/** WordPress Administration Bootstrap */
require_once('admin.php');
+header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
-if ( ! current_user_can('publish_posts') ) wp_die( __( 'Cheatin’ uh?' ) );
-
-/**
- * Replace forward slash with backslash and slash.
- *
- * @package WordPress
- * @subpackage Press_This
- * @since 2.6.0
- *
- * @param string $string
- * @return string
- */
-function preg_quote2($string) {
- return str_replace('/', '\/', preg_quote($string));
-}
+if ( ! current_user_can('edit_posts') )
+ wp_die( __( 'Cheatin’ uh?' ) );
/**
* Convert characters.
function press_it() {
// define some basic variables
$quick['post_status'] = 'draft'; // set as draft first
- $quick['post_category'] = $_REQUEST['post_category'];
- $quick['tags_input'] = $_REQUEST['tags_input'];
- $quick['post_title'] = $_REQUEST['title'];
+ $quick['post_category'] = isset($_REQUEST['post_category']) ? $_REQUEST['post_category'] : null;
+ $quick['tax_input'] = isset($_REQUEST['tax_input']) ? $_REQUEST['tax_input'] : '';
+ $quick['post_title'] = isset($_REQUEST['title']) ? $_REQUEST['title'] : '';
$quick['post_content'] = '';
// insert the post with nothing in it, to get an ID
$post_ID = wp_insert_post($quick, true);
- $content = $_REQUEST['content'];
+ $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : '';
- if($_REQUEST['photo_src'])
+ $upload = false;
+ if( !empty($_REQUEST['photo_src']) && current_user_can('upload_files') )
foreach( (array) $_REQUEST['photo_src'] as $key => $image)
// see if files exist in content - we don't want to upload non-used selected files.
if( strpos($_REQUEST['content'], $image) !== false ) {
- $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]);
+ $desc = isset($_REQUEST['photo_description'][$key]) ? $_REQUEST['photo_description'][$key] : '';
+ $upload = media_sideload_image($image, $post_ID, $desc);
- // Replace the POSTED content <img> with correct uploaded ones.
- // escape quote for matching
- $quoted = preg_quote2($image);
- if( !is_wp_error($upload) ) $content = preg_replace('/<img ([^>]*)src=(\"|\')'.$quoted.'(\2)([^>\/]*)\/*>/is', $upload, $content);
+ // Replace the POSTED content <img> with correct uploaded ones. Regex contains fix for Magic Quotes
+ if( !is_wp_error($upload) ) $content = preg_replace('/<img ([^>]*)src=\\\?(\"|\')'.preg_quote($image, '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content);
}
// set the post_content and status
}
// For submitted posts.
-if ( 'post' == $_REQUEST['action'] ) {
+if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
check_admin_referer('press-this');
$post_ID = press_it();
$posted = $post_ID;
+} else {
+ $post_ID = 0;
}
// Set Variables
-$title = wp_specialchars(aposfix(stripslashes($_GET['t'])));
-$selection = trim( aposfix( stripslashes($_GET['s']) ) );
+$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : '';
+$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : '';
if ( ! empty($selection) ) {
$selection = preg_replace('/(\r?\n|\r)/', '</p><p>', $selection);
$selection = '<p>'.str_replace('<p></p>', '', $selection).'</p>';
}
-$url = clean_url($_GET['u']);
-$image = $_GET['i'];
+$url = isset($_GET['u']) ? esc_url($_GET['u']) : '';
+$image = isset($_GET['i']) ? $_GET['i'] : '';
-if($_REQUEST['ajax']) {
+if ( !empty($_REQUEST['ajax']) ) {
switch ($_REQUEST['ajax']) {
case 'video': ?>
<script type="text/javascript" charset="utf-8">
<h3 class="tb"><label for="this_photo_description"><?php _e('Description') ?></label></h3>
<div class="titlediv">
<div class="titlewrap">
- <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>
+ <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo esc_attr($title);?>"/>
</div>
</div>
