* @since 2.5.0
*/
function the_media_upload_tabs() {
- global $redir_tab, $is_iphone;
+ global $redir_tab;
$tabs = media_upload_tabs();
-
- if ( $is_iphone ) {
- unset($tabs['type']);
- $default = 'type_url';
- } else {
- $default = 'type';
- }
+ $default = 'type';
if ( !empty($tabs) ) {
echo "<ul id='sidemenu'>\n";
$id = ( 0 < (int) $id ) ? 'attachment_' . $id : '';
- if ( ! preg_match( '/width="([0-9]+)/', $html, $matches ) )
+ if ( ! preg_match( '/width=["\']([0-9]+)/', $html, $matches ) )
return $html;
$width = $matches[1];
- $caption = str_replace( array( '>', '<', '"', "'" ),
- array( '>', '<', '"', ''' ),
- $caption
- );
+ $caption = str_replace( array("\r\n", "\r"), "\n", $caption);
+ $caption = preg_replace_callback( '/<[a-zA-Z0-9]+(?: [^<>]+>)*/', '_cleanup_image_add_caption', $caption );
+ // convert any remaining line breaks to <br>
+ $caption = preg_replace( '/[ \n\t]*\n[ \t]*/', '<br />', $caption );
$html = preg_replace( '/(class=["\'][^\'"]*)align(none|left|right|center)\s?/', '$1', $html );
if ( empty($align) )
$align = 'none';
- $shcode = '[caption id="' . $id . '" align="align' . $align
- . '" width="' . $width . '" caption="' . addslashes($caption) . '"]' . $html . '[/caption]';
+ $shcode = '[caption id="' . $id . '" align="align' . $align . '" width="' . $width . '"]' . $html . ' ' . $caption . '[/caption]';
return apply_filters( 'image_add_caption_shortcode', $shcode, $html );
}
add_filter( 'image_send_to_editor', 'image_add_caption', 20, 8 );
+/**
+ * Private preg_replace callback used in image_add_caption()
+ *
+ * @access private
+ * @since 3.4.0
+ */
+function _cleanup_image_add_caption( $matches ) {
+ // remove any line breaks from inside the tags
+ return preg_replace( '/[\r\n\t]+/', ' ', $matches[0] );
+}
+
/**
* {@internal Missing Short Description}}
*
//<![CDATA[
addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time(); ?>'};
-var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
+var ajaxurl = '<?php echo admin_url( 'admin-ajax.php', 'relative' ); ?>', pagenow = 'media-upload-popup', adminpage = 'media-upload-popup',
isRtl = <?php echo (int) is_rtl(); ?>;
//]]>
</script>
return "<a href='" . esc_url( get_upload_iframe_src($type) ) . "' id='{$id}-add_{$type}' class='thickbox add_$type' title='" . esc_attr( $title ) . "'><img src='" . esc_url( admin_url( $icon ) ) . "' alt='$title' onclick='return false;' /></a>";
}
-function get_upload_iframe_src( $type = null ) {
+function get_upload_iframe_src( $type = null, $post_id = null, $tab = null ) {
global $post_ID;
- $uploading_iframe_ID = (int) $post_ID;
- $upload_iframe_src = add_query_arg( 'post_id', $uploading_iframe_ID, admin_url('media-upload.php') );
+ if ( empty( $post_id ) )
+ $post_id = $post_ID;
+
+ $upload_iframe_src = add_query_arg( 'post_id', (int) $post_id, admin_url('media-upload.php') );
if ( $type && 'media' != $type )
$upload_iframe_src = add_query_arg('type', $type, $upload_iframe_src);
+ if ( ! empty( $tab ) )
+ $upload_iframe_src = add_query_arg('tab', $tab, $upload_iframe_src);
+
$upload_iframe_src = apply_filters($type . '_upload_iframe_src', $upload_iframe_src);
return add_query_arg('TB_iframe', true, $upload_iframe_src);
if ( isset($send_id) ) {
$attachment = stripslashes_deep( $_POST['attachments'][$send_id] );
- $html = $attachment['post_title'];
+ $html = isset( $attachment['post_title'] ) ? $attachment['post_title'] : '';
if ( !empty($attachment['url']) ) {
$rel = '';
if ( strpos($attachment['url'], 'attachment_id') || get_attachment_link($send_id) == $attachment['url'] )
