X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/76aea3697c6043c1613370f172395b4f65ee71f0..312084b5d95c21feb519ff03decf948420e1f6fa:/wp-admin/press-this.php diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 8bd6ce28..4eda788c 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -1,70 +1,80 @@ $image) { - - // see if files exist in content - we don't want to upload non-used selected files. - if( strpos($_REQUEST['content'], $image) !== false ) { - $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]); - - // Replace the POSTED content with correct uploaded ones. - // escape quote for matching - $quoted = preg_quote2($image); - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=(\"|\')'.$quoted.'(\2)([^>\/]*)\/*>/is', $upload, $content); - } + if ( is_wp_error($post_ID) ) + wp_die($post_ID); + + $content = isset($_POST['content']) ? $_POST['content'] : ''; + + $upload = false; + if( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { + foreach( (array) $_POST['photo_src'] as $key => $image) { + // see if files exist in content - we don't want to upload non-used selected files. + if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { + $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; + $upload = media_sideload_image($image, $post_ID, $desc); + + // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes + if( !is_wp_error($upload) ) + $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); } - - break; - - case "video": - if($_REQUEST['embed_code']) - $content .= $_REQUEST['embed_code']."\n\n"; - $content .= $_REQUEST['content']; - break; } - // set the post_content + } + // set the post_content and status + $quick['post_status'] = isset($_POST['publish']) ? 'publish' : 'draft'; $quick['post_content'] = $content; - - // error handling for $post - if ( is_wp_error($post_ID)) { - wp_die($id); - wp_delete_post($post_ID); // error handling for media_sideload - } elseif ( is_wp_error($upload)) { - wp_die($upload); + if ( is_wp_error($upload) ) { wp_delete_post($post_ID); + wp_die($upload); } else { $quick['ID'] = $post_ID; wp_update_post($quick); @@ -73,215 +83,232 @@ function press_it() { } // For submitted posts. -if ( 'post' == $_REQUEST['action'] ) { - check_admin_referer('press-this'); $post_ID = press_it(); ?> - - > -
- -', $selection); $selection = '
'.str_replace('
', '', $selection).''; } -$url = clean_url($_GET['u']); -$image = $_GET['i']; - -if($_REQUEST['ajax'] == 'thickbox') { ?> - + + - -+ + + + +
- - + - - -