X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/03f2fa83c13c1b532284205fa7efcab9b8b2c41f..607b7e02d77e7326161e8ec15639052d2040f745:/wp-admin/includes/post.php
diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php
index fa3e400e..790b736c 100644
--- a/wp-admin/includes/post.php
+++ b/wp-admin/includes/post.php
@@ -30,14 +30,14 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
if ( 'page' == $post_data['post_type'] )
- return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
+ return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) );
else
- return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
+ return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) );
} elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
if ( 'page' == $post_data['post_type'] )
- return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
+ return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) );
else
- return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
+ return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) );
}
if ( isset( $post_data['content'] ) )
@@ -68,14 +68,14 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
&& ! current_user_can( $ptype->cap->edit_others_posts ) ) {
if ( $update ) {
if ( 'page' == $post_data['post_type'] )
- return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) );
+ return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) );
else
- return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) );
+ return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) );
} else {
if ( 'page' == $post_data['post_type'] )
- return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
+ return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) );
else
- return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) );
+ return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) );
}
}
@@ -165,6 +165,13 @@ function _wp_translate_postdata( $update = false, $post_data = null ) {
$post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
}
+ if ( isset( $post_data['post_category'] ) ) {
+ $category_object = get_taxonomy( 'category' );
+ if ( ! current_user_can( $category_object->cap->assign_terms ) ) {
+ unset( $post_data['post_category'] );
+ }
+ }
+
return $post_data;
}
@@ -203,9 +210,9 @@ function edit_post( $post_data = null ) {
$ptype = get_post_type_object($post_data['post_type']);
if ( !current_user_can( 'edit_post', $post_ID ) ) {
if ( 'page' == $post_data['post_type'] )
- wp_die( __('You are not allowed to edit this page.' ));
+ wp_die( __('Sorry, you are not allowed to edit this page.' ));
else
- wp_die( __('You are not allowed to edit this post.' ));
+ wp_die( __('Sorry, you are not allowed to edit this post.' ));
}
if ( post_type_supports( $ptype->name, 'revisions' ) ) {
@@ -421,9 +428,9 @@ function bulk_edit_posts( $post_data = null ) {
if ( !current_user_can( $ptype->cap->edit_posts ) ) {
if ( 'page' == $ptype->name )
- wp_die( __('You are not allowed to edit pages.'));
+ wp_die( __('Sorry, you are not allowed to edit pages.'));
else
- wp_die( __('You are not allowed to edit posts.'));
+ wp_die( __('Sorry, you are not allowed to edit posts.'));
}
if ( -1 == $post_data['_status'] ) {
@@ -622,7 +629,7 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false )
}
/**
- * Filter the default post content initially used in the "Write Post" form.
+ * Filters the default post content initially used in the "Write Post" form.
*
* @since 1.5.0
*
@@ -632,7 +639,7 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false )
$post->post_content = apply_filters( 'default_content', $post_content, $post );
/**
- * Filter the default post title initially used in the "Write Post" form.
+ * Filters the default post title initially used in the "Write Post" form.
*
* @since 1.5.0
*
@@ -642,7 +649,7 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false )
$post->post_title = apply_filters( 'default_title', $post_title, $post );
/**
- * Filter the default post excerpt initially used in the "Write Post" form.
+ * Filters the default post excerpt initially used in the "Write Post" form.
*
* @since 1.5.0
*
@@ -687,7 +694,7 @@ function post_exists($title, $content = '', $date = '') {
}
if ( !empty ( $content ) ) {
- $query .= 'AND post_content = %s';
+ $query .= ' AND post_content = %s';
$args[] = $post_content;
}
@@ -714,9 +721,9 @@ function wp_write_post() {
if ( !current_user_can( $ptype->cap->edit_posts ) ) {
if ( 'page' == $ptype->name )
- return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this site.' ) );
+ return new WP_Error( 'edit_pages', __( 'Sorry, you are not allowed to create pages on this site.' ) );
else
- return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this site.' ) );
+ return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to create posts or drafts on this site.' ) );
}
$_POST['post_mime_type'] = '';
@@ -1022,7 +1029,7 @@ function wp_edit_posts_query( $q = false ) {
$posts_per_page = 20;
/**
- * Filter the number of items per page to show for a specific 'per_page' type.
+ * Filters the number of items per page to show for a specific 'per_page' type.
*
* The dynamic portion of the hook name, `$post_type`, refers to the post type.
*
@@ -1037,7 +1044,7 @@ function wp_edit_posts_query( $q = false ) {
$posts_per_page = apply_filters( "edit_{$post_type}_per_page", $posts_per_page );
/**
- * Filter the number of posts displayed per page when specifically listing "posts".
