_name]) && current_user_can( $taxonomy_obj->cap->assign_terms ) ) 
  465. $new_terms = $tax_input[$tax_name]; 
  466. else 
  467. $new_terms = array(); 
  468.  
  469. if ( $taxonomy_obj->hierarchical ) 
  470. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'ids') ); 
  471. else 
  472. $current_terms = (array) wp_get_object_terms( $post_ID, $tax_name, array('fields' => 'names') ); 
  473.  
  474. $post_data['tax_input'][$tax_name] = array_merge( $current_terms, $new_terms ); 
  475.  
  476. if ( isset($new_cats) && in_array( 'category', $tax_names ) ) { 
  477. $cats = (array) wp_get_post_categories($post_ID); 
  478. $post_data['post_category'] = array_unique( array_merge($cats, $new_cats) ); 
  479. unset( $post_data['tax_input']['category'] ); 
  480.  
  481. $post_data['post_type'] = $post->post_type; 
  482. $post_data['post_mime_type'] = $post->post_mime_type; 
  483. $post_data['guid'] = $post->guid; 
  484.  
  485. foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) { 
  486. if ( ! isset( $post_data[ $field ] ) ) { 
  487. $post_data[ $field ] = $post->$field; 
  488.  
  489. $post_data['ID'] = $post_ID; 
  490. $post_data['post_ID'] = $post_ID; 
  491.  
  492. $post_data = _wp_translate_postdata( true, $post_data ); 
  493. if ( is_wp_error( $post_data ) ) { 
  494. $skipped[] = $post_ID; 
  495. continue; 
  496.  
  497. $updated[] = wp_update_post( $post_data ); 
  498.  
  499. if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) { 
  500. if ( 'sticky' == $post_data['sticky'] ) 
  501. stick_post( $post_ID ); 
  502. else 
  503. unstick_post( $post_ID ); 
  504.  
  505. if ( isset( $post_data['post_format'] ) ) 
  506. set_post_format( $post_ID, $post_data['post_format'] ); 
  507.  
  508. return array( 'updated' => $updated, 'skipped' => $skipped, 'locked' => $locked ); 
  509.  
  510. /** 
  511. * Default post information to use when populating the "Write Post" form. 
  512. * 
  513. * @since 2.0.0 
  514. * 
  515. * @param string $post_type Optional. A post type string. Default 'post'. 
  516. * @param bool $create_in_db Optional. Whether to insert the post into database. Default false. 
  517. * @return WP_Post Post object containing all the default post data as attributes 
  518. */ 
  519. function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) { 
  520. $post_title = ''; 
  521. if ( !empty( $_REQUEST['post_title'] ) ) 
  522. $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] )); 
  523.  
  524. $post_content = ''; 
  525. if ( !empty( $_REQUEST['content'] ) ) 
  526. $post_content = esc_html( wp_unslash( $_REQUEST['content'] )); 
  527.  
  528. $post_excerpt = ''; 
  529. if ( !empty( $_REQUEST['excerpt'] ) ) 
  530. $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] )); 
  531.  
  532. if ( $create_in_db ) { 
  533. $post_id = wp_insert_post( array( 'post_title' => __( 'Auto Draft' ), 'post_type' => $post_type, 'post_status' => 'auto-draft' ) ); 
  534. $post = get_post( $post_id ); 
  535. if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) && get_option( 'default_post_format' ) ) 
  536. set_post_format( $post, get_option( 'default_post_format' ) ); 
  537. } else { 
  538. $post = new stdClass; 
  539. $post->ID = 0; 
  540. $post->post_author = ''; 
  541. $post->post_date = ''; 
  542. $post->post_date_gmt = ''; 
  543. $post->post_password = ''; 
  544. $post->post_name = ''; 
  545. $post->post_type = $post_type; 
  546. $post->post_status = 'draft'; 
  547. $post->to_ping = ''; 
  548. $post->pinged = ''; 
  549. $post->comment_status = get_default_comment_status( $post_type ); 
  550. $post->ping_status = get_default_comment_status( $post_type, 'pingback' ); 
  551. $post->post_pingback = get_option( 'default_pingback_flag' ); 
  552. $post->post_category = get_option( 'default_category' ); 
  553. $post->page_template = 'default'; 
  554. $post->post_parent = 0; 
  555. $post->menu_order = 0; 
  556. $post = new WP_Post( $post ); 
  557.  
  558. /** 
  559. * Filters the default post content initially used in the "Write Post" form. 
  560. * 
  561. * @since 1.5.0 
  562. * 
  563. * @param string $post_content Default post content. 
  564. * @param WP_Post $post Post object. 
  565. */ 
  566. $post->post_content = apply_filters( 'default_content', $post_content, $post ); 
  567.  
  568. /** 
  569. * Filters the default post title initially used in the "Write Post" form. 
  570. * 
  571. * @since 1.5.0 
  572. * 
  573. * @param string $post_title Default post title. 
  574. * @param WP_Post $post Post object. 
  575. */ 
  576. $post->post_title = apply_filters( 'default_title', $post_title, $post ); 
  577.  
  578. /** 
  579. * Filters the default post excerpt initially used in the "Write Post" form. 
  580. * 
  581. * @since 1.5.0 
  582. * 
  583. * @param string $post_excerpt Default post excerpt. 
  584. * @param WP_Post $post Post object. 
  585. */ 
  586. $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt, $post ); 
  587.  
  588. return $post; 
  589.  
  590. /** 
  591. * Determine if a post exists based on title, content, and date 
  592. * 
  593. * @since 2.0.0 
  594. * 
  595. * @global wpdb $wpdb WordPress database abstraction object. 
  596. * 
  597. * @param string $title Post title 
  598. * @param string $content Optional post content 
  599. * @param string $date Optional post date 
  600. * @return int Post ID if post exists, 0 otherwise. 
  601. */ 
  602. function post_exists($title, $content = '', $date = '') { 
  603. global $wpdb; 
  604.  
  605. $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); 
  606. $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); 
  607. $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); 
  608.  
  609. $query = "SELECT ID FROM $wpdb->posts WHERE 1=1"; 
  610. $args = array(); 
  611.  
  612. if ( !empty ( $date ) ) { 
  613. $query .= ' AND post_date = %s'; 
  614. $args[] = $post_date; 
  615.  
  616. if ( !empty ( $title ) ) { 
  617. $query .= ' AND post_title = %s'; 
  618. $args[] = $post_title; 
  619.  
  620. if ( !empty ( $content ) ) { 
  621. $query .= ' AND post_content = %s'; 
  622. $args[] = $post_content; 
  623.  
  624. if ( !empty ( $args ) ) 
  625. return (int) $wpdb->get_var( $wpdb->prepare($query, $args) ); 
  626.  
  627. return 0; 
  628.  
  629. /** 
  630. * Creates a new post from the "Write Post" form using $_POST information. 
