3 * WordPress AJAX Process Execution.
6 * @subpackage Administration
10 * Executing AJAX process.
14 define('DOING_AJAX', true);
15 define('WP_ADMIN', true);
17 require_once('../wp-load.php');
19 if ( ! isset( $_REQUEST['action'] ) )
22 require_once('./includes/admin.php');
23 @header('Content-Type: text/html; charset=' . get_option('blog_charset'));
24 send_nosniff_header();
26 do_action('admin_init');
28 if ( ! is_user_logged_in() ) {
30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
37 $x = new WP_Ajax_Response( array(
45 if ( !empty( $_REQUEST['action'] ) )
46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
51 if ( isset( $_GET['action'] ) ) :
52 switch ( $action = $_GET['action'] ) :
53 case 'ajax-tag-search' :
54 if ( !current_user_can( 'edit_posts' ) )
57 $s = $_GET['q']; // is this slashed already?
59 if ( isset($_GET['tax']) )
60 $taxonomy = sanitize_title($_GET['tax']);
64 if ( false !== strpos( $s, ',' ) ) {
65 $s = explode( ',', $s );
66 $s = $s[count( $s ) - 1];
69 if ( strlen( $s ) < 2 )
70 die; // require 2 chars for matching
72 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
74 echo join( $results, "\n" );
77 case 'wp-compression-test' :
78 if ( !current_user_can( 'manage_options' ) )
81 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
82 update_site_option('can_compress_scripts', 0);
86 if ( isset($_GET['test']) ) {
87 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
88 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
89 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
90 header( 'Pragma: no-cache' );
91 header('Content-Type: application/x-javascript; charset=UTF-8');
92 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
93 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
95 if ( 1 == $_GET['test'] ) {
98 } elseif ( 2 == $_GET['test'] ) {
99 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
101 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
102 header('Content-Encoding: deflate');
103 $out = gzdeflate( $test_str, 1 );
104 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
105 header('Content-Encoding: gzip');
106 $out = gzencode( $test_str, 1 );
112 } elseif ( 'no' == $_GET['test'] ) {
113 update_site_option('can_compress_scripts', 0);
114 } elseif ( 'yes' == $_GET['test'] ) {
115 update_site_option('can_compress_scripts', 1);
121 case 'imgedit-preview' :
122 $post_id = intval($_GET['postid']);
123 if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
126 check_ajax_referer( "image_editor-$post_id" );
128 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
129 if ( ! stream_preview_image($post_id) )
134 case 'menu-quick-search':
135 if ( ! current_user_can( 'edit_theme_options' ) )
138 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
140 _wp_ajax_menu_quick_search( $_REQUEST );
144 case 'oembed-cache' :
145 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
149 do_action( 'wp_ajax_' . $_GET['action'] );
156 * Sends back current comment total and new page links if they need to be updated.
158 * Contrary to normal success AJAX response ("1"), die with time() on success.
162 * @param int $comment_id
165 function _wp_ajax_delete_comment_response( $comment_id ) {
166 $total = (int) @$_POST['_total'];
167 $per_page = (int) @$_POST['_per_page'];
168 $page = (int) @$_POST['_page'];
169 $url = esc_url_raw( @$_POST['_url'] );
170 // JS didn't send us everything we need to know. Just die with success message
171 if ( !$total || !$per_page || !$page || !$url )
172 die( (string) time() );
174 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
177 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
178 die( (string) time() );
181 $status = 'total_comments'; // What type of comment count are we looking for?
