X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/6c8f14c09105d0afa4c1574215c59b5021040e76..53f4633144ed68c8b8fb5861f992b5489894a940:/wp-admin/post.php diff --git a/wp-admin/post.php b/wp-admin/post.php index c638c18d..89bdc38c 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -9,12 +9,12 @@ */ /** WordPress Administration Bootstrap */ -require_once('./admin.php'); +require_once( dirname( __FILE__ ) . '/admin.php' ); $parent_file = 'edit.php'; $submenu_file = 'edit.php'; -wp_reset_vars(array('action', 'safe_mode', 'withcomments', 'posts', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder')); +wp_reset_vars( array( 'action' ) ); if ( isset( $_GET['post'] ) ) $post_id = $post_ID = (int) $_GET['post']; @@ -23,7 +23,12 @@ elseif ( isset( $_POST['post_ID'] ) ) else $post_id = $post_ID = 0; -$post = $post_type = $post_type_object = null; +/** + * @global string $post_type + * @global object $post_type_object + * @global WP_Post $post + */ +global $post_type, $post_type_object, $post; if ( $post_id ) $post = get_post( $post_id ); @@ -54,7 +59,7 @@ function redirect_post($post_id = '') { $message = 6; } } else { - $message = 'draft' == $status ? 10 : 1; + $message = 'draft' == $status ? 10 : 1; } $location = add_query_arg( 'message', $message, get_edit_post_link( $post_id, 'url' ) ); @@ -66,12 +71,18 @@ function redirect_post($post_id = '') { $location = add_query_arg( 'message', 3, wp_get_referer() ); $location = explode('#', $location); $location = $location[0] . '#postcustom'; - } elseif ( 'post-quickpress-save-cont' == $_POST['action'] ) { - $location = "post.php?action=edit&post=$post_id&message=7"; } else { $location = add_query_arg( 'message', 4, get_edit_post_link( $post_id, 'url' ) ); } + /** + * Filter the post redirect destination URL. + * + * @since 2.9.0 + * + * @param string $location The destination URL. + * @param int $post_id The post ID. + */ wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) ); exit; } @@ -89,41 +100,49 @@ if ( ! $sendback || $sendback = admin_url( 'upload.php' ); } else { $sendback = admin_url( 'edit.php' ); - $sendback .= ( ! empty( $post_type ) ) ? '?post_type=' . $post_type : ''; + if ( ! empty( $post_type ) ) { + $sendback = add_query_arg( 'post_type', $post_type, $sendback ); + } } } else { $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), $sendback ); } switch($action) { -case 'postajaxpost': -case 'post': -case 'post-quickpress-publish': -case 'post-quickpress-save': - check_admin_referer('add-' . $post_type); +case 'post-quickdraft-save': + // Check nonce and capabilities + $nonce = $_REQUEST['_wpnonce']; + $error_msg = false; - if ( 'post-quickpress-publish' == $action ) - $_POST['publish'] = 'publish'; // tell write_post() to publish + // For output of the quickdraft dashboard widget + require_once ABSPATH . 'wp-admin/includes/dashboard.php'; - if ( 'post-quickpress-publish' == $action || 'post-quickpress-save' == $action ) { - $_POST['comment_status'] = get_option('default_comment_status'); - $_POST['ping_status'] = get_option('default_ping_status'); - $post_id = edit_post(); - } else { - $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); - } + if ( ! wp_verify_nonce( $nonce, 'add-post' ) ) + $error_msg = __( 'Unable to submit this form, please refresh and try again.' ); - if ( 0 === strpos( $action, 'post-quickpress' ) ) { - $_POST['post_ID'] = $post_id; - // output the quickpress dashboard widget - require_once(ABSPATH . 'wp-admin/includes/dashboard.php'); - wp_dashboard_quick_press(); + if ( ! current_user_can( 'edit_posts' ) ) { exit; } - redirect_post($post_id); + if ( $error_msg ) + return wp_dashboard_quick_press( $error_msg ); + + $post = get_post( $_REQUEST['post_ID'] ); + check_admin_referer( 'add-' . $post->post_type ); + + $_POST['comment_status'] = get_default_comment_status( $post->post_type ); + $_POST['ping_status'] = get_default_comment_status( $post->post_type, 'pingback' ); + + edit_post(); + wp_dashboard_quick_press(); + exit; + +case 'postajaxpost': +case 'post': + check_admin_referer( 'add-' . $post_type ); + $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); + redirect_post( $post_id ); exit(); - break; case 'edit': $editing = true; @@ -133,19 +152,24 @@ case 'edit': exit(); } - $p = $post_id; + if ( ! $post ) + wp_die( __( 'You attempted to edit an item that doesn’t exist. Perhaps it was deleted?' ) ); - if ( empty($post->ID) ) - wp_die( __('You attempted to edit an item that doesn’t exist. Perhaps it was deleted?') ); + if ( ! $post_type_object ) + wp_die( __( 'Unknown post type.' ) ); - if ( null == $post_type_object ) - wp_die( __('Unknown post type.') ); - - if ( !current_user_can($post_type_object->cap->edit_post, $post_id) ) - wp_die( __('You are not allowed to edit this item.') ); + if ( ! current_user_can( 'edit_post', $post_id ) ) + wp_die( __( 'You are not allowed to edit