root/branches/1.5/wp-includes/functions-post.php

Revision 2690, 18.3 kB (checked in by ryan, 3 years ago)

Another attempt to fix xmlrpc category handling for ecto.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1 <?php
2
3 /**** DB Functions ****/
4
5 /*
6  * generic function for inserting data into the posts table.
7  */
8 function wp_insert_post($postarr = array()) {
9     global $wpdb, $allowedtags;
10     
11     // export array as variables
12     extract($postarr);
13     
14     $post_name = sanitize_title($post_title);
15     $post_author = (int) $post_author;
16
17     // Make sure we set a valid category
18     if (0 == count($post_category) || !is_array($post_category)) {
19         $post_category = array(get_option('default_category'));
20     }
21
22     $post_cat = $post_category[0];
23     
24     if (empty($post_date))
25         $post_date = current_time('mysql');
26     // Make sure we have a good gmt date:
27     if (empty($post_date_gmt))
28         $post_date_gmt = get_gmt_from_date($post_date);
29     if (empty($comment_status))
30         $comment_status = get_settings('default_comment_status');
31     if (empty($ping_status))
32         $ping_status = get_settings('default_ping_status');
33     if ( empty($post_parent) )
34         $post_parent = 0;
35
36     if ('publish' == $post_status) {
37         $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$post_name' AND post_status = 'publish' AND ID != '$post_ID' LIMIT 1");
38         if ($post_name_check) {
39             $suffix = 2;
40             while ($post_name_check) {
41                 $alt_post_name = $post_name . "-$suffix";
42                 $post_name_check = $wpdb->get_var("SELECT post_name FROM $wpdb->posts WHERE post_name = '$alt_post_name' AND post_status = 'publish' AND ID != '$post_ID' LIMIT 1");
43                 $suffix++;
44             }
45             $post_name = $alt_post_name;
46         }
47     }
48
49     $sql = "INSERT INTO $wpdb->posts
50         (post_author, post_date, post_date_gmt, post_modified, post_modified_gmt, post_content, post_title, post_excerpt, post_category, post_status, post_name, comment_status, ping_status, post_parent)
51         VALUES ('$post_author', '$post_date', '$post_date_gmt', '$post_date', '$post_date_gmt', '$post_content', '$post_title', '$post_excerpt', '$post_cat', '$post_status', '$post_name', '$comment_status', '$ping_status', '$post_parent')";
52     
53     $result = $wpdb->query($sql);
54     $post_ID = $wpdb->insert_id;
55
56     // Set GUID
57     $wpdb->query("UPDATE $wpdb->posts SET guid = '" . get_permalink($post_ID) . "' WHERE ID = '$post_ID'");
58     
59     wp_set_post_cats('', $post_ID, $post_category);
60     
61     if ($post_status == 'publish') {
62         do_action('publish_post', $post_ID);
63     }
64
65     pingback($content, $post_ID);
66
67     // Return insert_id if we got a good result, otherwise return zero.
68     return $result ? $post_ID : 0;
69 }
70
71 function wp_get_single_post($postid = 0, $mode = OBJECT) {
72     global $wpdb;
73
74     $sql = "SELECT * FROM $wpdb->posts WHERE ID=$postid";
75     $result = $wpdb->get_row($sql, $mode);
76     
77     // Set categories
78     if($mode == OBJECT) {
79         $result->post_category = wp_get_post_cats('',$postid);
80     }
81     else {
82         $result['post_category'] = wp_get_post_cats('',$postid);
83     }
84
85     return $result;
86 }
87
88 function wp_get_recent_posts($num = 10) {
89     global $wpdb;
90
91     // Set the limit clause, if we got a limit
92     if ($num) {
93         $limit = "LIMIT $num";
94     }
95
96     $sql = "SELECT * FROM $wpdb->posts WHERE post_status IN ('publish', 'draft', 'private') ORDER BY post_date DESC $limit";
97     $result = $wpdb->get_results($sql,ARRAY_A);
98
99     return $result?$result:array();
100 }
101
102 function wp_update_post($postarr = array()) {
103     global $wpdb;
104
105     // First get all of the original fields
106     $post = wp_get_single_post($postarr['ID'], ARRAY_A);
107
108     // Escape data pulled from DB.
