3 * WordPress AJAX Process Execution.
6 * @subpackage Administration
10 * Executing AJAX process.
14 define('DOING_AJAX', true);
15 define('WP_ADMIN', true);
17 require_once('../wp-load.php');
19 if ( ! isset( $_REQUEST['action'] ) )
22 require_once('./includes/admin.php');
23 @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
24 send_nosniff_header();
26 do_action('admin_init');
28 if ( ! is_user_logged_in() ) {
30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
37 $x = new WP_Ajax_Response( array(
45 if ( !empty( $_REQUEST['action'] ) )
46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
51 if ( isset( $_GET['action'] ) ) :
52 switch ( $action = $_GET['action'] ) :
53 case 'ajax-tag-search' :
54 if ( !current_user_can( 'edit_posts' ) )
57 $s = $_GET['q']; // is this slashed already?
59 if ( isset($_GET['tax']) )
60 $taxonomy = sanitize_title($_GET['tax']);
64 if ( false !== strpos( $s, ',' ) ) {
65 $s = explode( ',', $s );
66 $s = $s[count( $s ) - 1];
69 if ( strlen( $s ) < 2 )
70 die; // require 2 chars for matching
72 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
74 echo join( $results, "\n" );
77 case 'wp-compression-test' :
78 if ( !current_user_can( 'manage_options' ) )
81 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
82 update_site_option('can_compress_scripts', 0);
86 if ( isset($_GET['test']) ) {
87 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
88 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
89 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
90 header( 'Pragma: no-cache' );
91 header('Content-Type: application/x-javascript; charset=UTF-8');
92 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
93 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
95 if ( 1 == $_GET['test'] ) {
98 } elseif ( 2 == $_GET['test'] ) {
99 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
101 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
102 header('Content-Encoding: deflate');
103 $out = gzdeflate( $test_str, 1 );
104 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
105 header('Content-Encoding: gzip');
106 $out = gzencode( $test_str, 1 );
112 } elseif ( 'no' == $_GET['test'] ) {
113 update_site_option('can_compress_scripts', 0);
114 } elseif ( 'yes' == $_GET['test'] ) {
115 update_site_option('can_compress_scripts', 1);
121 case 'imgedit-preview' :
122 $post_id = intval($_GET['postid']);
123 if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
126 check_ajax_referer( "image_editor-$post_id" );
128 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
129 if ( ! stream_preview_image($post_id) )
134 case 'menu-quick-search':
135 if ( ! current_user_can( 'edit_theme_options' ) )
138 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
140 _wp_ajax_menu_quick_search( $_REQUEST );
144 case 'oembed-cache' :
145 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
149 do_action( 'wp_ajax_' . $_GET['action'] );
156 * Sends back current comment total and new page links if they need to be updated.
158 * Contrary to normal success AJAX response ("1"), die with time() on success.
162 * @param int $comment_id
165 function _wp_ajax_delete_comment_response( $comment_id ) {
166 $total = (int) @$_POST['_total'];
167 $per_page = (int) @$_POST['_per_page'];
168 $page = (int) @$_POST['_page'];
169 $url = esc_url_raw( @$_POST['_url'] );
170 // JS didn't send us everything we need to know. Just die with success message
171 if ( !$total || !$per_page || !$page || !$url )
172 die( (string) time() );
174 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
177 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
178 die( (string) time() );
181 $status = 'total_comments'; // What type of comment count are we looking for?