182 $parsed = parse_url( $url );
183 if ( isset( $parsed['query'] ) ) {
184 parse_str( $parsed['query'], $query_vars );
185 if ( !empty( $query_vars['comment_status'] ) )
186 $status = $query_vars['comment_status'];
187 if ( !empty( $query_vars['p'] ) )
188 $post_id = (int) $query_vars['p'];
191 $comment_count = wp_count_comments($post_id);
192 $time = time(); // The time since the last comment count
194 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
195 $total = $comment_count->$status;
196 // else use the decremented value from above
198 $page_links = paginate_links( array(
199 'base' => add_query_arg( 'apage', '%#%', $url ),
201 'prev_text' => __('«'),
202 'next_text' => __('»'),
203 'total' => ceil($total / $per_page),
206 $x = new WP_Ajax_Response( array(
208 'id' => $comment_id, // here for completeness - not used
209 'supplemental' => array(
210 'pageLinks' => $page_links,
218 function _wp_ajax_add_hierarchical_term() {
219 $action = $_POST['action'];
220 $taxonomy = get_taxonomy(substr($action, 4));
221 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
222 if ( !current_user_can( $taxonomy->cap->edit_terms ) )
224 $names = explode(',', $_POST['new'.$taxonomy->name]);
225 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
228 if ( $taxonomy->name == 'category' )
229 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
231 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
232 $checked_categories = array_map( 'absint', (array) $post_category );
233 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
235 foreach ( $names as $cat_name ) {
236 $cat_name = trim($cat_name);
237 $category_nicename = sanitize_title($cat_name);
238 if ( '' === $category_nicename )
240 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) {
241 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent));
242 $cat_id = $new_term['term_id'];
244 $checked_categories[] = $cat_id;
245 if ( $parent ) // Do these all at once in a second
247 $category = get_term( $cat_id, $taxonomy->name );
249 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
250 $data = ob_get_contents();
253 'what' => $taxonomy->name,
255 'data' => str_replace( array("\n", "\t"), '', $data),
260 if ( $parent ) { // Foncy - replace the parent and all its children
261 $parent = get_term( $parent, $taxonomy->name );
262 $term_id = $parent->term_id;
264 while ( $parent->parent ) { // get the top parent
265 $parent = &get_term( $parent->parent, $taxonomy->name );
266 if ( is_wp_error( $parent ) )
268 $term_id = $parent->term_id;
272 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
273 $data = ob_get_contents();
276 'what' => $taxonomy->name,
278 'data' => str_replace( array("\n", "\t"), '', $data),
284 wp_dropdown_categories( array(
285 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
286 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —'
288 $sup = ob_get_contents();
290 $add['supplemental'] = array( 'newcat_parent' => $sup );
292 $x = new WP_Ajax_Response( $add );
296 $id = isset($_POST['id'])? (int) $_POST['id'] : 0;
297 switch ( $action = $_POST['action'] ) :
298 case 'delete-comment' : // On success, die with time() instead of 1
299 if ( !$comment = get_comment( $id ) )
300 die( (string) time() );
301 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
304 check_ajax_referer( "delete-comment_$id" );
305 $status = wp_get_comment_status( $comment->comment_ID );
307 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
308 if ( 'trash' == $status )
309 die( (string) time() );
310 $r = wp_trash_comment( $comment->comment_ID );
311 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
312 if ( 'trash' != $status )
313 die( (string) time() );
314 $r = wp_untrash_comment( $comment->comment_ID );
315 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
316 if ( 'spam' == $status )
317 die( (string) time() );
318 $r = wp_spam_comment( $comment->comment_ID );
319 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
320 if ( 'spam' != $status )
321 die( (string) time() );
322 $r = wp_unspam_comment( $comment->comment_ID );
323 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
324 $r = wp_delete_comment( $comment->comment_ID );
329 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
330 _wp_ajax_delete_comment_response( $comment->comment_ID );
334 $tag_id = (int) $_POST['tag_ID'];
335 check_ajax_referer( "delete-tag_$tag_id" );
337 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
338 $tax = get_taxonomy($taxonomy);
340 if ( !current_user_can( $tax->cap->delete_terms ) )
343 $tag = get_term( $tag_id, $taxonomy );
344 if ( !$tag || is_wp_error( $tag ) )
347 if ( wp_delete_term($tag_id, $taxonomy))
352 case 'delete-link-cat' :
353 check_ajax_referer( "delete-link-category_$id" );
354 if ( !current_user_can( 'manage_categories' ) )
357 $cat = get_term( $id, 'link_category' );
358 if ( !$cat || is_wp_error( $cat ) )
361 $cat_name = get_term_field('name', $id, 'link_category');
363 $default = get_option('default_link_category');
365 // Don't delete the default cats.
