3 // Update an existing post with values provided in $_POST.
7 $post_ID = (int) $_POST['post_ID'];
9 if ( 'page' == $_POST['post_type'] ) {
10 if ( !current_user_can( 'edit_page', $post_ID ) )
11 wp_die( __('You are not allowed to edit this page.' ));
13 if ( !current_user_can( 'edit_post', $post_ID ) )
14 wp_die( __('You are not allowed to edit this post.' ));
17 // Autosave shouldn't save too soon after a real save
18 if ( 'autosave' == $_POST['action'] ) {
19 $post =& get_post( $post_ID );
21 $then = strtotime($post->post_date_gmt . ' +0000');
22 // Keep autosave_interval in sync with autosave-js.php.
23 $delta = apply_filters( 'autosave_interval', 120 ) / 2;
24 if ( ($now - $then) < $delta )
29 $_POST['ID'] = (int) $_POST['post_ID'];
30 $_POST['post_content'] = $_POST['content'];
31 $_POST['post_excerpt'] = $_POST['excerpt'];
32 $_POST['post_parent'] = $_POST['parent_id'];
33 $_POST['to_ping'] = $_POST['trackback_url'];
35 if (!empty ( $_POST['post_author_override'] ) ) {
36 $_POST['post_author'] = (int) $_POST['post_author_override'];
38 if (!empty ( $_POST['post_author'] ) ) {
39 $_POST['post_author'] = (int) $_POST['post_author'];
41 $_POST['post_author'] = (int) $_POST['user_ID'];
44 if ( $_POST['post_author'] != $_POST['user_ID'] ) {
45 if ( 'page' == $_POST['post_type'] ) {
46 if ( !current_user_can( 'edit_others_pages' ) )
47 wp_die( __('You are not allowed to edit pages as this user.' ));
49 if ( !current_user_can( 'edit_others_posts' ) )
50 wp_die( __('You are not allowed to edit posts as this user.' ));
55 // What to do based on which button they pressed
56 if ('' != $_POST['saveasdraft'] )
57 $_POST['post_status'] = 'draft';
58 if ('' != $_POST['saveasprivate'] )
59 $_POST['post_status'] = 'private';
60 if ('' != $_POST['publish'] )
61 $_POST['post_status'] = 'publish';
62 if ('' != $_POST['advanced'] )
63 $_POST['post_status'] = 'draft';
65 if ( 'page' == $_POST['post_type'] ) {
66 if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' ))
67 $_POST['post_status'] = 'pending';
69 if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' ))
70 $_POST['post_status'] = 'pending';
73 if (!isset( $_POST['comment_status'] ))
74 $_POST['comment_status'] = 'closed';
76 if (!isset( $_POST['ping_status'] ))
77 $_POST['ping_status'] = 'closed';
79 if (!empty ( $_POST['edit_date'] ) ) {
86 $jj = ($jj > 31 ) ? 31 : $jj;
87 $hh = ($hh > 23 ) ? $hh -24 : $hh;
88 $mn = ($mn > 59 ) ? $mn -60 : $mn;
89 $ss = ($ss > 59 ) ? $ss -60 : $ss;
90 $_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
91 $_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" );
95 if ( $_POST['meta'] ) {
96 foreach ( $_POST['meta'] as $key => $value )
97 update_meta( $key, $value['key'], $value['value'] );
100 if ( $_POST['deletemeta'] ) {
101 foreach ( $_POST['deletemeta'] as $key => $value )
105 add_meta( $post_ID );
107 wp_update_post( $_POST );
109 // Reunite any orphaned attachments with their parent
110 if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
111 $draft_ids = array();
112 if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
113 _relocate_children( $draft_temp_id, $post_ID );
115 // Now that we have an ID we can fix any attachment anchor hrefs
116 _fix_attachment_links( $post_ID );
121 // Default post information to use when populating the "Write Post" form.
