WordPress 4.7.2
[autoinstalls/wordpress.git] / wp-admin / includes / class-wp-press-this.php
1 <?php
2 /**
3  * Press This class and display functionality
4  *
5  * @package WordPress
6  * @subpackage Press_This
7  * @since 4.2.0
8  */
9
10 /**
11  * Press This class.
12  *
13  * @since 4.2.0
14  */
15 class WP_Press_This {
16         // Used to trigger the bookmarklet update notice.
17         const VERSION = 8;
18         public $version = 8;
19
20         private $images = array();
21
22         private $embeds = array();
23
24         private $domain = '';
25
26         /**
27          * Constructor.
28          *
29          * @since 4.2.0
30          * @access public
31          */
32         public function __construct() {}
33
34         /**
35          * App and site settings data, including i18n strings for the client-side.
36          *
37          * @since 4.2.0
38          * @access public
39          *
40          * @return array Site settings.
41          */
42         public function site_settings() {
43                 return array(
44                         /**
45                          * Filters whether or not Press This should redirect the user in the parent window upon save.
46                          *
47                          * @since 4.2.0
48                          *
49                          * @param bool $redirect Whether to redirect in parent window or not. Default false.
50                          */
51                         'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),
52                 );
53         }
54
55         /**
56          * Get the source's images and save them locally, for posterity, unless we can't.
57          *
58          * @since 4.2.0
59          * @access public
60          *
61          * @param int    $post_id Post ID.
62          * @param string $content Optional. Current expected markup for Press This. Expects slashed. Default empty.
63          * @return string New markup with old image URLs replaced with the local attachment ones if swapped.
64          */
65         public function side_load_images( $post_id, $content = '' ) {
66                 $content = wp_unslash( $content );
67
68                 if ( preg_match_all( '/<img [^>]+>/', $content, $matches ) && current_user_can( 'upload_files' ) ) {
69                         foreach ( (array) $matches[0] as $image ) {
70                                 // This is inserted from our JS so HTML attributes should always be in double quotes.
71                                 if ( ! preg_match( '/src="([^"]+)"/', $image, $url_matches ) ) {
72                                         continue;
73                                 }
74
75                                 $image_src = $url_matches[1];
76
77                                 // Don't try to sideload a file without a file extension, leads to WP upload error.
78                                 if ( ! preg_match( '/[^\?]+\.(?:jpe?g|jpe|gif|png)(?:\?|$)/i', $image_src ) ) {
79                                         continue;
80                                 }
81
82                                 // Sideload image, which gives us a new image src.
83                                 $new_src = media_sideload_image( $image_src, $post_id, null, 'src' );
84
85                                 if ( ! is_wp_error( $new_src ) ) {
86                                         // Replace the POSTED content <img> with correct uploaded ones.
87                                         // Need to do it in two steps so we don't replace links to the original image if any.
88                                         $new_image = str_replace( $image_src, $new_src, $image );
89                                         $content = str_replace( $image, $new_image, $content );
90                                 }
91                         }
92                 }
93
94                 // Expected slashed
95                 return wp_slash( $content );
96         }
97
98         /**
99          * Ajax handler for saving the post as draft or published.
100          *
101          * @since 4.2.0
102          * @access public
103          */
104         public function save_post() {
105                 if ( empty( $_POST['post_ID'] ) || ! $post_id = (int) $_POST['post_ID'] ) {
106                         wp_send_json_error( array( 'errorMessage' => __( 'Missing post ID.' ) ) );
107                 }
108
109                 if ( empty( $_POST['_wpnonce'] ) || ! wp_verify_nonce( $_POST['_wpnonce'], 'update-post_' . $post_id ) ||
110                         ! current_user_can( 'edit_post', $post_id ) ) {
111
112                         wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) );
113                 }
114
115                 $post_data = array(
116                         'ID'            => $post_id,
117                         'post_title'    => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',
118                         'post_content'  => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',
119                         'post_type'     => 'post',
120                         'post_status'   => 'draft',
121                         'post_format'   => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
122                 );
123
124                 // Only accept categories if the user actually can assign
125                 $category_tax = get_taxonomy( 'category' );
126                 if ( current_user_can( $category_tax->cap->assign_terms ) ) {
127                         $post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
128                 }
129
130                 // Only accept taxonomies if the user can actually assign
131                 if ( ! empty( $_POST['tax_input'] ) ) {
132                         $tax_input = $_POST['tax_input'];
133                         foreach ( $tax_input as $tax => $_ti ) {
134                                 $tax_object = get_taxonomy( $tax );
135                                 if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
136                                         unset( $tax_input[ $tax ] );
137                                 }
138                         }
139
140                         $post_data['tax_input'] = $tax_input;
141                 }
142
143                 // Toggle status to pending if user cannot actually publish
144                 if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
145                         if ( current_user_can( 'publish_posts' ) ) {
146                                 $post_data['post_status'] = 'publish';
147                         } else {
148                                 $post_data['post_status'] = 'pending';
149                         }
150                 }
151
152                 $post_data['post_content'] = $this->side_load_images( $post_id, $post_data['post_content'] );
153
154                 /**
155                  * Filters the post data of a Press This post before saving/updating.
156                  *
157                  * The {@see 'side_load_images'} action has already run at this point.
158                  *
159                  * @since 4.5.0
160                  *
161                  * @param array $post_data The post data.
162                  */
163                 $post_data = apply_filters( 'press_this_save_post', $post_data );
164
165                 $updated = wp_update_post( $post_data, true );
166
167                 if ( is_wp_error( $updated ) ) {
168                         wp_send_json_error( array( 'errorMessage' => $updated->get_error_message() ) );
169                 } else {
170                         if ( isset( $post_data['post_format'] ) ) {
171                                 if ( current_theme_supports( 'post-formats', $post_data['post_format'] ) ) {
172                                         set_post_format( $post_id, $post_data['post_format'] );
173                                 } elseif ( $post_data['post_format'] ) {
174                                         set_post_format( $post_id, false );
175                                 }
176                         }
177
178                         $forceRedirect = false;
179
180                         if ( 'publish' === get_post_status( $post_id ) ) {
181                                 $redirect = get_post_permalink( $post_id );
182                         } elseif ( isset( $_POST['pt-force-redirect'] ) && $_POST['pt-force-redirect'] === 'true' ) {
183                                 $forceRedirect = true;
184                                 $redirect = get_edit_post_link( $post_id, 'js' );
185                         } else {
186                                 $redirect = false;
187                         }
188
189                         /**
190                          * Filters the URL to redirect to when Press This saves.
191                          *
192                          * @since 4.2.0
193                          *
194                          * @param string $url     Redirect URL. If `$status` is 'publish', this will be the post permalink.
195                          *                        Otherwise, the default is false resulting in no redirect.
196                          * @param int    $post_id Post ID.
197                          * @param string $status  Post status.
198                          */
199                         $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post_data['post_status'] );
200
201                         if ( $redirect ) {
202                                 wp_send_json_success( array( 'redirect' => $redirect, 'force' => $forceRedirect ) );
203                         } else {
204                                 wp_send_json_success( array( 'postSaved' => true ) );
205                         }
206                 }
207         }
208
209         /**
210          * Ajax handler for adding a new category.
