3 * WordPress Core Ajax Handlers.
6 * @subpackage Administration
10 * No-privilege Ajax handlers.
13 function wp_ajax_nopriv_autosave() {
14 $id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0;
19 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
20 $x = new WP_Ajax_Response( array(
29 * GET-based Ajax handlers.
31 function wp_ajax_fetch_list() {
32 global $current_screen, $wp_list_table;
34 $list_class = $_GET['list_args']['class'];
35 check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' );
37 $current_screen = convert_to_screen( $_GET['list_args']['screen']['id'] );
39 define( 'WP_NETWORK_ADMIN', $current_screen->is_network );
40 define( 'WP_USER_ADMIN', $current_screen->is_user );
42 $wp_list_table = _get_list_table( $list_class );
43 if ( ! $wp_list_table )
46 if ( ! $wp_list_table->ajax_user_can() )
49 $wp_list_table->ajax_response();
53 function wp_ajax_ajax_tag_search() {
56 if ( isset( $_GET['tax'] ) ) {
57 $taxonomy = sanitize_key( $_GET['tax'] );
58 $tax = get_taxonomy( $taxonomy );
61 if ( ! current_user_can( $tax->cap->assign_terms ) )
67 $s = stripslashes( $_GET['q'] );
69 $comma = _x( ',', 'tag delimiter' );
71 $s = str_replace( $comma, ',', $s );
72 if ( false !== strpos( $s, ',' ) ) {
73 $s = explode( ',', $s );
74 $s = $s[count( $s ) - 1];
77 if ( strlen( $s ) < 2 )
78 wp_die(); // require 2 chars for matching
80 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) );
82 echo join( $results, "\n" );
86 function wp_ajax_wp_compression_test() {
87 if ( !current_user_can( 'manage_options' ) )
90 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
91 update_site_option('can_compress_scripts', 0);
95 if ( isset($_GET['test']) ) {
96 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
97 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
98 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
99 header( 'Pragma: no-cache' );
100 header('Content-Type: application/x-javascript; charset=UTF-8');
101 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
102 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
104 if ( 1 == $_GET['test'] ) {
107 } elseif ( 2 == $_GET['test'] ) {
108 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
110 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
111 header('Content-Encoding: deflate');
112 $out = gzdeflate( $test_str, 1 );
113 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
114 header('Content-Encoding: gzip');
115 $out = gzencode( $test_str, 1 );
121 } elseif ( 'no' == $_GET['test'] ) {
122 update_site_option('can_compress_scripts', 0);
123 } elseif ( 'yes' == $_GET['test'] ) {
124 update_site_option('can_compress_scripts', 1);
131 function wp_ajax_imgedit_preview() {
132 $post_id = intval($_GET['postid']);
133 if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
136 check_ajax_referer( "image_editor-$post_id" );
138 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
139 if ( ! stream_preview_image($post_id) )
145 function wp_ajax_oembed_cache() {
148 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
152 function wp_ajax_autocomplete_user() {
153 if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) )
156 if ( ! is_super_admin() && ! apply_filters( 'autocomplete_users_for_site_admins', false ) )
161 // Check the type of request
162 if ( isset( $_REQUEST['autocomplete_type'] ) )
163 $type = $_REQUEST['autocomplete_type'];
167 // Exclude current users of this blog
168 if ( isset( $_REQUEST['site_id'] ) )
169 $id = absint( $_REQUEST['site_id'] );
171 $id = get_current_blog_id();
173 $include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
174 $exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() );
176 $users = get_users( array(
178 'search' => '*' . $_REQUEST['term'] . '*',
179 'include' => $include_blog_users,
180 'exclude' => $exclude_blog_users,
181 'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ),
184 foreach ( $users as $user ) {
186 /* translators: 1: user_login, 2: user_email */
187 'label' => sprintf( __( '%1$s (%2$s)' ), $user->user_login, $user->user_email ),
188 'value' => $user->user_login,
192 wp_die( json_encode( $return ) );
195 function wp_ajax_dashboard_widgets() {
196 require ABSPATH . 'wp-admin/includes/dashboard.php';
198 switch ( $_GET['widget'] ) {
199 case 'dashboard_incoming_links' :
200 wp_dashboard_incoming_links();
202 case 'dashboard_primary' :
203 wp_dashboard_primary();
205 case 'dashboard_secondary' :
206 wp_dashboard_secondary();
208 case 'dashboard_plugins' :
209 wp_dashboard_plugins();
215 function wp_ajax_logged_in() {
224 * Sends back current comment total and new page links if they need to be updated.
226 * Contrary to normal success AJAX response ("1"), die with time() on success.
230 * @param int $comment_id
233 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) {
234 $total = (int) @$_POST['_total'];
235 $per_page = (int) @$_POST['_per_page'];
236 $page = (int) @$_POST['_page'];
237 $url = esc_url_raw( @$_POST['_url'] );
238 // JS didn't send us everything we need to know. Just die with success message
239 if ( !$total || !$per_page || !$page || !$url )
246 // Only do the expensive stuff on a page-break, and about 1 other time per page
247 if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) {
249 $status = 'total_comments'; // What type of comment count are we looking for?
250 $parsed = parse_url( $url );
251 if ( isset( $parsed['query'] ) ) {
252 parse_str( $parsed['query'], $query_vars );
253 if ( !empty( $query_vars['comment_status'] ) )
254 $status = $query_vars['comment_status'];
255 if ( !empty( $query_vars['p'] ) )
256 $post_id = (int) $query_vars['p'];
259 $comment_count = wp_count_comments($post_id);
261 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
262 $total = $comment_count->$status;
263 // else use the decremented value from above
266 $time = time(); // The time since the last comment count
268 $x = new WP_Ajax_Response( array(
270 'id' => $comment_id, // here for completeness - not used
271 'supplemental' => array(
272 'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ),
273 'total_pages' => ceil( $total / $per_page ),
274 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ),
283 * POST-based Ajax handlers.
286 function _wp_ajax_add_hierarchical_term() {
287 $action = $_POST['action'];
288 $taxonomy = get_taxonomy(substr($action, 4));
289 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
290 if ( !current_user_can( $taxonomy->cap->edit_terms ) )
292 $names = explode(',', $_POST['new'.$taxonomy->name]);
293 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
296 if ( $taxonomy->name == 'category' )
297 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
299 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
300 $checked_categories = array_map( 'absint', (array) $post_category );
301 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
303 foreach ( $names as $cat_name ) {
304 $cat_name = trim($cat_name);
305 $category_nicename = sanitize_title($cat_name);
306 if ( '' === $category_nicename )
308 if ( !$cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) )
309 $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) );
310 if ( is_wp_error( $cat_id ) )
312 else if ( is_array( $cat_id ) )
313 $cat_id = $cat_id['term_id'];
314 $checked_categories[] = $cat_id;
315 if ( $parent ) // Do these all at once in a second
318 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
319 $data = ob_get_contents();
322 'what' => $taxonomy->name,
324 'data' => str_replace( array("\n", "\t"), '', $data),
329 if ( $parent ) { // Foncy - replace the parent and all its children
330 $parent = get_term( $parent, $taxonomy->name );
331 $term_id = $parent->term_id;
333 while ( $parent->parent ) { // get the top parent
334 $parent = &get_term( $parent->parent, $taxonomy->name );
335 if ( is_wp_error( $parent ) )
337 $term_id = $parent->term_id;
341 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
342 $data = ob_get_contents();
345 'what' => $taxonomy->name,
347 'data' => str_replace( array("\n", "\t"), '', $data),
353 wp_dropdown_categories( array(
354 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
355 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —'
357 $sup = ob_get_contents();
359 $add['supplemental'] = array( 'newcat_parent' => $sup );
361 $x = new WP_Ajax_Response( $add );
365 function wp_ajax_delete_comment() {
366 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
368 if ( !$comment = get_comment( $id ) )
370 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
373 check_ajax_referer( "delete-comment_$id" );
374 $status = wp_get_comment_status( $comment->comment_ID );
377 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
378 if ( 'trash' == $status )
380 $r = wp_trash_comment( $comment->comment_ID );
381 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
382 if ( 'trash' != $status )
384 $r = wp_untrash_comment( $comment->comment_ID );
385 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash
387 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
388 if ( 'spam' == $status )
390 $r = wp_spam_comment( $comment->comment_ID );
391 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
392 if ( 'spam' != $status )
394 $r = wp_unspam_comment( $comment->comment_ID );
395 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam
397 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
398 $r = wp_delete_comment( $comment->comment_ID );
403 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
404 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta );
408 function wp_ajax_delete_tag() {
409 $tag_id = (int) $_POST['tag_ID'];
410 check_ajax_referer( "delete-tag_$tag_id" );
412 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
413 $tax = get_taxonomy($taxonomy);
415 if ( !current_user_can( $tax->cap->delete_terms ) )
418 $tag = get_term( $tag_id, $taxonomy );
419 if ( !$tag || is_wp_error( $tag ) )
422 if ( wp_delete_term($tag_id, $taxonomy))
428 function wp_ajax_delete_link() {
429 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
431 check_ajax_referer( "delete-bookmark_$id" );
432 if ( !current_user_can( 'manage_links' ) )
435 $link = get_bookmark( $id );
436 if ( !$link || is_wp_error( $link ) )
439 if ( wp_delete_link( $id ) )
445 function wp_ajax_delete_meta() {
446 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
448 check_ajax_referer( "delete-meta_$id" );
449 if ( !$meta = get_metadata_by_mid( 'post', $id ) )
452 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) )
454 if ( delete_meta( $meta->meta_id ) )
459 function wp_ajax_delete_post( $action ) {
460 if ( empty( $action ) )
461 $action = 'delete-post';
462 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
464 check_ajax_referer( "{$action}_$id" );
