X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/fa11948979fd6a4ea5705dc613b239699a459db3..849f15aeed7a5e39314057bdc0064d8edd60dd7d:/wp-admin/post.php diff --git a/wp-admin/post.php b/wp-admin/post.php index b832004f..805c46e6 100644 --- a/wp-admin/post.php +++ b/wp-admin/post.php @@ -66,12 +66,18 @@ function redirect_post($post_id = '') { $location = add_query_arg( 'message', 3, wp_get_referer() ); $location = explode('#', $location); $location = $location[0] . '#postcustom'; - } elseif ( 'post-quickpress-save-cont' == $_POST['action'] ) { - $location = "post.php?action=edit&post=$post_id&message=7"; } else { $location = add_query_arg( 'message', 4, get_edit_post_link( $post_id, 'url' ) ); } + /** + * Filter the post redirect destination URL. + * + * @since 2.9.0 + * + * @param string $location The destination URL. + * @param int $post_id The post ID. + */ wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) ); exit; } @@ -96,34 +102,39 @@ if ( ! $sendback || } switch($action) { -case 'postajaxpost': -case 'post': -case 'post-quickpress-publish': -case 'post-quickpress-save': - check_admin_referer('add-' . $post_type); +case 'post-quickdraft-save': + // Check nonce and capabilities + $nonce = $_REQUEST['_wpnonce']; + $error_msg = false; - if ( 'post-quickpress-publish' == $action ) - $_POST['publish'] = 'publish'; // tell write_post() to publish + // For output of the quickdraft dashboard widget + require_once ABSPATH . 'wp-admin/includes/dashboard.php'; - if ( 'post-quickpress-publish' == $action || 'post-quickpress-save' == $action ) { - $_POST['comment_status'] = get_option('default_comment_status'); - $_POST['ping_status'] = get_option('default_ping_status'); - $post_id = edit_post(); - } else { - $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); - } + if ( ! wp_verify_nonce( $nonce, 'add-post' ) ) + $error_msg = __( 'Unable to submit this form, please refresh and try again.' ); - if ( 0 === strpos( $action, 'post-quickpress' ) ) { - $_POST['post_ID'] = $post_id; - // output the quickpress dashboard widget - require_once(ABSPATH . 'wp-admin/includes/dashboard.php'); - wp_dashboard_quick_press(); - exit; - } + if ( ! current_user_can( 'edit_posts' ) ) + $error_msg = __( 'Oops, you don’t have access to add new drafts.' ); + + if ( $error_msg ) + return wp_dashboard_quick_press( $error_msg ); + + $post = get_post( $_REQUEST['post_ID'] ); + check_admin_referer( 'add-' . $post->post_type ); + + $_POST['comment_status'] = get_option( 'default_comment_status' ); + $_POST['ping_status'] = get_option( 'default_ping_status' ); + + edit_post(); + wp_dashboard_quick_press(); + exit; - redirect_post($post_id); +case 'postajaxpost': +case 'post': + check_admin_referer( 'add-' . $post_type ); + $post_id = 'postajaxpost' == $action ? edit_post() : write_post(); + redirect_post( $post_id ); exit(); - break; case 'edit': $editing = true; @@ -218,13 +229,13 @@ case 'editpost': $post_id = edit_post(); // Session cookie flag that the post was saved - if ( isset( $_COOKIE['wp-saving-post-' . $post_id] ) ) - setcookie( 'wp-saving-post-' . $post_id, 'saved' ); + if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) { + setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS ); + } redirect_post($post_id); // Send user on their way while we keep working exit(); - break; case 'trash': check_admin_referer('trash-post_' . $post_id); @@ -248,7 +259,6 @@ case 'trash': wp_redirect( add_query_arg( array('trashed' => 1, 'ids' => $post_id), $sendback ) ); exit(); - break; case 'untrash': check_admin_referer('untrash-post_' . $post_id); @@ -267,7 +277,6 @@ case 'untrash': wp_redirect( add_query_arg('untrashed', 1, $sendback) ); exit(); - break; case 'delete': check_admin_referer('delete-post_' . $post_id); @@ -293,20 +302,17 @@ case 'delete': wp_redirect( add_query_arg('deleted', 1, $sendback) ); exit(); - break; case 'preview': - check_admin_referer( 'autosave', 'autosavenonce' ); + check_admin_referer( 'update-post_' . $post_id ); $url = post_preview(); wp_redirect($url); exit(); - break; default: wp_redirect( admin_url('edit.php') ); exit(); - break; } // end switch include( ABSPATH . 'wp-admin/admin-footer.php' );