wp-admin/post.php

   1 <?php
   2 /**
   3  * Edit post administration panel.
   4  *
   5  * Manage Post actions: post, edit, delete, etc.
   6  *
   7  * @package WordPress
   8  * @subpackage Administration
   9  */
  10
  11 /** WordPress Administration Bootstrap */
  12 require_once('admin.php');
  13
  14 $parent_file = 'edit.php';
  15 $submenu_file = 'edit.php';
  16
  17 wp_reset_vars(array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder'));
  18
  19 /**
  20  * Redirect to previous page.
  21  *
  22  * @param int $post_ID Optional. Post ID.
  23  */
  24 function redirect_post($post_ID = '') {
  25         global $action;
  26
  27         $referredby = '';
  28         if ( !empty($_POST['referredby']) ) {
  29                 $referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
  30                 $referredby = remove_query_arg('_wp_original_http_referer', $referredby);
  31         }
  32         $referer = preg_replace('|https?://[^/]+|i', '', wp_get_referer());
  33
  34         if ( !empty($_POST['mode']) && 'bookmarklet' == $_POST['mode'] ) {
  35                 $location = $_POST['referredby'];
  36         } elseif ( !empty($_POST['mode']) && 'sidebar' == $_POST['mode'] ) {
  37                 if ( isset($_POST['saveasdraft']) )
  38                         $location = 'sidebar.php?a=c';
  39                 elseif ( isset($_POST['publish']) )
  40                         $location = 'sidebar.php?a=b';
  41         } elseif ( ( isset($_POST['save']) || isset($_POST['publish']) ) ) {
  42                 if ( isset( $_POST['publish'] ) ) {
  43                         if ( 'pending' == get_post_status( $post_ID ) )
  44                                 $location = add_query_arg( 'message', 8, get_edit_post_link( $post_ID, 'url' ) );
  45                         else
  46                                 $location = add_query_arg( 'message', 6, get_edit_post_link( $post_ID, 'url' ) );
  47                 } else {
  48                         $location = add_query_arg( 'message', 1, get_edit_post_link( $post_ID, 'url' ) );
  49                 }
  50         } elseif (isset($_POST['addmeta']) && $_POST['addmeta']) {
  51                 $location = add_query_arg( 'message', 2, wp_get_referer() );
  52                 $location = explode('#', $location);
  53                 $location = $location[0] . '#postcustom';
  54         } elseif (isset($_POST['deletemeta']) && $_POST['deletemeta']) {
  55                 $location = add_query_arg( 'message', 3, wp_get_referer() );
  56                 $location = explode('#', $location);
  57                 $location = $location[0] . '#postcustom';
  58         } elseif ($action == 'editattachment') {
  59                 $location = 'attachments.php';
  60         } elseif ( 'post-quickpress-save-cont' == $_POST['action'] ) {
  61                 $location = "post.php?action=edit&post=$post_ID&message=7";
  62         } else {
  63                 $location = add_query_arg( 'message', 4, get_edit_post_link( $post_ID, 'url' ) );
  64         }
  65
  66         wp_redirect( $location );
  67 }
  68
  69 if ( isset( $_POST['deletepost'] ) )
  70         $action = 'delete';
  71 elseif ( isset($_POST['wp-preview']) && 'dopreview' == $_POST['wp-preview'] )
  72         $action = 'preview';
  73
  74 switch($action) {
  75 case 'postajaxpost':
  76 case 'post':
  77 case 'post-quickpress-publish':
  78 case 'post-quickpress-save':
  79         check_admin_referer('add-post');
  80
  81         if ( 'post-quickpress-publish' == $action )
  82                 $_POST['publish'] = 'publish'; // tell write_post() to publish
  83
  84         if ( 'post-quickpress-publish' == $action || 'post-quickpress-save' == $action ) {
  85                 $_POST['comment_status'] = get_option('default_comment_status');
  86                 $_POST['ping_status'] = get_option('default_ping_status');
  87         }
  88
  89         if ( !empty( $_POST['quickpress_post_ID'] ) ) {
  90                 $_POST['post_ID'] = (int) $_POST['quickpress_post_ID'];
  91                 $post_ID = edit_post();
  92         } else {
  93                 $post_ID = 'postajaxpost' == $action ? edit_post() : write_post();
  94         }
  95
  96         if ( 0 === strpos( $action, 'post-quickpress' ) ) {
  97                 $_POST['post_ID'] = $post_ID;
  98                 // output the quickpress dashboard widget
  99                 require_once(ABSPATH . 'wp-admin/includes/dashboard.php');
 100                 wp_dashboard_quick_press();