211          *
212          * @since 4.2.0
213          * @access public
214          */
215         public function add_category() {
216                 if ( false === wp_verify_nonce( $_POST['new_cat_nonce'], 'add-category' ) ) {
217                         wp_send_json_error();
218                 }
219
220                 $taxonomy = get_taxonomy( 'category' );
221
222                 if ( ! current_user_can( $taxonomy->cap->edit_terms ) || empty( $_POST['name'] ) ) {
223                         wp_send_json_error();
224                 }
225
226                 $parent = isset( $_POST['parent'] ) && (int) $_POST['parent'] > 0 ? (int) $_POST['parent'] : 0;
227                 $names = explode( ',', $_POST['name'] );
228                 $added = $data = array();
229
230                 foreach ( $names as $cat_name ) {
231                         $cat_name = trim( $cat_name );
232                         $cat_nicename = sanitize_title( $cat_name );
233
234                         if ( empty( $cat_nicename ) ) {
235                                 continue;
236                         }
237
238                         // @todo Find a more performant way to check existence, maybe get_term() with a separate parent check.
239                         if ( term_exists( $cat_name, $taxonomy->name, $parent ) ) {
240                                 if ( count( $names ) === 1 ) {
241                                         wp_send_json_error( array( 'errorMessage' => __( 'This category already exists.' ) ) );
242                                 } else {
243                                         continue;
244                                 }
245                         }
246
247                         $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
248
249                         if ( is_wp_error( $cat_id ) ) {
250                                 continue;
251                         } elseif ( is_array( $cat_id ) ) {
252                                 $cat_id = $cat_id['term_id'];
253                         }
254
255                         $added[] = $cat_id;
256                 }
257
258                 if ( empty( $added ) ) {
259                         wp_send_json_error( array( 'errorMessage' => __( 'This category cannot be added. Please change the name and try again.' ) ) );
260                 }
261
262                 foreach ( $added as $new_cat_id ) {
263                         $new_cat = get_category( $new_cat_id );
264
265                         if ( is_wp_error( $new_cat ) ) {
266                                 wp_send_json_error( array( 'errorMessage' => __( 'Error while adding the category. Please try again later.' ) ) );
267                         }
268
269                         $data[] = array(
270                                 'term_id' => $new_cat->term_id,
271                                 'name' => $new_cat->name,
272                                 'parent' => $new_cat->parent,
273                         );
274                 }
275                 wp_send_json_success( $data );
276         }
277
278         /**
279          * Downloads the source's HTML via server-side call for the given URL.
280          *
281          * @since 4.2.0
282          * @access public
283          *
284          * @param string $url URL to scan.
285          * @return string Source's HTML sanitized markup
286          */
287         public function fetch_source_html( $url ) {
288                 if ( empty( $url ) ) {
289                         return new WP_Error( 'invalid-url', __( 'A valid URL was not provided.' ) );
290                 }
291
292                 $remote_url = wp_safe_remote_get( $url, array(
293                         'timeout' => 30,
294                         // Use an explicit user-agent for Press This
295                         'user-agent' => 'Press This (WordPress/' . get_bloginfo( 'version' ) . '); ' . get_bloginfo( 'url' )
296                 ) );
297
298                 if ( is_wp_error( $remote_url ) ) {
299                         return $remote_url;
300                 }
301
302                 $allowed_elements = array(
303                         'img' => array(
304                                 'src'      => true,
305                                 'width'    => true,
306                                 'height'   => true,
307                         ),
308                         'iframe' => array(
309                                 'src'      => true,
310                         ),
311                         'link' => array(
312                                 'rel'      => true,
313                                 'itemprop' => true,
314                                 'href'     => true,
315                         ),
316                         'meta' => array(
317                                 'property' => true,
318                                 'name'     => true,
319                                 'content'  => true,
320                         )
321                 );
322
323                 $source_content = wp_remote_retrieve_body( $remote_url );
324                 $source_content = wp_kses( $source_content, $allowed_elements );
325
326                 return $source_content;
327         }
328
329         /**
330          * Utility method to limit an array to 50 values.
331          *
332          * @ignore
333          * @since 4.2.0
334          *
335          * @param array $value Array to limit.
336          * @return array Original array if fewer than 50 values, limited array, empty array otherwise.
337          */
338         private function _limit_array( $value ) {
339                 if ( is_array( $value ) ) {
340                         if ( count( $value ) > 50 ) {
341                                 return array_slice( $value, 0, 50 );
342                         }
343
344                         return $value;
345                 }
346
347                 return array();
348         }
349
350         /**
351          * Utility method to limit the length of a given string to 5,000 characters.
352          *
353          * @ignore
354          * @since 4.2.0
355          *
356          * @param string $value String to limit.
357          * @return bool|int|string If boolean or integer, that value. If a string, the original value
358          *                         if fewer than 5,000 characters, a truncated version, otherwise an
359          *                         empty string.
360          */
361         private function _limit_string( $value ) {
362                 $return = '';
363
364                 if ( is_numeric( $value ) || is_bool( $value ) ) {
365                         $return = $value;
366                 } else if ( is_string( $value ) ) {
367                         if ( mb_strlen( $value ) > 5000 ) {
368                                 $return = mb_substr( $value, 0, 5000 );
369                         } else {
370                                 $return = $value;
371                         }
372
373                         $return = html_entity_decode( $return, ENT_QUOTES, 'UTF-8' );
374                         $return = sanitize_text_field( trim( $return ) );
375                 }
376
377                 return $return;
378         }
379
380         /**
381          * Utility method to limit a given URL to 2,048 characters.
382          *
383          * @ignore
384          * @since 4.2.0
385          *
386          * @param string $url URL to check for length and validity.
387          * @return string Escaped URL if of valid length (< 2048) and makeup. Empty string otherwise.
388          */
389         private function _limit_url( $url ) {
390                 if ( ! is_string( $url ) ) {
391                         return '';
392                 }
393
394                 // HTTP 1.1 allows 8000 chars but the "de-facto" standard supported in all current browsers is 2048.
395                 if ( strlen( $url ) > 2048 ) {
396                         return ''; // Return empty rather than a truncated/invalid URL
397                 }
398
399                 // Does not look like a URL.
400                 if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) {
401                         return '';
402                 }
403
404                 // If the URL is root-relative, prepend the protocol and domain name
405                 if ( $url && $this->domain && preg_match( '%^/[^/]+%', $url ) ) {
406                         $url = $this->domain . $url;
407                 }
408
409                 // Not absolute or protocol-relative URL.
410                 if ( ! preg_match( '%^(?:https?:)?//[^/]+%', $url ) ) {
411                         return '';
412                 }
413
414                 return esc_url_raw( $url, array( 'http', 'https' ) );
415         }
416
417         /**
418          * Utility method to limit image source URLs.
419          *
420          * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WordPress interface images,
421          * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WordPress.com stats gif.
422          *
423          * @ignore
424          * @since 4.2.0
425          *
426          * @param string $src Image source URL.
427          * @return string If not matched an excluded URL type, the original URL, empty string otherwise.
428          */
429         private function _limit_img( $src ) {
430                 $src = $this->_limit_url( $src );
431
432                 if ( preg_match( '!/ad[sx]?/!i', $src ) ) {
433                         // Ads
434                         return '';
435                 } else if ( preg_match( '!(/share-?this[^.]+?\.[a-z0-9]{3,4})(\?.*)?$!i', $src ) ) {
436                         // Share-this type button
437                         return '';
438                 } else if ( preg_match( '!/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)!i', $src ) ) {
439                         // Loaders, spinners, spacers
440                         return '';
441                 } else if ( preg_match( '!/([^./]+[-_])?(spinner|loading|spacer|blank)s?([-_][^./]+)?\.[a-z0-9]{3,4}!i', $src ) ) {
442                         // Fancy loaders, spinners, spacers
443                         return '';
444                 } else if ( preg_match( '!([^./]+[-_])?thumb[^.]*\.(gif|jpg|png)$!i', $src ) ) {
445                         // Thumbnails, too small, usually irrelevant to context
446                         return '';
447                 } else if ( false !== stripos( $src, '/wp-includes/' ) ) {
448                         // Classic WordPress interface images
449                         return '';
450                 } else if ( preg_match( '![^\d]\d{1,2}x\d+\.(gif|jpg|png)$!i', $src ) ) {
451                         // Most often tiny buttons/thumbs (< 100px wide)
452                         return '';
453                 } else if ( preg_match( '!/pixel\.(mathtag|quantserve)\.com!i', $src ) ) {
454                         // See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/
455                         return '';
456                 } else if ( preg_match( '!/[gb]\.gif(\?.+)?$!i', $src ) ) {
457                         // WordPress.com stats gif
458                         return '';
459                 }
460
461                 return $src;
462         }
463
464         /**
465          * Limit embed source URLs to specific providers.