122 function get_default_post_to_edit() {
123 if ( !empty( $_REQUEST['post_title'] ) )
124 $post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
125 else if ( !empty( $_REQUEST['popuptitle'] ) ) {
126 $post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
127 $post_title = funky_javascript_fix( $post_title );
132 if ( !empty( $_REQUEST['content'] ) )
133 $post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
134 else if ( !empty( $post_title ) ) {
135 $text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
136 $text = funky_javascript_fix( $text);
137 $popupurl = clean_url($_REQUEST['popupurl']);
138 $post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
141 if ( !empty( $_REQUEST['excerpt'] ) )
142 $post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
146 $post->post_status = 'draft';
147 $post->comment_status = get_option( 'default_comment_status' );
148 $post->ping_status = get_option( 'default_ping_status' );
149 $post->post_pingback = get_option( 'default_pingback_flag' );
150 $post->post_category = get_option( 'default_category' );
151 $post->post_content = apply_filters( 'default_content', $post_content);
152 $post->post_title = apply_filters( 'default_title', $post_title );
153 $post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt);
154 $post->page_template = 'default';
155 $post->post_parent = 0;
156 $post->menu_order = 0;
161 // Get an existing post and format it for editing.
162 function get_post_to_edit( $id ) {
164 $post = get_post( $id, OBJECT, 'edit' );
166 if ( $post->post_type == 'page' )
167 $post->page_template = get_post_meta( $id, '_wp_page_template', true );
172 function post_exists($title, $content = '', $post_date = '') {
175 if (!empty ($post_date))
176 $post_date = "AND post_date = '$post_date'";
179 return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
181 if (!empty ($content))
182 return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
187 // Creates a new post from the "Write Post" form using $_POST information.
188 function wp_write_post() {
191 if ( 'page' == $_POST['post_type'] ) {
192 if ( !current_user_can( 'edit_pages' ) )
193 return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) );
195 if ( !current_user_can( 'edit_posts' ) )
196 return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) );
200 // Check for autosave collisions
202 if ( isset($_POST['temp_ID']) ) {
203 $temp_id = (int) $_POST['temp_ID'];
204 if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
205 $draft_ids = array();
206 foreach ( $draft_ids as $temp => $real )
207 if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then )
208 unset($draft_ids[$temp]);
210 if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write
211 $_POST['post_ID'] = $draft_ids[$temp_id];
212 unset($_POST['temp_ID']);
213 update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
219 $_POST['post_content'] = $_POST['content'];
220 $_POST['post_excerpt'] = $_POST['excerpt'];
221 $_POST['post_parent'] = $_POST['parent_id'];
222 $_POST['to_ping'] = $_POST['trackback_url'];
224 if (!empty ( $_POST['post_author_override'] ) ) {
225 $_POST['post_author'] = (int) $_POST['post_author_override'];
227 if (!empty ( $_POST['post_author'] ) ) {
228 $_POST['post_author'] = (int) $_POST['post_author'];
230 $_POST['post_author'] = (int) $_POST['user_ID'];
235 if ( $_POST['post_author'] != $_POST['user_ID'] ) {
236 if ( 'page' == $_POST['post_type'] ) {
237 if ( !current_user_can( 'edit_others_pages' ) )
238 return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
240 if ( !current_user_can( 'edit_others_posts' ) )
241 return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) );
246 // What to do based on which button they pressed
247 if ('' != $_POST['saveasdraft'] )
248 $_POST['post_status'] = 'draft';
249 if ('' != $_POST['saveasprivate'] )
250 $_POST['post_status'] = 'private';
251 if ('' != $_POST['publish'] )
252 $_POST['post_status'] = 'publish';
253 if ('' != $_POST['advanced'] )
254 $_POST['post_status'] = 'draft';
256 if ( 'page' == $_POST['post_type'] ) {
257 if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) )
258 $_POST['post_status'] = 'pending';
260 if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) )
261 $_POST['post_status'] = 'pending';
264 if (!isset( $_POST['comment_status'] ))
265 $_POST['comment_status'] = 'closed';
267 if (!isset( $_POST['ping_status'] ))
268 $_POST['ping_status'] = 'closed';
270 if (!empty ( $_POST['edit_date'] ) ) {