366 if ( $id == $default ) {
367 $x = new WP_AJAX_Response( array(
368 'what' => 'link-cat',
370 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
375 $r = wp_delete_term($id, 'link_category', array('default' => $default));
378 if ( is_wp_error($r) ) {
379 $x = new WP_AJAX_Response( array(
380 'what' => 'link-cat',
389 check_ajax_referer( "delete-bookmark_$id" );
390 if ( !current_user_can( 'manage_links' ) )
393 $link = get_bookmark( $id );
394 if ( !$link || is_wp_error( $link ) )
397 if ( wp_delete_link( $id ) )
403 check_ajax_referer( "delete-meta_$id" );
404 if ( !$meta = get_post_meta_by_id( $id ) )
407 if ( !current_user_can( 'edit_post', $meta->post_id ) )
409 if ( delete_meta( $meta->meta_id ) )
414 check_ajax_referer( "{$action}_$id" );
415 if ( !current_user_can( 'delete_post', $id ) )
418 if ( !get_post( $id ) )
421 if ( wp_delete_post( $id ) )
427 case 'untrash-post' :
428 check_ajax_referer( "{$action}_$id" );
429 if ( !current_user_can( 'delete_post', $id ) )
432 if ( !get_post( $id ) )
435 if ( 'trash-post' == $action )
436 $done = wp_trash_post( $id );
438 $done = wp_untrash_post( $id );
446 check_ajax_referer( "{$action}_$id" );
447 if ( !current_user_can( 'delete_page', $id ) )
450 if ( !get_page( $id ) )
453 if ( wp_delete_post( $id ) )
458 case 'dim-comment' : // On success, die with time() instead of 1
460 if ( !$comment = get_comment( $id ) ) {
461 $x = new WP_Ajax_Response( array(
463 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
468 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
471 $current = wp_get_comment_status( $comment->comment_ID );
472 if ( $_POST['new'] == $current )
473 die( (string) time() );
475 check_ajax_referer( "approve-comment_$id" );
476 if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
477 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
479 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
481 if ( is_wp_error($result) ) {
482 $x = new WP_Ajax_Response( array(
489 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
490 _wp_ajax_delete_comment_response( $comment->comment_ID );
493 case 'add-link-category' : // On the Fly
494 check_ajax_referer( $action );
495 if ( !current_user_can( 'manage_categories' ) )
497 $names = explode(',', $_POST['newcat']);
498 $x = new WP_Ajax_Response();
499 foreach ( $names as $cat_name ) {
500 $cat_name = trim($cat_name);
501 $slug = sanitize_title($cat_name);
504 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) {
505 $cat_id = wp_insert_term( $cat_name, 'link_category' );
507 $cat_id = $cat_id['term_id'];
508 $cat_name = esc_html(stripslashes($cat_name));
510 'what' => 'link-category',
512 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
518 case 'add-link-cat' : // From Blogroll -> Categories
519 check_ajax_referer( 'add-link-category' );
520 if ( !current_user_can( 'manage_categories' ) )
523 if ( '' === trim($_POST['name']) ) {
524 $x = new WP_Ajax_Response( array(
525 'what' => 'link-cat',
526 'id' => new WP_Error( 'name', __('You did not enter a category name.') )
531 $r = wp_insert_term($_POST['name'], 'link_category', $_POST );
532 if ( is_wp_error( $r ) ) {
533 $x = new WP_AJAX_Response( array(
534 'what' => 'link-cat',
540 extract($r, EXTR_SKIP);
542 if ( !$link_cat = link_cat_row( $term_id ) )
545 $x = new WP_Ajax_Response( array(
546 'what' => 'link-cat',
553 case 'add-tag' : // From Manage->Tags
554 check_ajax_referer( 'add-tag' );
555 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
556 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
557 $tax = get_taxonomy($taxonomy);
559 $x = new WP_Ajax_Response();
561 if ( !current_user_can( $tax->cap->edit_terms ) )
564 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
566 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
567 $message = __('An error has occured. Please reload the page and try again.');
568 if ( is_wp_error($tag) && $tag->get_error_message() )
569 $message = $tag->get_error_message();
572 'what' => 'taxonomy',
573 'data' => new WP_Error('error', $message )
578 if ( isset($_POST['screen']) )
579 set_current_screen($_POST['screen']);
582 $tag_full_name = false;
583 $tag_full_name = $tag->name;
584 if ( is_taxonomy_hierarchical($taxonomy) ) {
586 while ( $_tag->parent ) {
587 $_tag = get_term( $_tag->parent, $taxonomy );
588 $tag_full_name = $_tag->name . ' — ' . $tag_full_name;
591 $noparents = _tag_row( $tag, $level, $taxonomy );
593 $tag->name = $tag_full_name;
594 $parents = _tag_row( $tag, 0, $taxonomy);
597 'what' => 'taxonomy',
598 'supplemental' => compact('parents', 'noparents')
602 'position' => $level,
603 'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name.