466          *
467          * Not all core oEmbed providers are supported. Supported providers include YouTube, Vimeo,
468          * Vine, Daily Motion, SoundCloud, and Twitter.
469          *
470          * @ignore
471          * @since 4.2.0
472          *
473          * @param string $src Embed source URL.
474          * @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
475          */
476         private function _limit_embed( $src ) {
477                 $src = $this->_limit_url( $src );
478
479                 if ( empty( $src ) )
480                         return '';
481
482                 if ( preg_match( '!//(m|www)\.youtube\.com/(embed|v)/([^?]+)\?.+$!i', $src, $src_matches ) ) {
483                         // Embedded Youtube videos (www or mobile)
484                         $src = 'https://www.youtube.com/watch?v=' . $src_matches[3];
485                 } else if ( preg_match( '!//player\.vimeo\.com/video/([\d]+)([?/].*)?$!i', $src, $src_matches ) ) {
486                         // Embedded Vimeo iframe videos
487                         $src = 'https://vimeo.com/' . (int) $src_matches[1];
488                 } else if ( preg_match( '!//vimeo\.com/moogaloop\.swf\?clip_id=([\d]+)$!i', $src, $src_matches ) ) {
489                         // Embedded Vimeo Flash videos
490                         $src = 'https://vimeo.com/' . (int) $src_matches[1];
491                 } else if ( preg_match( '!//vine\.co/v/([^/]+)/embed!i', $src, $src_matches ) ) {
492                         // Embedded Vine videos
493                         $src = 'https://vine.co/v/' . $src_matches[1];
494                 } else if ( preg_match( '!//(www\.)?dailymotion\.com/embed/video/([^/?]+)([/?].+)?!i', $src, $src_matches ) ) {
495                         // Embedded Daily Motion videos
496                         $src = 'https://www.dailymotion.com/video/' . $src_matches[2];
497                 } else {
498                         $oembed = _wp_oembed_get_object();
499
500                         if ( ! $oembed->get_provider( $src, array( 'discover' => false ) ) ) {
501                                 $src = '';
502                         }
503                 }
504
505                 return $src;
506         }
507
508         /**
509          * Process a meta data entry from the source.
510          *
511          * @ignore
512          * @since 4.2.0
513          *
514          * @param string $meta_name  Meta key name.
515          * @param mixed  $meta_value Meta value.
516          * @param array  $data       Associative array of source data.
517          * @return array Processed data array.
518          */
519         private function _process_meta_entry( $meta_name, $meta_value, $data ) {
520                 if ( preg_match( '/:?(title|description|keywords|site_name)$/', $meta_name ) ) {
521                         $data['_meta'][ $meta_name ] = $meta_value;
522                 } else {
523                         switch ( $meta_name ) {
524                                 case 'og:url':
525                                 case 'og:video':
526                                 case 'og:video:secure_url':
527                                         $meta_value = $this->_limit_embed( $meta_value );
528
529                                         if ( ! isset( $data['_embeds'] ) ) {
530                                                 $data['_embeds'] = array();
531                                         }
532
533                                         if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_embeds'] ) ) {
534                                                 $data['_embeds'][] = $meta_value;
535                                         }
536
537                                         break;
538                                 case 'og:image':
539                                 case 'og:image:secure_url':
540                                 case 'twitter:image0:src':
541                                 case 'twitter:image0':
542                                 case 'twitter:image:src':
543                                 case 'twitter:image':
544                                         $meta_value = $this->_limit_img( $meta_value );
545
546                                         if ( ! isset( $data['_images'] ) ) {
547                                                 $data['_images'] = array();
548                                         }
549
550                                         if ( ! empty( $meta_value ) && ! in_array( $meta_value, $data['_images'] ) ) {
551                                                 $data['_images'][] = $meta_value;
552                                         }
553
554                                         break;
555                         }
556                 }
557
558                 return $data;
559         }
560
561         /**
562          * Fetches and parses _meta, _images, and _links data from the source.
563          *
564          * @since 4.2.0
565          * @access public
566          *
567          * @param string $url  URL to scan.
568          * @param array  $data Optional. Existing data array if you have one. Default empty array.
569          * @return array New data array.
570          */
571         public function source_data_fetch_fallback( $url, $data = array() ) {
572                 if ( empty( $url ) ) {
573                         return array();
574                 }
575
576                 // Download source page to tmp file.
577                 $source_content = $this->fetch_source_html( $url );
578                 if ( is_wp_error( $source_content ) ) {
579                         return array( 'errors' => $source_content->get_error_messages() );
580                 }
581
582                 // Fetch and gather <meta> data first, so discovered media is offered 1st to user.
583                 if ( empty( $data['_meta'] ) ) {
584                         $data['_meta'] = array();
585                 }
586
587                 if ( preg_match_all( '/<meta [^>]+>/', $source_content, $matches ) ) {
588                         $items = $this->_limit_array( $matches[0] );
589
590                         foreach ( $items as $value ) {
591                                 if ( preg_match( '/(property|name)="([^"]+)"[^>]+content="([^"]+)"/', $value, $new_matches ) ) {
592                                         $meta_name  = $this->_limit_string( $new_matches[2] );
593                                         $meta_value = $this->_limit_string( $new_matches[3] );
594
595                                         // Sanity check. $key is usually things like 'title', 'description', 'keywords', etc.
596                                         if ( strlen( $meta_name ) > 100 ) {
597                                                 continue;
598                                         }
599
600                                         $data = $this->_process_meta_entry( $meta_name, $meta_value, $data );
601                                 }
602                         }
603                 }
604
605                 // Fetch and gather <img> data.
606                 if ( empty( $data['_images'] ) ) {
607                         $data['_images'] = array();
608                 }
609
610                 if ( preg_match_all( '/<img [^>]+>/', $source_content, $matches ) ) {
611                         $items = $this->_limit_array( $matches[0] );
612
613                         foreach ( $items as $value ) {
614                                 if ( ( preg_match( '/width=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 256 ) ||
615                                         ( preg_match( '/height=(\'|")(\d+)\\1/i', $value, $new_matches ) && $new_matches[2] < 128 ) ) {
616
617                                         continue;
618                                 }
619
620                                 if ( preg_match( '/src=(\'|")([^\'"]+)\\1/i', $value, $new_matches ) ) {
621                                         $src = $this->_limit_img( $new_matches[2] );
622                                         if ( ! empty( $src ) && ! in_array( $src, $data['_images'] ) ) {
623                                                 $data['_images'][] = $src;
624                                         }
625                                 }
626                         }
627                 }
628
629                 // Fetch and gather <iframe> data.
630                 if ( empty( $data['_embeds'] ) ) {
631                         $data['_embeds'] = array();
632                 }
633
634                 if ( preg_match_all( '/<iframe [^>]+>/', $source_content, $matches ) ) {
635                         $items = $this->_limit_array( $matches[0] );
636
637                         foreach ( $items as $value ) {
638                                 if ( preg_match( '/src=(\'|")([^\'"]+)\\1/', $value, $new_matches ) ) {
639                                         $src = $this->_limit_embed( $new_matches[2] );
640
641                                         if ( ! empty( $src ) && ! in_array( $src, $data['_embeds'] ) ) {
642                                                 $data['_embeds'][] = $src;
643                                         }
644                                 }
645                         }
646                 }
647
648                 // Fetch and gather <link> data.
