+
+
+ post_type )->public ) {
+ $preview_link = set_url_scheme( add_query_arg( 'preview', 'true', get_permalink( $post->ID ) ) );
+
+ if ( 'publish' == $post->post_status || $user->ID != $post->post_author ) {
+ // Latest content is in autosave
+ $nonce = wp_create_nonce( 'post_preview_' . $post->ID );
+ $preview_link = add_query_arg( array( 'preview_id' => $post->ID, 'preview_nonce' => $nonce ), $preview_link );
+ }
+ } else {
+ $preview_link = '';
+ }
+
+ $preview_link = apply_filters( 'preview_post_link', $preview_link );
+ $override = apply_filters( 'override_post_lock', true, $post, $user );
+ $tab_last = $override ? '' : ' wp-tab-last';
+
+ ?>
+
+
ID, 64 ); ?>
+
+ display_name ) );
+ ?>
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ ID;
- $new_autosave['post_author'] = get_current_user_id();
+ $new_autosave['post_author'] = $post_author;
+
+ // If the new autosave is the same content as the post, delete the old autosave.
+ $post = get_post( $post_id );
+ $autosave_is_different = false;
+ foreach ( array_keys( _wp_post_revision_fields() ) as $field ) {
+ if ( normalize_whitespace( $new_autosave[ $field ] ) != normalize_whitespace( $post->$field ) ) {
+ $autosave_is_different = true;
+ break;
+ }
+ }
+
+ if ( ! $autosave_is_different ) {
+ wp_delete_post_revision( $old_autosave->ID );
+ return;
+ }
+
return wp_update_post( $new_autosave );
}
// _wp_put_post_revision() expects unescaped.
- $_POST = stripslashes_deep($_POST);
+ $post_data = wp_unslash( $_POST );
// Otherwise create the new autosave as a special post revision
- return _wp_put_post_revision( $_POST, true );
+ return _wp_put_post_revision( $post_data, true );
}
/**
@@ -1270,11 +1421,14 @@ function wp_create_post_autosave( $post_id ) {
* @package WordPress
* @since 2.7.0
*
- * @uses wp_write_post()
+ * @uses get_post_status()
* @uses edit_post()
* @uses get_post()
* @uses current_user_can()
+ * @uses wp_die()
* @uses wp_create_post_autosave()
+ * @uses add_query_arg()
+ * @uses wp_create_nonce()
*
* @return str URL to redirect to show the preview
*/
@@ -1298,16 +1452,18 @@ function post_preview() {
$post = get_post($post_ID);
if ( 'page' == $post->post_type ) {
- if ( !current_user_can('edit_page', $post_ID) )
- wp_die(__('You are not allowed to edit this page.'));
+ if ( ! current_user_can('edit_page', $post_ID) )
+ wp_die( __('You are not allowed to edit this page.') );
} else {
- if ( !current_user_can('edit_post', $post_ID) )
- wp_die(__('You are not allowed to edit this post.'));
+ if ( ! current_user_can('edit_post', $post_ID) )
+ wp_die( __('You are not allowed to edit this post.') );
}
- if ( 'draft' == $post->post_status ) {
+ $user_id = get_current_user_id();
+ $locked = wp_check_post_lock( $post->ID );
+ if ( ! $locked && 'draft' == $post->post_status && $user_id == $post->post_author ) {
$id = edit_post();
- } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
+ } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
$id = wp_create_post_autosave( $post->ID );
if ( ! is_wp_error($id) )
$id = $post->ID;
@@ -1316,299 +1472,21 @@ function post_preview() {
if ( is_wp_error($id) )
wp_die( $id->get_error_message() );
- if ( $_POST['post_status'] == 'draft' ) {
+ if ( ! $locked && $_POST['post_status'] == 'draft' && $user_id == $post->post_author ) {
$url = add_query_arg( 'preview', 'true', get_permalink($id) );
} else {
$nonce = wp_create_nonce('post_preview_' . $id);
- $url = add_query_arg( array( 'preview' => 'true', 'preview_id' => $id, 'preview_nonce' => $nonce ), get_permalink($id) );
- }
-
- return $url;
-}
-
-/**
- * Adds the TinyMCE editor used on the Write and Edit screens.