607 case 'get-tagcloud' :
608 if ( !current_user_can( 'edit_posts' ) )
611 if ( isset($_POST['tax']) )
612 $taxonomy = sanitize_title($_POST['tax']);
616 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
618 if ( empty( $tags ) ) {
619 $tax = get_taxonomy( $taxonomy );
620 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
623 if ( is_wp_error($tags) )
624 die($tags->get_error_message());
626 foreach ( $tags as $key => $tag ) {
627 $tags[ $key ]->link = '#';
628 $tags[ $key ]->id = $tag->term_id;
631 // We need raw tag names here, so don't filter the output
632 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
634 if ( empty($return) )
642 check_ajax_referer( $action );
643 if ( !current_user_can( 'edit_posts' ) )
645 $search = isset($_POST['s']) ? $_POST['s'] : false;
646 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
647 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
648 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
652 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
653 $p = isset($_POST['p']) ? $_POST['p'] : 0;
654 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
655 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
657 if ( get_option('show_avatars') )
658 add_filter( 'comment_author', 'floated_admin_avatar' );
662 $x = new WP_Ajax_Response();
663 foreach ( (array) $comments as $comment ) {
664 get_comment( $comment );
666 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
667 $comment_list_item = ob_get_contents();
671 'id' => $comment->comment_ID,
672 'data' => $comment_list_item
677 case 'get-comments' :
678 check_ajax_referer( $action );
680 $post_ID = (int) $_POST['post_ID'];
681 if ( !current_user_can( 'edit_post', $post_ID ) )
684 $start = isset($_POST['start']) ? intval($_POST['start']) : 0;
685 $num = isset($_POST['num']) ? intval($_POST['num']) : 10;
687 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
692 $comment_list_item = '';
693 $x = new WP_Ajax_Response();
694 foreach ( (array) $comments as $comment ) {
695 get_comment( $comment );
697 _wp_comment_row( $comment->comment_ID, 'single', false, false );
698 $comment_list_item .= ob_get_contents();
702 'what' => 'comments',
703 'data' => $comment_list_item
707 case 'replyto-comment' :
708 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
710 $comment_post_ID = (int) $_POST['comment_post_ID'];
711 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
714 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
716 if ( empty($status) )
718 elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
719 die( __('Error: you are replying to a comment on a draft post.') );
721 $user = wp_get_current_user();
723 $comment_author = $wpdb->escape($user->display_name);
724 $comment_author_email = $wpdb->escape($user->user_email);
725 $comment_author_url = $wpdb->escape($user->user_url);
726 $comment_content = trim($_POST['content']);
727 if ( current_user_can('unfiltered_html') ) {
728 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
729 kses_remove_filters(); // start with a clean slate
730 kses_init_filters(); // set up the filters
734 die( __('Sorry, you must be logged in to reply to a comment.') );
737 if ( '' == $comment_content )
738 die( __('Error: please type a comment.') );
740 $comment_parent = absint($_POST['comment_ID']);
741 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
743 $comment_id = wp_new_comment( $commentdata );
744 $comment = get_comment($comment_id);
745 if ( ! $comment ) die('1');
747 $modes = array( 'single', 'detail', 'dashboard' );
748 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
749 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
750 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
752 if ( get_option('show_avatars') && 'single' != $mode )
753 add_filter( 'comment_author', 'floated_admin_avatar' );
755 $x = new WP_Ajax_Response();
758 if ( 'dashboard' == $mode ) {
759 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
760 _wp_dashboard_recent_comments_row( $comment, false );
762 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
764 $comment_list_item = ob_get_contents();
769 'id' => $comment->comment_ID,
770 'data' => $comment_list_item,
771 'position' => $position
776 case 'edit-comment' :
777 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
779 $comment_post_ID = (int) $_POST['comment_post_ID'];
780 if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
783 if ( '' == $_POST['content'] )
784 die( __('Error: please type a comment.') );
786 $comment_id = (int) $_POST['comment_ID'];
787 $_POST['comment_status'] = $_POST['status'];
790 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
