X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/4feeb71a9d812a9ae371c28a3d8b442a4394ded7..16e7b37c7914d753890c1a05a9335f3b43751eb8:/wp-admin/includes/post.php diff --git a/wp-admin/includes/post.php b/wp-admin/includes/post.php index 4eb762de..ab50c27d 100644 --- a/wp-admin/includes/post.php +++ b/wp-admin/includes/post.php @@ -30,14 +30,14 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { if ( 'page' == $post_data['post_type'] ) - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); + return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) ); else - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) ); + return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) ); } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) { if ( 'page' == $post_data['post_type'] ) - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); + return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) ); else - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) ); + return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) ); } if ( isset( $post_data['content'] ) ) @@ -68,14 +68,14 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { && ! current_user_can( $ptype->cap->edit_others_posts ) ) { if ( $update ) { if ( 'page' == $post_data['post_type'] ) - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to edit pages as this user.' ) ); + return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) ); else - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to edit posts as this user.' ) ); + return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) ); } else { if ( 'page' == $post_data['post_type'] ) - return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) ); + return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) ); else - return new WP_Error( 'edit_others_posts', __( 'You are not allowed to create posts as this user.' ) ); + return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) ); } } @@ -160,7 +160,7 @@ function _wp_translate_postdata( $update = false, $post_data = null ) { $post_data['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss ); $valid_date = wp_checkdate( $mm, $jj, $aa, $post_data['post_date'] ); if ( !$valid_date ) { - return new WP_Error( 'invalid_date', __( 'Whoops, the provided date is invalid.' ) ); + return new WP_Error( 'invalid_date', __( 'Invalid date.' ) ); } $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] ); } @@ -210,9 +210,9 @@ function edit_post( $post_data = null ) { $ptype = get_post_type_object($post_data['post_type']); if ( !current_user_can( 'edit_post', $post_ID ) ) { if ( 'page' == $post_data['post_type'] ) - wp_die( __('You are not allowed to edit this page.' )); + wp_die( __('Sorry, you are not allowed to edit this page.' )); else - wp_die( __('You are not allowed to edit this post.' )); + wp_die( __('Sorry, you are not allowed to edit this post.' )); } if ( post_type_supports( $ptype->name, 'revisions' ) ) { @@ -288,6 +288,8 @@ function edit_post( $post_data = null ) { continue; if ( $meta->post_id != $post_ID ) continue; + if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $meta->meta_key ) ) + continue; if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) ) continue; update_meta( $key, $value['key'], $value['value'] ); @@ -428,9 +430,9 @@ function bulk_edit_posts( $post_data = null ) { if ( !current_user_can( $ptype->cap->edit_posts ) ) { if ( 'page' == $ptype->name ) - wp_die( __('You are not allowed to edit pages.')); + wp_die( __('Sorry, you are not allowed to edit pages.')); else - wp_die( __('You are not allowed to edit posts.')); + wp_die( __('Sorry, you are not allowed to edit posts.')); } if ( -1 == $post_data['_status'] ) { @@ -629,7 +631,7 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) } /** - * Filter the default post content initially used in the "Write Post" form. + * Filters the default post content initially used in the "Write Post" form. * * @since 1.5.0 * @@ -639,7 +641,7 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) $post->post_content = apply_filters( 'default_content', $post_content, $post ); /** - * Filter the default post title initially used in the "Write Post" form. + * Filters the default post title initially used in the "Write Post" form. * * @since 1.5.0 * @@ -649,7 +651,7 @@ function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) $post->post_title = apply_filters( 'default_title', $post_title, $post ); /** - * Filter the default post excerpt initially used in the "Write Post" form. + * Filters the default post excerpt initially used in the "Write Post" form. * * @since 1.5.0 * @@ -721,9 +723,9 @@ function wp_write_post() { if ( !current_user_can( $ptype->cap->edit_posts ) ) { if ( 'page' == $ptype->name ) - return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this site.' ) ); + return new WP_Error( 'edit_pages', __( 'Sorry, you are not allowed to create pages on this site.' ) ); else - return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this site.' ) ); + return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to create posts or drafts on this site.' ) ); } $_POST['post_mime_type'] = ''; @@ -1029,7 +1031,7 @@ function wp_edit_posts_query( $q = false ) { $posts_per_page = 20; /** - * Filter the number of items per page to show for a specific 'per_page' type. + * Filters the number of items per page to show for a specific 'per_page' type. * * The dynamic portion of the hook name, `$post_type`, refers to the post type. * @@ -1044,7 +1046,7 @@ function wp_edit_posts_query( $q = false ) { $posts_per_page = apply_filters( "edit_{$post_type}_per_page", $posts_per_page ); /** - * Filter the number of posts displayed per page when specifically listing "posts". + * Filters the number of posts displayed per page when specifically listing "posts". * * @since 2.8.0 * @@ -1120,7 +1122,7 @@ function wp_edit_attachments_query_vars( $q = false ) { } /** - * Filter the number of items to list per page when listing media items. + * Filters the number of items to list per page when listing media items. * * @since 2.9.0 * @@ -1144,9 +1146,43 @@ function wp_edit_attachments_query_vars( $q = false ) { $q['post_parent'] = 0; } + // Filter query clauses to include filenames. + if ( isset( $q['s'] ) ) { + add_filter( 'posts_clauses', '_filter_query_attachment_filenames' ); + } + return $q; } +/** + * Filter the SQL clauses of an attachment query to include filenames. + * + * @since 4.7.0 + * @access private + * + * @global wpdb $wpdb WordPress database abstraction object. + * + * @param array $clauses An array including WHERE, GROUP BY, JOIN, ORDER BY, + * DISTINCT, fields (SELECT), and LIMITS clauses. + * @return array The modified clauses. + */ +function _filter_query_attachment_filenames( $clauses ) { + global $wpdb; + remove_filter( 'posts_clauses', __FUNCTION__ ); + + // Add a LEFT JOIN of the postmeta table so we don't trample existing JOINs. + $clauses['join'] .