+
+
+ post_type )->public ) {
+ $preview_link = set_url_scheme( add_query_arg( 'preview', 'true', get_permalink( $post->ID ) ) );
+
+ if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) {
+ // Latest content is in autosave
+ $nonce = wp_create_nonce( 'post_preview_' . $post->ID );
+ $preview_link = add_query_arg( array( 'preview_id' => $post->ID, 'preview_nonce' => $nonce ), $preview_link );
+ }
+ } else {
+ $preview_link = '';
+ }
+
+ /** This filter is documented in wp-admin/includes/meta-boxes.php */
+ $preview_link = apply_filters( 'preview_post_link', $preview_link, $post );
+
+ /**
+ * Filter whether to allow the post lock to be overridden.
+ *
+ * Returning a falsey value to the filter will disable the ability
+ * to override the post lock.
+ *
+ * @since 3.6.0
+ *
+ * @param bool $override Whether to allow overriding post locks. Default true.
+ * @param WP_Post $post Post object.
+ * @param WP_User $user User object.
+ */
+ $override = apply_filters( 'override_post_lock', true, $post, $user );
+ $tab_last = $override ? '' : ' wp-tab-last';
+
+ ?>
+
+
ID, 64 ); ?>
+
+ display_name ) );
+ ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ID;
- $new_autosave['post_author'] = get_current_user_id();
+ $new_autosave['post_author'] = $post_author;
+
+ // If the new autosave has the same content as the post, delete the autosave.
+ $post = get_post( $post_id );
+ $autosave_is_different = false;
+ foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields() ) ) as $field ) {
+ if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
+ $autosave_is_different = true;
+ break;
+ }
+ }
+
+ if ( ! $autosave_is_different ) {
+ wp_delete_post_revision( $old_autosave->ID );
+ return 0;
+ }
+
+ /**
+ * Fires before an autosave is stored.
+ *
+ * @since 4.1.0
+ *
+ * @param array $new_autosave Post array - the autosave that is about to be saved.
+ */
+ do_action( 'wp_creating_autosave', $new_autosave );
+
return wp_update_post( $new_autosave );
}
// _wp_put_post_revision() expects unescaped.
- $_POST = stripslashes_deep($_POST);
+ $post_data = wp_unslash( $post_data );
// Otherwise create the new autosave as a special post revision
- return _wp_put_post_revision( $_POST, true );
+ return _wp_put_post_revision( $post_data, true );
}
/**
@@ -1280,61 +1650,93 @@ function wp_create_post_autosave( $post_id ) {
* @package WordPress
* @since 2.7.0
*
- * @uses get_post_status()
- * @uses edit_post()
- * @uses get_post()
- * @uses current_user_can()
- * @uses wp_die()
- * @uses wp_create_post_autosave()
- * @uses add_query_arg()
- * @uses wp_create_nonce()
- *
* @return str URL to redirect to show the preview
*/
function post_preview() {
$post_ID = (int) $_POST['post_ID'];
- $status = get_post_status( $post_ID );
- if ( 'auto-draft' == $status )
- wp_die( __('Preview not available. Please save as a draft first.') );
-
- if ( isset($_POST['catslist']) )
- $_POST['post_category'] = explode(",", $_POST['catslist']);
+ $_POST['ID'] = $post_ID;
- if ( isset($_POST['tags_input']) )
- $_POST['tags_input'] = explode(",", $_POST['tags_input']);
+ if ( ! $post = get_post( $post_ID ) ) {
+ wp_die( __( 'You are not allowed to edit this post.' ) );
+ }
- if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
- unset($_POST['post_category']);
+ if ( ! current_user_can( 'edit_post', $post->ID ) ) {
+ wp_die( __( 'You are not allowed to edit this post.' ) );
+ }
- $_POST['ID'] = $post_ID;
- $post = get_post($post_ID);
+ $is_autosave = false;
- if ( 'page' == $post->post_type ) {
- if ( !current_user_can('edit_page', $post_ID) )
- wp_die(__('You are not allowed to edit this page.'));
+ if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'draft' == $post->post_status || 'auto-draft' == $post->post_status ) ) {
+ $saved_post_id = edit_post();
} else {
- if ( !current_user_can('edit_post', $post_ID) )
- wp_die(__('You are not allowed to edit this post.'));
+ $is_autosave = true;
+
+ if ( isset( $_POST['post_status'] ) && 'auto-draft' == $_POST['post_status'] )
+ $_POST['post_status'] = 'draft';
+
+ $saved_post_id = wp_create_post_autosave( $post->ID );
}
- if ( 'draft' == $post->post_status ) {
- $id = edit_post();
- } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
- $id = wp_create_post_autosave( $post->ID );
- if ( ! is_wp_error($id) )
- $id = $post->ID;
+ if ( is_wp_error( $saved_post_id ) )
+ wp_die( $saved_post_id->get_error_message() );
+
+ $query_args = array( 'preview' => 'true' );
+
+ if ( $is_autosave && $saved_post_id ) {
+ $query_args['preview_id'] = $post->ID;
+ $query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $post->ID );
+
+ if ( isset( $_POST['post_format'] ) )
+ $query_args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] );
}
- if ( is_wp_error($id) )
- wp_die( $id->get_error_message() );
+ $url = add_query_arg( $query_args, get_permalink( $post->ID ) );
- if ( $_POST['post_status'] == 'draft' ) {
- $url = add_query_arg( 'preview', 'true', get_permalink($id) );
- } else {
- $nonce = wp_create_nonce('post_preview_' . $id);
- $url = add_query_arg( array( 'preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce ), get_permalink($id) );
+ /** This filter is documented in wp-admin/includes/meta-boxes.php */
+ return apply_filters( 'preview_post_link', $url, $post );
+}
+
+/**
+ * Save a post submitted with XHR
+ *
+ * Intended for use with heartbeat and autosave.js
+ *
+ * @since 3.9.0
+ *
+ * @param array $post_data Associative array of the submitted post data.
+ * @return mixed The value 0 or WP_Error on failure. The saved post ID on success.
+ * Te ID can be the draft post_id or the autosave revision post_id.
+ */
+function wp_autosave( $post_data ) {
+ // Back-compat
+ if ( ! defined( 'DOING_AUTOSAVE' ) )
+ define( 'DOING_AUTOSAVE', true );
+
+ $post_id = (int) $post_data['post_id'];
+ $post_data['ID'] = $post_data['post_ID'] = $post_id;
+
+ if ( false === wp_verify_nonce( $post_data['_wpnonce'], 'update-post_' . $post_id ) ) {
+ return new WP_Error( 'invalid_nonce', __( 'Error while saving.' ) );
}
- return $url;
+ $post = get_post( $post_id );
+
+ if ( ! current_user_can( 'edit_post', $post->ID ) ) {
+ return new WP_Error( 'edit_posts', __( 'You are not allowed to edit this item.' ) );
+ }
+
+ if ( 'auto-draft' == $post->post_status )
+ $post_data['post_status'] = 'draft';
+
+ if ( $post_data['post_type'] != 'page' && ! empty( $post_data['catslist'] ) )
+ $post_data['post_category'] = explode( ',', $post_data['catslist'] );
+
+ if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) {
+ // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked
+ return edit_post( wp_slash( $post_data ) );
+ } else {
+ // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user.
+ return wp_create_post_autosave( wp_slash( $post_data ) );
+ }
}