791 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
792 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
793 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
795 if ( get_option('show_avatars') && 'single' != $mode )
796 add_filter( 'comment_author', 'floated_admin_avatar' );
798 $x = new WP_Ajax_Response();
801 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
802 $comment_list_item = ob_get_contents();
806 'what' => 'edit_comment',
807 'id' => $comment->comment_ID,
808 'data' => $comment_list_item,
809 'position' => $position
814 case 'add-menu-item' :
815 if ( ! current_user_can( 'edit_theme_options' ) )
818 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
820 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
822 $item_ids = wp_save_nav_menu_items( 0, $_POST['menu-item'] );
823 if ( is_wp_error( $item_ids ) )
826 foreach ( (array) $item_ids as $menu_item_id ) {
827 $menu_obj = get_post( $menu_item_id );
828 if ( ! empty( $menu_obj->ID ) ) {
829 $menu_obj = wp_setup_nav_menu_item( $menu_obj );
830 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
831 $menu_items[] = $menu_obj;
835 if ( ! empty( $menu_items ) ) {
841 'walker' => new Walker_Nav_Menu_Edit,
843 echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
847 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
849 $pid = (int) $_POST['post_id'];
850 $post = get_post( $pid );
852 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
853 if ( !current_user_can( 'edit_post', $pid ) )
855 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
857 if ( $post->post_status == 'auto-draft' ) {
858 $save_POST = $_POST; // Backup $_POST
859 $_POST = array(); // Make it empty for edit_post()
860 $_POST['action'] = 'draft'; // Warning fix
861 $_POST['post_ID'] = $pid;
862 $_POST['post_type'] = $post->post_type;
863 $_POST['post_status'] = 'draft';
864 $now = current_time('timestamp', 1);
865 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
867 if ( $pid = edit_post() ) {
868 if ( is_wp_error( $pid ) ) {
869 $x = new WP_Ajax_Response( array(
875 $_POST = $save_POST; // Now we can restore original $_POST again
876 if ( !$mid = add_meta( $pid ) )
877 die(__('Please provide a custom field value.'));
881 } else if ( !$mid = add_meta( $pid ) ) {
882 die(__('Please provide a custom field value.'));
885 $meta = get_post_meta_by_id( $mid );
886 $pid = (int) $meta->post_id;
887 $meta = get_object_vars( $meta );
888 $x = new WP_Ajax_Response( array(
891 'data' => _list_meta_row( $meta, $c ),
893 'supplemental' => array('postid' => $pid)
896 $mid = (int) array_pop( $var_by_ref = array_keys($_POST['meta']) );
897 $key = $_POST['meta'][$mid]['key'];
898 $value = $_POST['meta'][$mid]['value'];
899 if ( '' == trim($key) )
900 die(__('Please provide a custom field name.'));
901 if ( '' == trim($value) )
902 die(__('Please provide a custom field value.'));
903 if ( !$meta = get_post_meta_by_id( $mid ) )
904 die('0'); // if meta doesn't exist
905 if ( !current_user_can( 'edit_post', $meta->post_id ) )
907 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
908 if ( !$u = update_meta( $mid, $key, $value ) )
909 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
912 $key = stripslashes($key);
913 $value = stripslashes($value);
914 $x = new WP_Ajax_Response( array(
916 'id' => $mid, 'old_id' => $mid,
917 'data' => _list_meta_row( array(
919 'meta_value' => $value,
923 'supplemental' => array('postid' => $meta->post_id)
929 check_ajax_referer( $action );
930 if ( !current_user_can('create_users') )
932 require_once(ABSPATH . WPINC . '/registration.php');
933 if ( !$user_id = add_user() )
935 elseif ( is_wp_error( $user_id ) ) {
936 $x = new WP_Ajax_Response( array(
942 $user_object = new WP_User( $user_id );
944 $x = new WP_Ajax_Response( array(
947 'data' => user_row( $user_object, '', $user_object->roles[0] ),
948 'supplemental' => array(
949 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
950 'role' => $user_object->roles[0]
955 case 'autosave' : // The name of this action is hardcoded in edit_post()
956 define( 'DOING_AUTOSAVE', true );
958 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
960 $_POST['post_category'] = explode(",", $_POST['catslist']);
961 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
962 unset($_POST['post_category']);
964 $do_autosave = (bool) $_POST['autosave'];
968 /* translators: draft saved date format, see http://php.net/date */
969 $draft_saved_date_format = __('g:i:s a');
970 /* translators: %s: date and time */
971 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
973 $supplemental = array();
974 if ( isset($login_grace_period) )
