X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/1c09677af04c9e37714e09b73eb9dbc5b2e3eb13..cc5aa27dd564435b195ea084fa46b3069e78bbff:/wp-admin/press-this.php?ds=sidebyside
diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php
index 4eda788c..5e9e2596 100644
--- a/wp-admin/press-this.php
+++ b/wp-admin/press-this.php
@@ -6,30 +6,16 @@
* @subpackage Press_This
*/
+define('IFRAME_REQUEST' , true);
+
/** WordPress Administration Bootstrap */
-require_once('admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
+
header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset'));
-if ( ! current_user_can('edit_posts') )
+if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) )
wp_die( __( 'Cheatin’ uh?' ) );
-/**
- * Convert characters.
- *
- * @package WordPress
- * @subpackage Press_This
- * @since 2.6.0
- *
- * @param string $text
- * @return string
- */
-function aposfix($text) {
- $translation_table[chr(34)] = '"';
- $translation_table[chr(38)] = '&';
- $translation_table[chr(39)] = ''';
- return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table));
-}
-
/**
* Press It form handler.
*
@@ -40,22 +26,21 @@ function aposfix($text) {
* @return int Post ID
*/
function press_it() {
- // define some basic variables
- $quick['post_status'] = 'draft'; // set as draft first
- $quick['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : null;
- $quick['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : null;
- $quick['post_title'] = ( trim($_POST['title']) != '' ) ? $_POST['title'] : ' ';
- $quick['post_content'] = isset($_POST['post_content']) ? $_POST['post_content'] : '';
-
- // insert the post with nothing in it, to get an ID
- $post_ID = wp_insert_post($quick, true);
- if ( is_wp_error($post_ID) )
- wp_die($post_ID);
+ $post = get_default_post_to_edit();
+ $post = get_object_vars($post);
+ $post_ID = $post['ID'] = (int) $_POST['post_id'];
+
+ if ( !current_user_can('edit_post', $post_ID) )
+ wp_die(__('You are not allowed to edit this post.'));
+
+ $post['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : '';
+ $post['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : '';
+ $post['post_title'] = isset($_POST['title']) ? $_POST['title'] : '';
$content = isset($_POST['content']) ? $_POST['content'] : '';
$upload = false;
- if( !empty($_POST['photo_src']) && current_user_can('upload_files') ) {
+ if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) {
foreach( (array) $_POST['photo_src'] as $key => $image) {
// see if files exist in content - we don't want to upload non-used selected files.
if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) {
@@ -63,40 +48,60 @@ function press_it() {
$upload = media_sideload_image($image, $post_ID, $desc);
// Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes
- if( !is_wp_error($upload) )
+ if ( !is_wp_error($upload) )
$content = preg_replace('/
]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content);
}
}
}
// set the post_content and status
- $quick['post_status'] = isset($_POST['publish']) ? 'publish' : 'draft';
- $quick['post_content'] = $content;
+ $post['post_content'] = $content;
+ if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) )
+ $post['post_status'] = 'publish';
+ elseif ( isset( $_POST['review'] ) )
+ $post['post_status'] = 'pending';
+ else
+ $post['post_status'] = 'draft';
+
// error handling for media_sideload
if ( is_wp_error($upload) ) {
wp_delete_post($post_ID);
wp_die($upload);
} else {
- $quick['ID'] = $post_ID;
- wp_update_post($quick);
+ // Post formats
+ if ( isset( $_POST['post_format'] ) ) {
+ if ( current_theme_supports( 'post-formats', $_POST['post_format'] ) )
+ set_post_format( $post_ID, $_POST['post_format'] );
+ elseif ( '0' == $_POST['post_format'] )
+ set_post_format( $post_ID, false );
+ }
+
+ $post_ID = wp_update_post($post);
}
+
return $post_ID;
}
// For submitted posts.
if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) {
check_admin_referer('press-this');
- $post_ID = press_it();
- $posted = $post_ID;
+ $posted = $post_ID = press_it();
} else {
- $post_ID = 0;
+ $post = get_default_post_to_edit('post', true);
+ $post_ID = $post->ID;
}
// Set Variables
-$title = isset( $_GET['t'] ) ? trim( strip_tags( aposfix( stripslashes( $_GET['t'] ) ) ) ) : '';
-$selection = isset( $_GET['s'] ) ? trim( htmlspecialchars( html_entity_decode( aposfix( stripslashes( $_GET['s'] ) ) ) ) ) : '';
+$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : '';
+
+$selection = '';
+if ( !empty($_GET['s']) ) {
+ $selection = str_replace(''', "'", wp_unslash($_GET['s']));
+ $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) );
+}
+
if ( ! empty($selection) ) {
$selection = preg_replace('/(\r?\n|\r)/', '
', $selection); - $selection = '
'.str_replace('
', '', $selection).''; + $selection = '' . str_replace('
', '', $selection) . ''; } $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; @@ -105,7 +110,7 @@ $image = isset($_GET['i']) ? $_GET['i'] : ''; if ( !empty($_REQUEST['ajax']) ) { switch ($_REQUEST['ajax']) { case 'video': ?> - - +
-
+
@@ -154,34 +159,6 @@ if ( !empty($_REQUEST['ajax']) ) {