X-Git-Url: https://scripts.mit.edu/gitweb/autoinstallsdev/wordpress.git/blobdiff_plain/e9d988989fe37ab8c5f903e47fbe36e6e00dc51f..6c8f14c09105d0afa4c1574215c59b5021040e76:/wp-admin/press-this.php diff --git a/wp-admin/press-this.php b/wp-admin/press-this.php index 1f7b418e..6542fa31 100644 --- a/wp-admin/press-this.php +++ b/wp-admin/press-this.php @@ -13,7 +13,7 @@ require_once('./admin.php'); header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); -if ( ! current_user_can('edit_posts') ) +if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) wp_die( __( 'Cheatin’ uh?' ) ); /** @@ -26,19 +26,17 @@ if ( ! current_user_can('edit_posts') ) * @return int Post ID */ function press_it() { - // define some basic variables - $quick = array(); - $quick['post_status'] = 'draft'; // set as draft first - $quick['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : null; - $quick['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : null; - $quick['post_title'] = ( trim($_POST['title']) != '' ) ? $_POST['title'] : ' '; - $quick['post_content'] = isset($_POST['post_content']) ? $_POST['post_content'] : ''; - - // insert the post with nothing in it, to get an ID - $post_ID = wp_insert_post($quick, true); - if ( is_wp_error($post_ID) ) - wp_die($post_ID); + $post = get_default_post_to_edit(); + $post = get_object_vars($post); + $post_ID = $post['ID'] = (int) $_POST['post_id']; + + if ( !current_user_can('edit_post', $post_ID) ) + wp_die(__('You are not allowed to edit this post.')); + + $post['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : ''; + $post['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : ''; + $post['post_title'] = isset($_POST['title']) ? $_POST['title'] : ''; $content = isset($_POST['content']) ? $_POST['content'] : ''; $upload = false; @@ -56,43 +54,40 @@ function press_it() { } } // set the post_content and status + $post['post_content'] = $content; if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) - $quick['post_status'] = 'publish'; + $post['post_status'] = 'publish'; elseif ( isset( $_POST['review'] ) ) - $quick['post_status'] = 'pending'; + $post['post_status'] = 'pending'; else - $quick['post_status'] = 'draft'; - $quick['post_content'] = $content; + $post['post_status'] = 'draft'; + // error handling for media_sideload if ( is_wp_error($upload) ) { wp_delete_post($post_ID); wp_die($upload); } else { // Post formats - if ( current_theme_supports( 'post-formats' ) && isset( $_POST['post_format'] ) ) { - $post_formats = get_theme_support( 'post-formats' ); - if ( is_array( $post_formats ) ) { - $post_formats = $post_formats[0]; - if ( in_array( $_POST['post_format'], $post_formats ) ) - set_post_format( $post_ID, $_POST['post_format'] ); - elseif ( '0' == $_POST['post_format'] ) - set_post_format( $post_ID, false ); - } + if ( isset( $_POST['post_format'] ) ) { + if ( current_theme_supports( 'post-formats', $_POST['post_format'] ) ) + set_post_format( $post_ID, $_POST['post_format'] ); + elseif ( '0' == $_POST['post_format'] ) + set_post_format( $post_ID, false ); } - $quick['ID'] = $post_ID; - wp_update_post($quick); + $post_ID = wp_update_post($post); } + return $post_ID; } // For submitted posts. if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { check_admin_referer('press-this'); - $post_ID = press_it(); - $posted = $post_ID; + $posted = $post_ID = press_it(); } else { - $post_ID = 0; + $post = get_default_post_to_edit('post', true); + $post_ID = $post->ID; } // Set Variables @@ -115,7 +110,7 @@ $image = isset($_GET['i']) ? $_GET['i'] : ''; if ( !empty($_REQUEST['ajax']) ) { switch ($_REQUEST['ajax']) { case 'video': ?> - -
+- + @@ -164,34 +159,6 @@ if ( !empty($_REQUEST['ajax']) ) {
- - -