- <p class="centered"><input type="hidden" name="this_photo" value="<?php echo attribute_escape($image); ?>" id="this_photo" />
- <a href="#" class="select"><img src="<?php echo clean_url($image); ?>" alt="<?php echo attribute_escape(__('Click to insert.')); ?>" title="<?php echo attribute_escape(__('Click to insert.')); ?>" /></a></p>
+ <p class="centered"><input type="hidden" name="this_photo" value="<?php echo esc_attr($image); ?>" id="this_photo" />
+ <a href="#" class="select"><img src="<?php echo esc_url($image); ?>" alt="<?php echo esc_attr(__('Click to insert.')); ?>" title="<?php echo esc_attr(__('Click to insert.')); ?>" /></a></p>
<p id="options"><a href="#" class="select button"><?php _e('Insert Image'); ?></a> <a href="#" class="cancel button"><?php _e('Cancel'); ?></a></p>
<h3 class="tb"><label for="photo_description"><?php _e('Description') ?></label></h3>
<div id="titlediv">
<div class="titlewrap">
- <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo attribute_escape($title);?>"/>
+ <input id="this_photo_description" name="photo_description" class="tbtitle text" onkeypress="if(event.keyCode==13) image_selector();" value="<?php echo esc_attr($title);?>"/>
</div>
</div>
$src = 'http://'.str_replace('//','/', $host['host'].'/'.$src);
else
$src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src);
- $sources[] = clean_url($src);
+ $sources[] = esc_url($src);
}
return "'" . implode("','", $sources) . "'";
}
var my_src = eval(
jQuery.ajax({
type: "GET",
- url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
+ url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
cache : false,
async : false,
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
var my_src = eval(
jQuery.ajax({
type: "GET",
- url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
+ url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
cache : false,
async : false,
data: "ajax=photo_images&u=<?php echo urlencode($url); ?>",
wp_enqueue_style( 'colors' );
wp_enqueue_script( 'post' );
wp_enqueue_script('editor');
+?>
+<script type="text/javascript">
+//<![CDATA[
+addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time() ?>'};
+var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>';
+//]]>
+</script>
+<?php
do_action('admin_print_styles');
do_action('admin_print_scripts');
do_action('admin_head');
}
?>
<script type="text/javascript">
- jQuery('#tags-input').hide();
- tag_update_quickclicks();
- // add the quickadd form
- jQuery('#jaxtag').prepend('<span id="ajaxtag"><input type="text" name="newtag" id="newtag" class="form-input-tip" size="16" autocomplete="off" value="'+postL10n.addTag+'" /><input type="submit" class="button" id="tagadd" value="' + postL10n.add + '" tabindex="3" onclick="return false;" /><input type="hidden"/><input type="hidden"/><span class="howto">'+postL10n.separate+'</span></span>');
-
- jQuery('#tagadd').click( tag_flush_to_text );
- jQuery('#newtag').focus(function() {
- if ( this.value == postL10n.addTag )
- jQuery(this).val( '' ).removeClass( 'form-input-tip' );
- });
- jQuery('#newtag').blur(function() {
- if ( this.value == '' )
- jQuery(this).val( postL10n.addTag ).addClass( 'form-input-tip' );
- });
- // auto-save tags on post save/publish
- jQuery('#publish').click( tag_save_on_publish );
- jQuery('#save').click( tag_save_on_publish );
function insert_plain_editor(text) {
edCanvas = document.getElementById('content');
edInsertContent(edCanvas, text);
jQuery('#extra_fields').show();
switch(tab_name) {
case 'video' :
- jQuery('#extra_fields').load('<?php echo clean_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo attribute_escape($selection); ?>'}, function() {
+ jQuery('#extra_fields').load('<?php echo esc_url($_SERVER['PHP_SELF']); ?>', { ajax: 'video', s: '<?php echo esc_attr($selection); ?>'}, function() {