+ * Filters the number of posts displayed per page when specifically listing "posts".
*
* @since 2.8.0
*
@@ -1113,7 +1120,7 @@ function wp_edit_attachments_query_vars( $q = false ) {
}
/**
- * Filter the number of items to list per page when listing media items.
+ * Filters the number of items to list per page when listing media items.
*
* @since 2.9.0
*
@@ -1159,7 +1166,7 @@ function wp_edit_attachments_query( $q = false ) {
}
/**
- * Returns the list of classes to be used by a metabox
+ * Returns the list of classes to be used by a meta box.
*
* @since 2.5.0
*
@@ -1181,7 +1188,7 @@ function postbox_classes( $id, $page ) {
}
/**
- * Filter the postbox classes for a specific screen and screen ID combo.
+ * Filters the postbox classes for a specific screen and screen ID combo.
*
* The dynamic portions of the hook name, `$page` and `$id`, refer to
* the screen and screen ID, respectively.
@@ -1259,7 +1266,7 @@ function get_sample_permalink($id, $title = null, $name = null) {
unset($post->filter);
/**
- * Filter the sample permalink.
+ * Filters the sample permalink.
*
* @since 4.4.0
*
@@ -1294,15 +1301,14 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
if ( current_user_can( 'read_post', $post->ID ) ) {
if ( 'draft' === $post->post_status ) {
- $draft_link = set_url_scheme( get_permalink( $post->ID ) );
- $view_link = get_preview_post_link( $post, array(), $draft_link );
+ $view_link = get_preview_post_link( $post );
$preview_target = " target='wp-preview-{$post->ID}'";
} else {
if ( 'publish' === $post->post_status || 'attachment' === $post->post_type ) {
$view_link = get_permalink( $post );
} else {
// Allow non-published (private, future) to be viewed at a pretty permalink.
- $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, urldecode( $permalink ) );
+ $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, $permalink );
}
}
}
@@ -1312,7 +1318,8 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
$return = '' . __( 'Permalink:' ) . "\n";
if ( false !== $view_link ) {
- $return .= '' . $view_link . "\n";
+ $display_link = urldecode( $view_link );
+ $return .= '' . esc_html( $display_link ) . "\n";
} else {
$return .= '' . $permalink . "\n";
}
@@ -1322,32 +1329,24 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
$return .= '' . __('Change Permalinks') . "\n";
}
} else {
- if ( function_exists( 'mb_strlen' ) ) {
- if ( mb_strlen( $post_name ) > 34 ) {
- $post_name_abridged = mb_substr( $post_name, 0, 16 ) . '…' . mb_substr( $post_name, -16 );
- } else {
- $post_name_abridged = $post_name;
- }
+ if ( mb_strlen( $post_name ) > 34 ) {
+ $post_name_abridged = mb_substr( $post_name, 0, 16 ) . '…' . mb_substr( $post_name, -16 );
} else {
- if ( strlen( $post_name ) > 34 ) {
- $post_name_abridged = substr( $post_name, 0, 16 ) . '…' . substr( $post_name, -16 );
- } else {
- $post_name_abridged = $post_name;
- }
+ $post_name_abridged = $post_name;
}
- $post_name_html = '' . $post_name_abridged . '';
- $display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, urldecode( $permalink ) );
+ $post_name_html = '' . esc_html( $post_name_abridged ) . '';
+ $display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, esc_html( urldecode( $permalink ) ) );
$return = '' . __( 'Permalink:' ) . "\n";
$return .= '' . $display_link . "\n";
$return .= ''; // Fix bi-directional text display defect in RTL languages.
$return .= '\n";
- $return .= '' . $post_name . "\n";
+ $return .= '' . esc_html( $post_name ) . "\n";
}
/**
- * Filter the sample permalink HTML markup.
+ * Filters the sample permalink HTML markup.
*
* @since 2.9.0
* @since 4.4.0 Added `$post` parameter.
@@ -1368,7 +1367,6 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
*
* @since 2.9.0
*
- * @global int $content_width
* @global array $_wp_additional_image_sizes
*
* @param int $thumbnail_id ID of the attachment used for thumbnail
@@ -1376,16 +1374,16 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) {
* @return string html
*/
function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) {
- global $content_width, $_wp_additional_image_sizes;
+ global $_wp_additional_image_sizes;
$post = get_post( $post );
$post_type_object = get_post_type_object( $post->post_type );
- $set_thumbnail_link = '
';
}
}
+ $content .= '';
+
/**
- * Filter the admin post thumbnail HTML markup to return.