109     $post = add_magic_quotes($post);
110     extract($post);
111
112     // Now overwrite any changed values being passed in. These are
113     // already escaped.
114     extract($postarr);
115
116     // If no categories were passed along, use the current cats.
117     if ( 0 == count($post_category) || !is_array($post_category) )
118         $post_category = $post['post_category'];
119
120     $post_modified = current_time('mysql');
121     $post_modified_gmt = current_time('mysql', 1);
122
123     $sql = "UPDATE $wpdb->posts
124         SET post_content = '$post_content',
125         post_title = '$post_title',
126         post_category = $post_category[0],
127         post_status = '$post_status',
128         post_date = '$post_date',
129         post_date_gmt = '$post_date_gmt',
130         post_modified = '$post_modified',
131         post_modified_gmt = '$post_modified_gmt',
132         post_excerpt = '$post_excerpt',
133         ping_status = '$ping_status',
134         comment_status = '$comment_status'
135         WHERE ID = $ID";
136         
137     $result = $wpdb->query($sql);
138     $rows_affected = $wpdb->rows_affected;
139
140     wp_set_post_cats('', $ID, $post_category);
141
142     do_action('edit_post', $ID);
143
144     return $rows_affected;
145 }
146
147 function wp_get_post_cats($blogid = '1', $post_ID = 0) {
148     global $wpdb;
149     
150     $sql = "SELECT category_id
151         FROM $wpdb->post2cat
152         WHERE post_id = $post_ID
153         ORDER BY category_id";
154
155     $result = $wpdb->get_col($sql);
156
157     if ( !$result )
158         $result = array();
159
160     return array_unique($result);
161 }
162
163 function wp_set_post_cats($blogid = '1', $post_ID = 0, $post_categories = array()) {
164     global $wpdb;
165     // If $post_categories isn't already an array, make it one:
166     if (!is_array($post_categories) || 0 == count($post_categories))
167         $post_categories = array(get_option('default_category'));
168
169     $post_categories = array_unique($post_categories);
170
171     // First the old categories
172     $old_categories = $wpdb->get_col("
173         SELECT category_id
174         FROM $wpdb->post2cat
175         WHERE post_id = $post_ID");
176     
177     if (!$old_categories) {
178         $old_categories = array();
179     } else {
180         $old_categories = array_unique($old_categories);
181     }
182
183
184     $oldies = printr($old_categories,1);
185     $newbies = printr($post_categories,1);
186
187     // Delete any?
188     $delete_cats = array_diff($old_categories,$post_categories);
189
190     if ($delete_cats) {
191         foreach ($delete_cats as $del) {
192             $wpdb->query("
193                 DELETE FROM $wpdb->post2cat
194                 WHERE category_id = $del
195                     AND post_id = $post_ID
196                 ");
197         }
198     }
199
200     // Add any?
201     $add_cats = array_diff($post_categories, $old_categories);
202
203     if ($add_cats) {
204         foreach ($add_cats as $new_cat) {
205             $wpdb->query("
206                 INSERT INTO $wpdb->post2cat (post_id, category_id)
207                 VALUES ($post_ID, $new_cat)");
208         }
209     }
210 }    // wp_set_post_cats()
211
212 function wp_delete_post($postid = 0) {
213     global $wpdb;
214     $postid = (int) $postid;
215
216     if ( !$post = $wpdb->get_row("SELECT * FROM $wpdb->posts WHERE ID = $postid") )
217         return $post;
218
219     if ( 'static' == $post->post_status )
220         $wpdb->query("UPDATE $wpdb->posts SET post_parent = $post->post_parent WHERE post_parent = $postid AND post_status = 'static'");
221
222     $wpdb->query("DELETE FROM $wpdb->posts WHERE ID = $postid");
223     
224     $wpdb->query("DELETE FROM $wpdb->comments WHERE comment_post_ID = $postid");
225
226     $wpdb->query("DELETE FROM $wpdb->post2cat WHERE post_id = $postid");
227
228     $wpdb->query("DELETE FROM $wpdb->postmeta WHERE post_id = $postid");
229     
230     return $post;
231 }
232
233 /**** /DB Functions ****/
234
235 /**** Misc ****/
236
237 // get permalink from post ID
238 function post_permalink($post_id = 0, $mode = '') { // $mode legacy
239     return get_permalink($post_id);
240 }
241
242 // Get the name of a category from its ID
243 function get_cat_name($cat_id) {
244     global $wpdb;
245     
246     $cat_id -= 0;     // force numeric
247     $name = $wpdb->get_var("SELECT cat_name FROM $wpdb->categories WHERE cat_ID=$cat_id");
248     
249     return $name;
250 }
251
252 // Get the ID of a category from its name
253 function get_cat_ID($cat_name='General') {
254     global $wpdb;
255     
256     $cid = $wpdb->get_var("SELECT cat_ID FROM $wpdb->categories WHERE cat_name='$cat_name'");
257
258     return $cid?$cid:1;    // default to cat 1
259 }
260
261 // Get author's preferred display name
262 function get_author_name( $auth_id ) {
263     $authordata = get_userdata( $auth_id );
264
265     switch( $authordata['user_idmode'] ) {
266         case 'nickname':
267             $authorname = $authordata['user_nickname'];
268             break;
269         case 'login':
270             $authorname = $authordata['user_login'];
271             break;
272         case 'firstname':
273             $authorname = $authordata['user_firstname'];
274             break;
275         case 'lastname':
276             $authorname = $authordata['user_lastname'];
277             break;
278         case 'namefl':
279             $authorname = $authordata['user_firstname'].' '.$authordata['user_lastname'];
280             break;
281         case 'namelf':
282             $authorname = $authordata['user_lastname'].' '.$authordata['user_firstname'];
283             break;
284         default:
285             $authorname = $authordata['user_nickname'];
286             break;
287     }
288
289     return $authorname;
290 }
291
292 // get extended entry info (<!--more-->)
293 function get_extended($post) {
294     list($main,$extended) = explode('<!--more-->', $post, 2);
295
296     // Strip leading and trailing whitespace
297     $main = preg_replace('/^[\s]*(.*)[\s]*$/','\\1',$main);
298     $extended = preg_replace('/^[\s]*(.*)[\s]*$/','\\1',$extended);
299
300     return array('main' => $main, 'extended' => $extended);
301 }
302
303 // do trackbacks for a list of urls
304 // borrowed from edit.php
305 // accepts a comma-separated list of trackback urls and a post id
306 function trackback_url_list($tb_list, $post_id) {
307     if (!empty($tb_list)) {
308         // get post data
309         $postdata = wp_get_single_post($post_id, ARRAY_A);
310
311         // import postdata as variables
312         extract($postdata);
313         
314         // form an excerpt
315         $excerpt = strip_tags($post_excerpt?$post_excerpt:$post_content);
316         
317         if (strlen($excerpt) > 255) {
318             $excerpt = substr($excerpt,0,252) . '...';
319         }
320         
321         $trackback_urls = explode(',', $tb_list);
322         foreach($trackback_urls as $tb_url) {