this item.' ) ); if ( 'trash' == $post->post_status ) - wp_die( __('You can’t edit this item because it is in the Trash. Please restore it and try again.') ); + wp_die( __( 'You can’t edit this item because it is in the Trash. Please restore it and try again.' ) ); + + if ( ! empty( $_GET['get-post-lock'] ) ) { + check_admin_referer( 'lock-post_' . $post_id ); + wp_set_post_lock( $post_id ); + wp_redirect( get_edit_post_link( $post_id, 'url' ) ); + exit(); + } $post_type = $post->post_type; if ( 'post' == $post_type ) { @@ -165,15 +189,24 @@ case 'edit': $post_new_file = "post-new.php?post_type=$post_type"; } - if ( $last = wp_check_post_lock( $post->ID ) ) { - add_action('admin_notices', '_admin_notice_post_locked' ); - } else { + if ( ! wp_check_post_lock( $post->ID ) ) { $active_post_lock = wp_set_post_lock( $post->ID ); if ( 'attachment' !== $post_type ) wp_enqueue_script('autosave'); } + if ( is_multisite() ) { + add_action( 'admin_footer', '_admin_notice_post_locked' ); + } else { + $check_users = get_users( array( 'fields' => 'ID', 'number' => 2 ) ); + + if ( count( $check_users ) > 1 ) + add_action( 'admin_footer', '_admin_notice_post_locked' ); + + unset( $check_users ); + } + $title = $post_type_object->labels->edit_item; $post = get_post($post_id, OBJECT, 'edit'); @@ -182,7 +215,7 @@ case 'edit': enqueue_comment_hotkeys_js(); } - include('./edit-form-advanced.php'); + include( ABSPATH . 'wp-admin/edit-form-advanced.php' ); break; @@ -204,71 +237,91 @@ case 'editpost': $post_id = edit_post(); + // Session cookie flag that the post was saved + if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) { + setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS ); + } + redirect_post($post_id); // Send user on their way while we keep working exit(); - break; case 'trash': check_admin_referer('trash-post_' . $post_id); - $post = get_post($post_id); + if ( ! $post ) + wp_die( __( 'The item you are trying to move to the Trash no longer exists.' ) ); + + if ( ! $post_type_object ) + wp_die( __( 'Unknown post type.' ) ); + + if ( ! current_user_can( 'delete_post', $post_id ) ) + wp_die( __( 'You are not allowed to move this item to the Trash.' ) ); - if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) - wp_die( __('You are not allowed to move this item to the Trash.') ); + if ( $user_id = wp_check_post_lock( $post_id ) ) { + $user = get_userdata( $user_id ); + wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) ); + } - if ( ! wp_trash_post($post_id) ) - wp_die( __('Error in moving to Trash.') ); + if ( ! wp_trash_post( $post_id ) ) + wp_die( __( 'Error in moving to Trash.' ) ); wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) ); exit(); - break; case 'untrash': check_admin_referer('untrash-post_' . $post_id); - if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) - wp_die( __('You are not allowed to move this item out of the Trash.') ); + if ( ! $post ) + wp_die( __( 'The item you are trying to restore from the Trash no longer exists.' ) ); + + if ( ! $post_type_object ) + wp_die( __( 'Unknown post type.' ) ); - if ( ! wp_untrash_post($post_id) ) - wp_die( __('Error in restoring from Trash.') ); + if ( ! current_user_can( 'delete_post', $post_id ) ) + wp_die( __( 'You are not allowed to restore this item from the Trash.' ) ); + + if ( ! wp_untrash_post( $post_id ) ) + wp_die( __( 'Error in restoring from Trash.' ) ); wp_redirect( add_query_arg('untrashed', 1, $sendback) ); exit(); - break; case 'delete': check_admin_referer('delete-post_' . $post_id); - if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) - wp_die( __('You are not allowed to delete this item.') ); + if ( ! $post ) + wp_die( __( 'This item has already been deleted.' ) ); - $force = !EMPTY_TRASH_DAYS; + if ( ! $post_type_object ) + wp_die( __( 'Unknown post type.' ) ); + + if ( ! current_user_can( 'delete_post', $post_id ) ) + wp_die( __( 'You are not allowed to delete this item.' ) ); + + $force = ! EMPTY_TRASH_DAYS; if ( $post->post_type == 'attachment' ) { - $force = ( $force || !MEDIA_TRASH ); - if ( ! wp_delete_attachment($post_id, $force) ) - wp_die( __('Error in deleting.') ); + $force = ( $force || ! MEDIA_TRASH ); + if ( ! wp_delete_attachment( $post_id, $force ) ) + wp_die( __( 'Error in deleting.' ) ); } else { - if ( !wp_delete_post($post_id, $force) ) - wp_die( __('Error in deleting.') ); + if ( ! wp_delete_post( $post_id, $force ) ) + wp_die( __( 'Error in deleting.' ) ); } wp_redirect( add_query_arg('deleted', 1, $sendback) ); exit(); - break; case 'preview': - check_admin_referer( 'autosave', 'autosavenonce' ); + check_admin_referer( 'update-post_' . $post_id ); $url = post_preview(); wp_redirect($url); exit(); - break; default: wp_redirect( admin_url('edit.php') ); exit(); - break; } // end switch -include('./admin-footer.php'); +include( ABSPATH . 'wp-admin/admin-footer.php' );