277 $jj = ($jj > 31 ) ? 31 : $jj;
278 $hh = ($hh > 23 ) ? $hh -24 : $hh;
279 $mn = ($mn > 59 ) ? $mn -60 : $mn;
280 $ss = ($ss > 59 ) ? $ss -60 : $ss;
281 $_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
282 $_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
286 $post_ID = wp_insert_post( $_POST );
287 if ( is_wp_error( $post_ID ) )
290 if ( empty($post_ID) )
293 add_meta( $post_ID );
295 // Reunite any orphaned attachments with their parent
296 if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
297 $draft_ids = array();
298 if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
299 _relocate_children( $draft_temp_id, $post_ID );
300 if ( $temp_id && $temp_id != $draft_temp_id )
301 _relocate_children( $temp_id, $post_ID );
303 // Update autosave collision detection
305 $draft_ids[$temp_id] = $post_ID;
306 update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
309 // Now that we have an ID we can fix any attachment anchor hrefs
310 _fix_attachment_links( $post_ID );
315 function write_post() {
316 $result = wp_write_post();
317 if( is_wp_error( $result ) )
318 wp_die( $result->get_error_message() );
327 function add_meta( $post_ID ) {
329 $post_ID = (int) $post_ID;
331 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
333 $metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
334 $metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
335 $metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
336 $metavalue = $wpdb->escape( $metavalue );
338 if ( ('0' === $metavalue || !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) || !empty ( $metakeyinput) ) ) {
339 // We have a key/value pair. If both the select and the
340 // input for the key have data, the input takes precedence:
342 if ('#NONE#' != $metakeyselect)
343 $metakey = $metakeyselect;
346 $metakey = $metakeyinput; // default
348 if ( in_array($metakey, $protected) )
351 $result = $wpdb->query( "
352 INSERT INTO $wpdb->postmeta
353 (post_id,meta_key,meta_value )
354 VALUES ('$post_ID','$metakey','$metavalue' )
356 return $wpdb->insert_id;
361 function delete_meta( $mid ) {
365 return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
368 // Get a list of previously defined keys
369 function get_meta_keys() {
372 $keys = $wpdb->get_col( "
376 ORDER BY meta_key" );
381 function get_post_meta_by_id( $mid ) {
385 $meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
386 if ( is_serialized_string( $meta->meta_value ) )
387 $meta->meta_value = maybe_unserialize( $meta->meta_value );
391 // Some postmeta stuff
392 function has_meta( $postid ) {
395 return $wpdb->get_results( "
396 SELECT meta_key, meta_value, meta_id, post_id
398 WHERE post_id = '$postid'
399 ORDER BY meta_key,meta_id", ARRAY_A );
403 function update_meta( $mid, $mkey, $mvalue ) {
406 $protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
408 if ( in_array($mkey, $protected) )
411 $mvalue = maybe_serialize( stripslashes( $mvalue ));
412 $mvalue = $wpdb->escape( $mvalue );
414 return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
421 // Replace hrefs of attachment anchors with up-to-date permalinks.
422 function _fix_attachment_links( $post_ID ) {
425 $post = & get_post( $post_ID, ARRAY_A );
427 $search = "#<a[^>]+rel=('|\")[^'\"]*attachment[^>]*>#ie";
429 // See if we have any rel="attachment" links
430 if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) )
434 $search = "#[\s]+rel=(\"|')(.*?)wp-att-(\d+)\\1#i";
435 foreach ( $anchor_matches[0] as $anchor ) {
436 if ( 0 == preg_match( $search, $anchor, $id_matches ) )
439 $id = (int) $id_matches[3];
441 // While we have the attachment ID, let's adopt any orphans.
442 $attachment = & get_post( $id, ARRAY_A );
443 if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) {
444 $attachment['post_parent'] = $post_ID;
445 // Escape data pulled from DB.
446 $attachment = add_magic_quotes( $attachment);
447 wp_update_post( $attachment);
450 $post_search[$i] = $anchor;
451 $post_replace[$i] = preg_replace( "#href=(\"|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor );
455 $post['post_content'] = str_replace( $post_search, $post_replace, $post['post_content'] );
457 // Escape data pulled from DB.
458 $post = add_magic_quotes( $post);
460 return wp_update_post( $post);
463 // Move child posts to a new parent
464 function _relocate_children( $old_ID, $new_ID ) {
466 $old_ID = (int) $old_ID;
467 $new_ID = (int) $new_ID;
468 return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );