* @since 4.2.0
*/
class WP_Press_This {
-
// Used to trigger the bookmarklet update notice.
+ const VERSION = 8;
public $version = 8;
private $images = array();
public function site_settings() {
return array(
/**
- * Filter whether or not Press This should redirect the user in the parent window upon save.
+ * Filters whether or not Press This should redirect the user in the parent window upon save.
*
* @since 4.2.0
*
- * @param bool false Whether to redirect in parent window or not. Default false.
+ * @param bool $redirect Whether to redirect in parent window or not. Default false.
*/
'redirInParent' => apply_filters( 'press_this_redirect_in_parent', false ),
);
}
}
- // Edxpected slashed
+ // Expected slashed
return wp_slash( $content );
}
/**
- * AJAX handler for saving the post as draft or published.
+ * Ajax handler for saving the post as draft or published.
*
* @since 4.2.0
* @access public
wp_send_json_error( array( 'errorMessage' => __( 'Invalid post.' ) ) );
}
- $post = array(
+ $post_data = array(
'ID' => $post_id,
'post_title' => ( ! empty( $_POST['post_title'] ) ) ? sanitize_text_field( trim( $_POST['post_title'] ) ) : '',
'post_content' => ( ! empty( $_POST['post_content'] ) ) ? trim( $_POST['post_content'] ) : '',
'post_type' => 'post',
'post_status' => 'draft',
'post_format' => ( ! empty( $_POST['post_format'] ) ) ? sanitize_text_field( $_POST['post_format'] ) : '',
- 'tax_input' => ( ! empty( $_POST['tax_input'] ) ) ? $_POST['tax_input'] : array(),
- 'post_category' => ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array(),
);
+ // Only accept categories if the user actually can assign
+ $category_tax = get_taxonomy( 'category' );
+ if ( current_user_can( $category_tax->cap->assign_terms ) ) {
+ $post_data['post_category'] = ( ! empty( $_POST['post_category'] ) ) ? $_POST['post_category'] : array();
+ }
+
+ // Only accept taxonomies if the user can actually assign
+ if ( ! empty( $_POST['tax_input'] ) ) {
+ $tax_input = $_POST['tax_input'];
+ foreach ( $tax_input as $tax => $_ti ) {
+ $tax_object = get_taxonomy( $tax );
+ if ( ! $tax_object || ! current_user_can( $tax_object->cap->assign_terms ) ) {
+ unset( $tax_input[ $tax ] );
+ }
+ }
+
+ $post_data['tax_input'] = $tax_input;
+ }
+
+ // Toggle status to pending if user cannot actually publish
if ( ! empty( $_POST['post_status'] ) && 'publish' === $_POST['post_status'] ) {
if ( current_user_can( 'publish_posts' ) ) {
- $post['post_status'] = 'publish';
+ $post_data['post_status'] = 'publish';
} else {
- $post['post_status'] = 'pending';
+ $post_data['post_status'] = 'pending';
}
}
- $post['post_content'] = $this->side_load_images( $post_id, $post['post_content'] );
+ $post_data['post_content'] = $this->side_load_images( $post_id, $post_data['post_content'] );
- $updated = wp_update_post( $post, true );
+ /**
+ * Filters the post data of a Press This post before saving/updating.
+ *
+ * The {@see 'side_load_images'} action has already run at this point.
+ *
+ * @since 4.5.0
+ *
+ * @param array $post_data The post data.
+ */
+ $post_data = apply_filters( 'press_this_save_post', $post_data );
+
+ $updated = wp_update_post( $post_data, true );
if ( is_wp_error( $updated ) ) {
wp_send_json_error( array( 'errorMessage' => $updated->get_error_message() ) );
} else {
- if ( isset( $post['post_format'] ) ) {
- if ( current_theme_supports( 'post-formats', $post['post_format'] ) ) {
- set_post_format( $post_id, $post['post_format'] );
- } elseif ( $post['post_format'] ) {
+ if ( isset( $post_data['post_format'] ) ) {
+ if ( current_theme_supports( 'post-formats', $post_data['post_format'] ) ) {
+ set_post_format( $post_id, $post_data['post_format'] );
+ } elseif ( $post_data['post_format'] ) {
set_post_format( $post_id, false );
}
}
}
/**
- * Filter the URL to redirect to when Press This saves.
