root/branches/2.1/wp-admin/admin-ajax.php

Revision 5092, 8.2 kB (checked in by ryan, 2 years ago)

Big int patch for 2.1

  • Property svn:eol-style set to native
Line 
1 <?php
2 require_once('../wp-config.php');
3 require_once('admin-functions.php');
4 require_once('admin-db.php');
5
6 define('DOING_AJAX', true);
7
8 check_ajax_referer();
9 if ( !is_user_logged_in() )
10     die('-1');
11
12 function get_out_now() { exit; }
13 add_action( 'shutdown', 'get_out_now', -1 );
14
15 function wp_ajax_meta_row( $pid, $mid, $key, $value ) {
16     $value = attribute_escape($value);
17     $key_js = addslashes(wp_specialchars($key, 'double'));
18     $key = attribute_escape($key);
19     $r .= "<tr id='meta-$mid'><td valign='top'>";
20     $r .= "<input name='meta[$mid][key]' tabindex='6' onkeypress='return killSubmit(\"theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);\",event);' type='text' size='20' value='$key' />";
21     $r .= "</td><td><textarea name='meta[$mid][value]' tabindex='6' rows='2' cols='30'>$value</textarea></td><td align='center'>";
22     $r .= "<input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='".attribute_escape(__('Update'))."' onclick='return theList.ajaxUpdater(&#039;meta&#039;,&#039;meta-$mid&#039;);' /><br />";
23     $r .= "<input name='deletemeta[$mid]' type='submit' onclick=\"return deleteSomething( 'meta', $mid, '";
24     $r .= js_escape(sprintf(__("You are about to delete the '%s' custom field on this post.\n'OK' to delete, 'Cancel' to stop."), $key_js));
25     $r .= "' );\" class='deletemeta' tabindex='6' value='".attribute_escape(__('Delete'))."' /></td></tr>";
26     return $r;
27 }
28
29 $id = (int) $_POST['id'];
30 switch ( $_POST['action'] ) :
31 case 'delete-comment' :
32     if ( !$comment = get_comment( $id ) )
33         die('0');
34     if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
35         die('-1');
36
37     if ( wp_delete_comment( $comment->comment_ID ) )
38         die('1');
39     else    die('0');
40     break;
41 case 'delete-comment-as-spam' :
42     if ( !$comment = get_comment( $id ) )
43         die('0');
44     if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
45         die('-1');
46
47     if ( wp_set_comment_status( $comment->comment_ID, 'spam' ) )
48         die('1');
49     else    die('0');
50     break;
51 case 'delete-cat' :
52     if ( !current_user_can( 'manage_categories' ) )
53         die('-1');
54
55     if ( wp_delete_category( $id ) )
56         die('1');
57     else    die('0');
58     break;
59 case 'delete-link' :
60     if ( !current_user_can( 'manage_links' ) )
61         die('-1');
62
63     if ( wp_delete_link( $id ) )
64         die('1');
65     else    die('0');
66     break;
67 case 'delete-meta' :
68     if ( !$meta = get_post_meta_by_id( $id ) )
69         die('0');
70     if ( !current_user_can( 'edit_post', $meta->post_id ) )
71         die('-1');
72     if ( delete_meta( $meta->meta_id ) )
73         die('1');
74     die('0');
75     break;
76 case 'delete-post' :
77     if ( !current_user_can( 'delete_post', $id ) )
78         die('-1');
79
80     if ( wp_delete_post( $id ) )
81         die('1');
82     else    die('0');
83     break;
84 case 'delete-page' :
85     if ( !current_user_can( 'delete_page', $id ) )
86         die('-1');
87
88     if ( wp_delete_post( $id ) )
89         die('1');
90     else    die('0');
91     break;
92 case 'dim-comment' :
93     if ( !$comment = get_comment( $id ) )
94         die('0');
95     if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
96         die('-1');
97     if ( !current_user_can( 'moderate_comments' ) )
98         die('-1');
99
100     if ( 'unapproved' == wp_get_comment_status($comment->comment_ID) ) {
101         if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
102             die('1');
103     } else {
104         if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
105             die('1');
106     }
107     die('0');
108     break;
109 case 'add-category' : // On the Fly
110     if ( !current_user_can( 'manage_categories' ) )
111         die('-1');
112     $names = explode(',', $_POST['newcat']);
113     $x = new WP_Ajax_Response();
114     foreach ( $names as $cat_name ) {
115         $cat_name = trim($cat_name);
116         if ( !$category_nicename = sanitize_title($cat_name) )
117             die('0');
118         if ( !$cat_id = category_exists( $cat_name ) )
119             $cat_id = wp_create_category( $cat_name );
120         $cat_name = wp_specialchars(stripslashes($cat_name));
121         $x->add( array(
122             'what' => 'category',
123             'id' => $cat_id,
124             'data' => "<li id='category-$cat_id'><label for='in-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='post_category[]' id='in-category-$cat_id'/> $cat_name</label></li>"
125         ) );
126     }
127     $x->send();
128     break;
129 case 'add-cat' : // From Manage->Categories
130     if ( !current_user_can( 'manage_categories' ) )
131         die('-1');
132     if ( !$cat = wp_insert_category( $_POST ) )
133         die('0');
