post.php

Revision 1139, 13.9 kB (checked in by donncha, 1 year ago)
Merge with WordPress? 2.3.1

Line
1	<?php
2
3	// Update an existing post with values provided in $_POST.
4	function edit_post() {
5	global $user_ID;
6
7	$post_ID = (int) $_POST['post_ID'];
8
9	if ( 'page' == $_POST['post_type'] ) {
10	if ( !current_user_can( 'edit_page', $post_ID ) )
11	wp_die( __('You are not allowed to edit this page.' ));
12	} else {
13	if ( !current_user_can( 'edit_post', $post_ID ) )
14	wp_die( __('You are not allowed to edit this post.' ));
15	}
16
17	// Autosave shouldn't save too soon after a real save
18	if ( 'autosave' == $_POST['action'] ) {
19	$post =& get_post( $post_ID );
20	$now = time();
21	$then = strtotime($post->post_date_gmt . ' +0000');
22	// Keep autosave_interval in sync with autosave-js.php.
23	$delta = apply_filters( 'autosave_interval', 120 ) / 2;
24	if ( ($now - $then) < $delta )
25	return $post_ID;
26	}
27
28	// Rename.
29	$_POST['ID'] = (int) $_POST['post_ID'];
30	$_POST['post_content'] = $_POST['content'];
31	$_POST['post_excerpt'] = $_POST['excerpt'];
32	$_POST['post_parent'] = $_POST['parent_id'];
33	$_POST['to_ping'] = $_POST['trackback_url'];
34
35	if (!empty ( $_POST['post_author_override'] ) ) {
36	$_POST['post_author'] = (int) $_POST['post_author_override'];
37	} else
38	if (!empty ( $_POST['post_author'] ) ) {
39	$_POST['post_author'] = (int) $_POST['post_author'];
40	} else {
41	$_POST['post_author'] = (int) $_POST['user_ID'];
42	}
43
44	if ( $_POST['post_author'] != $_POST['user_ID'] ) {
45	if ( 'page' == $_POST['post_type'] ) {
46	if ( !current_user_can( 'edit_others_pages' ) )
47	wp_die( __('You are not allowed to edit pages as this user.' ));
48	} else {
49	if ( !current_user_can( 'edit_others_posts' ) )
50	wp_die( __('You are not allowed to edit posts as this user.' ));
51
52	}
53	}
54
55	// What to do based on which button they pressed
56	if ('' != $_POST['saveasdraft'] )
57	$_POST['post_status'] = 'draft';
58	if ('' != $_POST['saveasprivate'] )
59	$_POST['post_status'] = 'private';
60	if ('' != $_POST['publish'] )
61	$_POST['post_status'] = 'publish';
62	if ('' != $_POST['advanced'] )
63	$_POST['post_status'] = 'draft';
64
65	if ( 'page' == $_POST['post_type'] ) {
66	if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_pages' ))
67	$_POST['post_status'] = 'pending';
68	} else {
69	if ('publish' == $_POST['post_status'] && !current_user_can( 'edit_published_posts' ))
70	$_POST['post_status'] = 'pending';
71	}
72
73	if (!isset( $_POST['comment_status'] ))
74	$_POST['comment_status'] = 'closed';
75
76	if (!isset( $_POST['ping_status'] ))
77	$_POST['ping_status'] = 'closed';
78
79	if (!empty ( $_POST['edit_date'] ) ) {
80	$aa = $_POST['aa'];
81	$mm = $_POST['mm'];
82	$jj = $_POST['jj'];
83	$hh = $_POST['hh'];
84	$mn = $_POST['mn'];
85	$ss = $_POST['ss'];
86	$jj = ($jj > 31 ) ? 31 : $jj;
87	$hh = ($hh > 23 ) ? $hh -24 : $hh;
88	$mn = ($mn > 59 ) ? $mn -60 : $mn;
89	$ss = ($ss > 59 ) ? $ss -60 : $ss;
90	$_POST['post_date'] = "$aa-$mm-$jj $hh:$mn:$ss";
91	$_POST['post_date_gmt'] = get_gmt_from_date( "$aa-$mm-$jj $hh:$mn:$ss" );
92	}
93
94	// Meta Stuff
95	if ( $_POST['meta'] ) {
96	foreach ( $_POST['meta'] as $key => $value )
97	update_meta( $key, $value['key'], $value['value'] );
98	}
99
100	if ( $_POST['deletemeta'] ) {
101	foreach ( $_POST['deletemeta'] as $key => $value )
102	delete_meta( $key );
103	}
104
105	add_meta( $post_ID );
106
107	wp_update_post( $_POST );
108
109	// Reunite any orphaned attachments with their parent
110	if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
111	$draft_ids = array();
112	if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
113	_relocate_children( $draft_temp_id, $post_ID );
114
115	// Now that we have an ID we can fix any attachment anchor hrefs
116	_fix_attachment_links( $post_ID );
117
118	return $post_ID;
119	}
120
121	// Default post information to use when populating the "Write Post" form.