323             $tb_url = trim($tb_url);
324             trackback($tb_url, stripslashes($post_title), $excerpt, $post_id);
325         }
326     }
327 }
328
329
330 // query user capabilities
331 // rather simplistic. shall evolve with future permission system overhaul
332 // $blog_id and $category_id are there for future usage
333
334 /* returns true if $user_id can create a new post */
335 function user_can_create_post($user_id, $blog_id = 1, $category_id = 'None') {
336     $author_data = get_userdata($user_id);
337     return ($author_data->user_level > 1);
338 }
339
340 /* returns true if $user_id can create a new post */
341 function user_can_create_draft($user_id, $blog_id = 1, $category_id = 'None') {
342     $author_data = get_userdata($user_id);
343     return ($author_data->user_level >= 1);
344 }
345
346 /* returns true if $user_id can edit $post_id */
347 function user_can_edit_post($user_id, $post_id, $blog_id = 1) {
348     $author_data = get_userdata($user_id);
349     $post = get_post($post_id);
350     $post_author_data = get_userdata($post->post_author);
351
352     if ( (($user_id == $post_author_data->ID) && !($post->post_status == 'publish' &&  $author_data->user_level < 2))
353          || ($author_data->user_level > $post_author_data->user_level)
354          || ($author_data->user_level >= 10) ) {
355         return true;
356     } else {
357         return false;
358     }
359 }
360
361 /* returns true if $user_id can delete $post_id */
362 function user_can_delete_post($user_id, $post_id, $blog_id = 1) {
363     // right now if one can edit, one can delete
364     return user_can_edit_post($user_id, $post_id, $blog_id);
365 }
366
367 /* returns true if $user_id can set new posts' dates on $blog_id */
368 function user_can_set_post_date($user_id, $blog_id = 1, $category_id = 'None') {
369     $author_data = get_userdata($user_id);
370     return (($author_data->user_level > 4) && user_can_create_post($user_id, $blog_id, $category_id));
371 }
372
373 /* returns true if $user_id can edit $post_id's date */
374 function user_can_edit_post_date($user_id, $post_id, $blog_id = 1) {
375     $author_data = get_userdata($user_id);
376     return (($author_data->user_level > 4) && user_can_edit_post($user_id, $post_id, $blog_id));
377 }
378
379 /* returns true if $user_id can edit $post_id's comments */
380 function user_can_edit_post_comments($user_id, $post_id, $blog_id = 1) {
381     // right now if one can edit a post, one can edit comments made on it
382     return user_can_edit_post($user_id, $post_id, $blog_id);
383 }
384
385 /* returns true if $user_id can delete $post_id's comments */
386 function user_can_delete_post_comments($user_id, $post_id, $blog_id = 1) {
387     // right now if one can edit comments, one can delete comments
388     return user_can_edit_post_comments($user_id, $post_id, $blog_id);
389 }
390
391 function user_can_edit_user($user_id, $other_user) {
392     $user  = get_userdata($user_id);
393     $other = get_userdata($other_user);
394     if ( $user->user_level > $other->user_level || $user->user_level > 8 || $user->ID == $other->ID )
395         return true;
396     else
397         return false;
398 }
399
400 function wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) {
401     global $wpdb;
402
403     do_action('wp_blacklist_check', $author, $email, $url, $comment, $user_ip, $user_agent);
404
405     if ( preg_match_all('/&#(\d+);/', $comment . $author . $url, $chars) ) {
406         foreach ($chars[1] as $char) {
407             // If it's an encoded char in the normal ASCII set, reject
408             if ($char < 128)
409                 return true;
410         }
411     }
412
413     $mod_keys = trim( get_settings('blacklist_keys') );
414     if ('' == $mod_keys )
415         return false; // If moderation keys are empty
416     $words = explode("\n", $mod_keys );
417
418     foreach ($words as $word) {
419         $word = trim($word);
420
421         // Skip empty lines
422         if ( empty($word) ) { continue; }
423
424         // Do some escaping magic so that '#' chars in the
425         // spam words don't break things:
426         $word = preg_quote($word, '#');
