3 * WordPress AJAX Process Execution.
6 * @subpackage Administration
10 * Executing AJAX process.
14 define('DOING_AJAX', true);
15 define('WP_ADMIN', true);
17 require_once('../wp-load.php');
18 require_once('includes/admin.php');
19 @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
21 do_action('admin_init');
23 if ( ! is_user_logged_in() ) {
25 if ( $_POST['action'] == 'autosave' ) {
26 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
31 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() );
32 $x = new WP_Ajax_Response( array(
40 if ( !empty( $_POST['action']) )
41 do_action( 'wp_ajax_nopriv_' . $_POST['action'] );
46 if ( isset( $_GET['action'] ) ) :
47 switch ( $action = $_GET['action'] ) :
48 case 'ajax-tag-search' :
49 if ( !current_user_can( 'edit_posts' ) )
52 $s = $_GET['q']; // is this slashed already?
54 if ( isset($_GET['tax']) )
55 $taxonomy = sanitize_title($_GET['tax']);
59 if ( false !== strpos( $s, ',' ) ) {
60 $s = explode( ',', $s );
61 $s = $s[count( $s ) - 1];
64 if ( strlen( $s ) < 2 )
65 die; // require 2 chars for matching
67 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
69 echo join( $results, "\n" );
72 case 'wp-compression-test' :
73 if ( !current_user_can( 'manage_options' ) )
76 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
77 update_site_option('can_compress_scripts', 0);
81 if ( isset($_GET['test']) ) {
82 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
83 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
84 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
85 header( 'Pragma: no-cache' );
86 header('Content-Type: application/x-javascript; charset=UTF-8');
87 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
88 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
90 if ( 1 == $_GET['test'] ) {
93 } elseif ( 2 == $_GET['test'] ) {
94 if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
95 header('Content-Encoding: deflate');
96 $out = gzdeflate( $test_str, 1 );
97 } elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
98 header('Content-Encoding: gzip');
99 $out = gzencode( $test_str, 1 );
105 } elseif ( 'no' == $_GET['test'] ) {
106 update_site_option('can_compress_scripts', 0);
107 } elseif ( 'yes' == $_GET['test'] ) {
108 update_site_option('can_compress_scripts', 1);
115 do_action( 'wp_ajax_' . $_GET['action'] );
122 * Sends back current comment total and new page links if they need to be updated.
124 * Contrary to normal success AJAX response ("1"), die with time() on success.
128 * @param int $comment_id
131 function _wp_ajax_delete_comment_response( $comment_id ) {
132 $total = (int) @$_POST['_total'];
133 $per_page = (int) @$_POST['_per_page'];
134 $page = (int) @$_POST['_page'];
135 $url = esc_url_raw( @$_POST['_url'] );
136 // JS didn't send us everything we need to know. Just die with success message
137 if ( !$total || !$per_page || !$page || !$url )
138 die( (string) time() );
140 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
143 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
144 die( (string) time() );
146 $status = 'total_comments'; // What type of comment count are we looking for?
147 $parsed = parse_url( $url );
148 if ( isset( $parsed['query'] ) ) {
149 parse_str( $parsed['query'], $query_vars );
150 if ( !empty( $query_vars['comment_status'] ) )
151 $status = $query_vars['comment_status'];
154 $comment_count = wp_count_comments();
155 $time = time(); // The time since the last comment count
157 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
158 $total = $comment_count->$status;
159 // else use the decremented value from above
161 $page_links = paginate_links( array(
162 'base' => add_query_arg( 'apage', '%#%', $url ),
164 'prev_text' => __('«'),
165 'next_text' => __('»'),
166 'total' => ceil($total / $per_page),
169 $x = new WP_Ajax_Response( array(
171 'id' => $comment_id, // here for completeness - not used
172 'supplemental' => array(
173 'pageLinks' => $page_links,
181 $id = isset($_POST['id'])? (int) $_POST['id'] : 0;
182 switch ( $action = $_POST['action'] ) :
183 case 'delete-comment' : // On success, die with time() instead of 1
184 check_ajax_referer( "delete-comment_$id" );
185 if ( !$comment = get_comment( $id ) )
186 die( (string) time() );
187 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
190 if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
191 if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
192 die( (string) time() );
193 $r = wp_set_comment_status( $comment->comment_ID, 'spam' );
195 $r = wp_delete_comment( $comment->comment_ID );
197 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
198 _wp_ajax_delete_comment_response( $comment->comment_ID );
202 check_ajax_referer( "delete-category_$id" );
203 if ( !current_user_can( 'manage_categories' ) )
206 $cat = get_category( $id );
207 if ( !$cat || is_wp_error( $cat ) )
210 if ( wp_delete_category( $id ) )
216 check_ajax_referer( "delete-tag_$id" );
217 if ( !current_user_can( 'manage_categories' ) )
220 if ( !empty($_POST['taxonomy']) )
221 $taxonomy = $_POST['taxonomy'];
223 $taxonomy = 'post_tag';
225 $tag = get_term( $id, $taxonomy );
226 if ( !$tag || is_wp_error( $tag ) )
229 if ( wp_delete_term($id, $taxonomy))
234 case 'delete-link-cat' :
235 check_ajax_referer( "delete-link-category_$id" );
236 if ( !current_user_can( 'manage_categories' ) )
239 $cat = get_term( $id, 'link_category' );
240 if ( !$cat || is_wp_error( $cat ) )
243 $cat_name = get_term_field('name', $id, 'link_category');
245 $default = get_option('default_link_category');
247 // Don't delete the default cats.