  631. * 
  632. * @since 2.1.0 
  633. * 
  634. * @global WP_User $current_user 
  635. * 
  636. * @return int|WP_Error 
  637. */ 
  638. function wp_write_post() { 
  639. if ( isset($_POST['post_type']) ) 
  640. $ptype = get_post_type_object($_POST['post_type']); 
  641. else 
  642. $ptype = get_post_type_object('post'); 
  643.  
  644. if ( !current_user_can( $ptype->cap->edit_posts ) ) { 
  645. if ( 'page' == $ptype->name ) 
  646. return new WP_Error( 'edit_pages', __( 'Sorry, you are not allowed to create pages on this site.' ) ); 
  647. else 
  648. return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to create posts or drafts on this site.' ) ); 
  649.  
  650. $_POST['post_mime_type'] = ''; 
  651.  
  652. // Clear out any data in internal vars. 
  653. unset( $_POST['filter'] ); 
  654.  
  655. // Edit don't write if we have a post id. 
  656. if ( isset( $_POST['post_ID'] ) ) 
  657. return edit_post(); 
  658.  
  659. if ( isset($_POST['visibility']) ) { 
  660. switch ( $_POST['visibility'] ) { 
  661. case 'public' : 
  662. $_POST['post_password'] = ''; 
  663. break; 
  664. case 'password' : 
  665. unset( $_POST['sticky'] ); 
  666. break; 
  667. case 'private' : 
  668. $_POST['post_status'] = 'private'; 
  669. $_POST['post_password'] = ''; 
  670. unset( $_POST['sticky'] ); 
  671. break; 
  672.  
  673. $translated = _wp_translate_postdata( false ); 
  674. if ( is_wp_error($translated) ) 
  675. return $translated; 
  676.  
  677. // Create the post. 
  678. $post_ID = wp_insert_post( $_POST ); 
  679. if ( is_wp_error( $post_ID ) ) 
  680. return $post_ID; 
  681.  
  682. if ( empty($post_ID) ) 
  683. return 0; 
  684.  
  685. add_meta( $post_ID ); 
  686.  
  687. add_post_meta( $post_ID, '_edit_last', $GLOBALS['current_user']->ID ); 
  688.  
  689. // Now that we have an ID we can fix any attachment anchor hrefs 
  690. _fix_attachment_links( $post_ID ); 
  691.  
  692. wp_set_post_lock( $post_ID ); 
  693.  
  694. return $post_ID; 
  695.  
  696. /** 
  697. * Calls wp_write_post() and handles the errors. 
  698. * 
  699. * @since 2.0.0 
  700. * 
  701. * @return int|null 
  702. */ 
  703. function write_post() { 
  704. $result = wp_write_post(); 
  705. if ( is_wp_error( $result ) ) 
  706. wp_die( $result->get_error_message() ); 
  707. else 
  708. return $result; 
  709.  
  710. // 
  711. // Post Meta 
  712. // 
  713.   
  714. /** 
  715. * Add post meta data defined in $_POST superglobal for post with given ID. 
  716. * 
  717. * @since 1.2.0 
  718. * 
  719. * @param int $post_ID 
  720. * @return int|bool 
  721. */ 
  722. function add_meta( $post_ID ) { 
  723. $post_ID = (int) $post_ID; 
  724.  
  725. $metakeyselect = isset($_POST['metakeyselect']) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : ''; 
  726. $metakeyinput = isset($_POST['metakeyinput']) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : ''; 
  727. $metavalue = isset($_POST['metavalue']) ? $_POST['metavalue'] : ''; 
  728. if ( is_string( $metavalue ) ) 
  729. $metavalue = trim( $metavalue ); 
  730.  
  731. if ( ('0' === $metavalue || ! empty ( $metavalue ) ) && ( ( ( '#NONE#' != $metakeyselect ) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput ) ) ) { 
  732. /** 
  733. * We have a key/value pair. If both the select and the input 
  734. * for the key have data, the input takes precedence. 
  735. */ 
  736. if ( '#NONE#' != $metakeyselect ) 
  737. $metakey = $metakeyselect; 
  738.  
  739. if ( $metakeyinput ) 
  740. $metakey = $metakeyinput; // default 
  741.  
  742. if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_ID, $metakey ) ) 
  743. return false; 
  744.  
  745. $metakey = wp_slash( $metakey ); 
  746.  
  747. return add_post_meta( $post_ID, $metakey, $metavalue ); 
  748.  
  749. return false; 
  750. } // add_meta 
  751.  
  752. /** 
  753. * Delete post meta data by meta ID. 
  754. * 
  755. * @since 1.2.0 
  756. * 
  757. * @param int $mid 
  758. * @return bool 
  759. */ 
  760. function delete_meta( $mid ) { 
  761. return delete_metadata_by_mid( 'post' , $mid ); 
  762.  
  763. /** 
  764. * Get a list of previously defined keys. 
  765. * 
  766. * @since 1.2.0 
  767. * 
  768. * @global wpdb $wpdb WordPress database abstraction object. 
  769. * 
  770. * @return mixed 
  771. */ 
  772. function get_meta_keys() { 
  773. global $wpdb; 
  774.  
  775. $keys = $wpdb->get_col( " 
  776. SELECT meta_key 
  777. FROM $wpdb->postmeta 
  778. GROUP BY meta_key 
  779. ORDER BY meta_key" ); 
  780.  
  781. return $keys; 
  782.  
  783. /** 
  784. * Get post meta data by meta ID. 
  785. * 
  786. * @since 2.1.0 
  787. * 
  788. * @param int $mid 
  789. * @return object|bool 
  790. */ 
  791. function get_post_meta_by_id( $mid ) { 
  792. return get_metadata_by_mid( 'post', $mid ); 
  793.  
  794. /** 
  795. * Get meta data for the given post ID. 
  796. * 
  797. * @since 1.2.0 
  798. * 
  799. * @global wpdb $wpdb WordPress database abstraction object. 
  800. * 
  801. * @param int $postid 
  802. * @return mixed 
  803. */ 
  804. function has_meta( $postid ) { 
  805. global $wpdb; 
  806.  
  807. return $wpdb->get_results( $wpdb->prepare("SELECT meta_key, meta_value, meta_id, post_id 
  808. FROM $wpdb->postmeta WHERE post_id = %d 
  809. ORDER BY meta_key, meta_id", $postid), ARRAY_A ); 
  810.  
  811. /** 
  812. * Update post meta data by meta ID. 
  813. * 
  814. * @since 1.2.0 
  815. * 
  816. * @param int $meta_id 
  817. * @param string $meta_key Expect Slashed 
  818. * @param string $meta_value Expect Slashed 
  819. * @return bool 
  820. */ 
  821. function update_meta( $meta_id, $meta_key, $meta_value ) { 
  822. $meta_key = wp_unslash( $meta_key ); 
  823. $meta_value = wp_unslash( $meta_value ); 
  824.  
  825. return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); 
  826.  
