X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/e08b42e8ad054ec67522d7ac1aaae5dc68cb3d01..888fa4ed68091f3314f711c5f6fe75858bf5410b:/wp-admin/includes/ajax-actions.php diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 02a0a4e0..ed78e3c0 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -197,16 +197,27 @@ function wp_ajax_autocomplete_user() { $return = array(); // Check the type of request - if ( isset( $_REQUEST['autocomplete_type'] ) ) + // Current allowed values are `add` and `search` + if ( isset( $_REQUEST['autocomplete_type'] ) && 'search' === $_REQUEST['autocomplete_type'] ) { $type = $_REQUEST['autocomplete_type']; - else + } else { $type = 'add'; + } + + // Check the desired field for value + // Current allowed values are `user_email` and `user_login` + if ( isset( $_REQUEST['autocomplete_field'] ) && 'user_email' === $_REQUEST['autocomplete_field'] ) { + $field = $_REQUEST['autocomplete_field']; + } else { + $field = 'user_login'; + } // Exclude current users of this blog - if ( isset( $_REQUEST['site_id'] ) ) + if ( isset( $_REQUEST['site_id'] ) ) { $id = absint( $_REQUEST['site_id'] ); - else + } else { $id = get_current_blog_id(); + } $include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() ); $exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() ); @@ -223,7 +234,7 @@ function wp_ajax_autocomplete_user() { $return[] = array( /* translators: 1: user_login, 2: user_email */ 'label' => sprintf( __( '%1$s (%2$s)' ), $user->user_login, $user->user_email ), - 'value' => $user->user_login, + 'value' => $user->$field, ); } @@ -259,7 +270,7 @@ function wp_ajax_logged_in() { * * Contrary to normal success AJAX response ("1"), die with time() on success. * - * @since 2.7 + * @since 2.7.0 * * @param int $comment_id * @return die @@ -1089,68 +1100,6 @@ function wp_ajax_add_user( $action ) { $x->send(); } -function wp_ajax_autosave() { - define( 'DOING_AUTOSAVE', true ); - - check_ajax_referer( 'autosave', 'autosavenonce' ); - - if ( ! empty( $_POST['catslist'] ) ) - $_POST['post_category'] = explode( ',', $_POST['catslist'] ); - if ( $_POST['post_type'] == 'page' || empty( $_POST['post_category'] ) ) - unset( $_POST['post_category'] ); - - $data = ''; - $supplemental = array(); - $id = $revision_id = 0; - - $post_id = (int) $_POST['post_id']; - $_POST['ID'] = $_POST['post_ID'] = $post_id; - $post = get_post( $post_id ); - if ( empty( $post->ID ) || ! current_user_can( 'edit_post', $post->ID ) ) - wp_die( __( 'You are not allowed to edit this post.' ) ); - - if ( 'page' == $post->post_type && ! current_user_can( 'edit_page', $post->ID ) ) - wp_die( __( 'You are not allowed to edit this page.' ) ); - - if ( 'auto-draft' == $post->post_status ) - $_POST['post_status'] = 'draft'; - - if ( ! empty( $_POST['autosave'] ) ) { - if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() == $post->post_author && ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) ) { - // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked - $id = edit_post(); - } else { - // Non drafts or other users drafts are not overwritten. The autosave is stored in a special post revision for each user. - $revision_id = wp_create_post_autosave( $post->ID ); - if ( is_wp_error($revision_id) ) - $id = $revision_id; - else - $id = $post->ID; - } - - if ( ! is_wp_error($id) ) { - /* translators: draft saved date format, see http://php.net/date */ - $draft_saved_date_format = __('g:i:s a'); - /* translators: %s: date and time */ - $data = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); - } - } else { - if ( ! empty( $_POST['auto_draft'] ) ) - $id = 0; // This tells us it didn't actually save - else - $id = $post->ID; - } - - // @todo Consider exposing any errors, rather than having 'Saving draft...' - $x = new WP_Ajax_Response( array( - 'what' => 'autosave', - 'id' => $id, - 'data' => $data, - 'supplemental' => $supplemental - ) ); - $x->send(); -} - function wp_ajax_closed_postboxes() { check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array(); @@ -1230,7 +1179,8 @@ function wp_ajax_menu_get_metabox() { * * @since 3.0.0 * - * @param object $menus_meta_box_object A nav menu meta box object, such as Page, Post, Category, Tag, etc. + * @param object $menus_meta_box_object A nav menu meta box object, such as Page, + * Post, Category, Tag, etc. */ $item = apply_filters( 'nav_menu_meta_box_object', $menus_meta_box_object ); ob_start(); @@ -1480,9 +1430,11 @@ function wp_ajax_find_posts() { if ( ! $posts ) wp_die( __('No items found.') ); - $html = ''; + $html = '

'.__('Title').''.__('Type').''.__('Date').''.__('Status').'
'; + $alt = ''; foreach ( $posts as $post ) { $title = trim( $post->post_title ) ? $post->post_title : __( '(no title)' ); + $alt = ( 'alternate' == $alt ) ? '' : 'alternate'; switch ( $post->post_status ) { case 'publish' : @@ -1507,17 +1459,13 @@ function wp_ajax_find_posts() { $time = mysql2date(__('Y/m/d'), $post->post_date); } - $html .= ''; + $html .= ''; $html .= '' . "\n\n"; } $html .= '

'.__('Title').''.__('Type').''.__('Date').''.__('Status').'