182 $parsed = parse_url( $url );
183 if ( isset( $parsed['query'] ) ) {
184 parse_str( $parsed['query'], $query_vars );
185 if ( !empty( $query_vars['comment_status'] ) )
186 $status = $query_vars['comment_status'];
187 if ( !empty( $query_vars['p'] ) )
188 $post_id = (int) $query_vars['p'];
191 $comment_count = wp_count_comments($post_id);
192 $time = time(); // The time since the last comment count
194 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
195 $total = $comment_count->$status;
196 // else use the decremented value from above
198 $page_links = paginate_links( array(
199 'base' => add_query_arg( 'apage', '%#%', $url ),
201 'prev_text' => __('«'),
202 'next_text' => __('»'),
203 'total' => ceil($total / $per_page),
206 $x = new WP_Ajax_Response( array(
208 'id' => $comment_id, // here for completeness - not used
209 'supplemental' => array(
210 'pageLinks' => $page_links,
218 function _wp_ajax_add_hierarchical_term() {
219 $action = $_POST['action'];
220 $taxonomy = get_taxonomy(substr($action, 4));
221 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
222 if ( !current_user_can( $taxonomy->cap->edit_terms ) )
224 $names = explode(',', $_POST['new'.$taxonomy->name]);
225 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
228 if ( $taxonomy->name == 'category' )
229 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
231 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
232 $checked_categories = array_map( 'absint', (array) $post_category );
233 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
235 foreach ( $names as $cat_name ) {
236 $cat_name = trim($cat_name);
237 $category_nicename = sanitize_title($cat_name);
238 if ( '' === $category_nicename )
240 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) {
241 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent));
242 $cat_id = $new_term['term_id'];
244 $checked_categories[] = $cat_id;
245 if ( $parent ) // Do these all at once in a second
247 $category = get_term( $cat_id, $taxonomy->name );
249 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
250 $data = ob_get_contents();
253 'what' => $taxonomy->name,
255 'data' => str_replace( array("\n", "\t"), '', $data),
260 if ( $parent ) { // Foncy - replace the parent and all its children
261 $parent = get_term( $parent, $taxonomy->name );
262 $term_id = $parent->term_id;
264 while ( $parent->parent ) { // get the top parent
265 $parent = &get_term( $parent->parent, $taxonomy->name );
266 if ( is_wp_error( $parent ) )
268 $term_id = $parent->term_id;
272 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
273 $data = ob_get_contents();
276 'what' => $taxonomy->name,
278 'data' => str_replace( array("\n", "\t"), '', $data),
284 wp_dropdown_categories( array(
285 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
286 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —'
288 $sup = ob_get_contents();
290 $add['supplemental'] = array( 'newcat_parent' => $sup );
292 $x = new WP_Ajax_Response( $add );
296 $id = isset($_POST['id'])? (int) $_POST['id'] : 0;
297 switch ( $action = $_POST['action'] ) :
298 case 'delete-comment' : // On success, die with time() instead of 1
299 if ( !$comment = get_comment( $id ) )
300 die( (string) time() );
301 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
304 check_ajax_referer( "delete-comment_$id" );
305 $status = wp_get_comment_status( $comment->comment_ID );
307 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
308 if ( 'trash' == $status )
309 die( (string) time() );
310 $r = wp_trash_comment( $comment->comment_ID );
311 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
312 if ( 'trash' != $status )
313 die( (string) time() );
314 $r = wp_untrash_comment( $comment->comment_ID );
315 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
316 if ( 'spam' == $status )
317 die( (string) time() );
318 $r = wp_spam_comment( $comment->comment_ID );
319 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
320 if ( 'spam' != $status )
321 die( (string) time() );
322 $r = wp_unspam_comment( $comment->comment_ID );
323 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
324 $r = wp_delete_comment( $comment->comment_ID );
329 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
330 _wp_ajax_delete_comment_response( $comment->comment_ID );
334 $tag_id = (int) $_POST['tag_ID'];
335 check_ajax_referer( "delete-tag_$tag_id" );
337 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
338 $tax = get_taxonomy($taxonomy);
340 if ( !current_user_can( $tax->cap->delete_terms ) )
343 $tag = get_term( $tag_id, $taxonomy );
344 if ( !$tag || is_wp_error( $tag ) )
347 if ( wp_delete_term($tag_id, $taxonomy))
352 case 'delete-link-cat' :
353 check_ajax_referer( "delete-link-category_$id" );
354 if ( !current_user_can( 'manage_categories' ) )
357 $cat = get_term( $id, 'link_category' );
358 if ( !$cat || is_wp_error( $cat ) )
361 $cat_name = get_term_field('name', $id, 'link_category');
363 $default = get_option('default_link_category');
365 // Don't delete the default cats.