- *
- * @package WordPress
- * @since 2.7.0
- *
- * TinyMCE is loaded separately from other Javascript by using wp-tinymce.php. It outputs concatenated
- * and optionaly pre-compressed version of the core and all default plugins. Additional plugins are loaded
- * directly by TinyMCE using non-blocking method. Custom plugins can be refreshed by adding a query string
- * to the URL when queueing them with the mce_external_plugins filter.
- *
- * @param bool $teeny optional Output a trimmed down version used in Press This.
- * @param mixed $settings optional An array that can add to or overwrite the default TinyMCE settings.
- */
-function wp_tiny_mce( $teeny = false, $settings = false ) {
- global $concatenate_scripts, $compress_scripts, $tinymce_version, $editor_styles;
-
- if ( ! user_can_richedit() )
- return;
-
- $baseurl = includes_url('js/tinymce');
-
- $mce_locale = ( '' == get_locale() ) ? 'en' : strtolower( substr(get_locale(), 0, 2) ); // only ISO 639-1
-
- /*
- The following filter allows localization scripts to change the languages displayed in the spellchecker's drop-down menu.
- By default it uses Google's spellchecker API, but can be configured to use PSpell/ASpell if installed on the server.
- The + sign marks the default language. More information:
- http://wiki.moxiecode.com/index.php/TinyMCE:Plugins/spellchecker
- */
- $mce_spellchecker_languages = apply_filters('mce_spellchecker_languages', '+English=en,Danish=da,Dutch=nl,Finnish=fi,French=fr,German=de,Italian=it,Polish=pl,Portuguese=pt,Spanish=es,Swedish=sv');
-
- if ( $teeny ) {
- $plugins = apply_filters( 'teeny_mce_plugins', array('safari', 'inlinepopups', 'media', 'fullscreen', 'wordpress') );
- $ext_plugins = '';
- } else {
- $plugins = array( 'safari', 'inlinepopups', 'spellchecker', 'paste', 'wordpress', 'media', 'fullscreen', 'wpeditimage', 'wpgallery', 'tabfocus' );
-
- /*
- The following filter takes an associative array of external plugins for TinyMCE in the form 'plugin_name' => 'url'.
- It adds the plugin's name to TinyMCE's plugins init and the call to PluginManager to load the plugin.
- The url should be absolute and should include the js file name to be loaded. Example:
- array( 'myplugin' => 'http://my-site.com/wp-content/plugins/myfolder/mce_plugin.js' )
- If the plugin uses a button, it should be added with one of the "$mce_buttons" filters.
- */
- $mce_external_plugins = apply_filters('mce_external_plugins', array());
-
- $ext_plugins = '';
- if ( ! empty($mce_external_plugins) ) {
-
- /*
- The following filter loads external language files for TinyMCE plugins.
- It takes an associative array 'plugin_name' => 'path', where path is the
- include path to the file. The language file should follow the same format as
- /tinymce/langs/wp-langs.php and should define a variable $strings that
- holds all translated strings.
- When this filter is not used, the function will try to load {mce_locale}.js.
- If that is not found, en.js will be tried next.
