X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8a06f4f9392d1ac373442f82ee40428a3cb81395..4713a14935b83517997f3c88f808eb41da55033d:/wp-admin/press-this.php diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 8bd6ce28..1becc48f 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -1,424 +1,388 @@ cap->create_posts ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + +/** + * Press It form handler. + * + * @since 2.6.0 + * + * @return int Post ID + */ function press_it() { - // define some basic variables - $quick['post_status'] = isset($_REQUEST['publish']) ? 'publish' : 'draft'; - $quick['post_category'] = $_REQUEST['post_category']; - $quick['tags_input'] = $_REQUEST['tags_input']; - $quick['post_title'] = $_REQUEST['post_title']; - $quick['post_content'] = ''; - - // insert the post with nothing in it, to get an ID - $post_ID = wp_insert_post($quick, true); - - $content = ''; - switch ( $_REQUEST['post_type'] ) { - case 'text': - case 'quote': - $content .= $_REQUEST['content']; - break; - - case 'photo': - $content = $_REQUEST['content']; - - foreach( (array) $_REQUEST['photo_src'] as $key => $image) { - - // see if files exist in content - we don't want to upload non-used selected files. - if( strpos($_REQUEST['content'], $image) !== false ) { - $upload = media_sideload_image($image, $post_ID, $_REQUEST['photo_description'][$key]); - - // Replace the POSTED content with correct uploaded ones. - // escape quote for matching - $quoted = preg_quote2($image); - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=(\"|\')'.$quoted.'(\2)([^>\/]*)\/*>/is', $upload, $content); - } - } - - break; - case "video": - if($_REQUEST['embed_code']) - $content .= $_REQUEST['embed_code']."\n\n"; - $content .= $_REQUEST['content']; - break; + $post = get_default_post_to_edit(); + $post = get_object_vars($post); + $post_ID = $post['ID'] = (int) $_POST['post_id']; + + if ( !current_user_can('edit_post', $post_ID) ) + wp_die(__('You are not allowed to edit this post.')); + + $post['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : ''; + $post['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : ''; + $post['post_title'] = isset($_POST['title']) ? $_POST['title'] : ''; + $content = isset($_POST['content']) ? $_POST['content'] : ''; + + $upload = false; + if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { + foreach( (array) $_POST['photo_src'] as $key => $image) { + // see if files exist in content - we don't want to upload non-used selected files. + if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { + $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; + $upload = media_sideload_image($image, $post_ID, $desc); + + // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes + if ( !is_wp_error($upload) ) + $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); + } } - // set the post_content - $quick['post_content'] = $content; + } + // set the post_content and status + $post['post_content'] = $content; + if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) + $post['post_status'] = 'publish'; + elseif ( isset( $_POST['review'] ) ) + $post['post_status'] = 'pending'; + else + $post['post_status'] = 'draft'; - // error handling for $post - if ( is_wp_error($post_ID)) { - wp_die($id); - wp_delete_post($post_ID); // error handling for media_sideload - } elseif ( is_wp_error($upload)) { - wp_die($upload); + if ( is_wp_error($upload) ) { wp_delete_post($post_ID); + wp_die($upload); } else { - $quick['ID'] = $post_ID; - wp_update_post($quick); + // Post formats + if ( isset( $_POST['post_format'] ) ) { + if ( current_theme_supports( 'post-formats', $_POST['post_format'] ) ) + set_post_format( $post_ID, $_POST['post_format'] ); + elseif ( '0' == $_POST['post_format'] ) + set_post_format( $post_ID, false ); + } + + $post_ID = wp_update_post($post); } + return $post_ID; } // For submitted posts. -if ( 'post' == $_REQUEST['action'] ) { - check_admin_referer('press-this'); $post_ID = press_it(); ?> - - > - - - <?php _e('Press This') ?> - - - -

| |

- - - - - ID; } -// Ajax Requests -$title = wp_specialchars(aposfix(stripslashes($_GET['t']))); +// Set Variables +$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; + +$selection = ''; +if ( !empty($_GET['s']) ) { + $selection = str_replace(''', "'", wp_unslash($_GET['s'])); + $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); +} -$selection = trim( aposfix( stripslashes($_GET['s']) ) ); if ( ! empty($selection) ) { $selection = preg_replace('/(\r?\n|\r)/', '

', $selection); - $selection = '

'.str_replace('

', '', $selection).'