248 if ( $id == $default ) {
249 $x = new WP_AJAX_Response( array(
250 'what' => 'link-cat',
252 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
257 $r = wp_delete_term($id, 'link_category', array('default' => $default));
260 if ( is_wp_error($r) ) {
261 $x = new WP_AJAX_Response( array(
262 'what' => 'link-cat',
271 check_ajax_referer( "delete-bookmark_$id" );
272 if ( !current_user_can( 'manage_links' ) )
275 $link = get_bookmark( $id );
276 if ( !$link || is_wp_error( $link ) )
279 if ( wp_delete_link( $id ) )
285 check_ajax_referer( "delete-meta_$id" );
286 if ( !$meta = get_post_meta_by_id( $id ) )
289 if ( !current_user_can( 'edit_post', $meta->post_id ) )
291 if ( delete_meta( $meta->meta_id ) )
296 check_ajax_referer( "{$action}_$id" );
297 if ( !current_user_can( 'delete_post', $id ) )
300 if ( !get_post( $id ) )
303 if ( wp_delete_post( $id ) )
309 check_ajax_referer( "{$action}_$id" );
310 if ( !current_user_can( 'delete_page', $id ) )
313 if ( !get_page( $id ) )
316 if ( wp_delete_post( $id ) )
321 case 'dim-comment' : // On success, die with time() instead of 1
323 if ( !$comment = get_comment( $id ) ) {
324 $x = new WP_Ajax_Response( array(
326 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
331 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
333 if ( !current_user_can( 'moderate_comments' ) )
336 $current = wp_get_comment_status( $comment->comment_ID );
337 if ( $_POST['new'] == $current )
338 die( (string) time() );
341 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
342 check_ajax_referer( "approve-comment_$id" );
343 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
345 check_ajax_referer( "unapprove-comment_$id" );
346 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
348 if ( is_wp_error($result) ) {
349 $x = new WP_Ajax_Response( array(
356 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
357 _wp_ajax_delete_comment_response( $comment->comment_ID );
360 case 'add-category' : // On the Fly
361 check_ajax_referer( $action );
362 if ( !current_user_can( 'manage_categories' ) )
364 $names = explode(',', $_POST['newcat']);
365 if ( 0 > $parent = (int) $_POST['newcat_parent'] )
367 $post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
368 $checked_categories = array_map( 'absint', (array) $post_category );
369 $popular_ids = isset( $_POST['popular_ids'] ) ?
