+ if ( isset( $post_data['post_category'] ) ) {
+ $category_object = get_taxonomy( 'category' );
+ if ( ! current_user_can( $category_object->cap->assign_terms ) ) {
+ unset( $post_data['post_category'] );
+ }
+ }
+
if ( current_user_can( 'read_post', $post->ID ) ) {
if ( 'draft' === $post->post_status ) {
if ( current_user_can( 'read_post', $post->ID ) ) {
if ( 'draft' === $post->post_status ) {
$preview_target = " target='wp-preview-{$post->ID}'";
} else {
if ( 'publish' === $post->post_status || 'attachment' === $post->post_type ) {
$view_link = get_permalink( $post );
} else {
// Allow non-published (private, future) to be viewed at a pretty permalink.
$preview_target = " target='wp-preview-{$post->ID}'";
} else {
if ( 'publish' === $post->post_status || 'attachment' === $post->post_type ) {
$view_link = get_permalink( $post );
} else {
// Allow non-published (private, future) to be viewed at a pretty permalink.
- $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, urldecode( $permalink ) );
+ $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, $permalink );
- $post_name_html = '<span id="editable-post-name">' . $post_name_abridged . '</span>';
- $display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, urldecode( $permalink ) );
+ $post_name_html = '<span id="editable-post-name">' . esc_html( $post_name_abridged ) . '</span>';
+ $display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, esc_html( urldecode( $permalink ) ) );
$return = '<strong>' . __( 'Permalink:' ) . "</strong>\n";
$return .= '<span id="sample-permalink"><a href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . $display_link . "</a></span>\n";
$return .= '‎'; // Fix bi-directional text display defect in RTL languages.
$return .= '<span id="edit-slug-buttons"><button type="button" class="edit-slug button button-small hide-if-no-js" aria-label="' . __( 'Edit permalink' ) . '">' . __( 'Edit' ) . "</button></span>\n";
$return = '<strong>' . __( 'Permalink:' ) . "</strong>\n";
$return .= '<span id="sample-permalink"><a href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . $display_link . "</a></span>\n";
$return .= '‎'; // Fix bi-directional text display defect in RTL languages.
$return .= '<span id="edit-slug-buttons"><button type="button" class="edit-slug button button-small hide-if-no-js" aria-label="' . __( 'Edit permalink' ) . '">' . __( 'Edit' ) . "</button></span>\n";
$upload_iframe_src = get_upload_iframe_src( 'image', $post->ID );
$content = sprintf( $set_thumbnail_link,
$upload_iframe_src = get_upload_iframe_src( 'image', $post->ID );
$content = sprintf( $set_thumbnail_link,
if ( !empty( $thumbnail_html ) ) {
$ajax_nonce = wp_create_nonce( 'set_post_thumbnail-' . $post->ID );
$content = sprintf( $set_thumbnail_link,
if ( !empty( $thumbnail_html ) ) {
$ajax_nonce = wp_create_nonce( 'set_post_thumbnail-' . $post->ID );
$content = sprintf( $set_thumbnail_link,
// Store one autosave per author. If there is already an autosave, overwrite it.
if ( $old_autosave = wp_get_post_autosave( $post_id, $post_author ) ) {
// Store one autosave per author. If there is already an autosave, overwrite it.
if ( $old_autosave = wp_get_post_autosave( $post_id, $post_author ) ) {
$new_autosave['ID'] = $old_autosave->ID;
$new_autosave['post_author'] = $post_author;
// If the new autosave has the same content as the post, delete the autosave.
$post = get_post( $post_id );
$autosave_is_different = false;
$new_autosave['ID'] = $old_autosave->ID;
$new_autosave['post_author'] = $post_author;
// If the new autosave has the same content as the post, delete the autosave.
$post = get_post( $post_id );
$autosave_is_different = false;
if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
$autosave_is_different = true;
break;
if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
$autosave_is_different = true;
break;
*
* @param array $post_data Associative array of the submitted post data.
* @return mixed The value 0 or WP_Error on failure. The saved post ID on success.
*
* @param array $post_data Associative array of the submitted post data.
* @return mixed The value 0 or WP_Error on failure. The saved post ID on success.