X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/d3b1ea255664edd2deef17f900a655613d20820d..e9d988989fe37ab8c5f903e47fbe36e6e00dc51f:/wp-admin/press-this.php diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index c6632b51..1f7b418e 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -6,30 +6,16 @@ * @subpackage Press_This */ +define('IFRAME_REQUEST' , true); + /** WordPress Administration Bootstrap */ -require_once('admin.php'); +require_once('./admin.php'); + header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); if ( ! current_user_can('edit_posts') ) wp_die( __( 'Cheatin’ uh?' ) ); -/** - * Convert characters. - * - * @package WordPress - * @subpackage Press_This - * @since 2.6.0 - * - * @param string $text - * @return string - */ -function aposfix($text) { - $translation_table[chr(34)] = '"'; - $translation_table[chr(38)] = '&'; - $translation_table[chr(39)] = '''; - return preg_replace("/&(?![A-Za-z]{0,4}\w{2,3};|#[0-9]{2,3};)/","&" , strtr($text, $translation_table)); -} - /** * Press It form handler. * @@ -41,40 +27,59 @@ function aposfix($text) { */ function press_it() { // define some basic variables + $quick = array(); $quick['post_status'] = 'draft'; // set as draft first - $quick['post_category'] = isset($_REQUEST['post_category']) ? $_REQUEST['post_category'] : null; - $quick['tax_input'] = isset($_REQUEST['tax_input']) ? $_REQUEST['tax_input'] : ''; - $quick['post_title'] = isset($_REQUEST['title']) ? $_REQUEST['title'] : ''; - $quick['post_content'] = ''; + $quick['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : null; + $quick['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : null; + $quick['post_title'] = ( trim($_POST['title']) != '' ) ? $_POST['title'] : ' '; + $quick['post_content'] = isset($_POST['post_content']) ? $_POST['post_content'] : ''; // insert the post with nothing in it, to get an ID $post_ID = wp_insert_post($quick, true); - $content = isset($_REQUEST['content']) ? $_REQUEST['content'] : ''; + if ( is_wp_error($post_ID) ) + wp_die($post_ID); + + $content = isset($_POST['content']) ? $_POST['content'] : ''; $upload = false; - if( !empty($_REQUEST['photo_src']) && current_user_can('upload_files') ) - foreach( (array) $_REQUEST['photo_src'] as $key => $image) + if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { + foreach( (array) $_POST['photo_src'] as $key => $image) { // see if files exist in content - we don't want to upload non-used selected files. - if( strpos($_REQUEST['content'], $image) !== false ) { - $desc = isset($_REQUEST['photo_description'][$key]) ? $_REQUEST['photo_description'][$key] : ''; + if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { + $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; $upload = media_sideload_image($image, $post_ID, $desc); // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes - if( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote($image, '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); + if ( !is_wp_error($upload) ) + $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); } - + } + } // set the post_content and status - $quick['post_status'] = isset($_REQUEST['publish']) ? 'publish' : 'draft'; + if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) + $quick['post_status'] = 'publish'; + elseif ( isset( $_POST['review'] ) ) + $quick['post_status'] = 'pending'; + else + $quick['post_status'] = 'draft'; $quick['post_content'] = $content; - // error handling for $post - if ( is_wp_error($post_ID)) { - wp_die($id); - wp_delete_post($post_ID); // error handling for media_sideload - } elseif ( is_wp_error($upload)) { - wp_die($upload); + if ( is_wp_error($upload) ) { wp_delete_post($post_ID); + wp_die($upload); } else { + // Post formats + if ( current_theme_supports( 'post-formats' ) && isset( $_POST['post_format'] ) ) { + $post_formats = get_theme_support( 'post-formats' ); + if ( is_array( $post_formats ) ) { + $post_formats = $post_formats[0]; + if ( in_array( $_POST['post_format'], $post_formats ) ) + set_post_format( $post_ID, $_POST['post_format'] ); + elseif ( '0' == $_POST['post_format'] ) + set_post_format( $post_ID, false ); + } + } + $quick['ID'] = $post_ID; wp_update_post($quick); } @@ -91,89 +96,102 @@ if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { } // Set Variables -$title = isset($_GET['t']) ? esc_html(aposfix(stripslashes($_GET['t']))) : ''; -$selection = isset($_GET['s']) ? trim( aposfix( stripslashes($_GET['s']) ) ) : ''; +$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; + +$selection = ''; +if ( !empty($_GET['s']) ) { + $selection = str_replace(''', "'", stripslashes($_GET['s'])); + $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); +} + if ( ! empty($selection) ) { $selection = preg_replace('/(\r?\n|\r)/', '

', $selection); - $selection = '

'.str_replace('

', '', $selection).'