370 array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
373 $x = new WP_Ajax_Response();
374 foreach ( $names as $cat_name ) {
375 $cat_name = trim($cat_name);
376 $category_nicename = sanitize_title($cat_name);
377 if ( '' === $category_nicename )
379 $cat_id = wp_create_category( $cat_name, $parent );
380 $checked_categories[] = $cat_id;
381 if ( $parent ) // Do these all at once in a second
383 $category = get_category( $cat_id );
385 wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
386 $data = ob_get_contents();
389 'what' => 'category',
395 if ( $parent ) { // Foncy - replace the parent and all its children
396 $parent = get_category( $parent );
398 dropdown_categories( 0, $parent );
399 $data = ob_get_contents();
402 'what' => 'category',
403 'id' => $parent->term_id,
404 'old_id' => $parent->term_id,
412 case 'add-link-category' : // On the Fly
413 check_ajax_referer( $action );
414 if ( !current_user_can( 'manage_categories' ) )
416 $names = explode(',', $_POST['newcat']);
417 $x = new WP_Ajax_Response();
418 foreach ( $names as $cat_name ) {
419 $cat_name = trim($cat_name);
420 $slug = sanitize_title($cat_name);
423 if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
424 $cat_id = wp_insert_term( $cat_name, 'link_category' );
426 $cat_id = $cat_id['term_id'];
427 $cat_name = esc_html(stripslashes($cat_name));
429 'what' => 'link-category',
431 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
437 case 'add-cat' : // From Manage->Categories
438 check_ajax_referer( 'add-category' );
439 if ( !current_user_can( 'manage_categories' ) )
442 if ( '' === trim($_POST['cat_name']) ) {
443 $x = new WP_Ajax_Response( array(
445 'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') )
450 if ( category_exists( trim( $_POST['cat_name'] ), $_POST['category_parent'] ) ) {
451 $x = new WP_Ajax_Response( array(
453 'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
458 $cat = wp_insert_category( $_POST, true );
460 if ( is_wp_error($cat) ) {
461 $x = new WP_Ajax_Response( array(
468 if ( !$cat || (!$cat = get_category( $cat )) )
472 $cat_full_name = $cat->name;
474 while ( $_cat->parent ) {
475 $_cat = get_category( $_cat->parent );
476 $cat_full_name = $_cat->name . ' — ' . $cat_full_name;
479 $cat_full_name = esc_attr($cat_full_name);
481 $x = new WP_Ajax_Response( array(
483 'id' => $cat->term_id,
485 'data' => _cat_row( $cat, $level, $cat_full_name ),
486 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name))
490 case 'add-link-cat' : // From Blogroll -> Categories
491 check_ajax_referer( 'add-link-category' );
492 if ( !current_user_can( 'manage_categories' ) )
495 if ( '' === trim($_POST['name']) ) {
496 $x = new WP_Ajax_Response( array(
497 'what' => 'link-cat',
498 'id' => new WP_Error( 'name', __('You did not enter a category name.') )
503 $r = wp_insert_term($_POST['name'], 'link_category', $_POST );
504 if ( is_wp_error( $r ) ) {
505 $x = new WP_AJAX_Response( array(
506 'what' => 'link-cat',
512 extract($r, EXTR_SKIP);
514 if ( !$link_cat = link_cat_row( $term_id ) )
517 $x = new WP_Ajax_Response( array(
518 'what' => 'link-cat',
525 case 'add-tag' : // From Manage->Tags
526 check_ajax_referer( 'add-tag' );
527 if ( !current_user_can( 'manage_categories' ) )
530 if ( '' === trim($_POST['name']) ) {
531 $x = new WP_Ajax_Response( array(
533 'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
538 if ( !empty($_POST['taxonomy']) )
539 $taxonomy = $_POST['taxonomy'];
541 $taxonomy = 'post_tag';
543 $tag = wp_insert_term($_POST['name'], $taxonomy, $_POST );
545 if ( is_wp_error($tag) ) {
546 $x = new WP_Ajax_Response( array(
553 if ( !$tag || (!$tag = get_term( $tag['term_id'], $taxonomy )) )
556 $tag_full_name = $tag->name;
557 $tag_full_name = esc_attr($tag_full_name);
559 $x = new WP_Ajax_Response( array(
561 'id' => $tag->term_id,
563 'data' => _tag_row( $tag, '', $taxonomy ),
564 'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
568 case 'get-tagcloud' :
569 if ( !current_user_can( 'edit_posts' ) )
572 if ( isset($_POST['tax']) )
573 $taxonomy = sanitize_title($_POST['tax']);
577 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
579 if ( empty( $tags ) )
580 die( __('No tags found!') );
582 if ( is_wp_error($tags) )
583 die($tags->get_error_message());
585 foreach ( $tags as $key => $tag ) {
586 $tags[ $key ]->link = '#';
587 $tags[ $key ]->id = $tag->term_id;
590 // We need raw tag names here, so don't filter the output
591 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
593 if ( empty($return) )
601 check_ajax_referer( $action );
602 if ( !current_user_can( 'edit_post', $id ) )
604 $search = isset($_POST['s']) ? $_POST['s'] : false;