366 if ( $id == $default ) {
367 $x = new WP_AJAX_Response( array(
368 'what' => 'link-cat',
370 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
375 $r = wp_delete_term($id, 'link_category', array('default' => $default));
378 if ( is_wp_error($r) ) {
379 $x = new WP_AJAX_Response( array(
380 'what' => 'link-cat',
389 check_ajax_referer( "delete-bookmark_$id" );
390 if ( !current_user_can( 'manage_links' ) )
393 $link = get_bookmark( $id );
394 if ( !$link || is_wp_error( $link ) )
397 if ( wp_delete_link( $id ) )
403 check_ajax_referer( "delete-meta_$id" );
404 if ( !$meta = get_post_meta_by_id( $id ) )
407 if ( !current_user_can( 'edit_post', $meta->post_id ) )
409 if ( delete_meta( $meta->meta_id ) )
414 check_ajax_referer( "{$action}_$id" );
415 if ( !current_user_can( 'delete_post', $id ) )
418 if ( !get_post( $id ) )
421 if ( wp_delete_post( $id ) )
427 case 'untrash-post' :
428 check_ajax_referer( "{$action}_$id" );
429 if ( !current_user_can( 'delete_post', $id ) )
432 if ( !get_post( $id ) )
435 if ( 'trash-post' == $action )
436 $done = wp_trash_post( $id );
438 $done = wp_untrash_post( $id );
446 check_ajax_referer( "{$action}_$id" );
447 if ( !current_user_can( 'delete_page', $id ) )
450 if ( !get_page( $id ) )
453 if ( wp_delete_post( $id ) )
458 case 'dim-comment' : // On success, die with time() instead of 1
460 if ( !$comment = get_comment( $id ) ) {
461 $x = new WP_Ajax_Response( array(
463 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
468 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
471 $current = wp_get_comment_status( $comment->comment_ID );
472 if ( $_POST['new'] == $current )
473 die( (string) time() );
475 check_ajax_referer( "approve-comment_$id" );
476 if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
477 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
479 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
481 if ( is_wp_error($result) ) {
482 $x = new WP_Ajax_Response( array(
489 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
490 _wp_ajax_delete_comment_response( $comment->comment_ID );
493 case 'add-link-category' : // On the Fly
494 check_ajax_referer( $action );
495 if ( !current_user_can( 'manage_categories' ) )
497 $names = explode(',', $_POST['newcat']);
498 $x = new WP_Ajax_Response();
499 foreach ( $names as $cat_name ) {
500 $cat_name = trim($cat_name);
501 $slug = sanitize_title($cat_name);
504 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) {
505 $cat_id = wp_insert_term( $cat_name, 'link_category' );
507 $cat_id = $cat_id['term_id'];
508 $cat_name = esc_html(stripslashes($cat_name));
510 'what' => 'link-category',
512 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
518 case 'add-link-cat' : // From Blogroll -> Categories
519 check_ajax_referer( 'add-link-category' );
520 if ( !current_user_can( 'manage_categories' ) )
523 if ( '' === trim($_POST['name']) ) {
524 $x = new WP_Ajax_Response( array(
525 'what' => 'link-cat',
526 'id' => new WP_Error( 'name', __('You did not enter a category name.') )
531 $r = wp_insert_term($_POST['name'], 'link_category', $_POST );
532 if ( is_wp_error( $r ) ) {
533 $x = new WP_AJAX_Response( array(
534 'what' => 'link-cat',
540 extract($r, EXTR_SKIP);
542 if ( !$link_cat = link_cat_row( $term_id ) )
545 $x = new WP_Ajax_Response( array(
546 'what' => 'link-cat',
553 case 'add-tag' : // From Manage->Tags
554 check_ajax_referer( 'add-tag' );
556 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
557 $tax = get_taxonomy($taxonomy);
559 $x = new WP_Ajax_Response();
561 if ( !current_user_can( $tax->cap->edit_terms ) )
564 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
566 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
567 $message = __('An error has occured. Please reload the page and try again.');
568 if ( is_wp_error($tag) && $tag->get_error_message() )
569 $message = $tag->get_error_message();
572 'what' => 'taxonomy',
573 'data' => new WP_Error('error', $message )
578 if ( isset($_POST['screen']) )
579 set_current_screen($_POST['screen']);
582 $tag_full_name = false;
583 $tag_full_name = $tag->name;
584 if ( is_taxonomy_hierarchical($taxonomy) ) {
586 while ( $_tag->parent ) {
587 $_tag = get_term( $_tag->parent, $taxonomy );
588 $tag_full_name = $_tag->name . ' — ' . $tag_full_name;
591 $noparents = _tag_row( $tag, $level, $taxonomy );
593 $tag->name = $tag_full_name;
594 $parents = _tag_row( $tag, 0, $taxonomy);
597 'what' => 'taxonomy',
598 'supplemental' => compact('parents', 'noparents')
602 'position' => $level,
603 'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name.