465 if ( !current_user_can( 'delete_post', $id ) )
468 if ( !get_post( $id ) )
471 if ( wp_delete_post( $id ) )
477 function wp_ajax_trash_post( $action ) {
478 if ( empty( $action ) )
479 $action = 'trash-post';
480 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
482 check_ajax_referer( "{$action}_$id" );
483 if ( !current_user_can( 'delete_post', $id ) )
486 if ( !get_post( $id ) )
489 if ( 'trash-post' == $action )
490 $done = wp_trash_post( $id );
492 $done = wp_untrash_post( $id );
500 function wp_ajax_untrash_post( $action ) {
501 if ( empty( $action ) )
502 $action = 'untrash-post';
503 wp_ajax_trash_post( $action );
506 function wp_ajax_delete_page( $action ) {
507 if ( empty( $action ) )
508 $action = 'delete-page';
509 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
511 check_ajax_referer( "{$action}_$id" );
512 if ( !current_user_can( 'delete_page', $id ) )
515 if ( !get_page( $id ) )
518 if ( wp_delete_post( $id ) )
524 function wp_ajax_dim_comment() {
525 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0;
527 if ( !$comment = get_comment( $id ) ) {
528 $x = new WP_Ajax_Response( array(
530 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
535 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) )
538 $current = wp_get_comment_status( $comment->comment_ID );
539 if ( $_POST['new'] == $current )
542 check_ajax_referer( "approve-comment_$id" );
543 if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
544 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
546 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
548 if ( is_wp_error($result) ) {
549 $x = new WP_Ajax_Response( array(
556 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
557 _wp_ajax_delete_comment_response( $comment->comment_ID );
561 function wp_ajax_add_link_category( $action ) {
562 if ( empty( $action ) )
563 $action = 'add-link-category';
564 check_ajax_referer( $action );
565 if ( !current_user_can( 'manage_categories' ) )
567 $names = explode(',', $_POST['newcat']);
568 $x = new WP_Ajax_Response();
569 foreach ( $names as $cat_name ) {
570 $cat_name = trim($cat_name);
571 $slug = sanitize_title($cat_name);
574 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) )
575 $cat_id = wp_insert_term( $cat_name, 'link_category' );
576 if ( is_wp_error( $cat_id ) )
578 else if ( is_array( $cat_id ) )
579 $cat_id = $cat_id['term_id'];
580 $cat_name = esc_html(stripslashes($cat_name));
582 'what' => 'link-category',
584 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
591 function wp_ajax_add_tag() {
592 global $wp_list_table;
594 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' );
595 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
596 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
597 $tax = get_taxonomy($taxonomy);
599 if ( !current_user_can( $tax->cap->edit_terms ) )
602 $x = new WP_Ajax_Response();
604 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
606 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
607 $message = __('An error has occurred. Please reload the page and try again.');
608 if ( is_wp_error($tag) && $tag->get_error_message() )
609 $message = $tag->get_error_message();
612 'what' => 'taxonomy',
613 'data' => new WP_Error('error', $message )
618 set_current_screen( $_POST['screen'] );
620 $wp_list_table = _get_list_table('WP_Terms_List_Table');
623 if ( is_taxonomy_hierarchical($taxonomy) ) {
624 $level = count( get_ancestors( $tag->term_id, $taxonomy ) );
626 $wp_list_table->single_row( $tag, $level );
627 $noparents = ob_get_clean();
631 $wp_list_table->single_row( $tag );
632 $parents = ob_get_clean();
635 'what' => 'taxonomy',
636 'supplemental' => compact('parents', 'noparents')
640 'position' => $level,
641 'supplemental' => (array) $tag
646 function wp_ajax_get_tagcloud() {
647 if ( isset( $_POST['tax'] ) ) {
648 $taxonomy = sanitize_key( $_POST['tax'] );
649 $tax = get_taxonomy( $taxonomy );
652 if ( ! current_user_can( $tax->cap->assign_terms ) )
658 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
660 if ( empty( $tags ) )
661 wp_die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
663 if ( is_wp_error( $tags ) )
664 wp_die( $tags->get_error_message() );
666 foreach ( $tags as $key => $tag ) {
667 $tags[ $key ]->link = '#';
668 $tags[ $key ]->id = $tag->term_id;
671 // We need raw tag names here, so don't filter the output
672 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
674 if ( empty($return) )
682 function wp_ajax_get_comments( $action ) {
683 global $wp_list_table, $post_id;
684 if ( empty( $action ) )
685 $action = 'get-comments';
687 check_ajax_referer( $action );
689 set_current_screen( 'edit-comments' );
691 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table');
693 if ( !current_user_can( 'edit_post', $post_id ) )
696 $wp_list_table->prepare_items();
698 if ( !$wp_list_table->has_items() )
701 $x = new WP_Ajax_Response();
703 foreach ( $wp_list_table->items as $comment ) {
704 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) )
706 get_comment( $comment );
707 $wp_list_table->single_row( $comment );
709 $comment_list_item = ob_get_contents();
713 'what' => 'comments',
714 'data' => $comment_list_item
719 function wp_ajax_replyto_comment( $action ) {
720 global $wp_list_table, $wpdb;
721 if ( empty( $action ) )
722 $action = 'replyto-comment';