' . esc_html( $post_types[$post->post_type]->labels->singular_name ) . ''.esc_html( $time ) . '' . esc_html( $stat ). '
'; - $x = new WP_Ajax_Response(); - $x->add( array( - 'data' => $html - )); - $x->send(); + wp_send_json_success( $html ); } function wp_ajax_widgets_order() { @@ -1575,11 +1523,7 @@ function wp_ajax_save_widget() { */ do_action( 'widgets.php' ); - /** - * Fires early when editing the widgets displayed in sidebars. - * - * @since 2.2.0 - */ + /** This action is documented in wp-admin/widgets.php */ do_action( 'sidebar_admin_setup' ); $id_base = $_POST['id_base']; @@ -1639,6 +1583,11 @@ function wp_ajax_save_widget() { wp_die(); } +function wp_ajax_update_widget() { + global $wp_customize; + $wp_customize->widgets->wp_ajax_update_widget(); +} + function wp_ajax_upload_attachment() { check_ajax_referer( 'media-form' ); @@ -1763,11 +1712,11 @@ function wp_ajax_set_post_thumbnail() { } function wp_ajax_date_format() { - wp_die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) ); + wp_die( date_i18n( sanitize_option( 'date_format', wp_unslash( $_POST['date'] ) ) ) ); } function wp_ajax_time_format() { - wp_die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) ); + wp_die( date_i18n( sanitize_option( 'time_format', wp_unslash( $_POST['date'] ) ) ) ); } function wp_ajax_wp_fullscreen_save_post() { @@ -1787,16 +1736,8 @@ function wp_ajax_wp_fullscreen_save_post() { $post_id = edit_post(); - if ( is_wp_error($post_id) ) { - if ( $post_id->get_error_message() ) - $message = $post_id->get_error_message(); - else - $message = __('Save failed'); - - echo json_encode( array( 'message' => $message, 'last_edited' => '' ) ); - wp_die(); - } else { - $message = __('Saved.'); + if ( is_wp_error( $post_id ) ) { + wp_send_json_error(); } if ( $post ) { @@ -1807,15 +1748,14 @@ function wp_ajax_wp_fullscreen_save_post() { $last_time = date_i18n( get_option('time_format') ); } - if ( $last_id = get_post_meta($post_id, '_edit_last', true) ) { - $last_user = get_userdata($last_id); + if ( $last_id = get_post_meta( $post_id, '_edit_last', true ) ) { + $last_user = get_userdata( $last_id ); $last_edited = sprintf( __('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time ); } else { $last_edited = sprintf( __('Last edited on %1$s at %2$s'), $last_date, $last_time ); } - echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) ); - wp_die(); + wp_send_json_success( array( 'last_edited' => $last_edited ) ); } function wp_ajax_wp_remove_post_lock() { @@ -1839,9 +1779,10 @@ function wp_ajax_wp_remove_post_lock() { * * @since 3.3.0 * - * @param int $interval The interval in seconds the post lock duration should last, plus 5 seconds. Default 120. + * @param int $interval The interval in seconds the post lock duration + * should last, plus 5 seconds. Default 150. */ - $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', 120 ) + 5 ) . ':' . $active_lock[1]; + $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', 150 ) + 5 ) . ':' . $active_lock[1]; update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); wp_die( 1 ); } @@ -1913,11 +1854,14 @@ function wp_ajax_query_attachments() { $query['post_status'] .= ',private'; /** - * Filter the arguments passed to WP_Query during an AJAX call for querying attachments. + * Filter the arguments passed to WP_Query during an AJAX + * call for querying attachments. * * @since 3.7.0 * - * @param array $query An array of query variables. @see WP_Query::parse_query() + * @see WP_Query::parse_query() + * + * @param array $query An array of query variables. */ $query = apply_filters( 'ajax_query_attachments_args', $query ); $query = new WP_Query( $query ); @@ -2172,7 +2116,7 @@ function wp_ajax_heartbeat() { $screen_id = 'front'; if ( ! empty($_POST['data']) ) { - $data = (array) $_POST['data']; + $data = wp_unslash( (array) $_POST['data'] ); /** * Filter the Heartbeat response received. @@ -2260,3 +2204,48 @@ function wp_ajax_save_user_color_scheme() { update_user_meta( get_current_user_id(), 'admin_color', $color_scheme ); wp_send_json_success(); } + +/** + * Get themes from themes_api(). + * + * @since 3.9.0 + */ +function wp_ajax_query_themes() { + global $themes_allowedtags, $theme_field_defaults; + + if ( ! current_user_can( 'install_themes' ) ) { + wp_send_json_error(); + } + + $args = wp_parse_args( wp_unslash( $_REQUEST['request'] ), array( + 'per_page' => 20, + 'fields' => $theme_field_defaults + ) ); + + $old_filter = isset( $args['browse'] ) ? $args['browse'] : 'search'; + + /** This filter is documented in wp-admin/includes/class-wp-theme-install-list-table.php */ + $args = apply_filters( 'install_themes_table_api_args_' . $old_filter, $args ); + + $api = themes_api( 'query_themes', $args ); + + if ( is_wp_error( $api ) ) { + wp_send_json_error(); + } + + $update_php = network_admin_url( 'update.php?action=install-theme' ); + foreach ( $api->themes as &$theme ) { + $theme->install_url = add_query_arg( array( + 'theme' => $theme->slug, + '_wpnonce' => wp_create_nonce( 'install-theme_' . $theme->slug ) + ), $update_php ); + + $theme->name = wp_kses( $theme->name, $themes_allowedtags ); + $theme->author = wp_kses( $theme->author, $themes_allowedtags ); + $theme->version = wp_kses( $theme->version, $themes_allowedtags ); + $theme->description = wp_kses( $theme->description, $themes_allowedtags ); + $theme->num_ratings = sprintf( _n( '(based on %s rating)', '(based on %s ratings)', $theme->num_ratings ), number_format_i18n( $theme->num_ratings ) ); + } + + wp_send_json_success( $api ); +}