607 case 'get-tagcloud' :
608 if ( !current_user_can( 'edit_posts' ) )
611 if ( isset($_POST['tax']) )
612 $taxonomy = sanitize_title($_POST['tax']);
616 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
618 if ( empty( $tags ) ) {
619 $tax = get_taxonomy( $taxonomy );
620 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
623 if ( is_wp_error($tags) )
624 die($tags->get_error_message());
626 foreach ( $tags as $key => $tag ) {
627 $tags[ $key ]->link = '#';
628 $tags[ $key ]->id = $tag->term_id;
631 // We need raw tag names here, so don't filter the output
632 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
634 if ( empty($return) )
642 check_ajax_referer( $action );
643 if ( !current_user_can( 'edit_posts' ) )
645 $search = isset($_POST['s']) ? $_POST['s'] : false;
646 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
647 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
648 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
652 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
653 $p = isset($_POST['p']) ? $_POST['p'] : 0;
654 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
655 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
657 if ( get_option('show_avatars') )
658 add_filter( 'comment_author', 'floated_admin_avatar' );
662 $x = new WP_Ajax_Response();
663 foreach ( (array) $comments as $comment ) {
664 get_comment( $comment );
666 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
667 $comment_list_item = ob_get_contents();
671 'id' => $comment->comment_ID,
672 'data' => $comment_list_item
677 case 'get-comments' :
678 check_ajax_referer( $action );
680 $post_ID = (int) $_POST['post_ID'];
681 if ( !current_user_can( 'edit_post', $post_ID ) )
684 $start = isset($_POST['start']) ? intval($_POST['start']) : 0;
685 $num = isset($_POST['num']) ? intval($_POST['num']) : 10;
687 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
692 $comment_list_item = '';
693 $x = new WP_Ajax_Response();
694 foreach ( (array) $comments as $comment ) {
695 get_comment( $comment );
697 _wp_comment_row( $comment->comment_ID, 'single', false, false );
698 $comment_list_item .= ob_get_contents();
702 'what' => 'comments',
703 'data' => $comment_list_item
707 case 'replyto-comment' :
708 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
710 $comment_post_ID = (int) $_POST['comment_post_ID'];
711 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
714 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
716 if ( empty($status) )
718 elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
719 die( __('Error: you are replying to a comment on a draft post.') );
721 $user = wp_get_current_user();
723 $comment_author = $wpdb->escape($user->display_name);
724 $comment_author_email = $wpdb->escape($user->user_email);
725 $comment_author_url = $wpdb->escape($user->user_url);
726 $comment_content = trim($_POST['content']);
727 if ( current_user_can('unfiltered_html') ) {
728 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
729 kses_remove_filters(); // start with a clean slate
730 kses_init_filters(); // set up the filters
734 die( __('Sorry, you must be logged in to reply to a comment.') );
737 if ( '' == $comment_content )
738 die( __('Error: please type a comment.') );
740 $comment_parent = absint($_POST['comment_ID']);
741 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
743 $comment_id = wp_new_comment( $commentdata );
744 $comment = get_comment($comment_id);
745 if ( ! $comment ) die('1');
747 $modes = array( 'single', 'detail', 'dashboard' );
748 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
749 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
750 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
752 if ( get_option('show_avatars') && 'single' != $mode )
753 add_filter( 'comment_author', 'floated_admin_avatar' );
755 $x = new WP_Ajax_Response();
758 if ( 'dashboard' == $mode ) {
759 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
760 _wp_dashboard_recent_comments_row( $comment, false );
762 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
764 $comment_list_item = ob_get_contents();
769 'id' => $comment->comment_ID,
770 'data' => $comment_list_item,
771 'position' => $position
776 case 'edit-comment' :
777 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
779 $comment_post_ID = (int) $_POST['comment_post_ID'];
780 if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
783 if ( '' == $_POST['content'] )
784 die( __('Error: please type a comment.') );
786 $comment_id = (int) $_POST['comment_ID'];
787 $_POST['comment_status'] = $_POST['status'];
790 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