724 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
726 set_current_screen( 'edit-comments' );
728 $comment_post_ID = (int) $_POST['comment_post_ID'];
729 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
732 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
734 if ( empty($status) )
736 elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
737 wp_die( __('ERROR: you are replying to a comment on a draft post.') );
739 $user = wp_get_current_user();
740 if ( $user->exists() ) {
741 $user_ID = $user->ID;
742 $comment_author = $wpdb->escape($user->display_name);
743 $comment_author_email = $wpdb->escape($user->user_email);
744 $comment_author_url = $wpdb->escape($user->user_url);
745 $comment_content = trim($_POST['content']);
746 if ( current_user_can( 'unfiltered_html' ) ) {
747 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) {
748 kses_remove_filters(); // start with a clean slate
749 kses_init_filters(); // set up the filters
753 wp_die( __( 'Sorry, you must be logged in to reply to a comment.' ) );
756 if ( '' == $comment_content )
757 wp_die( __( 'ERROR: please type a comment.' ) );
759 $comment_parent = absint($_POST['comment_ID']);
760 $comment_auto_approved = false;
761 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
763 $comment_id = wp_new_comment( $commentdata );
764 $comment = get_comment($comment_id);
765 if ( ! $comment ) wp_die( 1 );
767 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1';
769 // automatically approve parent comment
770 if ( !empty($_POST['approve_parent']) ) {
771 $parent = get_comment( $comment_parent );
773 if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) {
774 if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) )
775 $comment_auto_approved = true;
780 if ( 'dashboard' == $_REQUEST['mode'] ) {
781 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
782 _wp_dashboard_recent_comments_row( $comment );
784 if ( 'single' == $_REQUEST['mode'] ) {
785 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table');
787 $wp_list_table = _get_list_table('WP_Comments_List_Table');
789 $wp_list_table->single_row( $comment );
791 $comment_list_item = ob_get_contents();
796 'id' => $comment->comment_ID,
797 'data' => $comment_list_item,
798 'position' => $position
801 if ( $comment_auto_approved )
802 $response['supplemental'] = array( 'parent_approved' => $parent->comment_ID );
804 $x = new WP_Ajax_Response();
805 $x->add( $response );
809 function wp_ajax_edit_comment() {
810 global $wp_list_table;
812 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
814 set_current_screen( 'edit-comments' );
816 $comment_id = (int) $_POST['comment_ID'];
817 if ( ! current_user_can( 'edit_comment', $comment_id ) )
820 if ( '' == $_POST['content'] )
821 wp_die( __( 'ERROR: please type a comment.' ) );
823 $_POST['comment_status'] = $_POST['status'];
826 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
827 $comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
829 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
830 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' );
832 $comment = get_comment( $comment_id );
835 $wp_list_table->single_row( $comment );
836 $comment_list_item = ob_get_contents();
839 $x = new WP_Ajax_Response();
842 'what' => 'edit_comment',
843 'id' => $comment->comment_ID,
844 'data' => $comment_list_item,
845 'position' => $position
851 function wp_ajax_add_menu_item() {
852 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
854 if ( ! current_user_can( 'edit_theme_options' ) )
857 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
859 // For performance reasons, we omit some object properties from the checklist.
860 // The following is a hacky way to restore them when adding non-custom items.
862 $menu_items_data = array();
863 foreach ( (array) $_POST['menu-item'] as $menu_item_data ) {
865 ! empty( $menu_item_data['menu-item-type'] ) &&
866 'custom' != $menu_item_data['menu-item-type'] &&
867 ! empty( $menu_item_data['menu-item-object-id'] )
869 switch( $menu_item_data['menu-item-type'] ) {
871 $_object = get_post( $menu_item_data['menu-item-object-id'] );
875 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] );
879 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) );
880 $_menu_item = array_shift( $_menu_items );
882 // Restore the missing menu item properties
883 $menu_item_data['menu-item-description'] = $_menu_item->description;
886 $menu_items_data[] = $menu_item_data;
889 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data );
890 if ( is_wp_error( $item_ids ) )
893 $menu_items = array();
895 foreach ( (array) $item_ids as $menu_item_id ) {
896 $menu_obj = get_post( $menu_item_id );
897 if ( ! empty( $menu_obj->ID ) ) {
898 $menu_obj = wp_setup_nav_menu_item( $menu_obj );
899 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
900 $menu_items[] = $menu_obj;
904 $walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] );
906 if ( ! class_exists( $walker_class_name ) )
909 if ( ! empty( $menu_items ) ) {
915 'walker' => new $walker_class_name,
917 echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
921 function wp_ajax_add_meta() {
922 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
924 $pid = (int) $_POST['post_id'];
925 $post = get_post( $pid );
927 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
928 if ( !current_user_can( 'edit_post', $pid ) )