+ * Filters the URL to redirect to when Press This saves.
*
* @since 4.2.0
*
* @param int $post_id Post ID.
* @param string $status Post status.
*/
- $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post['post_status'] );
+ $redirect = apply_filters( 'press_this_save_redirect', $redirect, $post_id, $post_data['post_status'] );
if ( $redirect ) {
wp_send_json_success( array( 'redirect' => $redirect, 'force' => $forceRedirect ) );
}
/**
- * AJAX handler for adding a new category.
+ * Ajax handler for adding a new category.
*
* @since 4.2.0
* @access public
* @return string Source's HTML sanitized markup
*/
public function fetch_source_html( $url ) {
- global $wp_version;
-
if ( empty( $url ) ) {
return new WP_Error( 'invalid-url', __( 'A valid URL was not provided.' ) );
}
$remote_url = wp_safe_remote_get( $url, array(
'timeout' => 30,
// Use an explicit user-agent for Press This
- 'user-agent' => 'Press This (WordPress/' . $wp_version . '); ' . get_bloginfo( 'url' )
+ 'user-agent' => 'Press This (WordPress/' . get_bloginfo( 'version' ) . '); ' . get_bloginfo( 'url' )
) );
if ( is_wp_error( $remote_url ) ) {
return $remote_url;
}
- $useful_html_elements = array(
+ $allowed_elements = array(
'img' => array(
'src' => true,
'width' => true,
);
$source_content = wp_remote_retrieve_body( $remote_url );
- $source_content = wp_kses( $source_content, $useful_html_elements );
+ $source_content = wp_kses( $source_content, $allowed_elements );
return $source_content;
}
return ''; // Return empty rather than a truncated/invalid URL
}
- // Does not look like an URL.
+ // Does not look like a URL.
if ( ! preg_match( '/^([!#$&-;=?-\[\]_a-z~]|%[0-9a-fA-F]{2})+$/', $url ) ) {
return '';
}
/**
* Utility method to limit image source URLs.
*
- * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WP interface images,
- * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WP stats gif.
+ * Excluded URLs include share-this type buttons, loaders, spinners, spacers, WordPress interface images,
+ * tiny buttons or thumbs, mathtag.com or quantserve.com images, or the WordPress.com stats gif.
*
* @ignore
* @since 4.2.0
private function _limit_img( $src ) {
$src = $this->_limit_url( $src );
- if ( preg_match( '/\/ad[sx]{1}?\//', $src ) ) {
+ if ( preg_match( '!/ad[sx]?/!i', $src ) ) {
// Ads
return '';
- } else if ( preg_match( '/(\/share-?this[^\.]+?\.[a-z0-9]{3,4})(\?.*)?$/', $src ) ) {
+ } else if ( preg_match( '!(/share-?this[^.]+?\.[a-z0-9]{3,4})(\?.*)?$!i', $src ) ) {
// Share-this type button
return '';
- } else if ( preg_match( '/\/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)/', $src ) ) {
+ } else if ( preg_match( '!/(spinner|loading|spacer|blank|rss)\.(gif|jpg|png)!i', $src ) ) {
// Loaders, spinners, spacers
return '';
- } else if ( preg_match( '/\/([^\.\/]+[-_]{1})?(spinner|loading|spacer|blank)s?([-_]{1}[^\.\/]+)?\.[a-z0-9]{3,4}/', $src ) ) {
+ } else if ( preg_match( '!/([^./]+[-_])?(spinner|loading|spacer|blank)s?([-_][^./]+)?\.[a-z0-9]{3,4}!i', $src ) ) {
// Fancy loaders, spinners, spacers
return '';
- } else if ( preg_match( '/([^\.\/]+[-_]{1})?thumb[^.]*\.(gif|jpg|png)$/', $src ) ) {