791 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
792 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
793 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
795 if ( get_option('show_avatars') && 'single' != $mode )
796 add_filter( 'comment_author', 'floated_admin_avatar' );
798 $x = new WP_Ajax_Response();
801 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
802 $comment_list_item = ob_get_contents();
806 'what' => 'edit_comment',
807 'id' => $comment->comment_ID,
808 'data' => $comment_list_item,
809 'position' => $position
814 case 'add-menu-item' :
815 if ( ! current_user_can( 'edit_theme_options' ) )
818 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
820 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
822 $item_ids = wp_save_nav_menu_items( 0, $_POST['menu-item'] );
823 if ( is_wp_error( $item_ids ) )
826 foreach ( (array) $item_ids as $menu_item_id ) {
827 $menu_obj = get_post( $menu_item_id );
828 if ( ! empty( $menu_obj->ID ) ) {
829 $menu_obj = wp_setup_nav_menu_item( $menu_obj );
830 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
831 $menu_items[] = $menu_obj;
835 if ( ! empty( $menu_items ) ) {
841 'walker' => new Walker_Nav_Menu_Edit,
843 echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
847 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
849 $pid = (int) $_POST['post_id'];
850 $post = get_post( $pid );
852 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
853 if ( !current_user_can( 'edit_post', $pid ) )
855 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
857 if ( $post->post_status == 'auto-draft' ) {
858 $save_POST = $_POST; // Backup $_POST
859 $_POST = array(); // Make it empty for edit_post()
860 $_POST['action'] = 'draft'; // Warning fix
861 $_POST['post_ID'] = $pid;
862 $_POST['post_type'] = $post->post_type;
863 $_POST['post_status'] = 'draft';
864 $now = current_time('timestamp', 1);
865 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
867 if ( $pid = edit_post() ) {
868 if ( is_wp_error( $pid ) ) {
869 $x = new WP_Ajax_Response( array(
875 $_POST = $save_POST; // Now we can restore original $_POST again
876 if ( !$mid = add_meta( $pid ) )
877 die(__('Please provide a custom field value.'));
881 } else if ( !$mid = add_meta( $pid ) ) {
882 die(__('Please provide a custom field value.'));
885 $meta = get_post_meta_by_id( $mid );
886 $pid = (int) $meta->post_id;
887 $meta = get_object_vars( $meta );
888 $x = new WP_Ajax_Response( array(
891 'data' => _list_meta_row( $meta, $c ),
893 'supplemental' => array('postid' => $pid)
896 $mid = (int) array_pop(array_keys($_POST['meta']));
897 $key = $_POST['meta'][$mid]['key'];
898 $value = $_POST['meta'][$mid]['value'];
899 if ( '' == trim($key) )
900 die(__('Please provide a custom field name.'));
901 if ( '' == trim($value) )
902 die(__('Please provide a custom field value.'));
903 if ( !$meta = get_post_meta_by_id( $mid ) )
904 die('0'); // if meta doesn't exist
905 if ( !current_user_can( 'edit_post', $meta->post_id ) )
907 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
908 if ( !$u = update_meta( $mid, $key, $value ) )
909 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
912 $key = stripslashes($key);
913 $value = stripslashes($value);
914 $x = new WP_Ajax_Response( array(
916 'id' => $mid, 'old_id' => $mid,
917 'data' => _list_meta_row( array(
919 'meta_value' => $value,
923 'supplemental' => array('postid' => $meta->post_id)
929 check_ajax_referer( $action );
930 if ( !current_user_can('create_users') )
932 require_once(ABSPATH . WPINC . '/registration.php');
933 if ( !$user_id = add_user() )
935 elseif ( is_wp_error( $user_id ) ) {
936 $x = new WP_Ajax_Response( array(
942 $user_object = new WP_User( $user_id );
944 $x = new WP_Ajax_Response( array(
947 'data' => user_row( $user_object, '', $user_object->roles[0] ),
948 'supplemental' => array(
949 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
950 'role' => $user_object->roles[0]
955 case 'autosave' : // The name of this action is hardcoded in edit_post()
956 define( 'DOING_AUTOSAVE', true );
958 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
959 global $current_user;
961 $_POST['post_category'] = explode(",", $_POST['catslist']);
962 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
963 unset($_POST['post_category']);
965 $do_autosave = (bool) $_POST['autosave'];
969 /* translators: draft saved date format, see http://php.net/date */
970 $draft_saved_date_format = __('g:i:s a');
971 /* translators: %s: date and time */
972 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
974 $supplemental = array();