605 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
606 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
607 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
611 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
612 $p = isset($_POST['p']) ? $_POST['p'] : 0;
613 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
614 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
616 if ( get_option('show_avatars') )
617 add_filter( 'comment_author', 'floated_admin_avatar' );
621 $x = new WP_Ajax_Response();
622 foreach ( (array) $comments as $comment ) {
623 get_comment( $comment );
625 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
626 $comment_list_item = ob_get_contents();
630 'id' => $comment->comment_ID,
631 'data' => $comment_list_item
636 case 'get-comments' :
637 check_ajax_referer( $action );
639 $post_ID = (int) $_POST['post_ID'];
640 if ( !current_user_can( 'edit_post', $post_ID ) )
643 $start = isset($_POST['start']) ? intval($_POST['start']) : 0;
644 $num = isset($_POST['num']) ? intval($_POST['num']) : 10;
646 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
651 $comment_list_item = '';
652 $x = new WP_Ajax_Response();
653 foreach ( (array) $comments as $comment ) {
654 get_comment( $comment );
656 _wp_comment_row( $comment->comment_ID, 'single', false, false );
657 $comment_list_item .= ob_get_contents();
661 'what' => 'comments',
662 'data' => $comment_list_item
666 case 'replyto-comment' :
667 check_ajax_referer( $action );
669 $comment_post_ID = (int) $_POST['comment_post_ID'];
670 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
673 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
675 if ( empty($status) )
677 elseif ( in_array($status, array('draft', 'pending') ) )
678 die( __('Error: you are replying to a comment on a draft post.') );
680 $user = wp_get_current_user();
682 $comment_author = $wpdb->escape($user->display_name);
683 $comment_author_email = $wpdb->escape($user->user_email);
684 $comment_author_url = $wpdb->escape($user->user_url);
685 $comment_content = trim($_POST['content']);
686 if ( current_user_can('unfiltered_html') ) {
687 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
688 kses_remove_filters(); // start with a clean slate
689 kses_init_filters(); // set up the filters
693 die( __('Sorry, you must be logged in to reply to a comment.') );
696 if ( '' == $comment_content )
697 die( __('Error: please type a comment.') );
699 $comment_parent = absint($_POST['comment_ID']);
700 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
702 $comment_id = wp_new_comment( $commentdata );
703 $comment = get_comment($comment_id);
704 if ( ! $comment ) die('1');
706 $modes = array( 'single', 'detail', 'dashboard' );
707 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
708 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
709 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
711 if ( get_option('show_avatars') && 'single' != $mode )
712 add_filter( 'comment_author', 'floated_admin_avatar' );
714 $x = new WP_Ajax_Response();
717 if ( 'dashboard' == $mode ) {
718 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
719 _wp_dashboard_recent_comments_row( $comment, false );
721 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
723 $comment_list_item = ob_get_contents();
728 'id' => $comment->comment_ID,
729 'data' => $comment_list_item,
730 'position' => $position
735 case 'edit-comment' :
736 check_ajax_referer( 'replyto-comment' );
738 $comment_post_ID = (int) $_POST['comment_post_ID'];
739 if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
742 if ( '' == $_POST['content'] )
743 die( __('Error: please type a comment.') );
745 $comment_id = (int) $_POST['comment_ID'];
746 $_POST['comment_status'] = $_POST['status'];
749 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
750 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
751 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
752 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
754 if ( get_option('show_avatars') && 'single' != $mode )
755 add_filter( 'comment_author', 'floated_admin_avatar' );
757 $x = new WP_Ajax_Response();
760 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
761 $comment_list_item = ob_get_contents();
765 'what' => 'edit_comment',
766 'id' => $comment->comment_ID,
767 'data' => $comment_list_item,
768 'position' => $position
774 check_ajax_referer( 'add-meta' );
776 $pid = (int) $_POST['post_id'];
777 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
778 if ( !current_user_can( 'edit_post', $pid ) )
780 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
783 $now = current_time('timestamp', 1);