  827. // 
  828.  // Private 
  829. // 
  830.   
  831. /** 
  832. * Replace hrefs of attachment anchors with up-to-date permalinks. 
  833. * 
  834. * @since 2.3.0 
  835. * @access private 
  836. * 
  837. * @param int|object $post Post ID or post object. 
  838. * @return void|int|WP_Error Void if nothing fixed. 0 or WP_Error on update failure. The post ID on update success. 
  839. */ 
  840. function _fix_attachment_links( $post ) { 
  841. $post = get_post( $post, ARRAY_A ); 
  842. $content = $post['post_content']; 
  843.  
  844. // Don't run if no pretty permalinks or post is not published, scheduled, or privately published. 
  845. if ( ! get_option( 'permalink_structure' ) || ! in_array( $post['post_status'], array( 'publish', 'future', 'private' ) ) ) 
  846. return; 
  847.  
  848. // Short if there aren't any links or no '?attachment_id=' strings (strpos cannot be zero) 
  849. if ( !strpos($content, '?attachment_id=') || !preg_match_all( '/<a ([^>]+)>[\s\S]+?<\/a>/', $content, $link_matches ) ) 
  850. return; 
  851.  
  852. $site_url = get_bloginfo('url'); 
  853. $site_url = substr( $site_url, (int) strpos($site_url, '://') ); // remove the http(s) 
  854. $replace = ''; 
  855.  
  856. foreach ( $link_matches[1] as $key => $value ) { 
  857. if ( !strpos($value, '?attachment_id=') || !strpos($value, 'wp-att-') 
  858. || !preg_match( '/href=(["\'])[^"\']*\?attachment_id=(\d+)[^"\']*\\1/', $value, $url_match ) 
  859. || !preg_match( '/rel=["\'][^"\']*wp-att-(\d+)/', $value, $rel_match ) ) 
  860. continue; 
  861.  
  862. $quote = $url_match[1]; // the quote (single or double) 
  863. $url_id = (int) $url_match[2]; 
  864. $rel_id = (int) $rel_match[1]; 
  865.  
  866. if ( !$url_id || !$rel_id || $url_id != $rel_id || strpos($url_match[0], $site_url) === false ) 
  867. continue; 
  868.  
  869. $link = $link_matches[0][$key]; 
  870. $replace = str_replace( $url_match[0], 'href=' . $quote . get_attachment_link( $url_id ) . $quote, $link ); 
  871.  
  872. $content = str_replace( $link, $replace, $content ); 
  873.  
  874. if ( $replace ) { 
  875. $post['post_content'] = $content; 
  876. // Escape data pulled from DB. 
  877. $post = add_magic_quotes($post); 
  878.  
  879. return wp_update_post($post); 
  880.  
  881. /** 
  882. * Get all the possible statuses for a post_type 
  883. * 
  884. * @since 2.5.0 
  885. * 
  886. * @param string $type The post_type you want the statuses for 
  887. * @return array As array of all the statuses for the supplied post type 
  888. */ 
  889. function get_available_post_statuses($type = 'post') { 
  890. $stati = wp_count_posts($type); 
  891.  
  892. return array_keys(get_object_vars($stati)); 
  893.  
  894. /** 
  895. * Run the wp query to fetch the posts for listing on the edit posts page 
  896. * 
  897. * @since 2.5.0 
  898. * 
  899. * @param array|bool $q Array of query variables to use to build the query or false to use $_GET superglobal. 
  900. * @return array 
  901. */ 
  902. function wp_edit_posts_query( $q = false ) { 
  903. if ( false === $q ) 
  904. $q = $_GET; 
  905. $q['m'] = isset($q['m']) ? (int) $q['m'] : 0; 
  906. $q['cat'] = isset($q['cat']) ? (int) $q['cat'] : 0; 
  907. $post_stati = get_post_stati(); 
  908.  
  909. if ( isset($q['post_type']) && in_array( $q['post_type'], get_post_types() ) ) 
  910. $post_type = $q['post_type']; 
  911. else 
  912. $post_type = 'post'; 
  913.  
  914. $avail_post_stati = get_available_post_statuses($post_type); 
  915.  
  916. if ( isset($q['post_status']) && in_array( $q['post_status'], $post_stati ) ) { 
  917. $post_status = $q['post_status']; 
  918. $perm = 'readable'; 
  919.  
  920. if ( isset( $q['orderby'] ) ) { 
  921. $orderby = $q['orderby']; 
  922. } elseif ( isset( $q['post_status'] ) && in_array( $q['post_status'], array( 'pending', 'draft' ) ) ) { 
  923. $orderby = 'modified'; 
  924.  
  925. if ( isset( $q['order'] ) ) { 
  926. $order = $q['order']; 
  927. } elseif ( isset( $q['post_status'] ) && 'pending' == $q['post_status'] ) { 
  928. $order = 'ASC'; 
  929.  
  930. $per_page = "edit_{$post_type}_per_page"; 
  931. $posts_per_page = (int) get_user_option( $per_page ); 
  932. if ( empty( $posts_per_page ) || $posts_per_page < 1 ) 
  933. $posts_per_page = 20; 
  934.  
  935. /** 
  936. * Filters the number of items per page to show for a specific 'per_page' type. 
  937. * 
  938. * The dynamic portion of the hook name, `$post_type`, refers to the post type. 
  939. * 
  940. * Some examples of filter hooks generated here include: 'edit_attachment_per_page',  
  941. * 'edit_post_per_page', 'edit_page_per_page', etc. 
  942. * 
  943. * @since 3.0.0 
  944. * 
  945. * @param int $posts_per_page Number of posts to display per page for the given post 
  946. * type. Default 20. 
  947. */ 
  948. $posts_per_page = apply_filters( "edit_{$post_type}_per_page", $posts_per_page ); 
  949.  
  950. /** 
  951. * Filters the number of posts displayed per page when specifically listing "posts". 
  952. * 
  953. * @since 2.8.0 
  954. * 
  955. * @param int $posts_per_page Number of posts to be displayed. Default 20. 
  956. * @param string $post_type The post type. 
  957. */ 
  958. $posts_per_page = apply_filters( 'edit_posts_per_page', $posts_per_page, $post_type ); 
  959.  
  960. $query = compact('post_type', 'post_status', 'perm', 'order', 'orderby', 'posts_per_page'); 
  961.  
  962. // Hierarchical types require special args. 
  963. if ( is_post_type_hierarchical( $post_type ) && !isset($orderby) ) { 
  964. $query['orderby'] = 'menu_order title'; 
  965. $query['order'] = 'asc'; 
  966. $query['posts_per_page'] = -1; 
  967. $query['posts_per_archive_page'] = -1; 
  968. $query['fields'] = 'id=>parent'; 
  969.  
  970. if ( ! empty( $q['show_sticky'] ) ) 
  971. $query['post__in'] = (array) get_option( 'sticky_posts' ); 
  972.  