+ * Filters the admin post thumbnail HTML markup to return.
*
* @since 2.9.0
+ * @since 3.5.0 Added the `$post_id` parameter.
+ * @since 4.6.0 Added the `$thumbnail_id` parameter.
*
- * @param string $content Admin post thumbnail HTML markup.
- * @param int $post_id Post ID.
+ * @param string $content Admin post thumbnail HTML markup.
+ * @param int $post_id Post ID.
+ * @param int $thumbnail_id Thumbnail ID.
*/
- return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID );
+ return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID, $thumbnail_id );
}
/**
@@ -1501,7 +1504,7 @@ function _admin_notice_post_locked() {
if ( $user ) {
/**
- * Filter whether to show the post locked dialog.
+ * Filters whether to show the post locked dialog.
*
* Returning a falsey value to the filter will short-circuit displaying the dialog.
*
@@ -1553,7 +1556,7 @@ function _admin_notice_post_locked() {
$preview_link = get_preview_post_link( $post->ID, $query_args );
/**
- * Filter whether to allow the post lock to be overridden.
+ * Filters whether to allow the post lock to be overridden.
*
* Returning a falsey value to the filter will disable the ability
* to override the post lock.
@@ -1648,7 +1651,7 @@ function _admin_notice_post_locked() {
function wp_create_post_autosave( $post_data ) {
if ( is_numeric( $post_data ) ) {
$post_id = $post_data;
- $post_data = &$_POST;
+ $post_data = $_POST;
} else {
$post_id = (int) $post_data['post_ID'];
}
@@ -1661,14 +1664,14 @@ function wp_create_post_autosave( $post_data ) {
// Store one autosave per author. If there is already an autosave, overwrite it.
if ( $old_autosave = wp_get_post_autosave( $post_id, $post_author ) ) {
- $new_autosave = _wp_post_revision_fields( $post_data, true );
+ $new_autosave = _wp_post_revision_data( $post_data, true );
$new_autosave['ID'] = $old_autosave->ID;
$new_autosave['post_author'] = $post_author;
// If the new autosave has the same content as the post, delete the autosave.
$post = get_post( $post_id );
$autosave_is_different = false;
- foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields() ) ) as $field ) {
+ foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields( $post ) ) ) as $field ) {
if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
$autosave_is_different = true;
break;
@@ -1713,11 +1716,11 @@ function post_preview() {
$_POST['ID'] = $post_ID;
if ( ! $post = get_post( $post_ID ) ) {
- wp_die( __( 'You are not allowed to edit this post.' ) );
+ wp_die( __( 'Sorry, you are not allowed to edit this post.' ) );
}
if ( ! current_user_can( 'edit_post', $post->ID ) ) {
- wp_die( __( 'You are not allowed to edit this post.' ) );
+ wp_die( __( 'Sorry, you are not allowed to edit this post.' ) );
}
$is_autosave = false;
@@ -1742,8 +1745,13 @@ function post_preview() {
$query_args['preview_id'] = $post->ID;
$query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $post->ID );
- if ( isset( $_POST['post_format'] ) )
+ if ( isset( $_POST['post_format'] ) ) {
$query_args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] );
+ }
+
+ if ( isset( $_POST['_thumbnail_id'] ) ) {
+ $query_args['_thumbnail_id'] = ( intval( $_POST['_thumbnail_id'] ) <= 0 ) ? '-1' : intval( $_POST['_thumbnail_id'] );
+ }
}
return get_preview_post_link( $post, $query_args );
@@ -1758,7 +1766,7 @@ function post_preview() {
*
* @param array $post_data Associative array of the submitted post data.
* @return mixed The value 0 or WP_Error on failure. The saved post ID on success.
- * Te ID can be the draft post_id or the autosave revision post_id.
+ * The ID can be the draft post_id or the autosave revision post_id.
*/
function wp_autosave( $post_data ) {
// Back-compat
@@ -1775,7 +1783,7 @@ function wp_autosave( $post_data ) {
$post = get_post( $post_id );
if ( ! current_user_can( 'edit_post', $post->ID ) ) {
- return new WP_Error( 'edit_posts', __( 'You are not allowed to edit this item.' ) );
+ return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to edit this item.' ) );
}
if ( 'auto-draft' == $post->post_status )
@@ -1831,7 +1839,7 @@ function redirect_post($post_id = '') {
}
/**
- * Filter the post redirect destination URL.
+ * Filters the post redirect destination URL.
*
* @since 2.9.0
*
@@ -1840,4 +1848,4 @@ function redirect_post($post_id = '') {
*/
wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) );
exit;
-}
\ No newline at end of file
+}