'; + $selection = '

' . str_replace('

', '', $selection) . '

'; } -$url = clean_url($_GET['u']); -$image = $_GET['i']; - -if($_REQUEST['ajax'] == 'thickbox') { ?> - -

-
- -
- -

- <?php echo attribute_escape(__('Click to insert.')); ?>

+$url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; +$image = isset($_GET['i']) ? $_GET['i'] : ''; + +if ( !empty($_REQUEST['ajax']) ) { + switch ($_REQUEST['ajax']) { + case 'video': ?> + +
+

+
+ +

+
+
+

- + +

+
+
+ +
+
-if($_REQUEST['ajax'] == 'thickbox_url') { ?> - -

-
- -
+

+ ]*)src=(\"|\')([^<>\'\"]+)(\2)([^>]*)\/*>/i'; + $content = str_replace(array("\n","\t","\r"), '', $content); + preg_match_all($pattern, $content, $matches); + if ( empty($matches[0]) ) + return ''; + $sources = array(); + foreach ($matches[3] as $src) { + // if no http in url + if (strpos($src, 'http') === false) + // if it doesn't have a relative uri + if ( strpos($src, '../') === false && strpos($src, './') === false && strpos($src, '/') === 0) + $src = 'http://'.str_replace('//','/', $host['host'].'/'.$src); + else + $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); + $sources[] = esc_url($src); + } + return "'" . implode("','", $sources) . "'"; + } + $url = wp_kses(urldecode($url), null); + echo 'new Array('.get_images_from_uri($url).')'; + break; + + case 'photo_js': ?> + // gather images and load some default JS + var last = null + var img, img_tag, aspect, w, h, skip, i, strtoappend = ""; + if(photostorage == false) { + var my_src = eval( + jQuery.ajax({ + type: "GET", + url: "", + cache : false, + async : false, + data: "ajax=photo_images&u=", + dataType : "script" + }).responseText + ); + if(my_src.length == 0) { + var my_src = eval( + jQuery.ajax({ + type: "GET", + url: "", + cache : false, + async : false, + data: "ajax=photo_images&u=", + dataType : "script" + }).responseText + ); + if(my_src.length == 0) { + strtoappend = ''; + } + } + } + for (i = 0; i < my_src.length; i++) { + img = new Image(); + img.src = my_src[i]; + img_attr = 'id="img' + i + '"'; + skip = false; + maybeappend = ''; -

-
- -
+ if (img.width && img.height) { + if (img.width >= 30 && img.height >= 30) { + aspect = img.width / img.height; + scale = (aspect > 1) ? (71 / img.width) : (71 / img.height); -

|

- -

-
- -
-]*)src=(\"|\')([^<>]+?\.(png|jpeg|jpg|jpe|gif))[^<>\'\"]*(\2)([^>\/]*)\/*>/is'; - preg_match_all($pattern, $content, $matches); - - if ( empty($matches[1]) ) return ''; - - $sources = array(); - foreach ($matches[3] as $src) { - // if no http in url - if(strpos($src, 'http') === false) - // if it doesn't have a relative uri - if( strpos($src, '../') === false && strpos($src, './') === false && strpos($src, '/') === true) - $src = 'http://'.str_replace('//','/', $host['host'].'/'.$src); - else - $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); - - $sources[] = clean_url($src); + function pick(img, desc) { + if (img) { + if('object' == typeof jQuery('.photolist input') && jQuery('.photolist input').length != 0) length = jQuery('.photolist input').length; + if(length == 0) length = 1; + jQuery('.photolist').append(''); + jQuery('.photolist').append(''); + insert_editor( "\n\n" + encodeURI('

' + desc + '