784 if ( $pid = wp_insert_post( array(
785 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
787 if ( is_wp_error( $pid ) ) {
788 $x = new WP_Ajax_Response( array(
794 if ( !$mid = add_meta( $pid ) )
795 die(__('Please provide a custom field value.'));
799 } else if ( !$mid = add_meta( $pid ) ) {
800 die(__('Please provide a custom field value.'));
803 $meta = get_post_meta_by_id( $mid );
804 $pid = (int) $meta->post_id;
805 $meta = get_object_vars( $meta );
806 $x = new WP_Ajax_Response( array(
809 'data' => _list_meta_row( $meta, $c ),
811 'supplemental' => array('postid' => $pid)
814 $mid = (int) array_pop(array_keys($_POST['meta']));
815 $key = $_POST['meta'][$mid]['key'];
816 $value = $_POST['meta'][$mid]['value'];
817 if ( !$meta = get_post_meta_by_id( $mid ) )
818 die('0'); // if meta doesn't exist
819 if ( !current_user_can( 'edit_post', $meta->post_id ) )
821 if ( $meta->meta_value != stripslashes($value) ) {
822 if ( !$u = update_meta( $mid, $key, $value ) )
823 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
826 $key = stripslashes($key);
827 $value = stripslashes($value);
828 $x = new WP_Ajax_Response( array(
830 'id' => $mid, 'old_id' => $mid,
831 'data' => _list_meta_row( array(
833 'meta_value' => $value,
837 'supplemental' => array('postid' => $meta->post_id)
843 check_ajax_referer( $action );
844 if ( !current_user_can('create_users') )
846 require_once(ABSPATH . WPINC . '/registration.php');
847 if ( !$user_id = add_user() )
849 elseif ( is_wp_error( $user_id ) ) {
850 $x = new WP_Ajax_Response( array(
856 $user_object = new WP_User( $user_id );
858 $x = new WP_Ajax_Response( array(
861 'data' => user_row( $user_object, '', $user_object->roles[0] ),
862 'supplemental' => array(
863 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
864 'role' => $user_object->roles[0]
869 case 'autosave' : // The name of this action is hardcoded in edit_post()
870 define( 'DOING_AUTOSAVE', true );
872 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
873 global $current_user;
875 $_POST['post_category'] = explode(",", $_POST['catslist']);
876 if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
877 unset($_POST['post_category']);
879 $do_autosave = (bool) $_POST['autosave'];
883 /* translators: draft saved date format, see http://php.net/date */
884 $draft_saved_date_format = __('g:i:s a');
885 $message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );
887 $supplemental = array();
889 $id = $revision_id = 0;
890 if($_POST['post_ID'] < 0) {
891 $_POST['post_status'] = 'draft';
892 $_POST['temp_ID'] = $_POST['post_ID'];
893 if ( $do_autosave ) {
894 $id = wp_write_post();
898 $post_ID = (int) $_POST['post_ID'];
899 $_POST['ID'] = $post_ID;
900 $post = get_post($post_ID);
902 if ( $last = wp_check_post_lock( $post->ID ) ) {
903 $do_autosave = $do_lock = false;
905 $last_user = get_userdata( $last );
906 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
907 $data = new WP_Error( 'locked', sprintf(
908 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
909 esc_html( $last_user_name )
912 $supplemental['disable_autosave'] = 'disable';
915 if ( 'page' == $post->post_type ) {
916 if ( !current_user_can('edit_page', $post_ID) )
917 die(__('You are not allowed to edit this page.'));
919 if ( !current_user_can('edit_post', $post_ID) )
920 die(__('You are not allowed to edit this post.'));
923 if ( $do_autosave ) {
924 // Drafts are just overwritten by autosave
925 if ( 'draft' == $post->post_status ) {
927 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
928 $revision_id = wp_create_post_autosave( $post->ID );
929 if ( is_wp_error($revision_id) )
940 if ( $do_lock && $id && is_numeric($id) )
941 wp_set_post_lock( $id );
943 if ( $nonce_age == 2 ) {
944 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
945 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
946 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
947 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
949 if ( $_POST['post_type'] == 'post' )
950 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
951 elseif ( $_POST['post_type'] == 'page' )
952 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
956 $x = new WP_Ajax_Response( array(
957 'what' => 'autosave',
959 'data' => $id ? $data : '',
960 'supplemental' => $supplemental
964 case 'autosave-generate-nonces' :
965 check_ajax_referer( 'autosave', 'autosavenonce' );
966 $ID = (int) $_POST['post_ID'];
967 if($_POST['post_type'] == 'post') {
968 if(current_user_can('edit_post', $ID))
969 die(wp_create_nonce('update-post_' . $ID));
971 if($_POST['post_type'] == 'page') {
972 if(current_user_can('edit_page', $ID)) {
973 die(wp_create_nonce('update-page_' . $ID));