<?php
$content = '';
if ( preg_match("/youtube\.com\/watch/i", $url) ) {
list($domain, $video_id) = split("v=", $url);
+ $video_id = esc_attr($video_id);
$content = '<object width="425" height="350"><param name="movie" value="http://www.youtube.com/v/' . $video_id . '"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/' . $video_id . '" type="application/x-shockwave-flash" wmode="transparent" width="425" height="350"></embed></object>';
} elseif ( preg_match("/vimeo\.com\/[0-9]+/i", $url) ) {
list($domain, $video_id) = split(".com/", $url);
+ $video_id = esc_attr($video_id);
$content = '<object width="400" height="225"><param name="allowfullscreen" value="true" /><param name="allowscriptaccess" value="always" /><param name="movie" value="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&server=www.vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" /> <embed src="http://www.vimeo.com/moogaloop.swf?clip_id=' . $video_id . '&server=www.vimeo.com&show_title=1&show_byline=1&show_portrait=0&color=&fullscreen=1" type="application/x-shockwave-flash" allowfullscreen="true" allowscriptaccess="always" width="400" height="225"></embed></object>';
if ( trim($selection) == '' )
return false;
break;
case 'photo' :
- jQuery('#extra_fields').before('<p id="waiting"><img src="images/loading.gif" alt="" /> <?php echo js_escape( __( 'Loading...' ) ); ?></p>');
+ jQuery('#extra_fields').before('<p id="waiting"><img src="images/wpspin_light.gif" alt="" /> <?php echo esc_js( __( 'Loading...' ) ); ?></p>');
jQuery.ajax({
type: "GET",
cache : false,
- url: "<?php echo clean_url($_SERVER['PHP_SELF']); ?>",
+ url: "<?php echo esc_url($_SERVER['PHP_SELF']); ?>",
data: "ajax=photo_js&u=<?php echo urlencode($url)?>",
dataType : "script",
success : function() {
<!-- This div holds the photo metadata -->
<div class="photolist"></div>
+ <div id="submitdiv" class="stuffbox">
+ <h3><?php _e('Publish') ?></h3>
+ <div class="inside">
+ <p>
+ <input class="button" type="submit" name="draft" value="<?php esc_attr_e('Save Draft') ?>" id="save" />
+ <?php if ( current_user_can('publish_posts') ) { ?>
+ <input class="button-primary" type="submit" name="publish" value="<?php esc_attr_e('Publish') ?>" id="publish" />
+ <?php } else { ?>
+ <br /><br /><input class="button-primary" type="submit" name="review" value="<?php esc_attr_e('Submit for Review') ?>" id="review" />
+ <?php } ?>
+ <img src="images/wpspin_light.gif" alt="" id="saving" style="display:none;" />
+ </p>
+ </div>
+ </div>
+
<div id="categorydiv" class="stuffbox">
- <h2><?php _e('Categories') ?></h2>
+ <h3><?php _e('Categories') ?></h3>
<div class="inside">
- <div id="categories-all" class="ui-tabs-panel">
+ <div id="categories-all" class="tabs-panel">
<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
- <?php wp_category_checklist($post->ID, false, false, $popular_ids) ?>
+ <?php wp_category_checklist($post_ID, false) ?>
</ul>
</div>
<div id="category-adder" class="wp-hidden-children">
<a id="category-add-toggle" href="#category-add" class="hide-if-no-js" tabindex="3"><?php _e( '+ Add New Category' ); ?></a>
<p id="category-add" class="wp-hidden-child">
- <label class="hidden" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php _e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
- <label class="hidden" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
- <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php _e( 'Add' ); ?>" tabindex="3" />
+ <label class="screen-reader-text" for="newcat"><?php _e( 'Add New Category' ); ?></label><input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" tabindex="3" aria-required="true"/>