- */
- $mce_external_languages = apply_filters('mce_external_languages', array());
-
- $loaded_langs = array();
- $strings = '';
-
- if ( ! empty($mce_external_languages) ) {
- foreach ( $mce_external_languages as $name => $path ) {
- if ( @is_file($path) && @is_readable($path) ) {
- include_once($path);
- $ext_plugins .= $strings . "\n";
- $loaded_langs[] = $name;
- }
- }
- }
-
- foreach ( $mce_external_plugins as $name => $url ) {
-
- if ( is_ssl() ) $url = str_replace('http://', 'https://', $url);
-
- $plugins[] = '-' . $name;
-
- $plugurl = dirname($url);
- $strings = $str1 = $str2 = '';
- if ( ! in_array($name, $loaded_langs) ) {
- $path = str_replace( WP_PLUGIN_URL, '', $plugurl );
- $path = WP_PLUGIN_DIR . $path . '/langs/';
-
- if ( function_exists('realpath') )
- $path = trailingslashit( realpath($path) );
+ $args = array(
+ 'preview' => 'true',
+ 'preview_id' => $id,
+ 'preview_nonce' => $nonce,
+ );
- if ( @is_file($path . $mce_locale . '.js') )
- $strings .= @file_get_contents($path . $mce_locale . '.js') . "\n";
+ if ( isset( $_POST['post_format'] ) )
+ $args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] );
- if ( @is_file($path . $mce_locale . '_dlg.js') )
- $strings .= @file_get_contents($path . $mce_locale . '_dlg.js') . "\n";
-
- if ( 'en' != $mce_locale && empty($strings) ) {
- if ( @is_file($path . 'en.js') ) {
- $str1 = @file_get_contents($path . 'en.js');
- $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str1, 1 ) . "\n";
- }
-
- if ( @is_file($path . 'en_dlg.js') ) {
- $str2 = @file_get_contents($path . 'en_dlg.js');
- $strings .= preg_replace( '/([\'"])en\./', '$1' . $mce_locale . '.', $str2, 1 ) . "\n";
- }
- }
-
- if ( ! empty($strings) )
- $ext_plugins .= "\n" . $strings . "\n";
- }
-
- $ext_plugins .= 'tinyMCEPreInit.load_ext("' . $plugurl . '", "' . $mce_locale . '");' . "\n";
- $ext_plugins .= 'tinymce.PluginManager.load("' . $name . '", "' . $url . '");' . "\n";
- }
- }
- }
-
- $plugins = implode($plugins, ',');
-
- if ( $teeny ) {
- $mce_buttons = apply_filters( 'teeny_mce_buttons', array('bold, italic, underline, blockquote, separator, strikethrough, bullist, numlist,justifyleft, justifycenter, justifyright, undo, redo, link, unlink, fullscreen') );
- $mce_buttons = implode($mce_buttons, ',');
- $mce_buttons_2 = $mce_buttons_3 = $mce_buttons_4 = '';
- } else {
- $mce_buttons = apply_filters('mce_buttons', array('bold', 'italic', 'strikethrough', '|', 'bullist', 'numlist', 'blockquote', '|', 'justifyleft', 'justifycenter', 'justifyright', '|', 'link', 'unlink', 'wp_more', '|', 'spellchecker', 'fullscreen', 'wp_adv' ));
- $mce_buttons = implode($mce_buttons, ',');
-
- $mce_buttons_2 = array('formatselect', 'underline', 'justifyfull', 'forecolor', '|', 'pastetext', 'pasteword', 'removeformat', '|', 'media', 'charmap', '|', 'outdent', 'indent', '|', 'undo', 'redo', 'wp_help' );
- if ( is_multisite() )
- unset( $mce_buttons_2[ array_search( 'media', $mce_buttons_2 ) ] );
- $mce_buttons_2 = apply_filters('mce_buttons_2', $mce_buttons_2);
- $mce_buttons_2 = implode($mce_buttons_2, ',');
-
- $mce_buttons_3 = apply_filters('mce_buttons_3', array());
- $mce_buttons_3 = implode($mce_buttons_3, ',');
-
- $mce_buttons_4 = apply_filters('mce_buttons_4', array());
- $mce_buttons_4 = implode($mce_buttons_4, ',');
+ $url = add_query_arg( $args, get_permalink($id) );
}
- $no_captions = (bool) apply_filters( 'disable_captions', '' );
-
- // TinyMCE init settings
- $initArray = array (
- 'mode' => 'specific_textareas',
- 'editor_selector' => 'theEditor',
- 'width' => '100%',
- 'theme' => 'advanced',
- 'skin' => 'wp_theme',
- 'theme_advanced_buttons1' => $mce_buttons,
- 'theme_advanced_buttons2' => $mce_buttons_2,
- 'theme_advanced_buttons3' => $mce_buttons_3,