  973. wp( $query ); 
  974.  
  975. return $avail_post_stati; 
  976.  
  977. /** 
  978. * Get all available post MIME types for a given post type. 
  979. * 
  980. * @since 2.5.0 
  981. * 
  982. * @global wpdb $wpdb WordPress database abstraction object. 
  983. * 
  984. * @param string $type 
  985. * @return mixed 
  986. */ 
  987. function get_available_post_mime_types($type = 'attachment') { 
  988. global $wpdb; 
  989.  
  990. $types = $wpdb->get_col($wpdb->prepare("SELECT DISTINCT post_mime_type FROM $wpdb->posts WHERE post_type = %s", $type)); 
  991. return $types; 
  992.  
  993. /** 
  994. * Get the query variables for the current attachments request. 
  995. * 
  996. * @since 4.2.0 
  997. * 
  998. * @param array|false $q Optional. Array of query variables to use to build the query or false 
  999. * to use $_GET superglobal. Default false. 
  1000. * @return array The parsed query vars. 
  1001. */ 
  1002. function wp_edit_attachments_query_vars( $q = false ) { 
  1003. if ( false === $q ) { 
  1004. $q = $_GET; 
  1005. $q['m'] = isset( $q['m'] ) ? (int) $q['m'] : 0; 
  1006. $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0; 
  1007. $q['post_type'] = 'attachment'; 
  1008. $post_type = get_post_type_object( 'attachment' ); 
  1009. $states = 'inherit'; 
  1010. if ( current_user_can( $post_type->cap->read_private_posts ) ) { 
  1011. $states .= ', private'; 
  1012.  
  1013. $q['post_status'] = isset( $q['status'] ) && 'trash' == $q['status'] ? 'trash' : $states; 
  1014. $q['post_status'] = isset( $q['attachment-filter'] ) && 'trash' == $q['attachment-filter'] ? 'trash' : $states; 
  1015.  
  1016. $media_per_page = (int) get_user_option( 'upload_per_page' ); 
  1017. if ( empty( $media_per_page ) || $media_per_page < 1 ) { 
  1018. $media_per_page = 20; 
  1019.  
  1020. /** 
  1021. * Filters the number of items to list per page when listing media items. 
  1022. * 
  1023. * @since 2.9.0 
  1024. * 
  1025. * @param int $media_per_page Number of media to list. Default 20. 
  1026. */ 
  1027. $q['posts_per_page'] = apply_filters( 'upload_per_page', $media_per_page ); 
  1028.  
  1029. $post_mime_types = get_post_mime_types(); 
  1030. if ( isset($q['post_mime_type']) && !array_intersect( (array) $q['post_mime_type'], array_keys($post_mime_types) ) ) { 
  1031. unset($q['post_mime_type']); 
  1032.  
  1033. foreach ( array_keys( $post_mime_types ) as $type ) { 
  1034. if ( isset( $q['attachment-filter'] ) && "post_mime_type:$type" == $q['attachment-filter'] ) { 
  1035. $q['post_mime_type'] = $type; 
  1036. break; 
  1037.  
  1038. if ( isset( $q['detached'] ) || ( isset( $q['attachment-filter'] ) && 'detached' == $q['attachment-filter'] ) ) { 
  1039. $q['post_parent'] = 0; 
  1040.  
  1041. // Filter query clauses to include filenames. 
  1042. if ( isset( $q['s'] ) ) { 
  1043. add_filter( 'posts_clauses', '_filter_query_attachment_filenames' ); 
  1044.  
  1045. return $q; 
  1046.  
  1047. /** 
  1048. * Executes a query for attachments. An array of WP_Query arguments 
  1049. * can be passed in, which will override the arguments set by this function. 
  1050. * 
  1051. * @since 2.5.0 
  1052. * 
  1053. * @param array|false $q Array of query variables to use to build the query or false to use $_GET superglobal. 
  1054. * @return array 
  1055. */ 
  1056. function wp_edit_attachments_query( $q = false ) { 
  1057. wp( wp_edit_attachments_query_vars( $q ) ); 
  1058.  
  1059. $post_mime_types = get_post_mime_types(); 
  1060. $avail_post_mime_types = get_available_post_mime_types( 'attachment' ); 
  1061.  
  1062. return array( $post_mime_types, $avail_post_mime_types ); 
  1063.  
  1064. /** 
  1065. * Returns the list of classes to be used by a meta box. 
  1066. * 
  1067. * @since 2.5.0 
  1068. * 
  1069. * @param string $id 
  1070. * @param string $page 
  1071. * @return string 
  1072. */ 
  1073. function postbox_classes( $id, $page ) { 
  1074. if ( isset( $_GET['edit'] ) && $_GET['edit'] == $id ) { 
  1075. $classes = array( '' ); 
  1076. } elseif ( $closed = get_user_option('closedpostboxes_'.$page ) ) { 
  1077. if ( !is_array( $closed ) ) { 
  1078. $classes = array( '' ); 
  1079. } else { 
  1080. $classes = in_array( $id, $closed ) ? array( 'closed' ) : array( '' ); 
  1081. } else { 
  1082. $classes = array( '' ); 
  1083.  
  1084. /** 
  1085. * Filters the postbox classes for a specific screen and screen ID combo. 
  1086. * 
  1087. * The dynamic portions of the hook name, `$page` and `$id`, refer to 
  1088. * the screen and screen ID, respectively. 
  1089. * 
  1090. * @since 3.2.0 
  1091. * 
  1092. * @param array $classes An array of postbox classes. 
  1093. */ 
  1094. $classes = apply_filters( "postbox_classes_{$page}_{$id}", $classes ); 
  1095. return implode( ' ', $classes ); 
  1096.  
  1097. /** 
  1098. * Get a sample permalink based off of the post name. 
  1099. * 
  1100. * @since 2.5.0 
  1101. * 
  1102. * @param int $id Post ID or post object. 
  1103. * @param string $title Optional. Title to override the post's current title when generating the post name. Default null. 
  1104. * @param string $name Optional. Name to override the post name. Default null. 
  1105. * @return array Array containing the sample permalink with placeholder for the post name, and the post name. 
  1106. */ 
  1107. function get_sample_permalink($id, $title = null, $name = null) { 
  1108. $post = get_post( $id ); 
  1109. if ( ! $post ) 
  1110. return array( '', '' ); 
  1111.  
  1112. $ptype = get_post_type_object($post->post_type); 
  1113.  
  1114. $original_status = $post->post_status; 
  1115. $original_date = $post->post_date; 
  1116. $original_name = $post->post_name; 
  1117.  
  1118. // Hack: get_permalink() would return ugly permalink for drafts, so we will fake that our post is published. 
  1119. if ( in_array( $post->post_status, array( 'draft', 'pending', 'future' ) ) ) { 
  1120. $post->post_status = 'publish'; 
  1121. $post->post_name = sanitize_title($post->post_name ? $post->post_name : $post->post_title, $post->ID); 
  1122.  