* @return unknown
*/
function wp_media_upload_handler() {
- global $is_iphone;
-
$errors = array();
$id = 0;
return wp_iframe( 'media_upload_type_url_form', $type, $errors, $id );
}
- if ( $is_iphone )
- return wp_iframe( 'media_upload_type_url_form', 'image', $errors, $id );
- else
- return wp_iframe( 'media_upload_type_form', 'image', $errors, $id );
+ return wp_iframe( 'media_upload_type_form', 'image', $errors, $id );
}
/**
return "
<input type='text' class='text urlfield' name='attachments[$post->ID][url]' value='" . esc_attr($url) . "' /><br />
- <button type='button' class='button urlnone' title=''>" . __('None') . "</button>
- <button type='button' class='button urlfile' title='" . esc_attr($file) . "'>" . __('File URL') . "</button>
- <button type='button' class='button urlpost' title='" . esc_attr($link) . "'>" . __('Attachment Post URL') . "</button>
+ <button type='button' class='button urlnone' data-link-url=''>" . __('None') . "</button>
+ <button type='button' class='button urlfile' data-link-url='" . esc_attr($file) . "'>" . __('File URL') . "</button>
+ <button type='button' class='button urlpost' data-link-url='" . esc_attr($link) . "'>" . __('Attachment Post URL') . "</button>
";
}
+function wp_caption_input_textarea($edit_post) {
+ // post data is already escaped
+ $name = "attachments[{$edit_post->ID}][post_excerpt]";
+
+ return '<textarea name="' . $name . '" id="' . $name . '">' . $edit_post->post_excerpt . '</textarea>';
+}
+
/**
* {@internal Missing Short Description}}
*
$edit_post = sanitize_post($post, 'edit');
-
-
$form_fields = array(
'post_title' => array(
'label' => __('Title'),
'image_alt' => array(),
'post_excerpt' => array(
'label' => __('Caption'),
- 'value' => $edit_post->post_excerpt
+ 'input' => 'html',
+ 'html' => wp_caption_input_textarea($edit_post)
),
'post_content' => array(
'label' => __('Description'),
$item .= "</td></tr>\n";
-
-
$item .= "
</thead>
<tbody>
$delete = "<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='delete'>" . __( 'Delete Permanently' ) . '</a>';
} elseif ( !MEDIA_TRASH ) {
$delete = "<a href='#' class='del-link' onclick=\"document.getElementById('del_attachment_$attachment_id').style.display='block';return false;\">" . __( 'Delete' ) . "</a>
- <div id='del_attachment_$attachment_id' class='del-attachment' style='display:none;'>" . sprintf( __( 'You are about to delete <strong>%s</strong>.' ), $filename ) . "
+ <div id='del_attachment_$attachment_id' class='del-attachment' style='display:none;'><p>" . sprintf( __( 'You are about to delete <strong>%s</strong>.' ), $filename ) . "</p>
<a href='" . wp_nonce_url( "post.php?action=delete&post=$attachment_id", 'delete-attachment_' . $attachment_id ) . "' id='del[$attachment_id]' class='button'>" . __( 'Continue' ) . "</a>
<a href='#' class='button' onclick=\"this.parentNode.style.display='none';return false;\">" . __( 'Cancel' ) . "</a>
</div>";
if ( !empty( $field[ $field['input'] ] ) )
$item .= $field[ $field['input'] ];
elseif ( $field['input'] == 'textarea' ) {
- if ( user_can_richedit() ) { // textarea_escaped when user_can_richedit() = false
- $field['value'] = esc_textarea( $field['value'] );
+ if ( 'post_content' == $id && user_can_richedit() ) {
+ // sanitize_post() skips the post_content when user_can_richedit
+ $field['value'] = htmlspecialchars( $field['value'], ENT_QUOTES );
}
+ // post_excerpt is already escaped by sanitize_post() in get_attachment_fields_to_edit()