649                 if ( empty( $data['_links'] ) ) {
650                         $data['_links'] = array();
651                 }
652
653                 if ( preg_match_all( '/<link [^>]+>/', $source_content, $matches ) ) {
654                         $items = $this->_limit_array( $matches[0] );
655
656                         foreach ( $items as $value ) {
657                                 if ( preg_match( '/rel=["\'](canonical|shortlink|icon)["\']/i', $value, $matches_rel ) && preg_match( '/href=[\'"]([^\'" ]+)[\'"]/i', $value, $matches_url ) ) {
658                                         $rel = $matches_rel[1];
659                                         $url = $this->_limit_url( $matches_url[1] );
660
661                                         if ( ! empty( $url ) && empty( $data['_links'][ $rel ] ) ) {
662                                                 $data['_links'][ $rel ] = $url;
663                                         }
664                                 }
665                         }
666                 }
667
668                 return $data;
669         }
670
671         /**
672          * Handles backward-compat with the legacy version of Press This by supporting its query string params.
673          *
674          * @since 4.2.0
675          * @access public
676          *
677          * @return array
678          */
679         public function merge_or_fetch_data() {
680                 // Get data from $_POST and $_GET, as appropriate ($_POST > $_GET), to remain backward compatible.
681                 $data = array();
682
683                 // Only instantiate the keys we want. Sanity check and sanitize each one.
684                 foreach ( array( 'u', 's', 't', 'v' ) as $key ) {
685                         if ( ! empty( $_POST[ $key ] ) ) {
686                                 $value = wp_unslash( $_POST[ $key ] );
687                         } else if ( ! empty( $_GET[ $key ] ) ) {
688                                 $value = wp_unslash( $_GET[ $key ] );
689                         } else {
690                                 continue;
691                         }
692
693                         if ( 'u' === $key ) {
694                                 $value = $this->_limit_url( $value );
695
696                                 if ( preg_match( '%^(?:https?:)?//[^/]+%i', $value, $domain_match ) ) {
697                                         $this->domain = $domain_match[0];
698                                 }
699                         } else {
700                                 $value = $this->_limit_string( $value );
701                         }
702
703                         if ( ! empty( $value ) ) {
704                                 $data[ $key ] = $value;
705                         }
706                 }
707
708                 /**
709                  * Filters whether to enable in-source media discovery in Press This.
710                  *
711                  * @since 4.2.0
712                  *
713                  * @param bool $enable Whether to enable media discovery.
714                  */
715                 if ( apply_filters( 'enable_press_this_media_discovery', true ) ) {
716                         /*
717                          * If no title, _images, _embed, and _meta was passed via $_POST, fetch data from source as fallback,
718                          * making PT fully backward compatible with the older bookmarklet.
719                          */
720                         if ( empty( $_POST ) && ! empty( $data['u'] ) ) {
721                                 $data = $this->source_data_fetch_fallback( $data['u'], $data );
722                         } else {
723                                 foreach ( array( '_images', '_embeds' ) as $type ) {
724                                         if ( empty( $_POST[ $type ] ) ) {
725                                                 continue;
726                                         }
727
728                                         $data[ $type ] = array();
729                                         $items = $this->_limit_array( $_POST[ $type ] );
730
731                                         foreach ( $items as $key => $value ) {
732                                                 if ( $type === '_images' ) {
733                                                         $value = $this->_limit_img( wp_unslash( $value ) );
734                                                 } else {
735                                                         $value = $this->_limit_embed( wp_unslash( $value ) );
736                                                 }
737
738                                                 if ( ! empty( $value ) ) {
739                                                         $data[ $type ][] = $value;
740                                                 }
741                                         }
742                                 }
743
744                                 foreach ( array( '_meta', '_links' ) as $type ) {
745                                         if ( empty( $_POST[ $type ] ) ) {
746                                                 continue;
747                                         }
748
749                                         $data[ $type ] = array();
750                                         $items = $this->_limit_array( $_POST[ $type ] );
751
752                                         foreach ( $items as $key => $value ) {
753                                                 // Sanity check. These are associative arrays, $key is usually things like 'title', 'description', 'keywords', etc.
754                                                 if ( empty( $key ) || strlen( $key ) > 100 ) {
755                                                         continue;
756                                                 }
757
758                                                 if ( $type === '_meta' ) {
759                                                         $value = $this->_limit_string( wp_unslash( $value ) );
760
761                                                         if ( ! empty( $value ) ) {
762                                                                 $data = $this->_process_meta_entry( $key, $value, $data );
763                                                         }
764                                                 } else {
765                                                         if ( in_array( $key, array( 'canonical', 'shortlink', 'icon' ), true ) ) {
766                                                                 $data[ $type ][ $key ] = $this->_limit_url( wp_unslash( $value ) );
767                                                         }
768                                                 }
769                                         }
770                                 }
771                         }
772
773                         // Support passing a single image src as `i`
774                         if ( ! empty( $_REQUEST['i'] ) && ( $img_src = $this->_limit_img( wp_unslash( $_REQUEST['i'] ) ) ) ) {
775                                 if ( empty( $data['_images'] ) ) {
776                                         $data['_images'] = array( $img_src );
777                                 } elseif ( ! in_array( $img_src, $data['_images'], true ) ) {
778                                         array_unshift( $data['_images'], $img_src );
779                                 }
780                         }
781                 }
782
783                 /**
784                  * Filters the Press This data array.
785                  *
786                  * @since 4.2.0
787                  *
788                  * @param array $data Press This Data array.
789                  */
790                 return apply_filters( 'press_this_data', $data );
791         }
792
793         /**
794          * Adds another stylesheet inside TinyMCE.
795          *
796          * @since 4.2.0
797          * @access public
798          *
799          * @param string $styles URL to editor stylesheet.
800          * @return string Possibly modified stylesheets list.
801          */
802         public function add_editor_style( $styles ) {
803                 if ( ! empty( $styles ) ) {
804                         $styles .= ',';
805                 }
806
807                 $press_this = admin_url( 'css/press-this-editor.css' );
808                 if ( is_rtl() ) {
809                         $press_this = str_replace( '.css', '-rtl.css', $press_this );
810                 }
811
812                 return $styles . $press_this;
813         }
814
815         /**
816          * Outputs the post format selection HTML.
817          *
818          * @since 4.2.0
819          * @access public
820          *
821          * @param WP_Post $post Post object.
822          */
823         public function post_formats_html( $post ) {
824                 if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) ) {
825                         $post_formats = get_theme_support( 'post-formats' );
826
827                         if ( is_array( $post_formats[0] ) ) {
828                                 $post_format = get_post_format( $post->ID );
829
830                                 if ( ! $post_format ) {
831                                         $post_format = '0';
832                                 }
833
834                                 // Add in the current one if it isn't there yet, in case the current theme doesn't support it.