930 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
932 if ( $post->post_status == 'auto-draft' ) {
933 $save_POST = $_POST; // Backup $_POST
934 $_POST = array(); // Make it empty for edit_post()
935 $_POST['action'] = 'draft'; // Warning fix
936 $_POST['post_ID'] = $pid;
937 $_POST['post_type'] = $post->post_type;
938 $_POST['post_status'] = 'draft';
939 $now = current_time('timestamp', 1);
940 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
942 if ( $pid = edit_post() ) {
943 if ( is_wp_error( $pid ) ) {
944 $x = new WP_Ajax_Response( array(
950 $_POST = $save_POST; // Now we can restore original $_POST again
951 if ( !$mid = add_meta( $pid ) )
952 wp_die( __( 'Please provide a custom field value.' ) );
956 } else if ( !$mid = add_meta( $pid ) ) {
957 wp_die( __( 'Please provide a custom field value.' ) );
960 $meta = get_metadata_by_mid( 'post', $mid );
961 $pid = (int) $meta->post_id;
962 $meta = get_object_vars( $meta );
963 $x = new WP_Ajax_Response( array(
966 'data' => _list_meta_row( $meta, $c ),
968 'supplemental' => array('postid' => $pid)
971 $mid = (int) key( $_POST['meta'] );
972 $key = stripslashes( $_POST['meta'][$mid]['key'] );
973 $value = stripslashes( $_POST['meta'][$mid]['value'] );
974 if ( '' == trim($key) )
975 wp_die( __( 'Please provide a custom field name.' ) );
976 if ( '' == trim($value) )
977 wp_die( __( 'Please provide a custom field value.' ) );
978 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) )
979 wp_die( 0 ); // if meta doesn't exist
980 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) ||
981 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) ||
982 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) )
984 if ( $meta->meta_value != $value || $meta->meta_key != $key ) {
985 if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) )
986 wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
989 $x = new WP_Ajax_Response( array(
991 'id' => $mid, 'old_id' => $mid,
992 'data' => _list_meta_row( array(
994 'meta_value' => $value,
998 'supplemental' => array('postid' => $meta->post_id)
1004 function wp_ajax_add_user( $action ) {
1005 global $wp_list_table;
1006 if ( empty( $action ) )
1007 $action = 'add-user';
1009 check_ajax_referer( $action );
1010 if ( ! current_user_can('create_users') )
1012 if ( ! $user_id = edit_user() ) {
1014 } elseif ( is_wp_error( $user_id ) ) {
1015 $x = new WP_Ajax_Response( array(
1021 $user_object = new WP_User( $user_id );
1023 $wp_list_table = _get_list_table('WP_Users_List_Table');
1025 $x = new WP_Ajax_Response( array(
1028 'data' => $wp_list_table->single_row( $user_object, '', $user_object->roles[0] ),
1029 'supplemental' => array(
1030 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
1031 'role' => $user_object->roles[0]
1037 function wp_ajax_autosave() {
1038 global $login_grace_period;
1040 define( 'DOING_AUTOSAVE', true );
1042 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
1044 $_POST['post_category'] = explode(",", $_POST['catslist']);
1045 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
1046 unset($_POST['post_category']);
1048 $do_autosave = (bool) $_POST['autosave'];
1051 $data = $alert = '';
1052 /* translators: draft saved date format, see http://php.net/date */
1053 $draft_saved_date_format = __('g:i:s a');
1054 /* translators: %s: date and time */
1055 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
1057 $supplemental = array();
1058 if ( isset($login_grace_period) )
1059 $alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) );
1061 $id = $revision_id = 0;
1063 $post_ID = (int) $_POST['post_ID'];
1064 $_POST['ID'] = $post_ID;
1065 $post = get_post($post_ID);
1066 if ( 'auto-draft' == $post->post_status )
1067 $_POST['post_status'] = 'draft';
1069 if ( $last = wp_check_post_lock( $post->ID ) ) {
1070 $do_autosave = $do_lock = false;
1072 $last_user = get_userdata( $last );
1073 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1074 $data = __( 'Autosave disabled.' );
1076 $supplemental['disable_autosave'] = 'disable';
1077 $alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) );
1080 if ( 'page' == $post->post_type ) {
1081 if ( !current_user_can('edit_page', $post_ID) )
1082 wp_die( __( 'You are not allowed to edit this page.' ) );
1084 if ( !current_user_can('edit_post', $post_ID) )
1085 wp_die( __( 'You are not allowed to edit this post.' ) );
1088 if ( $do_autosave ) {
1089 // Drafts and auto-drafts are just overwritten by autosave
1090 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) {
1092 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
1093 $revision_id = wp_create_post_autosave( $post->ID );
1094 if ( is_wp_error($revision_id) )
1101 if ( ! empty( $_POST['auto_draft'] ) )
1102 $id = 0; // This tells us it didn't actually save
1107 if ( $do_lock && empty( $_POST['auto_draft'] ) && $id && is_numeric( $id ) ) {
1108 $lock_result = wp_set_post_lock( $id );
1109 $supplemental['active-post-lock'] = implode( ':', $lock_result );
1112 if ( $nonce_age == 2 ) {
1113 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1114 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1115 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1116 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1117 $supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' );
1119 if ( $_POST['post_type'] == 'post' )
1120 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1121 elseif ( $_POST['post_type'] == 'page' )
