root/branches/2.0/wp-admin/edit-page-form.php

Revision 5550, 8.0 kB (checked in by markjaquith, 1 year ago)

attribute_escape()s and int casts for 2.0.x: see #4333

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
Line 
1
2 <div class="wrap">
3 <h2 id="write-post"><?php _e('Write Page'); ?><?php if ( 0 != $post_ID ) : ?>
4 <small class="quickjump"><a href="#preview-post"><?php _e('preview &darr;'); ?></a></small><?php endif; ?></h2>
5 <?php
6 if (0 == $post_ID) {
7     $form_action = 'post';
8     $nonce_action = 'add-post';
9     $temp_ID = -1 * time();
10     $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
11 } else {
12     $post_ID = (int) $post_ID;
13     $form_action = 'editpost';
14     $nonce_action = 'update-post_' . $post_ID;
15     $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
16 }
17
18 $temp_ID = (int) $temp_ID;
19 $user_ID = (int) $user_ID;
20
21 $sendto = attribute_escape(wp_get_referer());
22
23 if ( 0 != $post_ID && $sendto == get_permalink($post_ID) )
24      $sendto = 'redo';
25
26 ?>
27
28 <form name="post" action="post.php" method="post" id="post">
29
30 <?php
31 wp_nonce_field($nonce_action);
32
33 if (isset($mode) && 'bookmarklet' == $mode) {
34     echo '<input type="hidden" name="mode" value="bookmarklet" />';
35 }
36 ?>
37 <input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
38 <input type="hidden" id="hiddenaction" name="action" value='<?php echo $form_action ?>' />
39 <?php echo $form_extra ?>
40 <input type="hidden" name="post_status" value="static" />
41
42 <script type="text/javascript">
43 // <![CDATA[
44 function focusit() { // focus on first input field
45     document.post.title.focus();
46 }
47 addLoadEvent(focusit);
48 // ]]>
49 </script>
50 <div id="poststuff">
51
52 <div id="moremeta">
53 <div id="grabit" class="dbx-group">
54 <fieldset id="commentstatusdiv" class="dbx-box">
55 <h3 class="dbx-handle"><?php _e('Discussion') ?></h3>
56 <div class="dbx-content">
57 <input name="advanced_view" type="hidden" value="1" />
58 <label for="comment_status" class="selectit">
59 <input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> />
60 <?php _e('Allow Comments') ?></label>
61 <label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php _e('Allow Pings') ?></label>
62 </div>
63 </fieldset>
64
65 <fieldset id="passworddiv" class="dbx-box">
66 <h3 class="dbx-handle"><?php _e('Password-Protect Post') ?></h3>
67 <div class="dbx-content"><input name="post_password" type="text" size="13" id="post_password" value="<?php echo attribute_escape($post->post_password); ?>" /></div>
68 </fieldset>
69
70 <fieldset id="pageparent" class="dbx-box">
71 <h3 class="dbx-handle"><?php _e('Page Parent') ?></h3>
72 <div class="dbx-content"><p><select name="parent_id">
73 <option value='0'><?php _e('Main Page (no parent)'); ?></option>
74 <?php parent_dropdown($post->post_parent); ?>
75 </select></p>
76 </div>
77 </fieldset>
78
79 <?php if ( 0 != count( get_page_templates() ) ) { ?>
80 <fieldset id="pagetemplate" class="dbx-box">
81 <h3 class="dbx-handle"><?php _e('Page Template:') ?></h3>
82 <div class="dbx-content"><p><select name="page_template">
83         <option value='default'><?php _e('Default Template'); ?></option>
84         <?php page_template_dropdown($post->page_template); ?>
85         </select></p>
86 </div>
87 </fieldset>
88 <?php } ?>
89
90 <fieldset id="slugdiv" class="dbx-box">
91 <h3 class="dbx-handle"><?php _e('Post slug') ?></h3>
92 <div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo attribute_escape($post->post_name); ?>" /></div>
93 </fieldset>
94
95 <?php if ( $authors = get_editable_authors( $current_user->id ) ) : // TODO: ROLE SYSTEM ?>
96 <fieldset id="authordiv" class="dbx-box">
97 <h3 class="dbx-handle"><?php _e('Post author'); ?>:</h3>
98 <div class="dbx-content">
99 <select name="post_author_override" id="post_author_override">
100 <?php
101 foreach ($authors as $o) :
102 $o = get_userdata( $o->ID );
103 if ( $post->post_author == $o->ID || ( empty($post_ID) && $user_ID == $o->ID ) ) $selected = 'selected="selected"';
104 else $selected = '';
105 $o->ID = (int) $o->ID;
106 $o->display_name = wp_specialchars( $o->display_name );
107 echo "<option value='$o->ID' $selected>$o->display_name</option>";
108 endforeach;
109 ?>
110 </select>
111 </div>
112 </fieldset>
113 <?php endif; ?>
114
115 <fieldset id="pageorder" class="dbx-box">
116 <h3 class="dbx-handle"><?php _e('Page Order') ?></h3>