  1123. // If the user wants to set a new name -- override the current one 
  1124. // Note: if empty name is supplied -- use the title instead, see #6072 
  1125. if ( !is_null($name) ) 
  1126. $post->post_name = sanitize_title($name ? $name : $title, $post->ID); 
  1127.  
  1128. $post->post_name = wp_unique_post_slug($post->post_name, $post->ID, $post->post_status, $post->post_type, $post->post_parent); 
  1129.  
  1130. $post->filter = 'sample'; 
  1131.  
  1132. $permalink = get_permalink($post, true); 
  1133.  
  1134. // Replace custom post_type Token with generic pagename token for ease of use. 
  1135. $permalink = str_replace("%$post->post_type%", '%pagename%', $permalink); 
  1136.  
  1137. // Handle page hierarchy 
  1138. if ( $ptype->hierarchical ) { 
  1139. $uri = get_page_uri($post); 
  1140. if ( $uri ) { 
  1141. $uri = untrailingslashit($uri); 
  1142. $uri = strrev( stristr( strrev( $uri ), '/' ) ); 
  1143. $uri = untrailingslashit($uri); 
  1144.  
  1145. /** This filter is documented in wp-admin/edit-tag-form.php */ 
  1146. $uri = apply_filters( 'editable_slug', $uri, $post ); 
  1147. if ( !empty($uri) ) 
  1148. $uri .= '/'; 
  1149. $permalink = str_replace('%pagename%', "{$uri}%pagename%", $permalink); 
  1150.  
  1151. /** This filter is documented in wp-admin/edit-tag-form.php */ 
  1152. $permalink = array( $permalink, apply_filters( 'editable_slug', $post->post_name, $post ) ); 
  1153. $post->post_status = $original_status; 
  1154. $post->post_date = $original_date; 
  1155. $post->post_name = $original_name; 
  1156. unset($post->filter); 
  1157.  
  1158. /** 
  1159. * Filters the sample permalink. 
  1160. * 
  1161. * @since 4.4.0 
  1162. * 
  1163. * @param array $permalink Array containing the sample permalink with placeholder for the post name, and the post name. 
  1164. * @param int $post_id Post ID. 
  1165. * @param string $title Post title. 
  1166. * @param string $name Post name (slug). 
  1167. * @param WP_Post $post Post object. 
  1168. */ 
  1169. return apply_filters( 'get_sample_permalink', $permalink, $post->ID, $title, $name, $post ); 
  1170.  
  1171. /** 
  1172. * Returns the HTML of the sample permalink slug editor. 
  1173. * 
  1174. * @since 2.5.0 
  1175. * 
  1176. * @param int $id Post ID or post object. 
  1177. * @param string $new_title Optional. New title. Default null. 
  1178. * @param string $new_slug Optional. New slug. Default null. 
  1179. * @return string The HTML of the sample permalink slug editor. 
  1180. */ 
  1181. function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) { 
  1182. $post = get_post( $id ); 
  1183. if ( ! $post ) 
  1184. return ''; 
  1185.  
  1186. list($permalink, $post_name) = get_sample_permalink($post->ID, $new_title, $new_slug); 
  1187.  
  1188. $view_link = false; 
  1189. $preview_target = ''; 
  1190.  
  1191. if ( current_user_can( 'read_post', $post->ID ) ) { 
  1192. if ( 'draft' === $post->post_status || empty( $post->post_name ) ) { 
  1193. $view_link = get_preview_post_link( $post ); 
  1194. $preview_target = " target='wp-preview-{$post->ID}'"; 
  1195. } else { 
  1196. if ( 'publish' === $post->post_status || 'attachment' === $post->post_type ) { 
  1197. $view_link = get_permalink( $post ); 
  1198. } else { 
  1199. // Allow non-published (private, future) to be viewed at a pretty permalink, in case $post->post_name is set 
  1200. $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, $permalink ); 
  1201.  
  1202. // Permalinks without a post/page name placeholder don't have anything to edit 
  1203. if ( false === strpos( $permalink, '%postname%' ) && false === strpos( $permalink, '%pagename%' ) ) { 
  1204. $return = '<strong>' . __( 'Permalink:' ) . "</strong>\n"; 
  1205.  
  1206. if ( false !== $view_link ) { 
  1207. $display_link = urldecode( $view_link ); 
  1208. $return .= '<a id="sample-permalink" href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . esc_html( $display_link ) . "</a>\n"; 
  1209. } else { 
  1210. $return .= '<span id="sample-permalink">' . $permalink . "</span>\n"; 
  1211.  
  1212. // Encourage a pretty permalink setting 
  1213. if ( '' == get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) && !( 'page' == get_option('show_on_front') && $id == get_option('page_on_front') ) ) { 
  1214. $return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small" target="_blank">' . __('Change Permalinks') . "</a></span>\n"; 
  1215. } else { 
  1216. if ( mb_strlen( $post_name ) > 34 ) { 
  1217. $post_name_abridged = mb_substr( $post_name, 0, 16 ) . '…' . mb_substr( $post_name, -16 ); 
  1218. } else { 
  1219. $post_name_abridged = $post_name; 
  1220.  
  1221. $post_name_html = '<span id="editable-post-name">' . esc_html( $post_name_abridged ) . '</span>'; 
  1222. $display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, esc_html( urldecode( $permalink ) ) ); 
  1223.  
  1224. $return = '<strong>' . __( 'Permalink:' ) . "</strong>\n"; 
  1225. $return .= '<span id="sample-permalink"><a href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . $display_link . "</a></span>\n"; 
  1226. $return .= '‎'; // Fix bi-directional text display defect in RTL languages. 
  1227. $return .= '<span id="edit-slug-buttons"><button type="button" class="edit-slug button button-small hide-if-no-js" aria-label="' . __( 'Edit permalink' ) . '">' . __( 'Edit' ) . "</button></span>\n"; 
  1228. $return .= '<span id="editable-post-name-full">' . esc_html( $post_name ) . "</span>\n"; 
  1229.  
  1230. /** 
  1231. * Filters the sample permalink HTML markup. 
  1232. * 
  1233. * @since 2.9.0 
  1234. * @since 4.4.0 Added `$post` parameter. 
  1235. * 
  1236. * @param string $return Sample permalink HTML markup. 
  1237. * @param int $post_id Post ID. 
  1238. * @param string $new_title New sample permalink title. 
  1239. * @param string $new_slug New sample permalink slug. 
  1240. * @param WP_Post $post Post object. 
  1241. */ 
  1242. $return = apply_filters( 'get_sample_permalink_html', $return, $post->ID, $new_title, $new_slug, $post ); 
  1243.  
  1244. return $return; 
  1245.  
  1246. /** 
  1247. * Output HTML for the post thumbnail meta-box. 
