X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/f6364df6999f38896cc58171ec4a503f4f2dedcf..38ac4bc40322ecdc4052db4263466573e01fa51f:/wp-admin/press-this.php diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index e2b3f334..5b405cc0 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -9,638 +9,13 @@ define('IFRAME_REQUEST' , true); /** WordPress Administration Bootstrap */ -require_once('./admin.php'); +require_once( dirname( __FILE__ ) . '/admin.php' ); -header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); +if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) + wp_die( __( 'Cheatin’ uh?' ), 403 ); -if ( ! current_user_can('edit_posts') ) - wp_die( __( 'Cheatin’ uh?' ) ); - -/** - * Press It form handler. - * - * @package WordPress - * @subpackage Press_This - * @since 2.6.0 - * - * @return int Post ID - */ -function press_it() { - // define some basic variables - $quick = array(); - $quick['post_status'] = 'draft'; // set as draft first - $quick['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : null; - $quick['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : null; - $quick['post_title'] = ( trim($_POST['title']) != '' ) ? $_POST['title'] : ' '; - $quick['post_content'] = isset($_POST['post_content']) ? $_POST['post_content'] : ''; - - // insert the post with nothing in it, to get an ID - $post_ID = wp_insert_post($quick, true); - if ( is_wp_error($post_ID) ) - wp_die($post_ID); - - $content = isset($_POST['content']) ? $_POST['content'] : ''; - - $upload = false; - if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { - foreach( (array) $_POST['photo_src'] as $key => $image) { - // see if files exist in content - we don't want to upload non-used selected files. - if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { - $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; - $upload = media_sideload_image($image, $post_ID, $desc); - - // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes - if ( !is_wp_error($upload) ) - $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); - } - } - } - // set the post_content and status - if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) - $quick['post_status'] = 'publish'; - elseif ( isset( $_POST['review'] ) ) - $quick['post_status'] = 'pending'; - else - $quick['post_status'] = 'draft'; - $quick['post_content'] = $content; - // error handling for media_sideload - if ( is_wp_error($upload) ) { - wp_delete_post($post_ID); - wp_die($upload); - } else { - // Post formats - if ( current_theme_supports( 'post-formats' ) && isset( $_POST['post_format'] ) ) { - $post_formats = get_theme_support( 'post-formats' ); - if ( is_array( $post_formats ) ) { - $post_formats = $post_formats[0]; - if ( in_array( $_POST['post_format'], $post_formats ) ) - set_post_format( $post_ID, $_POST['post_format'] ); - elseif ( '0' == $_POST['post_format'] ) - set_post_format( $post_ID, false ); - } - } - - $quick['ID'] = $post_ID; - wp_update_post($quick); - } - return $post_ID; -} - -// For submitted posts. -if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { - check_admin_referer('press-this'); - $post_ID = press_it(); - $posted = $post_ID; -} else { - $post_ID = 0; -} - -// Set Variables -$title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( stripslashes( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; - -$selection = ''; -if ( !empty($_GET['s']) ) { - $selection = str_replace(''', "'", stripslashes($_GET['s'])); - $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); -} - -if ( ! empty($selection) ) { - $selection = preg_replace('/(\r?\n|\r)/', '
', $selection); - $selection = '
' . str_replace('
', '', $selection) . ''; -} - -$url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; -$image = isset($_GET['i']) ? $_GET['i'] : ''; - -if ( !empty($_REQUEST['ajax']) ) { - switch ($_REQUEST['ajax']) { - case 'video': ?> - - - - - -- - - - -
- - - - - -