427         
428         $pattern = "#$word#i";
429         if ( preg_match($pattern, $author    ) ) return true;
430         if ( preg_match($pattern, $email     ) ) return true;
431         if ( preg_match($pattern, $url       ) ) return true;
432         if ( preg_match($pattern, $comment   ) ) return true;
433         if ( preg_match($pattern, $user_ip   ) ) return true;
434         if ( preg_match($pattern, $user_agent) ) return true;
435     }
436     
437     if ( isset($_SERVER['REMOTE_ADDR']) ) {
438         if ( wp_proxy_check($_SERVER['REMOTE_ADDR']) ) return true;
439     }
440
441     return false;
442 }
443
444 function wp_proxy_check($ipnum) {
445     if ( get_option('open_proxy_check') && isset($ipnum) ) {
446         $rev_ip = implode( '.', array_reverse( explode( '.', $ipnum ) ) );
447         $lookup = $rev_ip . '.opm.blitzed.org';
448         if ( $lookup != gethostbyname( $lookup ) )
449             return true;
450     }
451
452     return false;
453 }
454
455 function wp_new_comment( $commentdata, $spam = false ) {
456     global $wpdb;
457
458     $commentdata = apply_filters('preprocess_comment', $commentdata);
459     extract($commentdata);
460
461     $comment_post_ID = (int) $comment_post_ID;
462
463     $user_id = apply_filters('pre_user_id', $user_ID);
464     $author  = apply_filters('pre_comment_author_name', $comment_author);
465     $email   = apply_filters('pre_comment_author_email', $comment_author_email);
466     $url     = apply_filters('pre_comment_author_url', $comment_author_url);
467     $comment = apply_filters('pre_comment_content', $comment_content);
468     $comment = apply_filters('post_comment_text', $comment); // Deprecated
469     $comment = apply_filters('comment_content_presave', $comment); // Deprecated
470
471     $user_ip     = apply_filters('pre_comment_user_ip', $_SERVER['REMOTE_ADDR']);
472     $user_domain = apply_filters('pre_comment_user_domain', gethostbyaddr($user_ip) );
473     $user_agent  = apply_filters('pre_comment_user_agent', $_SERVER['HTTP_USER_AGENT']);
474
475     $now     = current_time('mysql');
476     $now_gmt = current_time('mysql', 1);
477
478     if ( $user_id ) {
479         $userdata = get_userdata($user_id);
480         $post_author = $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = '$comment_post_ID' LIMIT 1");
481     }
482
483     // Simple duplicate check
484     $dupe = "SELECT comment_ID FROM $wpdb->comments WHERE comment_post_ID = '$comment_post_ID' AND ( comment_author = '$author' ";
485     if ( $email ) $dupe .= "OR comment_author_email = '$email' ";
486     $dupe .= ") AND comment_content = '$comment' LIMIT 1";
487     if ( $wpdb->get_var($dupe) )
488         die( __('Duplicate comment detected; it looks as though you\'ve already said that!') );
489
490     // Simple flood-protection
491     if ( $lasttime = $wpdb->get_var("SELECT comment_date_gmt FROM $wpdb->comments WHERE comment_author_IP = '$user_ip' OR comment_author_email = '$email' ORDER BY comment_date DESC LIMIT 1") ) {
492         $time_lastcomment = mysql2date('U', $lasttime);
493         $time_newcomment  = mysql2date('U', $now_gmt);
494         if ( ($time_newcomment - $time_lastcomment) < 15 ) {
495             do_action('comment_flood_trigger', $time_lastcomment, $time_newcomment);
496             die( __('Sorry, you can only post a new comment once every 15 seconds. Slow down cowboy.') );
497         }
498     }
499
500     if ( $userdata && ( $user_id == $post_author || $userdata->user_level >= 9 ) ) {
501         $approved = 1;
502     } else {
503         if ( check_comment($author, $email, $url, $comment, $user_ip, $user_agent, $comment_type) )
504             $approved = 1;
505         else
506             $approved = 0;
507         if ( wp_blacklist_check($author, $email, $url, $comment, $user_ip, $user_agent) )
508             $approved = 'spam';
509     }
510
511     $approved = apply_filters('pre_comment_approved', $approved);
512
513     $result = $wpdb->query("INSERT INTO $wpdb->comments
514     (comment_post_ID, comment_author, comment_author_email, comment_author_url, comment_author_IP, comment_date, comment_date_gmt, comment_content, comment_a