= " LEFT JOIN {$wpdb->postmeta} AS sq1 ON ( {$wpdb->posts}.ID = sq1.post_id AND sq1.meta_key = '_wp_attached_file' )"; + + $clauses['groupby'] = "{$wpdb->posts}.ID"; + + $clauses['where'] = preg_replace( + "/\({$wpdb->posts}.post_content (NOT LIKE|LIKE) (\'[^']+\')\)/", + "$0 OR ( sq1.meta_value $1 $2 )", + $clauses['where'] ); + + return $clauses; +} + /** * Executes a query for attachments. An array of WP_Query arguments * can be passed in, which will override the arguments set by this function. @@ -1166,7 +1202,7 @@ function wp_edit_attachments_query( $q = false ) { } /** - * Returns the list of classes to be used by a metabox + * Returns the list of classes to be used by a meta box. * * @since 2.5.0 * @@ -1188,7 +1224,7 @@ function postbox_classes( $id, $page ) { } /** - * Filter the postbox classes for a specific screen and screen ID combo. + * Filters the postbox classes for a specific screen and screen ID combo. * * The dynamic portions of the hook name, `$page` and `$id`, refer to * the screen and screen ID, respectively. @@ -1207,9 +1243,9 @@ function postbox_classes( $id, $page ) { * @since 2.5.0 * * @param int $id Post ID or post object. - * @param string $title Optional. Title. Default null. - * @param string $name Optional. Name. Default null. - * @return array Array with two entries of type string. + * @param string $title Optional. Title to override the post's current title when generating the post name. Default null. + * @param string $name Optional. Name to override the post name. Default null. + * @return array Array containing the sample permalink with placeholder for the post name, and the post name. */ function get_sample_permalink($id, $title = null, $name = null) { $post = get_post( $id ); @@ -1266,11 +1302,11 @@ function get_sample_permalink($id, $title = null, $name = null) { unset($post->filter); /** - * Filter the sample permalink. + * Filters the sample permalink. * * @since 4.4.0 * - * @param string $permalink Sample permalink. + * @param array $permalink Array containing the sample permalink with placeholder for the post name, and the post name. * @param int $post_id Post ID. * @param string $title Post title. * @param string $name Post name (slug). @@ -1300,14 +1336,14 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) { $preview_target = ''; if ( current_user_can( 'read_post', $post->ID ) ) { - if ( 'draft' === $post->post_status ) { + if ( 'draft' === $post->post_status || empty( $post->post_name ) ) { $view_link = get_preview_post_link( $post ); $preview_target = " target='wp-preview-{$post->ID}'"; } else { if ( 'publish' === $post->post_status || 'attachment' === $post->post_type ) { $view_link = get_permalink( $post ); } else { - // Allow non-published (private, future) to be viewed at a pretty permalink. + // Allow non-published (private, future) to be viewed at a pretty permalink, in case $post->post_name is set $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, $permalink ); } } @@ -1329,18 +1365,10 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) { $return .= '' . __('Change Permalinks') . "\n"; } } else { - if ( function_exists( 'mb_strlen' ) ) { - if ( mb_strlen( $post_name ) > 34 ) { - $post_name_abridged = mb_substr( $post_name, 0, 16 ) . '…' . mb_substr( $post_name, -16 ); - } else { - $post_name_abridged = $post_name; - } + if ( mb_strlen( $post_name ) > 34 ) { + $post_name_abridged = mb_substr( $post_name, 0, 16 ) . '…' . mb_substr( $post_name, -16 ); } else { - if ( strlen( $post_name ) > 34 ) { - $post_name_abridged = substr( $post_name, 0, 16 ) . '…' . substr( $post_name, -16 ); - } else { - $post_name_abridged = $post_name; - } + $post_name_abridged = $post_name; } $post_name_html = '' . esc_html( $post_name_abridged ) . ''; @@ -1354,7 +1382,7 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) { } /** - * Filter the sample permalink HTML markup. + * Filters the sample permalink HTML markup. * * @since 2.9.0 * @since 4.4.0 Added `$post` parameter. @@ -1375,15 +1403,12 @@ function get_sample_permalink_html( $id, $new_title = null, $new_slug = null ) { * * @since 2.9.0 * - * @global int $content_width - * @global array $_wp_additional_image_sizes - * * @param int $thumbnail_id ID of the attachment used for thumbnail * @param mixed $post The post ID or object associated with the thumbnail, defaults to global $post. * @return string html */ function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) { - global $content_width, $_wp_additional_image_sizes; + $_wp_additional_image_sizes = wp_get_additional_image_sizes(); $post = get_post( $post ); $post_type_object = get_post_type_object( $post->post_type ); @@ -1400,7 +1425,7 @@ function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) { $size = isset( $_wp_additional_image_sizes['post-thumbnail'] ) ? 'post-thumbnail' : array( 266, 266 ); /** - * Filter the size used to display the post thumbnail image in the 'Featured Image' meta box. + * Filters the size used to display the post thumbnail image in the 'Featured Image' meta box. * * Note: When a theme adds 'post-thumbnail' support, a special 'post-thumbnail' * image size is registered, which differs from the 'thumbnail' image size @@ -1420,27 +1445,31 @@ function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) { $thumbnail_html = wp_get_attachment_image( $thumbnail_id, $size ); - if ( !empty( $thumbnail_html ) ) { - $ajax_nonce = wp_create_nonce( 'set_post_thumbnail-' . $post->ID ); + if ( ! empty( $thumbnail_html ) ) { $content = sprintf( $set_thumbnail_link, esc_url( $upload_iframe_src ), ' aria-describedby="set-post-thumbnail-desc"', $thumbnail_html ); $content .= '