$item .= "<textarea id='$name' name='$name' $aria_required>" . $field['value'] . '</textarea>';
} else {
$item .= "<input type='text' class='text' id='$name' name='$name' value='" . esc_attr( $field['value'] ) . "' $aria_required />";
* @param unknown_type $errors
*/
function media_upload_form( $errors = null ) {
- global $type, $tab, $pagenow, $is_IE, $is_opera, $is_iphone;
+ global $type, $tab, $pagenow, $is_IE, $is_opera;
- if ( $is_iphone )
+ if ( ! _device_can_upload() ) {
+ echo '<p>' . __('The web browser on your device cannot be used to upload files. You may be able to use the <a href="http://wordpress.org/extend/mobile/">native app for your device</a> instead.') . '</p>';
return;
+ }
$upload_action_url = admin_url('async-upload.php');
$post_id = isset($_REQUEST['post_id']) ? intval($_REQUEST['post_id']) : 0;
* @param unknown_type $id
*/
function media_upload_type_form($type = 'file', $errors = null, $id = null) {
- global $is_iphone;
-
- if ( $is_iphone )
- return;
media_upload_header();
alt = f.alt.value.replace(/'/g, ''').replace(/"/g, '"').replace(/</g, '<').replace(/>/g, '>');
<?php if ( ! apply_filters( 'disable_captions', '' ) ) { ?>
- if ( f.caption.value )
- caption = f.caption.value.replace(/'/g, ''').replace(/"/g, '"').replace(/</g, '<').replace(/>/g, '>');
+ if ( f.caption.value ) {
+ caption = f.caption.value.replace(/\r\n|\r/g, '\n');
+ caption = caption.replace(/<[a-zA-Z0-9]+( [^<>]+)?>/g, function(a){
+ return a.replace(/[\r\n\t]+/, ' ');
+ });
+
+ caption = caption.replace(/\s*\n\s*/g, '<br />');
+ }
<?php } ?>
cls = caption ? '' : ' class="'+t.align+'"';
}
if ( caption )
- html = '[caption id="" align="'+t.align+'" width="'+t.width+'" caption="'+caption+'"]'+html+'[/caption]';
+ html = '[caption id="" align="'+t.align+'" width="'+t.width+'"]'+html+caption+'[/caption]';
var win = window.dialogArguments || opener || parent || top;
win.send_to_editor(html);
<input type="hidden" name="tab" value="<?php echo esc_attr( $tab ); ?>" />
<input type="hidden" name="post_id" value="<?php echo (int) $post_id; ?>" />
<input type="hidden" name="post_mime_type" value="<?php echo isset( $_GET['post_mime_type'] ) ? esc_attr( $_GET['post_mime_type'] ) : ''; ?>" />
+<input type="hidden" name="context" value="<?php echo isset( $_GET['context'] ) ? esc_attr( $_GET['context'] ) : ''; ?>" />
<p id="media-search" class="search-box">
<label class="screen-reader-text" for="media-search-input"><?php _e('Search Media');?>:</label>
- <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
+ <input type="search" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
<?php submit_button( __( 'Search Media' ), 'button', '', false ); ?>
</p>
<th valign="top" scope="row" class="label">
<span class="alignleft"><label for="caption">' . __('Image Caption') . '</label></span>
</th>
- <td class="field"><input id="caption" name="caption" value="" type="text" /></td>
+ <td class="field"><textarea id="caption" name="caption"></textarea></td>
</tr>
';
} else {
function media_upload_html_bypass() {
?>
<p class="upload-html-bypass hide-if-no-js">
- <?php _e('You are using the browser’s built-in file uploader. The new WordPress uploader includes multiple file selection and drag and drop capability. <a href="#">Switch to the new uploader</a>.'); ?>
+ <?php _e('You are using the browser’s built-in file uploader. The WordPress uploader includes multiple file selection and drag and drop capability. <a href="#">Switch to the multi-file uploader</a>.'); ?>
</p>
<?php
}