978 case 'closed-postboxes' :
979 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
980 $closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
981 $closed = explode( ',', $_POST['closed'] );
982 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
983 $hidden = explode( ',', $_POST['hidden'] );
984 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
986 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
989 if ( ! $user = wp_get_current_user() )
992 if ( is_array($closed) )
993 update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
995 if ( is_array($hidden) ) {
996 $hidden = array_diff( $hidden, array('submitdiv', 'pagesubmitdiv', 'linksubmitdiv') ); // postboxes that are always shown
997 update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
1002 case 'hidden-columns' :
1003 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1004 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1005 $hidden = explode( ',', $_POST['hidden'] );
1006 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1008 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1011 if ( ! $user = wp_get_current_user() )
1014 if ( is_array($hidden) )
1015 update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden);
1019 case 'meta-box-order':
1020 check_ajax_referer( 'meta-box-order' );
1021 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1022 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1023 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1025 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1028 if ( ! $user = wp_get_current_user() )
1032 update_user_option($user->ID, "meta-box-order_$page", $order);
1034 if ( $page_columns )
1035 update_usermeta($user->ID, "screen_layout_$page", $page_columns);
1039 case 'get-permalink':
1040 check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1041 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1042 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1044 case 'sample-permalink':
1045 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1046 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1047 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1048 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : '';
1049 die(get_sample_permalink_html($post_id, $title, $slug));
1052 check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1054 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1057 if ( 'page' == $_POST['post_type'] ) {
1058 if ( ! current_user_can( 'edit_page', $post_ID ) )
1059 die( __('You are not allowed to edit this page.') );
1061 if ( ! current_user_can( 'edit_post', $post_ID ) )
1062 die( __('You are not allowed to edit this post.') );
1065 if ( $last = wp_check_post_lock( $post_ID ) ) {
1066 $last_user = get_userdata( $last );
1067 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1068 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1074 $post = get_post( $post_ID, ARRAY_A );
1075 $post = add_magic_quotes($post); //since it is from db
1077 $data['content'] = $post['post_content'];
1078 $data['excerpt'] = $post['post_excerpt'];
1081 $data['user_ID'] = $GLOBALS['user_ID'];
1083 if ( isset($data['post_parent']) )
1084 $data['parent_id'] = $data['post_parent'];
1087 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1088 $data['post_status'] = 'private';
1090 $data['post_status'] = $data['_status'];
1092 if ( empty($data['comment_status']) )
1093 $data['comment_status'] = 'closed';
1094 if ( empty($data['ping_status']) )
1095 $data['ping_status'] = 'closed';
1101 if ( 'page' == $_POST['post_type'] ) {
1102 $post[] = get_post($_POST['post_ID']);
1104 } elseif ( 'post' == $_POST['post_type'] ) {
1105 $mode = $_POST['post_view'];
1106 $post[] = get_post($_POST['post_ID']);
1112 case 'inline-save-tax':
1113 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1115 if ( ! current_user_can('manage_categories') )
1116 die( __('Cheatin’ uh?') );
1118 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1121 switch ($_POST['tax_type']) {
1124 $data['cat_ID'] = $id;
1125 $data['cat_name'] = $_POST['name'];
1126 $data['category_nicename'] = $_POST['slug'];
1127 if ( isset($_POST['parent']) && (int) $_POST['parent'] > 0 )
1128 $data['category_parent'] = $_POST['parent'];
1130 $cat = get_category($id, ARRAY_A);
1131 $data['category_description'] = $cat['category_description'];
1133 $updated = wp_update_category($data);
1135 if ( $updated && !is_wp_error($updated) )
1136 echo _cat_row( $updated, 0 );
1138 die( __('Category not updated.') );
1142 $updated = wp_update_term($id, 'link_category', $_POST);
1144 if ( $updated && !is_wp_error($updated) )
1145 echo link_cat_row($updated['term_id']);