835                                 if ( $post_format && ! in_array( $post_format, $post_formats[0] ) ) {
836                                         $post_formats[0][] = $post_format;
837                                 }
838
839                                 ?>
840                                 <div id="post-formats-select">
841                                 <fieldset><legend class="screen-reader-text"><?php _e( 'Post Formats' ); ?></legend>
842                                         <input type="radio" name="post_format" class="post-format" id="post-format-0" value="0" <?php checked( $post_format, '0' ); ?> />
843                                         <label for="post-format-0" class="post-format-icon post-format-standard"><?php echo get_post_format_string( 'standard' ); ?></label>
844                                         <?php
845
846                                         foreach ( $post_formats[0] as $format ) {
847                                                 $attr_format = esc_attr( $format );
848                                                 ?>
849                                                 <br />
850                                                 <input type="radio" name="post_format" class="post-format" id="post-format-<?php echo $attr_format; ?>" value="<?php echo $attr_format; ?>" <?php checked( $post_format, $format ); ?> />
851                                                 <label for="post-format-<?php echo $attr_format ?>" class="post-format-icon post-format-<?php echo $attr_format; ?>"><?php echo esc_html( get_post_format_string( $format ) ); ?></label>
852                                                 <?php
853                                          }
854
855                                          ?>
856                                 </fieldset>
857                                 </div>
858                                 <?php
859                         }
860                 }
861         }
862
863         /**
864          * Outputs the categories HTML.
865          *
866          * @since 4.2.0
867          * @access public
868          *
869          * @param WP_Post $post Post object.
870          */
871         public function categories_html( $post ) {
872                 $taxonomy = get_taxonomy( 'category' );
873
874                 // Bail if user cannot assign terms
875                 if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
876                         return;
877                 }
878
879                 // Only show "add" if user can edit terms
880                 if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
881                         ?>
882                         <button type="button" class="add-cat-toggle button-link" aria-expanded="false">
883                                 <span class="dashicons dashicons-plus"></span><span class="screen-reader-text"><?php _e( 'Toggle add category' ); ?></span>
884                         </button>
885                         <div class="add-category is-hidden">
886                                 <label class="screen-reader-text" for="new-category"><?php echo $taxonomy->labels->add_new_item; ?></label>
887                                 <input type="text" id="new-category" class="add-category-name" placeholder="<?php echo esc_attr( $taxonomy->labels->new_item_name ); ?>" value="" aria-required="true">
888                                 <label class="screen-reader-text" for="new-category-parent"><?php echo $taxonomy->labels->parent_item_colon; ?></label>
889                                 <div class="postform-wrapper">
890                                         <?php
891                                         wp_dropdown_categories( array(
892                                                 'taxonomy'         => 'category',
893                                                 'hide_empty'       => 0,
894                                                 'name'             => 'new-category-parent',
895                                                 'orderby'          => 'name',
896                                                 'hierarchical'     => 1,
897                                                 'show_option_none' => '&mdash; ' . $taxonomy->labels->parent_item . ' &mdash;'
898                                         ) );
899                                         ?>
900                                 </div>
901                                 <button type="button" class="add-cat-submit"><?php _e( 'Add' ); ?></button>
902                         </div>
903                         <?php
904
905                 }
906                 ?>
907                 <div class="categories-search-wrapper">
908                         <input id="categories-search" type="search" class="categories-search" placeholder="<?php esc_attr_e( 'Search categories by name' ) ?>">
909                         <label for="categories-search">
910                                 <span class="dashicons dashicons-search"></span><span class="screen-reader-text"><?php _e( 'Search categories' ); ?></span>
911                         </label>
912                 </div>
913                 <div aria-label="<?php esc_attr_e( 'Categories' ); ?>">
914                         <ul class="categories-select">
915                                 <?php wp_terms_checklist( $post->ID, array( 'taxonomy' => 'category', 'list_only' => true ) ); ?>
916                         </ul>
917                 </div>
918                 <?php
919         }
920
921         /**
922          * Outputs the tags HTML.
923          *
924          * @since 4.2.0
925          * @access public
926          *
927          * @param WP_Post $post Post object.
928          */
929         public function tags_html( $post ) {
930                 $taxonomy              = get_taxonomy( 'post_tag' );
931                 $user_can_assign_terms = current_user_can( $taxonomy->cap->assign_terms );
932                 $esc_tags              = get_terms_to_edit( $post->ID, 'post_tag' );
933
934                 if ( ! $esc_tags || is_wp_error( $esc_tags ) ) {
935                         $esc_tags = '';
936                 }
937
938                 ?>
939                 <div class="tagsdiv" id="post_tag">
940                         <div class="jaxtag">
941                         <input type="hidden" name="tax_input[post_tag]" class="the-tags" value="<?php echo $esc_tags; // escaped in get_terms_to_edit() ?>">
942                         <?php
943
944                         if ( $user_can_assign_terms ) {
945                                 ?>
946                                 <div class="ajaxtag hide-if-no-js">
947                                         <label class="screen-reader-text" for="new-tag-post_tag"><?php _e( 'Tags' ); ?></label>
948                                         <p>
949                                                 <input type="text" id="new-tag-post_tag" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="" aria-describedby="new-tag-desc" />
950                                                 <button type="button" class="tagadd"><?php _e( 'Add' ); ?></button>
951                                         </p>
952                                 </div>
953                                 <p class="howto" id="new-tag-desc">
954                                         <?php echo $taxonomy->labels->separate_items_with_commas; ?>
955                                 </p>
956                                 <?php
957                         }
958
959                         ?>
960                         </div>
961                         <div class="tagchecklist"></div>
962                 </div>
963                 <?php
964
965                 if ( $user_can_assign_terms ) {
966                         ?>
967                         <button type="button" class="button-link tagcloud-link" id="link-post_tag" aria-expanded="false"><?php echo $taxonomy->labels->choose_from_most_used; ?></button>
968                         <?php
969                 }
970         }
971
972         /**
973          * Get a list of embeds with no duplicates.
974          *
975          * @since 4.2.0
976          * @access public
977          *
978          * @param array $data The site's data.
979          * @return array Embeds selected to be available.
980          */
981         public function get_embeds( $data ) {
982                 $selected_embeds = array();
983
984                 // Make sure to add the Pressed page if it's a valid oembed itself
985                 if ( ! empty ( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) {
986                         $data['_embeds'][] = $data['u'];
987                 }
988
989                 if ( ! empty( $data['_embeds'] ) ) {
990                         foreach ( $data['_embeds'] as $src ) {
991                                 $prot_relative_src = preg_replace( '/^https?:/', '', $src );
992
993                                 if ( in_array( $prot_relative_src, $this->embeds ) ) {
994                                         continue;
995                                 }
996
997                                 $selected_embeds[] = $src;
998                                 $this->embeds[] = $prot_relative_src;
999                         }
1000                 }
1001
1002                 return $selected_embeds;
1003         }
1004
1005         /**
1006          * Get a list of images with no duplicates.
1007          *
1008          * @since 4.2.0
1009          * @access public
1010          *
1011          * @param array $data The site's data.
1012          * @return array
1013          */
1014         public function get_images( $data ) {
1015                 $selected_images = array();
1016
1017                 if ( ! empty( $data['_images'] ) ) {
1018                         foreach ( $data['_images'] as $src ) {
1019                                 if ( false !== strpos( $src, 'gravatar.com' ) ) {
1020                                         $src = preg_replace( '%http://[\d]+\.gravatar\.com/%', 'https://secure.gravatar.com/', $src );
1021                                 }
1022
1023                                 $prot_relative_src = preg_replace( '/^https?:/', '', $src );
1024
1025                                 if ( in_array( $prot_relative_src, $this->images ) ||
1026                                         ( false !== strpos( $src, 'avatar' ) && count( $this->images ) > 15 ) ) {
1027                                         // Skip: already selected or some type of avatar and we've already gathered more than 15 images.
1028                                         continue;
1029                                 }
1030
1031                                 $selected_images[] = $src;
1032                                 $this->images[] = $prot_relative_src;
1033                         }
1034                 }
1035
1036                 return $selected_images;
1037         }
1038
1039         /**
1040          * Gets the source page's canonical link, based on passed location and meta data.