975 if ( isset($login_grace_period) )
976 $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
978 $id = $revision_id = 0;
980 $post_ID = (int) $_POST['post_ID'];
981 $_POST['ID'] = $post_ID;
982 $post = get_post($post_ID);
983 if ( 'auto-draft' == $post->post_status )
984 $_POST['post_status'] = 'draft';
986 if ( $last = wp_check_post_lock( $post->ID ) ) {
987 $do_autosave = $do_lock = false;
989 $last_user = get_userdata( $last );
990 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
991 $data = new WP_Error( 'locked', sprintf(
992 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
993 esc_html( $last_user_name )
996 $supplemental['disable_autosave'] = 'disable';
999 if ( 'page' == $post->post_type ) {
1000 if ( !current_user_can('edit_page', $post_ID) )
1001 die(__('You are not allowed to edit this page.'));
1003 if ( !current_user_can('edit_post', $post_ID) )
1004 die(__('You are not allowed to edit this post.'));
1007 if ( $do_autosave ) {
1008 // Drafts and auto-drafts are just overwritten by autosave
1009 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) {
1011 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
1012 $revision_id = wp_create_post_autosave( $post->ID );
1013 if ( is_wp_error($revision_id) )
1020 if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] )
1021 $id = 0; // This tells us it didn't actually save
1026 if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) )
1027 wp_set_post_lock( $id );
1029 if ( $nonce_age == 2 ) {
1030 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1031 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1032 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1033 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1035 if ( $_POST['post_type'] == 'post' )
1036 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1037 elseif ( $_POST['post_type'] == 'page' )
1038 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1042 $x = new WP_Ajax_Response( array(
1043 'what' => 'autosave',
1045 'data' => $id ? $data : '',
1046 'supplemental' => $supplemental
1050 case 'closed-postboxes' :
1051 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1052 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1053 $closed = array_filter($closed);
1055 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1056 $hidden = array_filter($hidden);
1058 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1060 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1063 if ( ! $user = wp_get_current_user() )
1066 if ( is_array($closed) )
1067 update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1069 if ( is_array($hidden) ) {
1070 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1071 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1076 case 'hidden-columns' :
1077 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1078 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1079 $hidden = explode( ',', $_POST['hidden'] );
1080 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1082 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1085 if ( ! $user = wp_get_current_user() )
1088 if ( is_array($hidden) )
1089 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1093 case 'menu-get-metabox' :
1094 if ( ! current_user_can( 'edit_theme_options' ) )
1097 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1099 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1101 $callback = 'wp_nav_menu_item_post_type_meta_box';
1102 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1103 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1105 $callback = 'wp_nav_menu_item_taxonomy_meta_box';
1106 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1109 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1110 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1112 call_user_func_array($callback, array(
1115 'id' => 'add-' . $item->name,
1116 'title' => $item->labels->name,
1117 'callback' => $callback,
1122 $markup = ob_get_clean();
1124 echo json_encode(array(
1125 'replace-id' => $type . '-' . $item->name,
1126 'markup' => $markup,
1132 case 'menu-quick-search':
1133 if ( ! current_user_can( 'edit_theme_options' ) )
1136 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1138 _wp_ajax_menu_quick_search( $_REQUEST );
1142 case 'menu-locations-save':
1143 if ( ! current_user_can( 'edit_theme_options' ) )
1145 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1146 if ( ! isset( $_POST['menu-locations'] ) )
1148 set_theme_mod( 'nav_menu_locations', $_POST['menu-locations'] );
1151 case 'meta-box-order':
1152 check_ajax_referer( 'meta-box-order' );