+ } else if ( preg_match( '!([^./]+[-_])?thumb[^.]*\.(gif|jpg|png)$!i', $src ) ) {
// Thumbnails, too small, usually irrelevant to context
return '';
- } else if ( preg_match( '/\/wp-includes\//', $src ) ) {
- // Classic WP interface images
+ } else if ( false !== stripos( $src, '/wp-includes/' ) ) {
+ // Classic WordPress interface images
return '';
- } else if ( preg_match( '/[^\d]{1}\d{1,2}x\d+\.(gif|jpg|png)$/', $src ) ) {
+ } else if ( preg_match( '![^\d]\d{1,2}x\d+\.(gif|jpg|png)$!i', $src ) ) {
// Most often tiny buttons/thumbs (< 100px wide)
return '';
- } else if ( preg_match( '/\/pixel\.(mathtag|quantserve)\.com/', $src ) ) {
+ } else if ( preg_match( '!/pixel\.(mathtag|quantserve)\.com!i', $src ) ) {
// See mathtag.com and https://www.quantcast.com/how-we-do-it/iab-standard-measurement/how-we-collect-data/
return '';
- } else if ( preg_match( '/\/[gb]\.gif(\?.+)?$/', $src ) ) {
- // Classic WP stats gif
+ } else if ( preg_match( '!/[gb]\.gif(\?.+)?$!i', $src ) ) {
+ // WordPress.com stats gif
return '';
}
* @since 4.2.0
*
* @param string $src Embed source URL.
- * @return string If not from a supported provider, an empty string. Otherwise, a reformattd embed URL.
+ * @return string If not from a supported provider, an empty string. Otherwise, a reformatted embed URL.
*/
private function _limit_embed( $src ) {
$src = $this->_limit_url( $src );
if ( empty( $src ) )
return '';
- if ( preg_match( '/\/\/(m|www)\.youtube\.com\/(embed|v)\/([^\?]+)\?.+$/', $src, $src_matches ) ) {
+ if ( preg_match( '!//(m|www)\.youtube\.com/(embed|v)/([^?]+)\?.+$!i', $src, $src_matches ) ) {
// Embedded Youtube videos (www or mobile)
$src = 'https://www.youtube.com/watch?v=' . $src_matches[3];
- } else if ( preg_match( '/\/\/player\.vimeo\.com\/video\/([\d]+)([\?\/]{1}.*)?$/', $src, $src_matches ) ) {
+ } else if ( preg_match( '!//player\.vimeo\.com/video/([\d]+)([?/].*)?$!i', $src, $src_matches ) ) {
// Embedded Vimeo iframe videos
$src = 'https://vimeo.com/' . (int) $src_matches[1];
- } else if ( preg_match( '/\/\/vimeo\.com\/moogaloop\.swf\?clip_id=([\d]+)$/', $src, $src_matches ) ) {
+ } else if ( preg_match( '!//vimeo\.com/moogaloop\.swf\?clip_id=([\d]+)$!i', $src, $src_matches ) ) {
// Embedded Vimeo Flash videos
$src = 'https://vimeo.com/' . (int) $src_matches[1];
- } else if ( preg_match( '/\/\/vine\.co\/v\/([^\/]+)\/embed/', $src, $src_matches ) ) {
+ } else if ( preg_match( '!//vine\.co/v/([^/]+)/embed!i', $src, $src_matches ) ) {
// Embedded Vine videos
$src = 'https://vine.co/v/' . $src_matches[1];
- } else if ( preg_match( '/\/\/(www\.)?dailymotion\.com\/embed\/video\/([^\/\?]+)([\/\?]{1}.+)?/', $src, $src_matches ) ) {
+ } else if ( preg_match( '!//(www\.)?dailymotion\.com/embed/video/([^/?]+)([/?].+)?!i', $src, $src_matches ) ) {
// Embedded Daily Motion videos
$src = 'https://www.dailymotion.com/video/' . $src_matches[2];
} else {
- require_once( ABSPATH . WPINC . '/class-oembed.php' );
$oembed = _wp_oembed_get_object();
if ( ! $oembed->get_provider( $src, array( 'discover' => false ) ) ) {
}
/**
- * Filter whether to enable in-source media discovery in Press This.