1122 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1126 if ( ! empty($alert) )
1127 $supplemental['alert'] = $alert;
1129 $x = new WP_Ajax_Response( array(
1130 'what' => 'autosave',
1132 'data' => $id ? $data : '',
1133 'supplemental' => $supplemental
1138 function wp_ajax_closed_postboxes() {
1139 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1140 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1141 $closed = array_filter($closed);
1143 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1144 $hidden = array_filter($hidden);
1146 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1148 if ( $page != sanitize_key( $page ) )
1151 if ( ! $user = wp_get_current_user() )
1154 if ( is_array($closed) )
1155 update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1157 if ( is_array($hidden) ) {
1158 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1159 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1165 function wp_ajax_hidden_columns() {
1166 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1167 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1168 $hidden = explode( ',', $_POST['hidden'] );
1169 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1171 if ( $page != sanitize_key( $page ) )
1174 if ( ! $user = wp_get_current_user() )
1177 if ( is_array($hidden) )
1178 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1183 function wp_ajax_update_welcome_panel() {
1184 check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' );
1186 if ( ! current_user_can( 'edit_theme_options' ) )
1189 update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 );
1194 function wp_ajax_menu_get_metabox() {
1195 if ( ! current_user_can( 'edit_theme_options' ) )
1198 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1200 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1202 $callback = 'wp_nav_menu_item_post_type_meta_box';
1203 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1204 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1206 $callback = 'wp_nav_menu_item_taxonomy_meta_box';
1207 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1210 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1211 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1213 call_user_func_array($callback, array(
1216 'id' => 'add-' . $item->name,
1217 'title' => $item->labels->name,
1218 'callback' => $callback,
1223 $markup = ob_get_clean();
1225 echo json_encode(array(
1226 'replace-id' => $type . '-' . $item->name,
1227 'markup' => $markup,
1234 function wp_ajax_wp_link_ajax() {
1235 check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' );
1239 if ( isset( $_POST['search'] ) )
1240 $args['s'] = stripslashes( $_POST['search'] );
1241 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1;
1243 require(ABSPATH . WPINC . '/class-wp-editor.php');
1244 $results = _WP_Editors::wp_link_query( $args );
1246 if ( ! isset( $results ) )
1249 echo json_encode( $results );
1255 function wp_ajax_menu_locations_save() {
1256 if ( ! current_user_can( 'edit_theme_options' ) )
1258 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1259 if ( ! isset( $_POST['menu-locations'] ) )
1261 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) );
1265 function wp_ajax_meta_box_order() {
1266 check_ajax_referer( 'meta-box-order' );
1267 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1268 $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto';
1270 if ( $page_columns != 'auto' )
1271 $page_columns = (int) $page_columns;
1273 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1275 if ( $page != sanitize_key( $page ) )
1278 if ( ! $user = wp_get_current_user() )
1282 update_user_option($user->ID, "meta-box-order_$page", $order, true);
1284 if ( $page_columns )
1285 update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1290 function wp_ajax_menu_quick_search() {
1291 if ( ! current_user_can( 'edit_theme_options' ) )
1294 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1296 _wp_ajax_menu_quick_search( $_POST );
1301 function wp_ajax_get_permalink() {
1302 check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1303 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1304 wp_die( add_query_arg( array( 'preview' => 'true' ), get_permalink( $post_id ) ) );
1307 function wp_ajax_sample_permalink() {
1308 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1309 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1310 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1311 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1312 wp_die( get_sample_permalink_html( $post_id, $title, $slug ) );
1315 function wp_ajax_inline_save() {
1316 global $wp_list_table;
1318 check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1320 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1323 if ( 'page' == $_POST['post_type'] ) {
1324 if ( ! current_user_can( 'edit_page', $post_ID ) )
1325 wp_die( __( 'You are not allowed to edit this page.' ) );
1327 if ( ! current_user_can( 'edit_post', $post_ID ) )
1328 wp_die( __( 'You are not allowed to edit this post.' ) );
1331 set_current_screen( $_POST['screen'] );
1333 if ( $last = wp_check_post_lock( $post_ID ) ) {
1334 $last_user = get_userdata( $last );
1335 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1336 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1342 $post = get_post( $post_ID, ARRAY_A );