+ <label class="screen-reader-text" for="newcat_parent"><?php _e('Parent category'); ?>:</label><?php wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?>
+ <input type="button" id="category-add-sumbit" class="add:categorychecklist:category-add button" value="<?php esc_attr_e( 'Add' ); ?>" tabindex="3" />
<?php wp_nonce_field( 'add-category', '_ajax_nonce', false ); ?>
<span id="category-ajax-response"></span>
</p>
</div>
</div>
- <div class="stuffbox">
- <h2><?php _e('Tags') ?></h2>
+ <div id="tagsdiv-post_tag" class="stuffbox" >
+ <h3><span><?php _e('Post Tags'); ?></span></h3>
<div class="inside">
-
- <div id="jaxtag">
- <label class="hidden" for="newtag"><?php _e('Tags'); ?></label>
- <input type="text" name="tags_input" class="tags-input" id="tags-input" size="40" tabindex="3" value="<?php echo get_tags_to_edit( $post->ID ); ?>" />
+ <div class="tagsdiv" id="post_tag">
+ <p class="jaxtag">
+ <label class="screen-reader-text" for="newtag"><?php _e('Post Tags'); ?></label>
+ <input type="hidden" name="tax_input[post_tag]" class="the-tags" id="tax-input[post_tag]" value="" />
+ <span class="ajaxtag" style="display:none;">
+ <input type="text" name="newtag[post_tag]" class="newtag form-input-tip" size="16" autocomplete="off" value="<?php esc_attr_e('Add new tag'); ?>" />
+ <input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" />
+ </span>
+ </p>
+ <div class="tagchecklist"></div>
</div>
- <div id="tagchecklist"></div>
- </div>
- </div>
- <div id="submitdiv" class="postbox">
- <h2><?php _e('Publish') ?></h2>
- <div class="inside">
- <p>
- <input class="button" type="submit" name="draft" value="<?php _e('Save Draft') ?>" id="save" />
- <input class="button-primary" type="submit" name="publish" value="<?php _e('Publish') ?>" id="publish" />
- <img src="images/loading-publish.gif" alt="" id="saving" style="display:none;"/>
- </p>
+ <p class="tagcloud-link"><a href="#titlediv" class="tagcloud-link" id="link-post_tag"><?php _e('Choose from the most used tags in Post Tags'); ?></a></p>
</div>
</div>
</div>
<div id="titlediv">
<div class="titlewrap">
- <input name="title" id="title" class="text" value="<?php echo attribute_escape($title);?>"/>
+ <input name="title" id="title" class="text" value="<?php echo esc_attr($title);?>"/>
</div>
</div>
<div class="postdivrich">
<ul id="actions">
+
<li id="photo_button">
- Add: <a title="<?php _e('Insert an Image'); ?>" href="#">
+ Add: <?php if ( current_user_can('upload_files') ) { ?><a title="<?php _e('Insert an Image'); ?>" href="#">
<img alt="<?php _e('Insert an Image'); ?>" src="images/media-button-image.gif"/></a>
+ <?php } ?>
</li>
<li id="video_button">
<a title="<?php _e('Embed a Video'); ?>" href="#"><img alt="<?php _e('Embed a Video'); ?>" src="images/media-button-video.gif"/></a>
<li id="switcher">
<?php wp_print_scripts( 'quicktags' ); ?>
<?php add_filter('the_editor_content', 'wp_richedit_pre'); ?>
- <a id="edButtonHTML" onclick="switchEditors.go('<?php echo $id; ?>', 'html');"><?php _e('HTML'); ?></a>
- <a id="edButtonPreview" class="active" onclick="switchEditors.go('<?php echo $id; ?>', 'tinymce');"><?php _e('Visual'); ?></a>
- <div class="zerosize"><input accesskey="e" type="button" onclick="switchEditors.go('<?php echo $id; ?>')" /></div>
+ <a id="edButtonHTML" onclick="switchEditors.go('content', 'html');"><?php _e('HTML'); ?></a>
+ <a id="edButtonPreview" class="active" onclick="switchEditors.go('content', 'tinymce');"><?php _e('Visual'); ?></a>
+ <div class="zerosize"><input accesskey="e" type="button" onclick="switchEditors.go('content')" /></div>
</li>
<?php } ?>
</ul>
</div>
</div>
</form>
+<?php do_action('admin_print_footer_scripts'); ?>
+<script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
</body>
</html>