  1248. * 
  1249. * @since 2.9.0 
  1250. * 
  1251. * @param int $thumbnail_id ID of the attachment used for thumbnail 
  1252. * @param mixed $post The post ID or object associated with the thumbnail, defaults to global $post. 
  1253. * @return string html 
  1254. */ 
  1255. function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) { 
  1256. $_wp_additional_image_sizes = wp_get_additional_image_sizes(); 
  1257.  
  1258. $post = get_post( $post ); 
  1259. $post_type_object = get_post_type_object( $post->post_type ); 
  1260. $set_thumbnail_link = '<p class="hide-if-no-js"><a href="%s" id="set-post-thumbnail"%s class="thickbox">%s</a></p>'; 
  1261. $upload_iframe_src = get_upload_iframe_src( 'image', $post->ID ); 
  1262.  
  1263. $content = sprintf( $set_thumbnail_link,  
  1264. esc_url( $upload_iframe_src ),  
  1265. '', // Empty when there's no featured image set, `aria-describedby` attribute otherwise. 
  1266. esc_html( $post_type_object->labels->set_featured_image ) 
  1267. ); 
  1268.  
  1269. if ( $thumbnail_id && get_post( $thumbnail_id ) ) { 
  1270. $size = isset( $_wp_additional_image_sizes['post-thumbnail'] ) ? 'post-thumbnail' : array( 266, 266 ); 
  1271.  
  1272. /** 
  1273. * Filters the size used to display the post thumbnail image in the 'Featured Image' meta box. 
  1274. * 
  1275. * Note: When a theme adds 'post-thumbnail' support, a special 'post-thumbnail' 
  1276. * image size is registered, which differs from the 'thumbnail' image size 
  1277. * managed via the Settings > Media screen. See the `$size` parameter description 
  1278. * for more information on default values. 
  1279. * 
  1280. * @since 4.4.0 
  1281. * 
  1282. * @param string|array $size Post thumbnail image size to display in the meta box. Accepts any valid 
  1283. * image size, or an array of width and height values in pixels (in that order). 
  1284. * If the 'post-thumbnail' size is set, default is 'post-thumbnail'. Otherwise,  
  1285. * default is an array with 266 as both the height and width values. 
  1286. * @param int $thumbnail_id Post thumbnail attachment ID. 
  1287. * @param WP_Post $post The post object associated with the thumbnail. 
  1288. */ 
  1289. $size = apply_filters( 'admin_post_thumbnail_size', $size, $thumbnail_id, $post ); 
  1290.  
  1291. $thumbnail_html = wp_get_attachment_image( $thumbnail_id, $size ); 
  1292.  
  1293. if ( ! empty( $thumbnail_html ) ) { 
  1294. $content = sprintf( $set_thumbnail_link,  
  1295. esc_url( $upload_iframe_src ),  
  1296. ' aria-describedby="set-post-thumbnail-desc"',  
  1297. $thumbnail_html 
  1298. ); 
  1299. $content .= '<p class="hide-if-no-js howto" id="set-post-thumbnail-desc">' . __( 'Click the image to edit or update' ) . '</p>'; 
  1300. $content .= '<p class="hide-if-no-js"><a href="#" id="remove-post-thumbnail">' . esc_html( $post_type_object->labels->remove_featured_image ) . '</a></p>'; 
  1301.  
  1302. $content .= '<input type="hidden" id="_thumbnail_id" name="_thumbnail_id" value="' . esc_attr( $thumbnail_id ? $thumbnail_id : '-1' ) . '" />'; 
  1303.  
  1304. /** 
  1305. * Filters the admin post thumbnail HTML markup to return. 
  1306. * 
  1307. * @since 2.9.0 
  1308. * @since 3.5.0 Added the `$post_id` parameter. 
  1309. * @since 4.6.0 Added the `$thumbnail_id` parameter. 
  1310. * 
  1311. * @param string $content Admin post thumbnail HTML markup. 
  1312. * @param int $post_id Post ID. 
  1313. * @param int $thumbnail_id Thumbnail ID. 
  1314. */ 
  1315. return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID, $thumbnail_id ); 
  1316.  
  1317. /** 
  1318. * Check to see if the post is currently being edited by another user. 
  1319. * 
  1320. * @since 2.5.0 
  1321. * 
  1322. * @param int $post_id ID of the post to check for editing 
  1323. * @return integer False: not locked or locked by current user. Int: user ID of user with lock. 
  1324. */ 
  1325. function wp_check_post_lock( $post_id ) { 
  1326. if ( !$post = get_post( $post_id ) ) 
  1327. return false; 
  1328.  
  1329. if ( !$lock = get_post_meta( $post->ID, '_edit_lock', true ) ) 
  1330. return false; 
  1331.  
  1332. $lock = explode( ':', $lock ); 
  1333. $time = $lock[0]; 
  1334. $user = isset( $lock[1] ) ? $lock[1] : get_post_meta( $post->ID, '_edit_last', true ); 
  1335.  
  1336. /** This filter is documented in wp-admin/includes/ajax-actions.php */ 
  1337. $time_window = apply_filters( 'wp_check_post_lock_window', 150 ); 
  1338.  
  1339. if ( $time && $time > time() - $time_window && $user != get_current_user_id() ) 
  1340. return $user; 
  1341. return false; 
  1342.  
  1343. /** 
  1344. * Mark the post as currently being edited by the current user 
  1345. * 
  1346. * @since 2.5.0 
  1347. * 
  1348. * @param int $post_id ID of the post to being edited 
  1349. * @return bool|array Returns false if the post doesn't exist of there is no current user, or 
  1350. * an array of the lock time and the user ID. 
  1351. */ 
  1352. function wp_set_post_lock( $post_id ) { 
  1353. if ( !$post = get_post( $post_id ) ) 
  1354. return false; 
  1355. if ( 0 == ($user_id = get_current_user_id()) ) 
  1356. return false; 
  1357.  
  1358. $now = time(); 
  1359. $lock = "$now:$user_id"; 
  1360.  
  1361. update_post_meta( $post->ID, '_edit_lock', $lock ); 
  1362. return array( $now, $user_id ); 
  1363.  
  1364. /** 
  1365. * Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. 
  1366. * 
  1367. * @since 2.8.5 
  1368. * @return none 
  1369. */ 
  1370. function _admin_notice_post_locked() { 
  1371. if ( ! $post = get_post() ) 
  1372. return; 
  1373.  
  1374. $user = null; 
  1375. if ( $user_id = wp_check_post_lock( $post->ID ) ) 
  1376. $user = get_userdata( $user_id ); 
  1377.  
  1378. if ( $user ) { 
  1379.  
  1380. /** 
  1381. * Filters whether to show the post locked dialog. 
  1382. * 
  1383. * Returning a falsey value to the filter will short-circuit displaying the dialog. 
  1384. * 
  1385. * @since 3.6.0 
  1386. * 
  1387. * @param bool $display Whether to display the dialog. Default true. 