134     if ( !$cat = get_category( $cat ) )
135         die('0');
136     $level = 0;
137     $cat_full_name = $cat->cat_name;
138     $_cat = $cat;
139     while ( $_cat->category_parent ) {
140         $_cat = get_category( $_cat->category_parent );
141         $cat_full_name = $_cat->cat_name . ' &#8212; ' . $cat_full_name;
142         $level++;
143     }
144     $cat_full_name = attribute_escape($cat_full_name);
145
146     $x = new WP_Ajax_Response( array(
147         'what' => 'cat',
148         'id' => $cat->cat_ID,
149         'data' => _cat_row( $cat, $level, $cat_full_name ),
150         'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->cat_ID", $cat_full_name))
151     ) );
152     $x->send();
153     break;
154 case 'add-meta' :
155     if ( !current_user_can( 'edit_post', $id ) )
156         die('-1');
157     if ( $id < 0 ) {
158         $now = current_time('timestamp', 1);
159         if ( $pid = wp_insert_post( array(
160             'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
161         ) ) )
162             $mid = add_meta( $pid );
163         else
164             die('0');
165     } else if ( !$mid = add_meta( $id ) ) {
166         die('0');
167     }
168
169     $meta = get_post_meta_by_id( $mid );
170     $key = $meta->meta_key;
171     $value = $meta->meta_value;
172     $pid = (int) $meta->post_id;
173
174     $x = new WP_Ajax_Response( array(
175         'what' => 'meta',
176         'id' => $mid,
177         'data' => wp_ajax_meta_row( $pid, $mid, $key, $value ),
178         'supplemental' => array('postid' => $pid)
179     ) );
180     $x->send();
181     break;
182 case 'update-meta' :
183     $mid = (int) array_pop(array_keys($_POST['meta']));
184     $key = $_POST['meta'][$mid]['key'];
185     $value = $_POST['meta'][$mid]['value'];
186     if ( !$meta = get_post_meta_by_id( $mid ) )
187         die('0'); // if meta doesn't exist
188     if ( !current_user_can( 'edit_post', $meta->post_id ) )
189         die('-1');
190     if ( $u = update_meta( $mid, $key, $value ) ) {
191         $key = stripslashes($key);
192         $value = stripslashes($value);
193         $x = new WP_Ajax_Response( array(
194             'what' => 'meta',
195             'id' => $mid,
196             'data' => wp_ajax_meta_row( $meta->post_id, $mid, $key, $value ),
197             'supplemental' => array('postid' => $meta->post_id)
198         ) );
199         $x->send();
200     }
201     die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
202     break;
203 case 'add-user' :
204     if ( !current_user_can('edit_users') )
205         die('-1');
206     require_once(ABSPATH . WPINC . '/registration.php');
207     if ( !$user_id = add_user() )
208         die('0');
209     elseif ( is_wp_error( $user_id ) ) {
210         foreach( $user_id->get_error_messages() as $message )
211             echo "<p>$message<p>";
212         exit;
213     }
214     $user_object = new WP_User( $user_id );
215     $x = new WP_Ajax_Response( array(
216         'what' => 'user',
217         'id' => $user_id,
218         'data' => user_row( $user_object ),
219         'supplemental' => array('show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login))
220     ) );
221     $x->send();
222     break;
223 case 'autosave' : // The name of this action is hardcoded in edit_post()
224     $_POST['post_content'] = $_POST['content'];
225     $_POST['post_excerpt'] = $_POST['excerpt'];
226     $_POST['post_status'] = 'draft';
227     $_POST['post_category'] = explode(",", $_POST['catslist']);
228     if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
229         unset($_POST['post_category']);   
230     
231     if($_POST['post_ID'] < 0) {
232         $_POST['temp_ID'] = $_POST['post_ID'];
233         $id = wp_write_post();
234         if( is_wp_error($id) )
235             die($id->get_error_message());
236         else
237             die("$id");
238     } else {
239         $post_ID = (int) $_POST['post_ID'];
240         $_POST['ID'] = $post_ID;
241         $post = get_post($post_ID);
242         if ( 'page' == $post->post_type ) {
243             if ( !current_user_can('edit_page', $post_ID) )
244                 die(__('You are not allowed to edit this page.'));
245         } else {
246             if ( !current_user_can('edit_post', $post_ID) )
247                 die(__('You are not allowed to edit this post.'));
248         }
249         wp_update_post($_POST);
250     }
251     die('0');
252 break;
253 case 'autosave-generate-nonces' :
254     $ID = (int) $_POST['post_ID'];
255     if($_POST['post_type'] == 'post') {
256         if(current_user_can('edit_post', $ID))
257             die(wp_create_nonce('update-post_' . $ID));
258     }
259     if($_POST['post_type'] == 'page') {
260         if(current_user_can('edit_page', $ID)) {
261             die(wp_create_nonce('update-page_' . $ID));
262         }
263     }
264     die($_POST['post_type']);
265 break;
266 default :
267     do_action( 'wp_ajax_' . $_POST['action'] );
268     die('0');
269     break;
270 endswitch;
271 ?>
272
Note: See TracBrowser for help on using the browser.