' . __( 'Click the image to edit or update' ) . '

'; - $content .= '

' . esc_html( $post_type_object->labels->remove_featured_image ) . '

'; + $content .= '

' . esc_html( $post_type_object->labels->remove_featured_image ) . '

'; } } + $content .= ''; + /** - * Filter the admin post thumbnail HTML markup to return. + * Filters the admin post thumbnail HTML markup to return. * * @since 2.9.0 + * @since 3.5.0 Added the `$post_id` parameter. + * @since 4.6.0 Added the `$thumbnail_id` parameter. * - * @param string $content Admin post thumbnail HTML markup. - * @param int $post_id Post ID. + * @param string $content Admin post thumbnail HTML markup. + * @param int $post_id Post ID. + * @param int $thumbnail_id Thumbnail ID. */ - return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID ); + return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID, $thumbnail_id ); } /** @@ -1509,7 +1538,7 @@ function _admin_notice_post_locked() { if ( $user ) { /** - * Filter whether to show the post locked dialog. + * Filters whether to show the post locked dialog. * * Returning a falsey value to the filter will short-circuit displaying the dialog. * @@ -1561,7 +1590,7 @@ function _admin_notice_post_locked() { $preview_link = get_preview_post_link( $post->ID, $query_args ); /** - * Filter whether to allow the post lock to be overridden. + * Filters whether to allow the post lock to be overridden. * * Returning a falsey value to the filter will disable the ability * to override the post lock. @@ -1721,11 +1750,11 @@ function post_preview() { $_POST['ID'] = $post_ID; if ( ! $post = get_post( $post_ID ) ) { - wp_die( __( 'You are not allowed to edit this post.' ) ); + wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); } if ( ! current_user_can( 'edit_post', $post->ID ) ) { - wp_die( __( 'You are not allowed to edit this post.' ) ); + wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); } $is_autosave = false; @@ -1750,8 +1779,13 @@ function post_preview() { $query_args['preview_id'] = $post->ID; $query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $post->ID ); - if ( isset( $_POST['post_format'] ) ) + if ( isset( $_POST['post_format'] ) ) { $query_args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] ); + } + + if ( isset( $_POST['_thumbnail_id'] ) ) { + $query_args['_thumbnail_id'] = ( intval( $_POST['_thumbnail_id'] ) <= 0 ) ? '-1' : intval( $_POST['_thumbnail_id'] ); + } } return get_preview_post_link( $post, $query_args ); @@ -1783,7 +1817,7 @@ function wp_autosave( $post_data ) { $post = get_post( $post_id ); if ( ! current_user_can( 'edit_post', $post->ID ) ) { - return new WP_Error( 'edit_posts', __( 'You are not allowed to edit this item.' ) ); + return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to edit this item.' ) ); } if ( 'auto-draft' == $post->post_status ) @@ -1839,7 +1873,7 @@ function redirect_post($post_id = '') { } /** - * Filter the post redirect destination URL. + * Filters the post redirect destination URL. * * @since 2.9.0 *