X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/76aea3697c6043c1613370f172395b4f65ee71f0..6c8f14c09105d0afa4c1574215c59b5021040e76:/wp-admin/press-this.php diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 8bd6ce28..6542fa31 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -1,424 +1,363 @@ cap->create_posts ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + +/** + * Press It form handler. + * + * @package WordPress + * @subpackage Press_This + * @since 2.6.0 + * + * @return int Post ID + */ function press_it() { - // define some basic variables - $quick['post_status'] = isset($_REQUEST['publish']) ? 'publish' : 'draft'; - $quick['post_category'] = $_REQUEST['post_category']; - $quick['tags_input'] = $_REQUEST['tags_input']; - $quick['post_title'] = $_REQUEST['post_title']; - $quick['post_content'] = ''; - - // insert the post with nothing in it, to get an ID - $post_ID = wp_insert_post($quick, true); - - $content = ''; - switch ( $_REQUEST['post_type'] ) { - case 'text': - case 'quote': - $content .= $_REQUEST['content']; - break; - - case 'photo': - $content = $_REQUEST['content']; - - foreach( (array) $_REQUEST['photo_src'] as $key => $image) { - - // see if files exist in content - we don't want to upload non-used selected files. - if( strpos($_REQUEST['content'], $image) !== false ) { - $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]); - - // Replace the POSTED content with correct uploaded ones. - // escape quote for matching - $quoted = preg_quote2($image); - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=(\"|\')'.$quoted.'(\2)([^>\/]*)\/*>/is', $upload, $content); - } - } - - break; - case "video": - if($_REQUEST['embed_code']) - $content .= $_REQUEST['embed_code']."\n\n"; - $content .= $_REQUEST['content']; - break; + $post = get_default_post_to_edit(); + $post = get_object_vars($post); + $post_ID = $post['ID'] = (int) $_POST['post_id']; + + if ( !current_user_can('edit_post', $post_ID) ) + wp_die(__('You are not allowed to edit this post.')); + + $post['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : ''; + $post['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : ''; + $post['post_title'] = isset($_POST['title']) ? $_POST['title'] : ''; + $content = isset($_POST['content']) ? $_POST['content'] : ''; + + $upload = false; + if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { + foreach( (array) $_POST['photo_src'] as $key => $image) { + // see if files exist in content - we don't want to upload non-used selected files. + if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { + $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; + $upload = media_sideload_image($image, $post_ID, $desc); + + // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes + if ( !is_wp_error($upload) ) + $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); + } } - // set the post_content - $quick['post_content'] = $content; + } + // set the post_content and status + $post['post_content'] = $content; + if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) + $post['post_status'] = 'publish'; + elseif ( isset( $_POST['review'] ) ) + $post['post_status'] = 'pending'; + else + $post['post_status'] = 'draft'; - // error handling for $post - if ( is_wp_error($post_ID)) { - wp_die($id); - wp_delete_post($post_ID); // error handling for media_sideload - } elseif ( is_wp_error($upload)) { - wp_die($upload); + if ( is_wp_error($upload) ) { wp_delete_post($post_ID); + wp_die($upload); } else { - $quick['ID'] = $post_ID; - wp_update_post($quick); + // Post formats + if ( isset( $_POST['post_format'] ) ) { + if ( current_theme_supports( 'post-formats', $_POST['post_format'] ) ) + set_post_format( $post_ID, $_POST['post_format'] ); + elseif ( '0' == $_POST['post_format'] ) + set_post_format( $post_ID, false ); + } + + $post_ID = wp_update_post($post); } + return $post_ID; } // For submitted posts. -if ( 'post' == $_REQUEST['action'] ) { - check_admin_referer('press-this'); $post_ID = press_it(); ?> - - > -
- -', $selection); - $selection = '
'.str_replace('
', '', $selection).''; + $selection = '' . str_replace('
', '', $selection) . ''; } -$url = clean_url($_GET['u']); -$image = $_GET['i']; - -if($_REQUEST['ajax'] == 'thickbox') { ?> - - -