X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9c40b4d36daed9e28e48a5fe9205c32557195a4b..c81aba3d563f7459dc79140e4c5be67bcf506b92:/wp-admin/press-this.php?ds=inline diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index c6632b51..62da1d3b 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -6,557 +6,24 @@ * @subpackage Press_This */ -/** WordPress Administration Bootstrap */ -require_once('admin.php'); -header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); - -if ( ! current_user_can('edit_posts') ) - wp_die( __( 'Cheatin’ uh?' ) ); +define('IFRAME_REQUEST' , true); -/** - * Convert characters. - * - * @package WordPress - * @subpackage Press_This - * @since 2.6.0 - * - * @param string $text - * @return string - */ -function aposfix($text) { - $translation_table[chr(34)] = '"'; - $translation_table[chr(38)] = '&'; - $translation_table[chr(39)] = '''; - return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table)); +/** WordPress Administration Bootstrap */ +require_once( dirname( __FILE__ ) . '/admin.php' ); + +if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) { + wp_die( + '
' . __( 'You are not allowed to create posts as this user.' ) . '
', + 403 + ); } /** - * Press It form handler. - * - * @package WordPress - * @subpackage Press_This - * @since 2.6.0 - * - * @return int Post ID + * @global WP_Press_This $wp_press_this */ -function press_it() { - // define some basic variables - $quick['post_status'] = 'draft'; // set as draft first - $quick['post_category'] = isset($_REQUEST['post_category']) ? $_REQUEST['post_category'] : null; - $quick['tax_input'] = isset($_REQUEST['tax_input']) ? $_REQUEST['tax_input'] : ''; - $quick['post_title'] = isset($_REQUEST['title']) ? $_REQUEST['title'] : ''; - $quick['post_content'] = ''; - - // insert the post with nothing in it, to get an ID - $post_ID = wp_insert_post($quick, true); - $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : ''; - - $upload = false; - if( !empty($_REQUEST['photo_src']) && current_user_can('upload_files') ) - foreach( (array) $_REQUEST['photo_src'] as $key => $image) - // see if files exist in content - we don't want to upload non-used selected files. - if( strpos($_REQUEST['content'], $image) !== false ) { - $desc = isset($_REQUEST['photo_description'][$key]) ? $_REQUEST['photo_description'][$key] : ''; - $upload = media_sideload_image($image, $post_ID, $desc); - - // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote($image, '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); - } - - // set the post_content and status - $quick['post_status'] = isset($_REQUEST['publish']) ? 'publish' : 'draft'; - $quick['post_content'] = $content; - // error handling for $post - if ( is_wp_error($post_ID)) { - wp_die($id); - wp_delete_post($post_ID); - // error handling for media_sideload - } elseif ( is_wp_error($upload)) { - wp_die($upload); - wp_delete_post($post_ID); - } else { - $quick['ID'] = $post_ID; - wp_update_post($quick); - } - return $post_ID; +if ( empty( $GLOBALS['wp_press_this'] ) ) { + include( ABSPATH . 'wp-admin/includes/class-wp-press-this.php' ); } -// For submitted posts. -if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { - check_admin_referer('press-this'); - $post_ID = press_it(); - $posted = $post_ID; -} else { - $post_ID = 0; -} - -// Set Variables -$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : ''; -$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; -if ( ! empty($selection) ) { - $selection = preg_replace('/(\r?\n|\r)/', '', $selection); - $selection = '
'.str_replace('
', '', $selection).''; -} -$url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; -$image = isset($_GET['i']) ? $_GET['i'] : ''; - -if ( !empty($_REQUEST['ajax']) ) { -switch ($_REQUEST['ajax']) { - case 'video': ?> - - - - - -