 101                 exit;
 102         }
 103
 104         redirect_post($post_ID);
 105         exit();
 106         break;
 107
 108 case 'edit':
 109         $editing = true;
 110
 111         if ( empty( $_GET['post'] ) ) {
 112                 wp_redirect("post.php");
 113                 exit();
 114         }
 115         $post_ID = $p = (int) $_GET['post'];
 116         $post = get_post($post_ID);
 117
 118         if ( empty($post->ID) ) wp_die( __('You attempted to edit a post that doesn&#8217;t exist. Perhaps it was deleted?') );
 119
 120         if ( 'post' != $post->post_type ) {
 121                 wp_redirect( get_edit_post_link( $post->ID, 'url' ) );
 122                 exit();
 123         }
 124
 125         wp_enqueue_script('post');
 126         if ( user_can_richedit() )
 127                 wp_enqueue_script('editor');
 128         add_thickbox();
 129         wp_enqueue_script('media-upload');
 130         wp_enqueue_script('word-count');
 131         wp_enqueue_script( 'admin-comments' );
 132         enqueue_comment_hotkeys_js();
 133
 134         if ( current_user_can('edit_post', $post_ID) ) {
 135                 if ( $last = wp_check_post_lock( $post->ID ) ) {
 136                         $last_user = get_userdata( $last );
 137                         $last_user_name = $last_user ? $last_user->display_name : __('Somebody');
 138                         $message = sprintf( __( 'Warning: %s is currently editing this post' ), esc_html( $last_user_name ) );
 139                         $message = str_replace( "'", "\'", "<div class='error'><p>$message</p></div>" );
 140                         add_action('admin_notices', create_function( '', "echo '$message';" ) );
 141                 } else {
 142                         wp_set_post_lock( $post->ID );
 143                         wp_enqueue_script('autosave');
 144                 }
 145         }
 146
 147         $title = __('Edit Post');
 148
 149         if ( !current_user_can('edit_post', $post_ID) )
 150                 die ( __('You are not allowed to edit this post.') );
 151
 152         $post = get_post_to_edit($post_ID);
 153
 154         include('edit-form-advanced.php');
 155
 156         break;
 157
 158 case 'editattachment':
 159         $post_id = (int) $_POST['post_ID'];
 160
 161         check_admin_referer('update-attachment_' . $post_id);
 162
 163         // Don't let these be changed
 164         unset($_POST['guid']);
 165         $_POST['post_type'] = 'attachment';
 166
 167         // Update the thumbnail filename
 168         $newmeta = wp_get_attachment_metadata( $post_id, true );
 169         $newmeta['thumb'] = $_POST['thumb'];
 170
 171         wp_update_attachment_metadata( $post_id, $newmeta );
 172
 173 case 'editpost':
 174         $post_ID = (int) $_POST['post_ID'];
 175         check_admin_referer('update-post_' . $post_ID);
 176
 177         $post_ID = edit_post();
 178
 179         redirect_post($post_ID); // Send user on their way while we keep working
 180
 181         exit();
 182         break;
 183
 184 case 'delete':
 185         $post_id = (isset($_GET['post']))  ? intval($_GET['post']) : intval($_POST['post_ID']);
 186         check_admin_referer('delete-post_' . $post_id);
 187
 188         $post = & get_post($post_id);
 189
 190         if ( !current_user_can('delete_post', $post_id) )
 191                 wp_die( __('You are not allowed to delete this post.') );
 192
 193         if ( $post->post_type == 'attachment' ) {
 194                 if ( ! wp_delete_attachment($post_id) )
 195                         wp_die( __('Error in deleting...') );
 196         } else {
 197                 if ( !wp_delete_post($post_id) )
 198                         wp_die( __('Error in deleting...') );
 199         }
 200
 201         $sendback = wp_get_referer();
 202         if (strpos($sendback, 'post.php') !== false) $sendback = admin_url('edit.php?deleted=1');
 203         elseif (strpos($sendback, 'attachments.php') !== false) $sendback = admin_url('attachments.php');
 204         else $sendback = add_query_arg('deleted', 1, $sendback);
 205         wp_redirect($sendback);
 206         exit();
 207         break;
 208
 209 case 'preview':
 210         check_admin_referer( 'autosave', 'autosavenonce' );
 211
 212         $url = post_preview();
 213
 214         wp_redirect($url);
 215         exit();
 216         break;
 217
 218 default:
 219         wp_redirect('edit.php');
 220         exit();
 221         break;
 222 } // end switch
 223 include('admin-footer.php');
 224 ?>