+ * Filters whether to enable in-source media discovery in Press This.
*
* @since 4.2.0
*
}
/**
- * Filter the Press This data array.
+ * Filters the Press This data array.
*
* @since 4.2.0
*
$press_this = str_replace( '.css', '-rtl.css', $press_this );
}
- $open_sans_font_url = '';
-
- /* translators: If there are characters in your language that are not supported
- * by Open Sans, translate this to 'off'. Do not translate into your own language.
- */
- if ( 'off' !== _x( 'on', 'Open Sans font: on or off' ) ) {
- $subsets = 'latin,latin-ext';
-
- /* translators: To add an additional Open Sans character subset specific to your language,
- * translate this to 'greek', 'cyrillic' or 'vietnamese'. Do not translate into your own language.
- */
- $subset = _x( 'no-subset', 'Open Sans font: add new subset (greek, cyrillic, vietnamese)' );
-
- if ( 'cyrillic' == $subset ) {
- $subsets .= ',cyrillic,cyrillic-ext';
- } elseif ( 'greek' == $subset ) {
- $subsets .= ',greek,greek-ext';
- } elseif ( 'vietnamese' == $subset ) {
- $subsets .= ',vietnamese';
- }
-
- $query_args = array(
- 'family' => urlencode( 'Open Sans:400italic,700italic,400,600,700' ),
- 'subset' => urlencode( $subsets ),
- );
-
- $open_sans_font_url = ',' . add_query_arg( $query_args, 'https://fonts.googleapis.com/css' );
- }
-
- return $styles . $press_this . $open_sans_font_url;
+ return $styles . $press_this;
}
/**
public function categories_html( $post ) {
$taxonomy = get_taxonomy( 'category' );
+ // Bail if user cannot assign terms
+ if ( ! current_user_can( $taxonomy->cap->assign_terms ) ) {
+ return;
+ }
+
+ // Only show "add" if user can edit terms
if ( current_user_can( $taxonomy->cap->edit_terms ) ) {
?>
- <button type="button" class="add-cat-toggle button-subtle" aria-expanded="false">
+ <button type="button" class="add-cat-toggle button-link" aria-expanded="false">
<span class="dashicons dashicons-plus"></span><span class="screen-reader-text"><?php _e( 'Toggle add category' ); ?></span>
</button>
<div class="add-category is-hidden">
if ( $user_can_assign_terms ) {
?>
- <button type="button" class="button-reset button-link tagcloud-link" id="link-post_tag"><?php echo $taxonomy->labels->choose_from_most_used; ?></button>
+ <button type="button" class="button-link tagcloud-link" id="link-post_tag" aria-expanded="false"><?php echo $taxonomy->labels->choose_from_most_used; ?></button>
<?php
}
}
}
if ( ! empty( $data['_embeds'] ) ) {
- foreach( $data['_embeds'] as $src ) {
+ foreach ( $data['_embeds'] as $src ) {
$prot_relative_src = preg_replace( '/^https?:/', '', $src );
if ( in_array( $prot_relative_src, $this->embeds ) ) {
$selected_images = array();
if ( ! empty( $data['_images'] ) ) {
- foreach( $data['_images'] as $src ) {
+ foreach ( $data['_images'] as $src ) {
if ( false !== strpos( $src, 'gravatar.com' ) ) {
$src = preg_replace( '%http://[\d]+\.gravatar\.com/%', 'https://secure.gravatar.com/', $src );
}
}
/**
- * Filter the default HTML for the Press This editor.
+ * Filters the default HTML tags used in the suggested content for the editor.
+ *
+ * The HTML strings use printf format. After filtering the content is added at the specified places with `sprintf()`.
*
* @since 4.2.0
*
- * @param array $default_html Associative array with two keys: 'quote' where %1$s is replaced with the site description
- * or the selected content, and 'link' there %1$s is link href, %2$s is link text.