  1388. * @param WP_User|bool $user WP_User object on success, false otherwise. 
  1389. */ 
  1390. if ( ! apply_filters( 'show_post_locked_dialog', true, $post, $user ) ) 
  1391. return; 
  1392.  
  1393. $locked = true; 
  1394. } else { 
  1395. $locked = false; 
  1396.  
  1397. if ( $locked && ( $sendback = wp_get_referer() ) && 
  1398. false === strpos( $sendback, 'post.php' ) && false === strpos( $sendback, 'post-new.php' ) ) { 
  1399.  
  1400. $sendback_text = __('Go back'); 
  1401. } else { 
  1402. $sendback = admin_url( 'edit.php' ); 
  1403.  
  1404. if ( 'post' != $post->post_type ) 
  1405. $sendback = add_query_arg( 'post_type', $post->post_type, $sendback ); 
  1406.  
  1407. $sendback_text = get_post_type_object( $post->post_type )->labels->all_items; 
  1408.  
  1409. $hidden = $locked ? '' : ' hidden'; 
  1410.  
  1411. ?> 
  1412. <div id="post-lock-dialog" class="notification-dialog-wrap<?php echo $hidden; ?>"> 
  1413. <div class="notification-dialog-background"></div> 
  1414. <div class="notification-dialog"> 
  1415. <?php 
  1416.  
  1417. if ( $locked ) { 
  1418. $query_args = array(); 
  1419. if ( get_post_type_object( $post->post_type )->public ) { 
  1420. if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) { 
  1421. // Latest content is in autosave 
  1422. $nonce = wp_create_nonce( 'post_preview_' . $post->ID ); 
  1423. $query_args['preview_id'] = $post->ID; 
  1424. $query_args['preview_nonce'] = $nonce; 
  1425.  
  1426. $preview_link = get_preview_post_link( $post->ID, $query_args ); 
  1427.  
  1428. /** 
  1429. * Filters whether to allow the post lock to be overridden. 
  1430. * 
  1431. * Returning a falsey value to the filter will disable the ability 
  1432. * to override the post lock. 
  1433. * 
  1434. * @since 3.6.0 
  1435. * 
  1436. * @param bool $override Whether to allow overriding post locks. Default true. 
  1437. * @param WP_Post $post Post object. 
  1438. * @param WP_User $user User object. 
  1439. */ 
  1440. $override = apply_filters( 'override_post_lock', true, $post, $user ); 
  1441. $tab_last = $override ? '' : ' wp-tab-last'; 
  1442.  
  1443. ?> 
  1444. <div class="post-locked-message"> 
  1445. <div class="post-locked-avatar"><?php echo get_avatar( $user->ID, 64 ); ?></div> 
  1446. <p class="currently-editing wp-tab-first" tabindex="0"> 
  1447. <?php 
  1448. _e( 'This content is currently locked.' ); 
  1449. if ( $override ) 
  1450. printf( ' ' . __( 'If you take over, %s will be blocked from continuing to edit.' ), esc_html( $user->display_name ) ); 
  1451. ?> 
  1452. </p> 
  1453. <?php 
  1454. /** 
  1455. * Fires inside the post locked dialog before the buttons are displayed. 
  1456. * 
  1457. * @since 3.6.0 
  1458. * 
  1459. * @param WP_Post $post Post object. 
  1460. */ 
  1461. do_action( 'post_locked_dialog', $post ); 
  1462. ?> 
  1463. <p> 
  1464. <a class="button" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a> 
  1465. <?php if ( $preview_link ) { ?> 
  1466. <a class="button<?php echo $tab_last; ?>" href="<?php echo esc_url( $preview_link ); ?>"><?php _e('Preview'); ?></a> 
  1467. <?php 
  1468.  
  1469. // Allow plugins to prevent some users overriding the post lock 
  1470. if ( $override ) { 
  1471. ?> 
  1472. <a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', wp_nonce_url( get_edit_post_link( $post->ID, 'url' ), 'lock-post_' . $post->ID ) ) ); ?>"><?php _e('Take over'); ?></a> 
  1473. <?php 
  1474.  
  1475. ?> 
  1476. </p> 
  1477. </div> 
  1478. <?php 
  1479. } else { 
  1480. ?> 
  1481. <div class="post-taken-over"> 
  1482. <div class="post-locked-avatar"></div> 
  1483. <p class="wp-tab-first" tabindex="0"> 
  1484. <span class="currently-editing"></span><br /> 
  1485. <span class="locked-saving hidden"><img src="<?php echo esc_url( admin_url( 'images/spinner-2x.gif' ) ); ?>" width="16" height="16" alt="" /> <?php _e( 'Saving revision…' ); ?></span> 
  1486. <span class="locked-saved hidden"><?php _e('Your latest changes were saved as a revision.'); ?></span> 
  1487. </p> 
  1488. <?php 
  1489. /** 
  1490. * Fires inside the dialog displayed when a user has lost the post lock. 
  1491. * 
  1492. * @since 3.6.0 
  1493. * 
  1494. * @param WP_Post $post Post object. 
  1495. */ 
  1496. do_action( 'post_lock_lost_dialog', $post ); 
  1497. ?> 
  1498. <p><a class="button button-primary wp-tab-last" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a></p> 
  1499. </div> 
  1500. <?php 
  1501.  
  1502. ?> 
  1503. </div> 
  1504. </div> 
  1505. <?php 
  1506.  
  1507. /** 
  1508. * Creates autosave data for the specified post from $_POST data. 
  1509. * 
  1510. * @package WordPress 
  1511. * @subpackage Post_Revisions 
  1512. * @since 2.6.0 
  1513. * 
  1514. * @param mixed $post_data Associative array containing the post data or int post ID. 
  1515. * @return mixed The autosave revision ID. WP_Error or 0 on error. 
  1516. */ 
  1517. function wp_create_post_autosave( $post_data ) { 
  1518. if ( is_numeric( $post_data ) ) { 
  1519. $post_id = $post_data; 
  1520. $post_data = $_POST; 
  1521. } else { 
  1522. $post_id = (int) $post_data['post_ID']; 
  1523.  
  1524. $post_data = _wp_translate_postdata( true, $post_data ); 
  1525. if ( is_wp_error( $post_data ) ) 
  1526. return $post_data; 
  1527.  
  1528. $post_author = get_current_user_id(); 
  1529.  
  1530. // Store one autosave per author. If there is already an autosave, overwrite it. 
  1531. if ( $old_autosave = wp_get_post_autosave( $post_id, $post_author ) ) { 
  1532. $new_autosave = _wp_post_revision_data( $post_data, true ); 
  1533. $new_autosave['ID'] = $old_autosave->ID; 
  1534. $new_autosave['post_author'] = $post_author; 
  1535.  
  1536. // If the new autosave has the same content as the post, delete the autosave. 