117 <div class="dbx-content"><p><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo $post->menu_order ?>" /></p></div>
118 </fieldset>
119
120 <?php do_action('dbx_page_sidebar'); ?>
121
122 </div>
123 </div>
124
125 <fieldset id="titlediv">
126   <legend><?php _e('Page Title') ?></legend>
127   <div><input type="text" name="post_title" size="30" tabindex="1" value="<?php echo attribute_escape($post->post_title); ?>" id="title" /></div>
128 </fieldset>
129
130
131 <fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
132     <legend><?php _e('Page Content') ?></legend>
133 <?php
134  $rows = get_settings('default_post_edit_rows');
135  if (($rows < 3) || ($rows > 100)) {
136      $rows = 10;
137  }
138 ?>
139 <?php the_quicktags(); ?>
140
141 <div><textarea title="true" rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="4" id="content"><?php echo user_can_richedit() ? wp_richedit_pre($post->post_content) : $post->post_content; ?></textarea></div>
142 </fieldset>
143
144 <script type="text/javascript">
145 <!--
146 edCanvas = document.getElementById('content');
147 <?php if ( user_can_richedit() ) : ?>
148 // This code is meant to allow tabbing from Title to Post (TinyMCE).
149 if ( tinyMCE.isMSIE )
150     document.getElementById('title').onkeydown = function (e)
151         {
152             e = e ? e : window.event;
153             if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
154                 var i = tinyMCE.selectedInstance;
155                 if(typeof i ==  'undefined')
156                     return true;
157                                 tinyMCE.execCommand("mceStartTyping");
158                 this.blur();
159                 i.contentWindow.focus();
160                 e.returnValue = false;
161                 return false;
162             }
163         }
164 else
165     document.getElementById('title').onkeypress = function (e)
166         {
167             e = e ? e : window.event;
168             if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
169                 var i = tinyMCE.selectedInstance;
170                 if(typeof i ==  'undefined')
171                     return true;
172                                 tinyMCE.execCommand("mceStartTyping");
173                 this.blur();
174                 i.contentWindow.focus();
175                 e.returnValue = false;
176                 return false;
177             }
178         }
179 <?php endif; ?>
180 //-->
181 </script>
182
183 <p class="submit">
184 <?php if ( $post_ID ) : ?>
185 <input name="save" type="submit" id="save" tabindex="5" value=" <?php _e('Save and Continue Editing'); ?> "/>
186 <input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php $post_ID ? _e('Save') : _e('Create New Page') ?> &raquo;" />
187 <?php else : ?>
188 <input name="savepage" type="submit" id="savepage" tabindex="6" value="<?php _e('Create New Page') ?> &raquo;" />
189 <?php endif; ?>
190 <input name="referredby" type="hidden" id="referredby" value="<?php echo $sendto; ?>" />
191 </p>
192
193 <?php do_action('edit_page_form'); ?>
194
195 <?php
196 if (current_user_can('upload_files')) {
197     $uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
198     $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
199     $uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
200     if ( false != $uploading_iframe_src )
201         echo '<iframe id="uploading" frameborder="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
202 }
203 ?>
204
205 <div id="advancedstuff" class="dbx-group">
206
207 <fieldset id="postcustom" class="dbx-box">
208 <h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
209 <div id="postcustomstuff" class="dbx-content">
210 <?php
211 if($metadata = has_meta($post_ID)) {
212 ?>
213 <?php
214     list_meta($metadata);
215 ?>
216 <?php
217 }
218     meta_form();
219 ?>
220 </div>
221 <div id="ajax-response"></div>
222 </fieldset>
223
224 <?php do_action('dbx_page_advanced'); ?>
225
226 </div>
227
228 <?php if ('edit' == $action) :
229     $delete_nonce = wp_create_nonce( 'delete-page_' . $post_ID ); ?>
230     <input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this page') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this page \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), js_escape($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}return false;\""; ?> />
231 <?php endif; ?>
232 </div>
233
234 </form>
235
236 </div>
237
Note: See TracBrowser for help on using the browser.