1153 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1154 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1155 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1157 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1160 if ( ! $user = wp_get_current_user() )
1164 update_user_option($user->ID, "meta-box-order_$page", $order, true);
1166 if ( $page_columns )
1167 update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1171 case 'get-permalink':
1172 check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1173 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1174 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1176 case 'sample-permalink':
1177 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1178 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1179 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1180 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1181 die(get_sample_permalink_html($post_id, $title, $slug));
1184 check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1186 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1189 if ( 'page' == $_POST['post_type'] ) {
1190 if ( ! current_user_can( 'edit_page', $post_ID ) )
1191 die( __('You are not allowed to edit this page.') );
1193 if ( ! current_user_can( 'edit_post', $post_ID ) )
1194 die( __('You are not allowed to edit this post.') );
1197 if ( isset($_POST['screen']) )
1198 set_current_screen($_POST['screen']);
1200 if ( $last = wp_check_post_lock( $post_ID ) ) {
1201 $last_user = get_userdata( $last );
1202 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1203 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1209 $post = get_post( $post_ID, ARRAY_A );
1210 $post = add_magic_quotes($post); //since it is from db
1212 $data['content'] = $post['post_content'];
1213 $data['excerpt'] = $post['post_excerpt'];
1216 $data['user_ID'] = $GLOBALS['user_ID'];
1218 if ( isset($data['post_parent']) )
1219 $data['parent_id'] = $data['post_parent'];
1222 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1223 $data['post_status'] = 'private';
1225 $data['post_status'] = $data['_status'];
1227 if ( empty($data['comment_status']) )
1228 $data['comment_status'] = 'closed';
1229 if ( empty($data['ping_status']) )
1230 $data['ping_status'] = 'closed';
1236 if ( 'page' == $_POST['post_type'] ) {
1237 $post[] = get_post($_POST['post_ID']);
1239 } elseif ( 'post' == $_POST['post_type'] || in_array($_POST['post_type'], get_post_types( array('public' => true) ) ) ) {
1240 $mode = $_POST['post_view'];
1241 $post[] = get_post($_POST['post_ID']);
1247 case 'inline-save-tax':
1248 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1250 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false;
1252 die( __('Cheatin’ uh?') );
1253 $tax = get_taxonomy($taxonomy);
1255 if ( ! current_user_can( $tax->cap->edit_terms ) )
1256 die( __('Cheatin’ uh?') );
1258 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1261 switch ($_POST['tax_type']) {
1263 $updated = wp_update_term($id, 'link_category', $_POST);
1265 if ( $updated && !is_wp_error($updated) )
1266 echo link_cat_row($updated['term_id']);
1268 die( __('Category not updated.') );
1272 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
1274 $tag = get_term( $id, $taxonomy );
1275 $_POST['description'] = $tag->description;
1277 $updated = wp_update_term($id, $taxonomy, $_POST);
1278 if ( $updated && !is_wp_error($updated) ) {
1279 $tag = get_term( $updated['term_id'], $taxonomy );
1280 if ( !$tag || is_wp_error( $tag ) ) {
1281 if ( is_wp_error($tag) && $tag->get_error_message() )
1282 die( $tag->get_error_message() );
1283 die( __('Item not updated.') );
1286 set_current_screen( 'edit-' . $taxonomy );
1288 echo _tag_row($tag, 0, $taxonomy);
1290 if ( is_wp_error($updated) && $updated->get_error_message() )
1291 die( $updated->get_error_message() );
1292 die( __('Item not updated.') );
1301 check_ajax_referer( 'find-posts' );
1303 if ( empty($_POST['ps']) )
1306 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) )
1307 $what = $_POST['post_type'];
1311 $s = stripslashes($_POST['ps']);
1312 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1313 $search_terms = array_map('_search_terms_tidy', $matches[0]);
1315 $searchand = $search = '';
1316 foreach ( (array) $search_terms as $term ) {
1317 $term = addslashes_gpc($term);
1318 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1319 $searchand = ' AND ';
1321 $term = $wpdb->escape($s);
1322 if ( count($search_terms) > 1 && $search_terms[0] != $s )
1323 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1325 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