975 $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
977 $id = $revision_id = 0;
979 $post_ID = (int) $_POST['post_ID'];
980 $_POST['ID'] = $post_ID;
981 $post = get_post($post_ID);
982 if ( 'auto-draft' == $post->post_status )
983 $_POST['post_status'] = 'draft';
985 if ( $last = wp_check_post_lock( $post->ID ) ) {
986 $do_autosave = $do_lock = false;
988 $last_user = get_userdata( $last );
989 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
990 $data = new WP_Error( 'locked', sprintf(
991 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
992 esc_html( $last_user_name )
995 $supplemental['disable_autosave'] = 'disable';
998 if ( 'page' == $post->post_type ) {
999 if ( !current_user_can('edit_page', $post_ID) )
1000 die(__('You are not allowed to edit this page.'));
1002 if ( !current_user_can('edit_post', $post_ID) )
1003 die(__('You are not allowed to edit this post.'));
1006 if ( $do_autosave ) {
1007 // Drafts and auto-drafts are just overwritten by autosave
1008 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) {
1010 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
1011 $revision_id = wp_create_post_autosave( $post->ID );
1012 if ( is_wp_error($revision_id) )
1019 if ( isset( $_POST['auto_draft'] ) && '1' == $_POST['auto_draft'] )
1020 $id = 0; // This tells us it didn't actually save
1025 if ( $do_lock && ( isset( $_POST['auto_draft'] ) && ( $_POST['auto_draft'] != '1' ) ) && $id && is_numeric($id) )
1026 wp_set_post_lock( $id );
1028 if ( $nonce_age == 2 ) {
1029 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
1030 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
1031 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
1032 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
1034 if ( $_POST['post_type'] == 'post' )
1035 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
1036 elseif ( $_POST['post_type'] == 'page' )
1037 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
1041 $x = new WP_Ajax_Response( array(
1042 'what' => 'autosave',
1044 'data' => $id ? $data : '',
1045 'supplemental' => $supplemental
1049 case 'closed-postboxes' :
1050 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
1051 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array();
1052 $closed = array_filter($closed);
1054 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array();
1055 $hidden = array_filter($hidden);
1057 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1059 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1062 if ( ! $user = wp_get_current_user() )
1065 if ( is_array($closed) )
1066 update_user_option($user->ID, "closedpostboxes_$page", $closed, true);
1068 if ( is_array($hidden) ) {
1069 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown
1070 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true);
1075 case 'hidden-columns' :
1076 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1077 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1078 $hidden = explode( ',', $_POST['hidden'] );
1079 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1081 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1084 if ( ! $user = wp_get_current_user() )
1087 if ( is_array($hidden) )
1088 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true);
1092 case 'menu-get-metabox' :
1093 if ( ! current_user_can( 'edit_theme_options' ) )
1096 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1098 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) {
1100 $callback = 'wp_nav_menu_item_post_type_meta_box';
1101 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' );
1102 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) {
1104 $callback = 'wp_nav_menu_item_taxonomy_meta_box';
1105 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' );
1108 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) {
1109 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] );
1111 call_user_func_array($callback, array(
1114 'id' => 'add-' . $item->name,
1115 'title' => $item->labels->name,
1116 'callback' => $callback,
1121 $markup = ob_get_clean();
1123 echo json_encode(array(
1124 'replace-id' => $type . '-' . $item->name,
1125 'markup' => $markup,
1131 case 'menu-quick-search':
1132 if ( ! current_user_can( 'edit_theme_options' ) )
1135 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
1137 _wp_ajax_menu_quick_search( $_REQUEST );
1141 case 'menu-locations-save':
1142 if ( ! current_user_can( 'edit_theme_options' ) )
1144 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
1145 if ( ! isset( $_POST['menu-locations'] ) )
1147 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) );
1150 case 'meta-box-order':