1343 $post = add_magic_quotes($post); //since it is from db
1345 $data['content'] = $post['post_content'];
1346 $data['excerpt'] = $post['post_excerpt'];
1349 $data['user_ID'] = $GLOBALS['user_ID'];
1351 if ( isset($data['post_parent']) )
1352 $data['parent_id'] = $data['post_parent'];
1355 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1356 $data['post_status'] = 'private';
1358 $data['post_status'] = $data['_status'];
1360 if ( empty($data['comment_status']) )
1361 $data['comment_status'] = 'closed';
1362 if ( empty($data['ping_status']) )
1363 $data['ping_status'] = 'closed';
1368 $wp_list_table = _get_list_table('WP_Posts_List_Table');
1370 $mode = $_POST['post_view'];
1371 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) );
1376 function wp_ajax_inline_save_tax() {
1377 global $wp_list_table;
1379 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1381 $taxonomy = sanitize_key( $_POST['taxonomy'] );
1382 $tax = get_taxonomy( $taxonomy );
1386 if ( ! current_user_can( $tax->cap->edit_terms ) )
1389 set_current_screen( 'edit-' . $taxonomy );
1391 $wp_list_table = _get_list_table('WP_Terms_List_Table');
1393 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1396 $tag = get_term( $id, $taxonomy );
1397 $_POST['description'] = $tag->description;
1399 $updated = wp_update_term($id, $taxonomy, $_POST);
1400 if ( $updated && !is_wp_error($updated) ) {
1401 $tag = get_term( $updated['term_id'], $taxonomy );
1402 if ( !$tag || is_wp_error( $tag ) ) {
1403 if ( is_wp_error($tag) && $tag->get_error_message() )
1404 wp_die( $tag->get_error_message() );
1405 wp_die( __( 'Item not updated.' ) );
1408 echo $wp_list_table->single_row( $tag );
1410 if ( is_wp_error($updated) && $updated->get_error_message() )
1411 wp_die( $updated->get_error_message() );
1412 wp_die( __( 'Item not updated.' ) );
1418 function wp_ajax_find_posts() {
1421 check_ajax_referer( 'find-posts' );
1423 if ( empty($_POST['ps']) )
1426 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) )
1427 $what = $_POST['post_type'];
1431 $s = stripslashes($_POST['ps']);
1432 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1433 $search_terms = array_map('_search_terms_tidy', $matches[0]);
1435 $searchand = $search = '';
1436 foreach ( (array) $search_terms as $term ) {
1437 $term = esc_sql( like_escape( $term ) );
1438 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1439 $searchand = ' AND ';
1441 $term = esc_sql( like_escape( $s ) );
1442 if ( count($search_terms) > 1 && $search_terms[0] != $s )
1443 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1445 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
1448 $posttype = get_post_type_object($what);
1449 wp_die( $posttype->labels->not_found );
1452 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1453 foreach ( $posts as $post ) {
1455 switch ( $post->post_status ) {
1458 $stat = __('Published');
1461 $stat = __('Scheduled');
1464 $stat = __('Pending Review');
1467 $stat = __('Draft');
1471 if ( '0000-00-00 00:00:00' == $post->post_date ) {
1474 /* translators: date format in table columns, see http://php.net/date */
1475 $time = mysql2date(__('Y/m/d'), $post->post_date);
1478 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1479 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1481 $html .= '</tbody></table>';
1483 $x = new WP_Ajax_Response();
1492 function wp_ajax_widgets_order() {
1493 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1495 if ( !current_user_can('edit_theme_options') )
1498 unset( $_POST['savewidgets'], $_POST['action'] );
1500 // save widgets order for all sidebars
1501 if ( is_array($_POST['sidebars']) ) {
1502 $sidebars = array();
1503 foreach ( $_POST['sidebars'] as $key => $val ) {
1505 if ( !empty($val) ) {
1506 $val = explode(',', $val);
1507 foreach ( $val as $k => $v ) {
1508 if ( strpos($v, 'widget-') === false )
1511 $sb[$k] = substr($v, strpos($v, '_') + 1);
1514 $sidebars[$key] = $sb;
1516 wp_set_sidebars_widgets($sidebars);
1523 function wp_ajax_save_widget() {
1524 global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates;
1526 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1528 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1531 unset( $_POST['savewidgets'], $_POST['action'] );
1533 do_action('load-widgets.php');
1534 do_action('widgets.php');
1535 do_action('sidebar_admin_setup');
1537 $id_base = $_POST['id_base'];
1538 $widget_id = $_POST['widget-id'];
1539 $sidebar_id = $_POST['sidebar'];
1540 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1541 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1542 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>';
1544 $sidebars = wp_get_sidebars_widgets();
1545 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1548 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1550 if ( !isset($wp_registered_widgets[$widget_id]) )
1553 $sidebar = array_diff( $sidebar, array($widget_id) );
1554 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1555 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1556 if ( !$multi_number )
1559 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1560 $widget_id = $id_base . '-' . $multi_number;
1561 $sidebar[] = $widget_id;
1563 $_POST['widget-id'] = $sidebar;
1565 foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1567 if ( $name == $id_base ) {
1568 if ( !is_callable( $control['callback'] ) )