- 'theme_advanced_buttons4' => $mce_buttons_4,
- 'language' => $mce_locale,
- 'spellchecker_languages' => $mce_spellchecker_languages,
- 'theme_advanced_toolbar_location' => 'top',
- 'theme_advanced_toolbar_align' => 'left',
- 'theme_advanced_statusbar_location' => 'bottom',
- 'theme_advanced_resizing' => true,
- 'theme_advanced_resize_horizontal' => false,
- 'dialog_type' => 'modal',
- 'relative_urls' => false,
- 'remove_script_host' => false,
- 'convert_urls' => false,
- 'apply_source_formatting' => false,
- 'remove_linebreaks' => true,
- 'gecko_spellcheck' => true,
- 'entities' => '38,amp,60,lt,62,gt',
- 'accessibility_focus' => true,
- 'tabfocus_elements' => 'major-publishing-actions',
- 'media_strict' => false,
- 'paste_remove_styles' => true,
- 'paste_remove_spans' => true,
- 'paste_strip_class_attributes' => 'all',
- 'wpeditimage_disable_captions' => $no_captions,
- 'plugins' => $plugins
- );
- if ( ! empty( $editor_styles ) && is_array( $editor_styles ) ) {
- $mce_css = array();
- $style_uri = get_stylesheet_directory_uri();
- if ( TEMPLATEPATH == STYLESHEETPATH ) {
- foreach ( $editor_styles as $file )
- $mce_css[] = "$style_uri/$file";
- } else {
- $style_dir = get_stylesheet_directory();
- $template_uri = get_template_directory_uri();
- $template_dir = get_template_directory();
- foreach ( $editor_styles as $file ) {
- if ( file_exists( "$style_dir/$file" ) )
- $mce_css[] = "$style_uri/$file";
- if ( file_exists( "$template_dir/$file" ) )
- $mce_css[] = "$template_uri/$file";
- }
- }
- $mce_css = implode( ',', $mce_css );
- } else {
- $mce_css = '';
- }
-
- $mce_css = trim( apply_filters( 'mce_css', $mce_css ), ' ,' );
-
- if ( ! empty($mce_css) )
- $initArray['content_css'] = $mce_css;
-
- if ( is_array($settings) )
- $initArray = array_merge($initArray, $settings);
-
- // For people who really REALLY know what they're doing with TinyMCE
- // You can modify initArray to add, remove, change elements of the config before tinyMCE.init
- // Setting "valid_elements", "invalid_elements" and "extended_valid_elements" can be done through "tiny_mce_before_init".
- // Best is to use the default cleanup by not specifying valid_elements, as TinyMCE contains full set of XHTML 1.0.
- if ( $teeny ) {
- $initArray = apply_filters('teeny_mce_before_init', $initArray);
- } else {
- $initArray = apply_filters('tiny_mce_before_init', $initArray);
- }
-
- if ( empty($initArray['theme_advanced_buttons3']) && !empty($initArray['theme_advanced_buttons4']) ) {
- $initArray['theme_advanced_buttons3'] = $initArray['theme_advanced_buttons4'];
- $initArray['theme_advanced_buttons4'] = '';
- }
-
- if ( ! isset($concatenate_scripts) )
- script_concat_settings();
-
- $language = $initArray['language'];
-
- $compressed = $compress_scripts && $concatenate_scripts && isset($_SERVER['HTTP_ACCEPT_ENCODING'])
- && false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip');
-
- /**
- * Deprecated
- *
- * The tiny_mce_version filter is not needed since external plugins are loaded directly by TinyMCE.
- * These plugins can be refreshed by appending query string to the URL passed to mce_external_plugins filter.
- * If the plugin has a popup dialog, a query string can be added to the button action that opens it (in the plugin's code).
- */
- $version = apply_filters('tiny_mce_version', '');
- $version = 'ver=' . $tinymce_version . $version;
-
- if ( 'en' != $language )
- include_once(ABSPATH . WPINC . '/js/tinymce/langs/wp-langs.php');
-
- $mce_options = '';
- foreach ( $initArray as $k => $v )
- $mce_options .= $k . ':"' . $v . '", ';
-
- $mce_options = rtrim( trim($mce_options), '\n\r,' ); ?>
-
-
-
-\n";
- else
- echo "\n";
-
- if ( 'en' != $language && isset($lang) )
- echo "\n";
- else
- echo "\n";
-?>
-
-
-