1151 check_ajax_referer( 'meta-box-order' );
1152 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1153 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1154 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1156 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1159 if ( ! $user = wp_get_current_user() )
1163 update_user_option($user->ID, "meta-box-order_$page", $order, true);
1165 if ( $page_columns )
1166 update_user_option($user->ID, "screen_layout_$page", $page_columns, true);
1170 case 'get-permalink':
1171 check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1172 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1173 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1175 case 'sample-permalink':
1176 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1177 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1178 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1179 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null;
1180 die(get_sample_permalink_html($post_id, $title, $slug));
1183 check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1185 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1188 if ( 'page' == $_POST['post_type'] ) {
1189 if ( ! current_user_can( 'edit_page', $post_ID ) )
1190 die( __('You are not allowed to edit this page.') );
1192 if ( ! current_user_can( 'edit_post', $post_ID ) )
1193 die( __('You are not allowed to edit this post.') );
1196 if ( isset($_POST['screen']) )
1197 set_current_screen($_POST['screen']);
1199 if ( $last = wp_check_post_lock( $post_ID ) ) {
1200 $last_user = get_userdata( $last );
1201 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1202 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1208 $post = get_post( $post_ID, ARRAY_A );
1209 $post = add_magic_quotes($post); //since it is from db
1211 $data['content'] = $post['post_content'];
1212 $data['excerpt'] = $post['post_excerpt'];
1215 $data['user_ID'] = $GLOBALS['user_ID'];
1217 if ( isset($data['post_parent']) )
1218 $data['parent_id'] = $data['post_parent'];
1221 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1222 $data['post_status'] = 'private';
1224 $data['post_status'] = $data['_status'];
1226 if ( empty($data['comment_status']) )
1227 $data['comment_status'] = 'closed';
1228 if ( empty($data['ping_status']) )
1229 $data['ping_status'] = 'closed';
1234 if ( in_array( $_POST['post_type'], get_post_types( array( 'show_ui' => true ) ) ) ) {
1236 $post[] = get_post($_POST['post_ID']);
1237 if ( is_post_type_hierarchical( $_POST['post_type'] ) ) {
1240 $mode = $_POST['post_view'];
1247 case 'inline-save-tax':
1248 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1250 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false;
1252 die( __('Cheatin’ uh?') );
1253 $tax = get_taxonomy($taxonomy);
1255 if ( ! current_user_can( $tax->cap->edit_terms ) )
1256 die( __('Cheatin’ uh?') );
1258 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1261 switch ($_POST['tax_type']) {
1263 $updated = wp_update_term($id, 'link_category', $_POST);
1265 if ( $updated && !is_wp_error($updated) )
1266 echo link_cat_row($updated['term_id']);
1268 die( __('Category not updated.') );
1272 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
1274 $tag = get_term( $id, $taxonomy );
1275 $_POST['description'] = $tag->description;
1277 $updated = wp_update_term($id, $taxonomy, $_POST);
1278 if ( $updated && !is_wp_error($updated) ) {
1279 $tag = get_term( $updated['term_id'], $taxonomy );
1280 if ( !$tag || is_wp_error( $tag ) ) {
1281 if ( is_wp_error($tag) && $tag->get_error_message() )
1282 die( $tag->get_error_message() );
1283 die( __('Item not updated.') );
1286 set_current_screen( 'edit-' . $taxonomy );
1288 echo _tag_row($tag, 0, $taxonomy);
1290 if ( is_wp_error($updated) && $updated->get_error_message() )
1291 die( $updated->get_error_message() );
1292 die( __('Item not updated.') );
1301 check_ajax_referer( 'find-posts' );
1303 if ( empty($_POST['ps']) )
1306 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) )
1307 $what = $_POST['post_type'];
1311 $s = stripslashes($_POST['ps']);
1312 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1313 $search_terms = array_map('_search_terms_tidy', $matches[0]);
1315 $searchand = $search = '';
1316 foreach ( (array) $search_terms as $term ) {
1317 $term = addslashes_gpc($term);
1318 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1319 $searchand = ' AND ';
1321 $term = $wpdb->escape($s);
1322 if ( count($search_terms) > 1 && $search_terms[0] != $s )
1323 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1325 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