1147 die( __('Category not updated.') );
1151 if ( !empty($_POST['taxonomy']) )
1152 $taxonomy = $_POST['taxonomy'];
1154 $taxonomy = 'post_tag';
1156 $tag = get_term( $id, $taxonomy );
1157 $_POST['description'] = $tag->description;
1159 $updated = wp_update_term($id, $taxonomy, $_POST);
1160 if ( $updated && !is_wp_error($updated) ) {
1161 $tag = get_term( $updated['term_id'], $taxonomy );
1162 if ( !$tag || is_wp_error( $tag ) )
1163 die( __('Tag not updated.') );
1165 echo _tag_row($tag);
1167 die( __('Tag not updated.') );
1176 check_ajax_referer( 'find-posts' );
1178 if ( empty($_POST['ps']) )
1181 $what = isset($_POST['pages']) ? 'page' : 'post';
1182 $s = stripslashes($_POST['ps']);
1183 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1184 $search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
1186 $searchand = $search = '';
1187 foreach( (array) $search_terms as $term) {
1188 $term = addslashes_gpc($term);
1189 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1190 $searchand = ' AND ';
1192 $term = $wpdb->escape($s);
1193 if ( count($search_terms) > 1 && $search_terms[0] != $s )
1194 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1196 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
1199 exit( __('No posts found.') );
1201 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1202 foreach ( $posts as $post ) {
1204 switch ( $post->post_status ) {
1207 $stat = __('Published');
1210 $stat = __('Scheduled');
1213 $stat = __('Pending Review');
1216 $stat = __('Unpublished');
1220 if ( '0000-00-00 00:00:00' == $post->post_date ) {
1223 /* translators: date format in table columns, see http://php.net/date */
1224 $time = mysql2date(__('Y/m/d'), $post->post_date);
1227 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1228 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1230 $html .= '</tbody></table>';
1232 $x = new WP_Ajax_Response();
1240 case 'lj-importer' :
1241 check_ajax_referer( 'lj-api-import' );
1242 if ( !current_user_can( 'publish_posts' ) )
1244 if ( empty( $_POST['step'] ) )
1246 define('WP_IMPORTING', true);
1247 include( ABSPATH . 'wp-admin/import/livejournal.php' );
1248 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1249 if ( is_wp_error( $result ) )
1250 echo $result->get_error_message();
1253 case 'widgets-order' :
1254 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1256 if ( !current_user_can('switch_themes') )
1259 unset( $_POST['savewidgets'], $_POST['action'] );
1261 // save widgets order for all sidebars
1262 if ( is_array($_POST['sidebars']) ) {
1263 $sidebars = array();
1264 foreach ( $_POST['sidebars'] as $key => $val ) {
1266 if ( !empty($val) ) {
1267 $val = explode(',', $val);
1268 foreach ( $val as $k => $v ) {
1269 if ( strpos($v, 'widget-') === false )
1272 $sb[$k] = substr($v, strpos($v, '_') + 1);
1275 $sidebars[$key] = $sb;
1277 wp_set_sidebars_widgets($sidebars);
1283 case 'save-widget' :
1284 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1286 if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) )
1289 unset( $_POST['savewidgets'], $_POST['action'] );
1291 do_action('load-widgets.php');
1292 do_action('widgets.php');
1293 do_action('sidebar_admin_setup');
1295 $id_base = $_POST['id_base'];
1296 $widget_id = $_POST['widget-id'];
1297 $sidebar_id = $_POST['sidebar'];
1298 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1299 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1300 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1302 $sidebars = wp_get_sidebars_widgets();
1303 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1306 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1308 if ( !isset($wp_registered_widgets[$widget_id]) )
1311 $sidebar = array_diff( $sidebar, array($widget_id) );
1312 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1313 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1314 if ( !$multi_number )
1317 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1318 $widget_id = $id_base . '-' . $multi_number;
1319 $sidebar[] = $widget_id;
1321 $_POST['widget-id'] = $sidebar;
1323 foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1325 if ( $name == $id_base ) {
1326 if ( !is_callable( $control['callback'] ) )
1330 call_user_func_array( $control['callback'], $control['params'] );
1336 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1337 $sidebars[$sidebar_id] = $sidebar;
1338 wp_set_sidebars_widgets($sidebars);
1339 echo "deleted:$widget_id";
1343 if ( !empty($_POST['add_new']) )
1346 if ( $form = $wp_registered_widget_controls[$widget_id] )
1347 call_user_func_array( $form['callback'], $form['params'] );
1352 do_action( 'wp_ajax_' . $_POST['action'] );