+ * @param array $default_html Associative array with three possible keys:
+ * - 'quote' where %1$s is replaced with the site description or the selected content.
+ * - 'link' where %1$s is link href, %2$s is link text, usually the source page title.
+ * - 'embed' which contains an [embed] shortcode when the source page offers embeddable content.
+ * @param array $data Associative array containing the data from the source page.
*/
$default_html = apply_filters( 'press_this_suggested_html', $default_html, $data );
* @access public
*
* @global WP_Locale $wp_locale
- * @global string $wp_version
* @global bool $is_IE
*/
public function html() {
- global $wp_locale, $wp_version;
+ global $wp_locale;
+
+ $wp_version = get_bloginfo( 'version' );
// Get data, new (POST) and old (GET).
$data = $this->merge_or_fetch_data();
wp_enqueue_script( 'json2' );
wp_enqueue_script( 'editor' );
+ $categories_tax = get_taxonomy( 'category' );
+ $show_categories = current_user_can( $categories_tax->cap->assign_terms ) || current_user_can( $categories_tax->cap->edit_terms );
+
+ $tag_tax = get_taxonomy( 'post_tag' );
+ $show_tags = current_user_can( $tag_tax->cap->assign_terms );
+
$supports_formats = false;
$post_format = 0;
$admin_body_class .= ' branch-' . str_replace( array( '.', ',' ), '-', floatval( $wp_version ) );
$admin_body_class .= ' version-' . str_replace( '.', '-', preg_replace( '/^([.0-9]+).*/', '$1', $wp_version ) );
$admin_body_class .= ' admin-color-' . sanitize_html_class( get_user_option( 'admin_color' ), 'fresh' );
- $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_locale() ) ) );
+ $admin_body_class .= ' locale-' . sanitize_html_class( strtolower( str_replace( '_', '-', get_user_locale() ) ) );
/** This filter is documented in wp-admin/admin-header.php */
$admin_body_classes = apply_filters( 'admin_body_class', '' );
<span class="current-site-name"><?php bloginfo( 'name' ); ?></span>
</a>
</h1>
- <button type="button" class="options button-subtle closed">
+ <button type="button" class="options button-link closed">
<span class="dashicons dashicons-tag on-closed"></span>
<span class="screen-reader-text on-closed"><?php _e( 'Show post options' ); ?></span>
<span aria-hidden="true" class="on-open"><?php _e( 'Done' ); ?></span>
<div class="post-options">
<?php if ( $supports_formats ) : ?>
- <button type="button" class="button-reset post-option">
+ <button type="button" class="button-link post-option">
<span class="dashicons dashicons-admin-post"></span>
<span class="post-option-title"><?php _ex( 'Format', 'post format' ); ?></span>
<span class="post-option-contents" id="post-option-post-format"><?php echo esc_html( get_post_format_string( $post_format ) ); ?></span>
</button>
<?php endif; ?>
- <button type="button" class="button-reset post-option">
- <span class="dashicons dashicons-category"></span>
- <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
- <span class="dashicons post-option-forward"></span>
- </button>
-
- <button type="button" class="button-reset post-option">
- <span class="dashicons dashicons-tag"></span>
- <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
- <span class="dashicons post-option-forward"></span>
- </button>
+ <?php if ( $show_categories ) : ?>
+ <button type="button" class="button-link post-option">
+ <span class="dashicons dashicons-category"></span>
+ <span class="post-option-title"><?php _e( 'Categories' ); ?></span>
+ <span class="dashicons post-option-forward"></span>
+ </button>
+ <?php endif; ?>
+
+ <?php if ( $show_tags ) : ?>
+ <button type="button" class="button-link post-option">
+ <span class="dashicons dashicons-tag"></span>
+ <span class="post-option-title"><?php _e( 'Tags' ); ?></span>
+ <span class="dashicons post-option-forward"></span>
+ </button>
+ <?php endif; ?>
</div>
<?php if ( $supports_formats ) : ?>
<div class="setting-modal is-off-screen is-hidden">
- <button type="button" class="button-reset modal-close">
+ <button type="button" class="button-link modal-close">