1328 $posttype = get_post_type_object($what);
1329 exit($posttype->labels->not_found);
1332 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1333 foreach ( $posts as $post ) {
1335 switch ( $post->post_status ) {
1338 $stat = __('Published');
1341 $stat = __('Scheduled');
1344 $stat = __('Pending Review');
1347 $stat = __('Draft');
1351 if ( '0000-00-00 00:00:00' == $post->post_date ) {
1354 /* translators: date format in table columns, see http://php.net/date */
1355 $time = mysql2date(__('Y/m/d'), $post->post_date);
1358 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1359 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1361 $html .= '</tbody></table>';
1363 $x = new WP_Ajax_Response();
1371 case 'lj-importer' :
1372 check_ajax_referer( 'lj-api-import' );
1373 if ( !current_user_can( 'publish_posts' ) )
1375 if ( empty( $_POST['step'] ) )
1377 define('WP_IMPORTING', true);
1378 include( ABSPATH . 'wp-admin/import/livejournal.php' );
1379 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1380 if ( is_wp_error( $result ) )
1381 echo $result->get_error_message();
1384 case 'widgets-order' :
1385 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1387 if ( !current_user_can('edit_theme_options') )
1390 unset( $_POST['savewidgets'], $_POST['action'] );
1392 // save widgets order for all sidebars
1393 if ( is_array($_POST['sidebars']) ) {
1394 $sidebars = array();
1395 foreach ( $_POST['sidebars'] as $key => $val ) {
1397 if ( !empty($val) ) {
1398 $val = explode(',', $val);
1399 foreach ( $val as $k => $v ) {
1400 if ( strpos($v, 'widget-') === false )
1403 $sb[$k] = substr($v, strpos($v, '_') + 1);
1406 $sidebars[$key] = $sb;
1408 wp_set_sidebars_widgets($sidebars);
1414 case 'save-widget' :
1415 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1417 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) )
1420 unset( $_POST['savewidgets'], $_POST['action'] );
1422 do_action('load-widgets.php');
1423 do_action('widgets.php');
1424 do_action('sidebar_admin_setup');
1426 $id_base = $_POST['id_base'];
1427 $widget_id = $_POST['widget-id'];
1428 $sidebar_id = $_POST['sidebar'];
1429 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1430 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1431 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1433 $sidebars = wp_get_sidebars_widgets();
1434 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1437 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1439 if ( !isset($wp_registered_widgets[$widget_id]) )
1442 $sidebar = array_diff( $sidebar, array($widget_id) );
1443 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1444 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1445 if ( !$multi_number )
1448 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1449 $widget_id = $id_base . '-' . $multi_number;
1450 $sidebar[] = $widget_id;
1452 $_POST['widget-id'] = $sidebar;
1454 foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1456 if ( $name == $id_base ) {
1457 if ( !is_callable( $control['callback'] ) )
1461 call_user_func_array( $control['callback'], $control['params'] );
1467 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1468 $sidebars[$sidebar_id] = $sidebar;
1469 wp_set_sidebars_widgets($sidebars);
1470 echo "deleted:$widget_id";
1474 if ( !empty($_POST['add_new']) )
1477 if ( $form = $wp_registered_widget_controls[$widget_id] )
1478 call_user_func_array( $form['callback'], $form['params'] );
1482 case 'image-editor':
1483 $attachment_id = intval($_POST['postid']);
1484 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
1487 check_ajax_referer( "image_editor-$attachment_id" );
1488 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
1491 switch ( $_POST['do'] ) {
1493 $msg = wp_save_image($attachment_id);
1494 $msg = json_encode($msg);
1498 $msg = wp_save_image($attachment_id);
1501 $msg = wp_restore_image($attachment_id);
1505 wp_image_editor($attachment_id, $msg);
1508 case 'set-post-thumbnail':
1509 $post_ID = intval( $_POST['post_id'] );
1510 if ( !current_user_can( 'edit_post', $post_ID ) )
1512 $thumbnail_id = intval( $_POST['thumbnail_id'] );
1514 check_ajax_referer( "set_post_thumbnail-$post_ID" );
1516 if ( $thumbnail_id == '-1' ) {
1517 delete_post_meta( $post_ID, '_thumbnail_id' );
1518 die( _wp_post_thumbnail_html() );
1521 if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
1522 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
1523 if ( !empty( $thumbnail_html ) ) {
1524 update_post_meta( $post_ID, '_thumbnail_id', $thumbnail_id );
1525 die( _wp_post_thumbnail_html( $thumbnail_id ) );
1531 do_action( 'wp_ajax_' . $_POST['action'] );