1572 call_user_func_array( $control['callback'], $control['params'] );
1578 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1579 $sidebars[$sidebar_id] = $sidebar;
1580 wp_set_sidebars_widgets($sidebars);
1581 echo "deleted:$widget_id";
1585 if ( !empty($_POST['add_new']) )
1588 if ( $form = $wp_registered_widget_controls[$widget_id] )
1589 call_user_func_array( $form['callback'], $form['params'] );
1594 function wp_ajax_upload_attachment() {
1595 check_ajax_referer( 'media-form' );
1597 if ( ! current_user_can( 'upload_files' ) )
1600 if ( isset( $_REQUEST['post_id'] ) ) {
1601 $post_id = $_REQUEST['post_id'];
1602 if ( ! current_user_can( 'edit_post', $post_id ) )
1608 $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array();
1610 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data );
1612 if ( is_wp_error( $attachment_id ) ) {
1613 echo json_encode( array(
1616 'message' => $attachment_id->get_error_message(),
1617 'filename' => $_FILES['async-upload']['name'],
1623 if ( isset( $post_data['context'] ) && isset( $post_data['theme'] ) ) {
1624 if ( 'custom-background' === $post_data['context'] )
1625 update_post_meta( $attachment_id, '_wp_attachment_is_custom_background', $post_data['theme'] );
1627 if ( 'custom-header' === $post_data['context'] )
1628 update_post_meta( $attachment_id, '_wp_attachment_is_custom_header', $post_data['theme'] );
1631 $post = get_post( $attachment_id );
1633 echo json_encode( array(
1634 'type' => 'success',
1636 'id' => $attachment_id,
1637 'title' => esc_attr( $post->post_title ),
1638 'filename' => esc_html( basename( $post->guid ) ),
1639 'url' => wp_get_attachment_url( $attachment_id ),
1640 'meta' => wp_get_attachment_metadata( $attachment_id ),
1646 function wp_ajax_image_editor() {
1647 $attachment_id = intval($_POST['postid']);
1648 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
1651 check_ajax_referer( "image_editor-$attachment_id" );
1652 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
1655 switch ( $_POST['do'] ) {
1657 $msg = wp_save_image($attachment_id);
1658 $msg = json_encode($msg);
1662 $msg = wp_save_image($attachment_id);
1665 $msg = wp_restore_image($attachment_id);
1669 wp_image_editor($attachment_id, $msg);
1673 function wp_ajax_set_post_thumbnail() {
1674 $post_ID = intval( $_POST['post_id'] );
1675 if ( !current_user_can( 'edit_post', $post_ID ) )
1677 $thumbnail_id = intval( $_POST['thumbnail_id'] );
1679 check_ajax_referer( "set_post_thumbnail-$post_ID" );
1681 if ( $thumbnail_id == '-1' ) {
1682 if ( delete_post_thumbnail( $post_ID ) )
1683 wp_die( _wp_post_thumbnail_html( null, $post_ID ) );
1688 if ( set_post_thumbnail( $post_ID, $thumbnail_id ) )
1689 wp_die( _wp_post_thumbnail_html( $thumbnail_id, $post_ID ) );
1693 function wp_ajax_date_format() {
1694 wp_die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) );
1697 function wp_ajax_time_format() {
1698 wp_die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) );
1701 function wp_ajax_wp_fullscreen_save_post() {
1702 $post_id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0;
1704 $post = $post_type = null;
1707 $post = get_post( $post_id );
1710 $post_type = $post->post_type;
1711 elseif ( isset( $_POST['post_type'] ) && post_type_exists( $_POST['post_type'] ) )
1712 $post_type = $_POST['post_type'];
1714 check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce');
1716 $post_id = edit_post();
1718 if ( is_wp_error($post_id) ) {
1719 if ( $post_id->get_error_message() )
1720 $message = $post_id->get_error_message();
1722 $message = __('Save failed');
1724 echo json_encode( array( 'message' => $message, 'last_edited' => '' ) );
1727 $message = __('Saved.');
1731 $last_date = mysql2date( get_option('date_format'), $post->post_modified );
1732 $last_time = mysql2date( get_option('time_format'), $post->post_modified );
1734 $last_date = date_i18n( get_option('date_format') );
1735 $last_time = date_i18n( get_option('time_format') );
1738 if ( $last_id = get_post_meta($post_id, '_edit_last', true) ) {
1739 $last_user = get_userdata($last_id);
1740 $last_edited = sprintf( __('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time );
1742 $last_edited = sprintf( __('Last edited on %1$s at %2$s'), $last_date, $last_time );
1745 echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) );
1749 function wp_ajax_wp_remove_post_lock() {
1750 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) )
1752 $post_id = (int) $_POST['post_ID'];
1753 if ( ! $post = get_post( $post_id ) )
1756 check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id );
1758 if ( ! current_user_can( 'edit_post', $post_id ) )
1761 $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) );
1762 if ( $active_lock[1] != get_current_user_id() )
1765 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1];
1766 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) );
1770 function wp_ajax_dismiss_wp_pointer() {
1771 $pointer = $_POST['pointer'];
1772 if ( $pointer != sanitize_key( $pointer ) )
1775 // check_ajax_referer( 'dismiss-pointer_' . $pointer );
1777 $dismissed = array_filter( explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) ) );
1779 if ( in_array( $pointer, $dismissed ) )
1782 $dismissed[] = $pointer;
1783 $dismissed = implode( ',', $dismissed );
1785 update_user_meta( get_current_user_id(), 'dismissed_wp_pointers', $dismissed );