<span class="dashicons post-option-back"></span>
<span class="setting-title" aria-hidden="true"><?php _ex( 'Format', 'post format' ); ?></span>
<span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
</div>
<?php endif; ?>
- <div class="setting-modal is-off-screen is-hidden">
- <button type="button" class="button-reset modal-close">
- <span class="dashicons post-option-back"></span>
- <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
- <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
- </button>
- <?php $this->categories_html( $post ); ?>
- </div>
+ <?php if ( $show_categories ) : ?>
+ <div class="setting-modal is-off-screen is-hidden">
+ <button type="button" class="button-link modal-close">
+ <span class="dashicons post-option-back"></span>
+ <span class="setting-title" aria-hidden="true"><?php _e( 'Categories' ); ?></span>
+ <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
+ </button>
+ <?php $this->categories_html( $post ); ?>
+ </div>
+ <?php endif; ?>
- <div class="setting-modal tags is-off-screen is-hidden">
- <button type="button" class="button-reset modal-close">
- <span class="dashicons post-option-back"></span>
- <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
- <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
- </button>
- <?php $this->tags_html( $post ); ?>
- </div>
+ <?php if ( $show_tags ) : ?>
+ <div class="setting-modal tags is-off-screen is-hidden">
+ <button type="button" class="button-link modal-close">
+ <span class="dashicons post-option-back"></span>
+ <span class="setting-title" aria-hidden="true"><?php _e( 'Tags' ); ?></span>
+ <span class="screen-reader-text"><?php _e( 'Back to post options' ) ?></span>
+ </button>
+ <?php $this->tags_html( $post ); ?>
+ </div>
+ <?php endif; ?>
</div><!-- .options-panel -->
</div><!-- .wrapper -->
<div class="press-this-actions">
<div class="pressthis-media-buttons">
- <button type="button" class="insert-media button-subtle" data-editor="pressthis">
+ <button type="button" class="insert-media button-link" data-editor="pressthis">
<span class="dashicons dashicons-admin-media"></span>
<span class="screen-reader-text"><?php _e( 'Add Media' ); ?></span>
</button>
<div class="split-button-head">
<button type="button" class="publish-button split-button-primary" aria-live="polite">
<span class="publish"><?php echo ( current_user_can( 'publish_posts' ) ) ? __( 'Publish' ) : __( 'Submit for Review' ); ?></span>
- <span class="saving-draft"><?php _e( 'Saving...' ); ?></span>
+ <span class="saving-draft"><?php _e( 'Saving…' ); ?></span>
</button><button type="button" class="split-button-toggle" aria-haspopup="true" aria-expanded="false">
<i class="dashicons dashicons-arrow-down-alt2"></i>
<span class="screen-reader-text"><?php _e('More actions'); ?></span>
</button>
</div>
<ul class="split-button-body">
- <li><button type="button" class="button-subtle draft-button split-button-option"><?php _e( 'Save Draft' ); ?></button></li>
- <li><button type="button" class="button-subtle standard-editor-button split-button-option"><?php _e( 'Standard Editor' ); ?></button></li>
- <li><button type="button" class="button-subtle preview-button split-button-option"><?php _e( 'Preview' ); ?></button></li>
+ <li><button type="button" class="button-link draft-button split-button-option"><?php _e( 'Save Draft' ); ?></button></li>
+ <li><button type="button" class="button-link standard-editor-button split-button-option"><?php _e( 'Standard Editor' ); ?></button></li>
+ <li><button type="button" class="button-link preview-button split-button-option"><?php _e( 'Preview' ); ?></button></li>
</ul>
</div>
</div>
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_footer' );
+ /** This action is documented in wp-admin/admin-footer.php */
+ do_action( 'admin_print_footer_scripts-press-this.php' );
+
/** This action is documented in wp-admin/admin-footer.php */
do_action( 'admin_print_footer_scripts' );
die();
}
}
-
-/**
- *
- * @global WP_Press_This $wp_press_this
- */
-$GLOBALS['wp_press_this'] = new WP_Press_This;