'; + $selection = '

' . str_replace('

', '', $selection) . '

'; } + $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; $image = isset($_GET['i']) ? $_GET['i'] : ''; if ( !empty($_REQUEST['ajax']) ) { -switch ($_REQUEST['ajax']) { - case 'video': ?> - -

- -

- - -

- -

- - - + +

+ +

+ - -

- + case 'photo_thickbox': ?> + +

+ +

+ + + + +

+ +

+ + +

+ +

- |

+ ]*)src=(\"|\')([^<>]+?\.(png|jpeg|jpg|jpe|gif))[^<>\'\"]*(\2)([^>\/]*)\/*>/is'; + $pattern = '/]*)src=(\"|\')([^<>\'\"]+)(\2)([^>]*)\/*>/i'; + $content = str_replace(array("\n","\t","\r"), '', $content); preg_match_all($pattern, $content, $matches); if ( empty($matches[0]) ) return ''; $sources = array(); foreach ($matches[3] as $src) { // if no http in url - if(strpos($src, 'http') === false) + if (strpos($src, 'http') === false) // if it doesn't have a relative uri - if( strpos($src, '../') === false && strpos($src, './') === false && strpos($src, '/') === 0) + if ( strpos($src, '../') === false && strpos($src, './') === false && strpos($src, '/') === 0) $src = 'http://'.str_replace('//','/', $host['host'].'/'.$src); else $src = 'http://'.str_replace('//','/', $host['host'].'/'.dirname($host['path']).'/'.$src); @@ -209,42 +229,41 @@ switch ($_REQUEST['ajax']) { } return "'" . implode("','", $sources) . "'"; } - $url = urldecode($url); - $url = str_replace(' ', '%20', $url); + $url = wp_kses(urldecode($url), null); echo 'new Array('.get_images_from_uri($url).')'; - break; case 'photo_js': ?> // gather images and load some default JS var last = null var img, img_tag, aspect, w, h, skip, i, strtoappend = ""; + if(photostorage == false) { + var my_src = eval( + jQuery.ajax({ + type: "GET", + url: "", + cache : false, + async : false, + data: "ajax=photo_images&u=", + dataType : "script" + }).responseText + ); + if(my_src.length == 0) { var my_src = eval( jQuery.ajax({ - type: "GET", - url: "", + type: "GET", + url: "", cache : false, async : false, - data: "ajax=photo_images&u=", + data: "ajax=photo_images&u=", dataType : "script" }).responseText ); if(my_src.length == 0) { - var my_src = eval( - jQuery.ajax({ - type: "GET", - url: "", - cache : false, - async : false, - data: "ajax=photo_images&u=", - dataType : "script" - }).responseText - ); - if(my_src.length == 0) { - strtoappend = ''; - } + strtoappend = ''; } - + } + } for (i = 0; i < my_src.length; i++) { img = new Image(); img.src = my_src[i]; @@ -289,26 +308,12 @@ switch ($_REQUEST['ajax']) { desc = jQuery('#this_photo_description').val(); src = jQuery('#this_photo').val(); pick(src, desc); - jQuery('#extra_fields').hide(); - jQuery('#extra_fields').html(''); + jQuery('#extra-fields').hide(); + jQuery('#extra-fields').html(''); return false; } - - jQuery(document).ready(function() { - jQuery('#extra_fields').html('

Photo ()

'); - jQuery('.close').click(function() { - jQuery('#extra_fields').hide(); - jQuery('#extra_fields').html(''); - }); - jQuery('.refresh').click(function() { - show('photo'); - }); + jQuery('#extra-fields').html('

Add Photos ()

'); jQuery('#img_container').html(strtoappend); - jQuery('#photo_add_url').attr('href', '?ajax=photo_thickbox_url&height=200&width=500'); - tb_init('#extra_fields .thickbox'); - - - }); @@ -343,8 +349,8 @@ var ajaxurl = ''; do_action('admin_head'); if ( user_can_richedit() ) { - add_filter( 'teeny_mce_before_init', create_function( '$a', '$a["height"] = "400"; $a["onpageload"] = ""; $a["mode"] = "textareas"; $a["editor_selector"] = "mceEditor"; return $a;' ) ); - wp_tiny_mce( true ); + wp_tiny_mce( true, array( 'height' => '370' ) ); + add_action( 'admin_print_footer_scripts', 'wp_tiny_mce_preload_dialogs', 30 ); } ?> - +

›

@@ -454,54 +486,101 @@ var ajaxurl = '';

- - - - -

- - + 'save' ) ); + if ( current_user_can('publish_posts') ) { + submit_button( __( 'Publish' ), 'primary', 'publish', false ); + } else { + echo '

'; + submit_button( __( 'Submit for Review' ), 'primary', 'review', false ); + } ?> + +

+ +

labels->all_items; ?>

- -

- - : 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category'), 'tab_index' => 3 ) ); ?> - - - -

+ 'category', 'popular_cats' => $popular_ids ) ) ?> +

+ + cap->assign_terms) ) : ?> +

+ + cap->edit_terms) ) : ?> +

+ + labels->add_new_item ); ?> + +

+ labels->add_new_item; ?> + + + labels->parent_item_colon; ?> + + 'category', 'hide_empty' => 0, 'name' => 'newcategory_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —', 'tab_index' => 3 ) ); ?> + + + +

+ +

+
+

- - +

+ - +

@@ -510,10 +589,9 @@ var ajaxurl = '';

| |

@@ -522,20 +600,20 @@ var ajaxurl = '';

- +

Add: - +
- +
@@ -547,10 +625,16 @@ var ajaxurl = '';

- +