  1537. $post = get_post( $post_id ); 
  1538. $autosave_is_different = false; 
  1539. foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields( $post ) ) ) as $field ) { 
  1540. if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) { 
  1541. $autosave_is_different = true; 
  1542. break; 
  1543.  
  1544. if ( ! $autosave_is_different ) { 
  1545. wp_delete_post_revision( $old_autosave->ID ); 
  1546. return 0; 
  1547.  
  1548. /** 
  1549. * Fires before an autosave is stored. 
  1550. * 
  1551. * @since 4.1.0 
  1552. * 
  1553. * @param array $new_autosave Post array - the autosave that is about to be saved. 
  1554. */ 
  1555. do_action( 'wp_creating_autosave', $new_autosave ); 
  1556.  
  1557. return wp_update_post( $new_autosave ); 
  1558.  
  1559. // _wp_put_post_revision() expects unescaped. 
  1560. $post_data = wp_unslash( $post_data ); 
  1561.  
  1562. // Otherwise create the new autosave as a special post revision 
  1563. return _wp_put_post_revision( $post_data, true ); 
  1564.  
  1565. /** 
  1566. * Save draft or manually autosave for showing preview. 
  1567. * 
  1568. * @package WordPress 
  1569. * @since 2.7.0 
  1570. * 
  1571. * @return str URL to redirect to show the preview 
  1572. */ 
  1573. function post_preview() { 
  1574.  
  1575. $post_ID = (int) $_POST['post_ID']; 
  1576. $_POST['ID'] = $post_ID; 
  1577.  
  1578. if ( ! $post = get_post( $post_ID ) ) { 
  1579. wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); 
  1580.  
  1581. if ( ! current_user_can( 'edit_post', $post->ID ) ) { 
  1582. wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); 
  1583.  
  1584. $is_autosave = false; 
  1585.  
  1586. if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'draft' == $post->post_status || 'auto-draft' == $post->post_status ) ) { 
  1587. $saved_post_id = edit_post(); 
  1588. } else { 
  1589. $is_autosave = true; 
  1590.  
  1591. if ( isset( $_POST['post_status'] ) && 'auto-draft' == $_POST['post_status'] ) 
  1592. $_POST['post_status'] = 'draft'; 
  1593.  
  1594. $saved_post_id = wp_create_post_autosave( $post->ID ); 
  1595.  
  1596. if ( is_wp_error( $saved_post_id ) ) 
  1597. wp_die( $saved_post_id->get_error_message() ); 
  1598.  
  1599. $query_args = array(); 
  1600.  
  1601. if ( $is_autosave && $saved_post_id ) { 
  1602. $query_args['preview_id'] = $post->ID; 
  1603. $query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $post->ID ); 
  1604.  
  1605. if ( isset( $_POST['post_format'] ) ) { 
  1606. $query_args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] ); 
  1607.  
  1608. if ( isset( $_POST['_thumbnail_id'] ) ) { 
  1609. $query_args['_thumbnail_id'] = ( intval( $_POST['_thumbnail_id'] ) <= 0 ) ? '-1' : intval( $_POST['_thumbnail_id'] ); 
  1610.  
  1611. return get_preview_post_link( $post, $query_args ); 
  1612.  
  1613. /** 
  1614. * Save a post submitted with XHR 
  1615. * 
  1616. * Intended for use with heartbeat and autosave.js 
  1617. * 
  1618. * @since 3.9.0 
  1619. * 
  1620. * @param array $post_data Associative array of the submitted post data. 
  1621. * @return mixed The value 0 or WP_Error on failure. The saved post ID on success. 
  1622. * The ID can be the draft post_id or the autosave revision post_id. 
  1623. */ 
  1624. function wp_autosave( $post_data ) { 
  1625. // Back-compat 
  1626. if ( ! defined( 'DOING_AUTOSAVE' ) ) 
  1627. define( 'DOING_AUTOSAVE', true ); 
  1628.  
  1629. $post_id = (int) $post_data['post_id']; 
  1630. $post_data['ID'] = $post_data['post_ID'] = $post_id; 
  1631.  
  1632. if ( false === wp_verify_nonce( $post_data['_wpnonce'], 'update-post_' . $post_id ) ) { 
  1633. return new WP_Error( 'invalid_nonce', __( 'Error while saving.' ) ); 
  1634.  
  1635. $post = get_post( $post_id ); 
  1636.  
  1637. if ( ! current_user_can( 'edit_post', $post->ID ) ) { 
  1638. return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to edit this item.' ) ); 
  1639.  
  1640. if ( 'auto-draft' == $post->post_status ) 
  1641. $post_data['post_status'] = 'draft'; 
  1642.  
  1643. if ( $post_data['post_type'] != 'page' && ! empty( $post_data['catslist'] ) ) 
  1644. $post_data['post_category'] = explode( ', ', $post_data['catslist'] ); 
  1645.  
  1646. if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) { 
  1647. // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked 
  1648. return edit_post( wp_slash( $post_data ) ); 
  1649. } else { 
  1650. // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user. 
  1651. return wp_create_post_autosave( wp_slash( $post_data ) ); 
  1652.  
  1653. /** 
  1654. * Redirect to previous page. 
  1655. * 
  1656. * @param int $post_id Optional. Post ID. 
  1657. */ 
  1658. function redirect_post($post_id = '') { 
  1659. if ( isset($_POST['save']) || isset($_POST['publish']) ) { 
  1660. $status = get_post_status( $post_id ); 
  1661.  
  1662. if ( isset( $_POST['publish'] ) ) { 
  1663. switch ( $status ) { 
  1664. case 'pending': 
  1665. $message = 8; 
  1666. break; 
  1667. case 'future': 
  1668. $message = 9; 
  1669. break; 
  1670. default: 
  1671. $message = 6; 
  1672. } else { 
  1673. $message = 'draft' == $status ? 10 : 1; 
  1674.  
  1675. $location = add_query_arg( 'message', $message, get_edit_post_link( $post_id, 'url' ) ); 
  1676. } elseif ( isset($_POST['addmeta']) && $_POST['addmeta'] ) { 
  1677. $location = add_query_arg( 'message', 2, wp_get_referer() ); 
  1678. $location = explode('#', $location); 
  1679. $location = $location[0] . '#postcustom'; 
  1680. } elseif ( isset($_POST['deletemeta']) && $_POST['deletemeta'] ) { 
  1681. $location = add_query_arg( 'message', 3, wp_get_referer() ); 
  1682. $location = explode('#', $location); 
  1683. $location = $location[0] . '#postcustom'; 
  1684. } else { 
  1685. $location = add_query_arg( 'message', 4, get_edit_post_link( $post_id, 'url' ) ); 
  1686.  
  1687. /** 
  1688. * Filters the post redirect destination URL. 
  1689. * 
  1690. * @since 2.9.0 
  1691. * 
  1692. * @param string $location The destination URL. 
  1693. * @param int $post_id The post ID. 
  1694. */ 
  1695. wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) ); 
  1696. exit; 
.