1041          *
1042          * @since 4.2.0
1043          * @access public
1044          *
1045          * @param array $data The site's data.
1046          * @return string Discovered canonical URL, or empty
1047          */
1048         public function get_canonical_link( $data ) {
1049                 $link = '';
1050
1051                 if ( ! empty( $data['_links']['canonical'] ) ) {
1052                         $link = $data['_links']['canonical'];
1053                 } elseif ( ! empty( $data['u'] ) ) {
1054                         $link = $data['u'];
1055                 } elseif ( ! empty( $data['_meta'] ) ) {
1056                         if ( ! empty( $data['_meta']['twitter:url'] ) ) {
1057                                 $link = $data['_meta']['twitter:url'];
1058                         } else if ( ! empty( $data['_meta']['og:url'] ) ) {
1059                                 $link = $data['_meta']['og:url'];
1060                         }
1061                 }
1062
1063                 if ( empty( $link ) && ! empty( $data['_links']['shortlink'] ) ) {
1064                         $link = $data['_links']['shortlink'];
1065                 }
1066
1067                 return $link;
1068         }
1069
1070         /**
1071          * Gets the source page's site name, based on passed meta data.
1072          *
1073          * @since 4.2.0
1074          * @access public
1075          *
1076          * @param array $data The site's data.
1077          * @return string Discovered site name, or empty
1078          */
1079         public function get_source_site_name( $data ) {
1080                 $name = '';
1081
1082                 if ( ! empty( $data['_meta'] ) ) {
1083                         if ( ! empty( $data['_meta']['og:site_name'] ) ) {
1084                                 $name = $data['_meta']['og:site_name'];
1085                         } else if ( ! empty( $data['_meta']['application-name'] ) ) {
1086                                 $name = $data['_meta']['application-name'];
1087                         }
1088                 }
1089
1090                 return $name;
1091         }
1092
1093         /**
1094          * Gets the source page's title, based on passed title and meta data.
1095          *
1096          * @since 4.2.0
1097          * @access public
1098          *
1099          * @param array $data The site's data.
1100          * @return string Discovered page title, or empty
1101          */
1102         public function get_suggested_title( $data ) {
1103                 $title = '';
1104
1105                 if ( ! empty( $data['t'] ) ) {
1106                         $title = $data['t'];
1107                 } elseif ( ! empty( $data['_meta'] ) ) {
1108                         if ( ! empty( $data['_meta']['twitter:title'] ) ) {
1109                                 $title = $data['_meta']['twitter:title'];
1110                         } else if ( ! empty( $data['_meta']['og:title'] ) ) {
1111                                 $title = $data['_meta']['og:title'];
1112                         } else if ( ! empty( $data['_meta']['title'] ) ) {
1113                                 $title = $data['_meta']['title'];
1114                         }
1115                 }
1116
1117                 return $title;
1118         }
1119
1120         /**
1121          * Gets the source page's suggested content, based on passed data (description, selection, etc).
1122          *
1123          * Features a blockquoted excerpt, as well as content attribution, if any.
1124          *
1125          * @since 4.2.0
1126          * @access public
1127          *
1128          * @param array $data The site's data.
1129          * @return string Discovered content, or empty
1130          */
1131         public function get_suggested_content( $data ) {
1132                 $content = $text = '';
1133
1134                 if ( ! empty( $data['s'] ) ) {
1135                         $text = $data['s'];
1136                 } else if ( ! empty( $data['_meta'] ) ) {
1137                         if ( ! empty( $data['_meta']['twitter:description'] ) ) {
1138                                 $text = $data['_meta']['twitter:description'];
1139                         } else if ( ! empty( $data['_meta']['og:description'] ) ) {
1140                                 $text = $data['_meta']['og:description'];
1141                         } else if ( ! empty( $data['_meta']['description'] ) ) {
1142                                 $text = $data['_meta']['description'];
1143                         }
1144
1145                         // If there is an ellipsis at the end, the description is very likely auto-generated. Better to ignore it.
1146                         if ( $text && substr( $text, -3 ) === '...' ) {
1147                                 $text = '';
1148                         }
1149                 }
1150
1151                 $default_html = array( 'quote' => '', 'link' => '', 'embed' => '' );
1152
1153                 if ( ! empty( $data['u'] ) && $this->_limit_embed( $data['u'] ) ) {
1154                         $default_html['embed'] = '<p>[embed]' . $data['u'] . '[/embed]</p>';
1155
1156                         if ( ! empty( $data['s'] ) ) {
1157                                 // If the user has selected some text, do quote it.
1158                                 $default_html['quote'] = '<blockquote>%1$s</blockquote>';
1159                         }
1160                 } else {
1161                         $default_html['quote'] = '<blockquote>%1$s</blockquote>';
1162                         $default_html['link'] = '<p>' . _x( 'Source:', 'Used in Press This to indicate where the content comes from.' ) .
1163                                 ' <em><a href="%1$s">%2$s</a></em></p>';
1164                 }
1165
1166                 /**
1167                  * Filters the default HTML tags used in the suggested content for the editor.
1168                  *
1169                  * The HTML strings use printf format. After filtering the content is added at the specified places with `sprintf()`.
1170                  *
1171                  * @since 4.2.0
1172                  *
1173                  * @param array $default_html Associative array with three possible keys:
1174                  *                                - 'quote' where %1$s is replaced with the site description or the selected content.
1175                  *                                - 'link' where %1$s is link href, %2$s is link text, usually the source page title.
1176                  *                                - 'embed' which contains an [embed] shortcode when the source page offers embeddable content.
1177                  * @param array $data         Associative array containing the data from the source page.
1178                  */
1179                 $default_html = apply_filters( 'press_this_suggested_html', $default_html, $data );
1180
1181                 if ( ! empty( $default_html['embed'] ) ) {
1182                         $content .= $default_html['embed'];
1183                 }
1184
1185                 // Wrap suggested content in the specified HTML.
1186                 if ( ! empty( $default_html['quote'] ) && $text ) {
1187                         $content .= sprintf( $default_html['quote'], $text );
1188                 }
1189
1190                 // Add source attribution if there is one available.
1191                 if ( ! empty( $default_html['link'] ) ) {
1192                         $title = $this->get_suggested_title( $data );
1193                         $url = $this->get_canonical_link( $data );
1194
1195                         if ( ! $title ) {
1196                                 $title = $this->get_source_site_name( $data );
1197                         }
1198
1199                         if ( $url && $title ) {
1200                                 $content .= sprintf( $default_html['link'], $url, $title );
1201                         }
1202                 }
1203
1204                 return $content;
1205         }
1206
1207         /**
1208          * Serves the app's base HTML, which in turns calls the load script.
1209          *
1210          * @since 4.2.0
1211          * @access public
1212          *
1213          * @global WP_Locale $wp_locale
1214          * @global bool      $is_IE
1215          */
1216         public function html() {
1217                 global $wp_locale;
1218
1219                 $wp_version = get_bloginfo( 'version' );
1220
1221                 // Get data, new (POST) and old (GET).
1222                 $data = $this->merge_or_fetch_data();
1223
1224                 $post_title = $this->get_suggested_title( $data );
1225
1226                 $post_content = $this->get_suggested_content( $data );
1227
1228                 // Get site settings array/data.
1229                 $site_settings = $this->site_settings();
1230
1231                 // Pass the images and embeds
1232                 $images = $this->get_images( $data );
1233                 $embeds = $this->get_embeds( $data );
1234
1235                 $site_data = array(
1236                         'v' => ! empty( $data['v'] ) ? $data['v'] : '',
1237                         'u' => ! empty( $data['u'] ) ? $data['u'] : '',
1238                         'hasData' => ! empty( $data ),
1239                 );
1240
1241                 if ( ! empty( $images ) ) {
1242                         $site_data['_images'] = $images;
1243                 }
1244
1245                 if ( ! empty( $embeds ) ) {
1246                         $site_data['_embeds'] = $embeds;
1247                 }
1248
1249                 // Add press-this-editor.css and remove theme's editor-style.css, if any.