1328 $posttype = get_post_type_object($what);
1329 exit($posttype->labels->not_found);
1332 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1333 foreach ( $posts as $post ) {
1335 switch ( $post->post_status ) {
1338 $stat = __('Published');
1341 $stat = __('Scheduled');
1344 $stat = __('Pending Review');
1347 $stat = __('Draft');
1351 if ( '0000-00-00 00:00:00' == $post->post_date ) {
1354 /* translators: date format in table columns, see http://php.net/date */
1355 $time = mysql2date(__('Y/m/d'), $post->post_date);
1358 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1359 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1361 $html .= '</tbody></table>';
1363 $x = new WP_Ajax_Response();
1371 case 'lj-importer' :
1372 check_ajax_referer( 'lj-api-import' );
1373 if ( !current_user_can( 'publish_posts' ) )
1375 if ( empty( $_POST['step'] ) )
1377 define('WP_IMPORTING', true);
1378 include( ABSPATH . 'wp-admin/import/livejournal.php' );
1379 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1380 if ( is_wp_error( $result ) )
1381 echo $result->get_error_message();
1384 case 'widgets-order' :
1385 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1387 if ( !current_user_can('edit_theme_options') )
1390 unset( $_POST['savewidgets'], $_POST['action'] );
1392 // save widgets order for all sidebars
1393 if ( is_array($_POST['sidebars']) ) {
1394 $sidebars = array();
1395 foreach ( $_POST['sidebars'] as $key => $val ) {
1397 if ( !empty($val) ) {
1398 $val = explode(',', $val);
1399 foreach ( $val as $k => $v ) {
1400 if ( strpos($v, 'widget-') === false )
1403 $sb[$k] = substr($v, strpos($v, '_') + 1);
1406 $sidebars[$key] = $sb;
1408 wp_set_sidebars_widgets($sidebars);
1414 case 'save-widget' :
1415 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1417 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1420 unset( $_POST['savewidgets'], $_POST['action'] );
1422 do_action('load-widgets.php');
1423 do_action('widgets.php');
1424 do_action('sidebar_admin_setup');
1426 $id_base = $_POST['id_base'];
1427 $widget_id = $_POST['widget-id'];
1428 $sidebar_id = $_POST['sidebar'];
1429 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1430 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1431 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1433 $sidebars = wp_get_sidebars_widgets();
1434 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1437 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1439 if ( !isset($wp_registered_widgets[$widget_id]) )
1442 $sidebar = array_diff( $sidebar, array($widget_id) );
1443 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1444 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1445 if ( !$multi_number )
1448 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1449 $widget_id = $id_base . '-' . $multi_number;
1450 $sidebar[] = $widget_id;
1452 $_POST['widget-id'] = $sidebar;
1454 foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1456 if ( $name == $id_base ) {
1457 if ( !is_callable( $control['callback'] ) )
1461 call_user_func_array( $control['callback'], $control['params'] );
1467 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1468 $sidebars[$sidebar_id] = $sidebar;
1469 wp_set_sidebars_widgets($sidebars);
1470 echo "deleted:$widget_id";
1474 if ( !empty($_POST['add_new']) )
1477 if ( $form = $wp_registered_widget_controls[$widget_id] )
1478 call_user_func_array( $form['callback'], $form['params'] );
1482 case 'image-editor':
1483 $attachment_id = intval($_POST['postid']);
1484 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
1487 check_ajax_referer( "image_editor-$attachment_id" );
1488 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
1491 switch ( $_POST['do'] ) {
1493 $msg = wp_save_image($attachment_id);
1494 $msg = json_encode($msg);
1498 $msg = wp_save_image($attachment_id);
1501 $msg = wp_restore_image($attachment_id);
1505 wp_image_editor($attachment_id, $msg);
1508 case 'set-post-thumbnail':
1509 $post_ID = intval( $_POST['post_id'] );
1510 if ( !current_user_can( 'edit_post', $post_ID ) )
1512 $thumbnail_id = intval( $_POST['thumbnail_id'] );
1514 check_ajax_referer( "set_post_thumbnail-$post_ID" );
1516 if ( $thumbnail_id == '-1' ) {
1517 delete_post_meta( $post_ID, '_thumbnail_id' );
1518 die( _wp_post_thumbnail_html() );
1521 if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
1522 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
1523 if ( !empty( $thumbnail_html ) ) {
1524 update_post_meta( $post_ID, '_thumbnail_id', $thumbnail_id );
1525 die( _wp_post_thumbnail_html( $thumbnail_id ) );
1531 do_action( 'wp_ajax_' . $_POST['action'] );