')); + } + return false; } - return "'" . implode("','", $sources) . "'"; - } - $url = urldecode($url); - $url = str_replace(' ', '%20', $url); - echo 'new Array('.get_images_from_uri($url).')'; -die; -} + function image_selector(el) { + var desc, src, parent = jQuery(el).closest('#photo-add-url-div'); -if($_REQUEST['ajax'] == 'photo_js') { ?> - // gather images and load some default JS - var last = null - var img, img_tag, aspect, w, h, skip, i, strtoappend = ""; - var my_src = eval( - jQuery.ajax({ - type: "GET", - url: "", - cache : false, - async : false, - data: "ajax=photo_images&u=", - dataType : "script" - }).responseText - ); - - for (i = 0; i < my_src.length; i++) { - img = new Image(); - img.src = my_src[i]; - img_attr = 'id="img' + i + '"'; - skip = false; - if (img.width && img.height) { - if (img.width * img.height < 2500) - skip = true; - aspect = img.width / img.height; - scale = (aspect > 1) ? (75 / img.width) : (75 / img.height); - - w = img.width; - h = img.height; - - if (scale < 1) { - w = parseInt(img.width * scale); - h = parseInt(img.height * scale); + if ( parent.length ) { + desc = parent.find('input.tb_this_photo_description').val() || ''; + src = parent.find('input.tb_this_photo').val() || '' + } else { + desc = jQuery('#tb_this_photo_description').val() || ''; + src = jQuery('#tb_this_photo').val() || '' } - img_attr += ' style="width: ' + w + 'px; height: ' + h + 'px;"'; - } - if (!skip) strtoappend += ''; - } - function pick(img, desc) { - if (img) { - if('object' == typeof jQuery('.photolist input') && jQuery('.photolist input').length != 0) length = jQuery('.photolist input').length; - if(length == 0) length = 1; - jQuery('.photolist').append(''); - jQuery('.photolist').append(''); - append_editor("\n\n" + '

' + desc + '

'); + tb_remove(); + pick(src, desc); + jQuery('#extra-fields').hide(); + jQuery('#extra-fields').html(''); + return false; } - tinyMCE.activeEditor.resizeToContent(); - return false; - } - - function image_selector() { - tb_remove(); - desc = jQuery('#this_photo_description').val(); - src = jQuery('#this_photo').val(); - pick(src, desc); - return false; - } - jQuery(document).ready(function() { - jQuery('#extra_fields').html('
+
'); + jQuery('#extra-fields').html('

()

'); jQuery('#img_container').html(strtoappend); - jQuery('#photo_add_url').attr('href', '?ajax=thickbox_url&height=200&width=500'); - tb_init('a.thickbox, area.thickbox, input.thickbox'); - }); - - - - - - > - - - <?php _e('Press This') ?> - - +<?php _e('Press This') ?> + - do_action('admin_print_styles'); - do_action('admin_print_scripts'); - do_action('admin_head'); + - - + + +
+
+
+
+ + + + + + + + +
+ +
+

+

+
+

+ 'save' ) ); + if ( current_user_can('publish_posts') ) { + submit_button( __( 'Publish' ), 'primary', 'publish', false ); + } else { + echo '

'; + submit_button( __( 'Submit for Review' ), 'primary', 'review', false ); + } ?> + +

+ +

+ +

+ +
+
- + +
+

+

+
+
- - - -
-

-
- -
+ - + + +
+
    + 'category', 'popular_cats' => $popular_ids ) ) ?> +
+
+ + cap->assign_terms) ) : ?> +

+ + cap->edit_terms) ) : ?> +
+

+ + labels->add_new_item ); ?> + +

+

+ + + + 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —' ) ); ?> + + + +

+
+ +
+
+
-
-

-
- +
+

+

+
+
+
+ + +
+ + +
+
+
+
+

+
+
+ + -
-
-
-
-

-
-
    - -
-
- -

-

-
+ +
+

+ + | + |

+ -

- - - -

+
+
+ +
+
+ + + + + +
+ true, + 'textarea_rows' => '15' + ); + + $content = ''; + if ( $selection ) + $content .= $selection; + + if ( $url ) { + $content .= '

'; + + if ( $selection ) + $content .= __('via '); + + $content .= sprintf( "%s.

", esc_url( $url ), esc_html( $title ) ); + } + + remove_action( 'media_buttons', 'media_buttons' ); + add_action( 'media_buttons', 'press_this_media_buttons' ); + function press_this_media_buttons() { + _e( 'Add:' ); + + if ( current_user_can('upload_files') ) { + ?> + + <?php esc_attr_e('Insert an Image'); ?> + + <?php esc_attr_e('Embed a Video'); ?> +
+
+ + + - \ No newline at end of file +