1250                 remove_editor_styles();
1251
1252                 add_filter( 'mce_css', array( $this, 'add_editor_style' ) );
1253
1254                 if ( ! empty( $GLOBALS['is_IE'] ) ) {
1255                         @header( 'X-UA-Compatible: IE=edge' );
1256                 }
1257
1258                 @header( 'Content-Type: ' . get_option( 'html_type' ) . '; charset=' . get_option( 'blog_charset' ) );
1259
1260 ?>
1261 <!DOCTYPE html>
1262 <!--[if IE 7]>         <html class="lt-ie9 lt-ie8" <?php language_attributes(); ?>> <![endif]-->
1263 <!--[if IE 8]>         <html class="lt-ie9" <?php language_attributes(); ?>> <![endif]-->
1264 <!--[if gt IE 8]><!--> <html <?php language_attributes(); ?>> <!--<![endif]-->
1265 <head>
1266         <meta http-equiv="Content-Type" content="<?php echo esc_attr( get_bloginfo( 'html_type' ) ); ?>; charset=<?php echo esc_attr( get_option( 'blog_charset' ) ); ?>" />
1267         <meta name="viewport" content="width=device-width">
1268         <title><?php esc_html_e( 'Press This!' ) ?></title>
1269
1270         <script>
1271                 window.wpPressThisData   = <?php echo wp_json_encode( $site_data ); ?>;
1272                 window.wpPressThisConfig = <?php echo wp_json_encode( $site_settings ); ?>;
1273         </script>
1274
1275         <script type="text/javascript">
1276                 var ajaxurl = '<?php echo esc_js( admin_url( 'admin-ajax.php', 'relative' ) ); ?>',
1277                         pagenow = 'press-this',
1278                         typenow = 'post',
1279                         adminpage = 'press-this-php',
1280                         thousandsSeparator = '<?php echo addslashes( $wp_locale->number_format['thousands_sep'] ); ?>',
1281                         decimalPoint = '<?php echo addslashes( $wp_locale->number_format['decimal_point'] ); ?>',
1282                         isRtl = <?php echo (int) is_rtl(); ?>;
1283         </script>
1284
1285         <?php
1286                 /*
1287                  * $post->ID is needed for the embed shortcode so we can show oEmbed previews in the editor.
1288                  * Maybe find a way without it.
1289                  */
1290                 $post = get_default_post_to_edit( 'post', true );
1291                 $post_ID = (int) $post->ID;
1292
1293                 wp_enqueue_media( array( 'post' => $post_ID ) );
1294                 wp_enqueue_style( 'press-this' );
1295                 wp_enqueue_script( 'press-this' );
1296                 wp_enqueue_script( 'json2' );
1297                 wp_enqueue_script( 'editor' );
1298
1299                 $categories_tax   = get_taxonomy( 'category' );
1300                 $show_categories  = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
1301
1302                 $tag_tax          = get_taxonomy( 'post_tag' );
1303                 $show_tags        = current_user_can( $tag_tax->cap->assign_terms );
1304
1305                 $supports_formats = false;
1306                 $post_format      = 0;
1307
1308                 if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) ) {
1309                         $supports_formats = true;
1310
1311                         if ( ! ( $post_format = get_post_format( $post_ID ) ) ) {
1312                                 $post_format = 0;
1313                         }
1314                 }
1315
1316                 /** This action is documented in wp-admin/admin-header.php */
1317                 do_action( 'admin_enqueue_scripts', 'press-this.php' );
1318
1319                 /** This action is documented in wp-admin/admin-header.php */
1320                 do_action( 'admin_print_styles-press-this.php' );
1321
1322                 /** This action is documented in wp-admin/admin-header.php */
1323                 do_action( 'admin_print_styles' );
1324
1325                 /** This action is documented in wp-admin/admin-header.php */
1326                 do_action( 'admin_print_scripts-press-this.php' );
1327
1328                 /** This action is documented in wp-admin/admin-header.php */
1329                 do_action( 'admin_print_scripts' );
1330
1331                 /** This action is documented in wp-admin/admin-header.php */
1332                 do_action( 'admin_head-press-this.php' );
1333
1334                 /** This action is documented in wp-admin/admin-header.php */
1335                 do_action( 'admin_head' );
1336         ?>
1337 </head>
1338 <?php
1339
1340         $admin_body_class  = 'press-this';
1341         $admin_body_class .= ( is_rtl() ) ? ' rtl' : '';
1342         $admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( $wp_version ) );
1343         $admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) );
1344         $admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' );
1345         $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
1346
1347         /** This filter is documented in wp-admin/admin-header.php */
1348         $admin_body_classes = apply_filters( 'admin_body_class', '' );
1349
1350 ?>
1351 <body class="wp-admin wp-core-ui <?php echo $admin_body_classes . ' ' . $admin_body_class; ?>">
1352         <div id="adminbar" class="adminbar">
1353                 <h1 id="current-site" class="current-site">
1354                         <a class="current-site-link" href="<?php echo esc_url( home_url( '/' ) ); ?>" target="_blank" rel="home">
1355                                 <span class="dashicons dashicons-wordpress"></span>
1356                                 <span class="current-site-name"><?php bloginfo( 'name' ); ?></span>
1357                         </a>
1358                 </h1>
1359                 <button type="button" class="options button-link closed">
1360                         <span class="dashicons dashicons-tag on-closed"></span>
1361                         <span class="screen-reader-text on-closed"><?php _e( 'Show post options' ); ?></span>
1362                         <span aria-hidden="true" class="on-open"><?php _e( 'Done' ); ?></span>
1363                         <span class="screen-reader-text on-open"><?php _e( 'Hide post options' ); ?></span>
1364                 </button>
1365         </div>
1366
1367         <div id="scanbar" class="scan">
1368                 <form method="GET">
1369                         <label for="url-scan" class="screen-reader-text"><?php _e( 'Scan site for content' ); ?></label>
1370                         <input type="url" name="u" id="url-scan" class="scan-url" value="" placeholder="<?php esc_attr_e( 'Enter a URL to scan' ) ?>" />
1371                         <input type="submit" name="url-scan-submit" id="url-scan-submit" class="scan-submit" value="<?php esc_attr_e( 'Scan' ) ?>" />
1372                 </form>
1373         </div>
1374
1375         <form id="pressthis-form" method="post" action="post.php" autocomplete="off">
1376                 <input type="hidden" name="post_ID" id="post_ID" value="<?php echo $post_ID; ?>" />
1377                 <input type="hidden" name="action" value="press-this-save-post" />
1378                 <input type="hidden" name="post_status" id="post_status" value="draft" />
1379                 <input type="hidden" name="wp-preview" id="wp-preview" value="" />
1380                 <input type="hidden" name="post_title" id="post_title" value="" />
1381                 <input type="hidden" name="pt-force-redirect" id="pt-force-redirect" value="" />
1382                 <?php
1383
1384                 wp_nonce_field( 'update-post_' . $post_ID, '_wpnonce', false );
1385                 wp_nonce_field( 'add-category', '_ajax_nonce-add-category', false );
1386
1387                 ?>
1388
1389         <div class="wrapper">
1390                 <div class="editor-wrapper">
1391                         <div class="alerts" role="alert" aria-live="assertive" aria-relevant="all" aria-atomic="true">
1392                                 <?php
1393
1394                                 if ( isset( $data['v'] ) && $this->version > $data['v'] ) {
1395                                         ?>
1396                                         <p class="alert is-notice">
1397                                                 <?php printf( __( 'You should upgrade <a href="%s" target="_blank">your bookmarklet</a> to the latest version!' ), admin_url( 'tools.php' ) ); ?>
1398                                         </p>
1399                                         <?php
1400                                 }
1401
1402                                 ?>
1403                         </div>
1404
1405                         <div id="app-container" class="editor">
1406                                 <span id="title-container-label" class="post-title-placeholder" aria-hidden="true"><?php _e( 'Post title' ); ?></span>
1407                                 <h2 id="title-container" class="post-title" contenteditable="true" spellcheck="true" aria-label="<?php esc_attr_e( 'Post title' ); ?>" tabindex="0"><?php echo esc_html( $post_title ); ?></h2>
1408
1409                                 <div class="media-list-container">
1410                                         <div class="media-list-inner-container">
1411                                                 <h2 class="screen-reader-text"><?php _e( 'Suggested media' ); ?></h2>
1412                                                 <ul class="media-list"></ul>
1413                                         </div>
1414                                 </div>
1415
1416                                 <?php
1417                                 wp_editor( $post_content, 'pressthis', array(
1418                                         'drag_drop_upload' => true,
1419                                         'editor_height'    => 600,
1420                                         'media_buttons'    => false,
1421                                         'textarea_name'    => 'post_content',
1422                                         'teeny'            => true,
1423                                         'tinymce'          => array(
1424                                                 'resize'                => false,
1425                                                 'wordpress_adv_hidden'  => false,
1426                                                 'add_unload_trigger'    => false,
1427                                                 'statusbar'             => false,
1428                                                 'autoresize_min_height' => 600,
1429                                                 'wp_autoresize_on'      => true,
1430                                                 'plugins'               => 'lists,media,paste,tabfocus,fullscreen,wordpress,wpautoresize,wpeditimage,wpgallery,wplink,wptextpattern,wpview',
1431                                                 'toolbar1'              => 'bold,italic,bullist,numlist,blockquote,link,unlink',
1432                                                 'toolbar2'              => 'undo,redo',
1433                                         ),
1434                                         'quicktags' => array(
1435                                                 'buttons' => 'strong,em,link,block,del,ins,img,ul,ol,li,code,more',
1436                                         ),
1437                                 ) );
1438
1439                                 ?>
1440                         </div>
1441                 </div>
1442
1443                 <div class="options-panel-back is-hidden" tabindex="-1"></div>
1444                 <div class="options-panel is-off-screen is-hidden" tabindex="-1">
1445                         <div class="post-options">
1446
1447                                 <?php if ( $supports_formats ) : ?>
1448                                         <button type="button" class="button-link post-option">
1449                                                 <span class="dashicons dashicons-admin-post"></span>
1450                                                 <span class="post-option-title"><?php _ex( 'Format', 'post format' ); ?></span>
1451                                                 <span class="post-option-contents" id="post-option-post-format"><?php echo esc_html( get_post_format_string( $post_format ) ); ?></span>
1452                                                 <span class="dashicons post-option-forward"></span>
1453                                         </button>
1454                                 <?php endif; ?>
1455
1456                                 <?php if ( $show_categories ) : ?>
1457                                         <button type="button" class="button-link post-option">
1458                                                 <span class="dashicons dashicons-category"></span>
1459                                                 <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
1460                                                 <span class="dashicons post-option-forward"></span>
1461                                         </button>
1462                                 <?php endif; ?>
1463
1464                                 <?php if ( $show_tags ) : ?>
1465                                         <button type="button" class="button-link post-option">
1466                                                 <span class="dashicons dashicons-tag"></span>
1467                                                 <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
1468                                                 <span class="dashicons post-option-forward"></span>
1469                                         </button>
1470                                 <?php endif; ?>
1471                         </div>
1472
1473                         <?php if ( $supports_formats ) : ?>
1474                                 <div class="setting-modal is-off-screen is-hidden">
1475                                         <button type="button" class="button-link modal-close">
1476                                                 <span class="dashicons post-option-back"></span>
1477                                                 <span class="setting-title" aria-hidden="true"><?php _ex( 'Format', 'post format' ); ?></span>
1478                                                 <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1479                                         </button>
1480                                         <?php $this->post_formats_html( $post ); ?>
1481                                 </div>
1482                         <?php endif; ?>
1483
1484                         <?php if ( $show_categories ) : ?>
1485                                 <div class="setting-modal is-off-screen is-hidden">
1486                                         <button type="button" class="button-link modal-close">
1487                                                 <span class="dashicons post-option-back"></span>
1488                                                 <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
1489                                                 <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1490                                         </button>
1491                                         <?php $this->categories_html( $post ); ?>
1492                                 </div>
1493                         <?php endif; ?>
1494
1495                         <?php if ( $show_tags ) : ?>
1496                                 <div class="setting-modal tags is-off-screen is-hidden">
1497                                         <button type="button" class="button-link modal-close">
1498                                                 <span class="dashicons post-option-back"></span>
1499                                                 <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
1500                                                 <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
1501                                         </button>
1502                                         <?php $this->tags_html( $post ); ?>
1503                                 </div>
1504                         <?php endif; ?>
1505                 </div><!-- .options-panel -->
1506         </div><!-- .wrapper -->
1507
1508         <div class="press-this-actions">
1509                 <div class="pressthis-media-buttons">
1510                         <button type="button" class="insert-media button-link" data-editor="pressthis">
1511                                 <span class="dashicons dashicons-admin-media"></span>
1512                                 <span class="screen-reader-text"><?php _e( 'Add Media' ); ?></span>
1513                         </button>
1514                 </div>
1515                 <div class="post-actions">
1516                         <span class="spinner">&nbsp;</span>
1517                         <div class="split-button">
1518                                 <div class="split-button-head">
1519                                         <button type="button" class="publish-button split-button-primary" aria-live="polite">
1520                                                 <span class="publish"><?php echo ( current_user_can( 'publish_posts' ) ) ? __( 'Publish' ) : __( 'Submit for Review' ); ?></span>
1521                                                 <span class="saving-draft"><?php _e( 'Saving&hellip;' ); ?></span>
1522                                         </button><button type="button" class="split-button-toggle" aria-haspopup="true" aria-expanded="false">
1523                                                 <i class="dashicons dashicons-arrow-down-alt2"></i>
1524                                                 <span class="screen-reader-text"><?php _e('More actions'); ?></span>
1525                                         </button>
1526                                 </div>
1527                                 <ul class="split-button-body">
1528                                         <li><button type="button" class="button-link draft-button split-button-option"><?php _e( 'Save Draft' ); ?></button></li>
1529                                         <li><button type="button" class="button-link standard-editor-button split-button-option"><?php _e( 'Standard Editor' ); ?></button></li>
1530                                         <li><button type="button" class="button-link preview-button split-button-option"><?php _e( 'Preview' ); ?></button></li>
1531                                 </ul>
1532                         </div>
1533                 </div>
1534         </div>
1535         </form>
1536
1537         <?php
1538         /** This action is documented in wp-admin/admin-footer.php */
1539         do_action( 'admin_footer' );
1540
1541         /** This action is documented in wp-admin/admin-footer.php */
1542         do_action( 'admin_print_footer_scripts-press-this.php' );
1543
1544         /** This action is documented in wp-admin/admin-footer.php */
1545         do_action( 'admin_print_footer_scripts' );
1546
1547         /** This action is documented in wp-admin/admin-footer.php */
1548         do_action( 'admin_footer-press-this.php' );
1549         ?>
1550 </body>
1551 </html>
1552 <?php
1553                 die();
1554         }
1555 }