122	function get_default_post_to_edit() {
123	if ( !empty( $_REQUEST['post_title'] ) )
124	$post_title = wp_specialchars( stripslashes( $_REQUEST['post_title'] ));
125	else if ( !empty( $_REQUEST['popuptitle'] ) ) {
126	$post_title = wp_specialchars( stripslashes( $_REQUEST['popuptitle'] ));
127	$post_title = funky_javascript_fix( $post_title );
128	} else {
129	$post_title = '';
130	}
131
132	if ( !empty( $_REQUEST['content'] ) )
133	$post_content = wp_specialchars( stripslashes( $_REQUEST['content'] ));
134	else if ( !empty( $post_title ) ) {
135	$text = wp_specialchars( stripslashes( urldecode( $_REQUEST['text'] ) ) );
136	$text = funky_javascript_fix( $text);
137	$popupurl = clean_url($_REQUEST['popupurl']);
138	$post_content = '<a href="'.$popupurl.'">'.$post_title.'</a>'."\n$text";
139	}
140
141	if ( !empty( $_REQUEST['excerpt'] ) )
142	$post_excerpt = wp_specialchars( stripslashes( $_REQUEST['excerpt'] ));
143	else
144	$post_excerpt = '';
145
146	$post->post_status = 'draft';
147	$post->comment_status = get_option( 'default_comment_status' );
148	$post->ping_status = get_option( 'default_ping_status' );
149	$post->post_pingback = get_option( 'default_pingback_flag' );
150	$post->post_category = get_option( 'default_category' );
151	$post->post_content = apply_filters( 'default_content', $post_content);
152	$post->post_title = apply_filters( 'default_title', $post_title );
153	$post->post_excerpt = apply_filters( 'default_excerpt', $post_excerpt);
154	$post->page_template = 'default';
155	$post->post_parent = 0;
156	$post->menu_order = 0;
157
158	return $post;
159	}
160
161	// Get an existing post and format it for editing.
162	function get_post_to_edit( $id ) {
163
164	$post = get_post( $id, OBJECT, 'edit' );
165
166	if ( $post->post_type == 'page' )
167	$post->page_template = get_post_meta( $id, '_wp_page_template', true );
168
169	return $post;
170	}
171
172	function post_exists($title, $content = '', $post_date = '') {
173	global $wpdb;
174
175	if (!empty ($post_date))
176	$post_date = "AND post_date = '$post_date'";
177
178	if (!empty ($title))
179	return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_title = '$title' $post_date");
180	else
181	if (!empty ($content))
182	return $wpdb->get_var("SELECT ID FROM $wpdb->posts WHERE post_content = '$content' $post_date");
183
184	return 0;
185	}
186
187	// Creates a new post from the "Write Post" form using $_POST information.
188	function wp_write_post() {
189	global $user_ID;
190
191	if ( 'page' == $_POST['post_type'] ) {
192	if ( !current_user_can( 'edit_pages' ) )
193	return new WP_Error( 'edit_pages', __( 'You are not allowed to create pages on this blog.' ) );
194	} else {
195	if ( !current_user_can( 'edit_posts' ) )
196	return new WP_Error( 'edit_posts', __( 'You are not allowed to create posts or drafts on this blog.' ) );
197	}
198
199
200	// Check for autosave collisions
201	$temp_id = false;
202	if ( isset($_POST['temp_ID']) ) {
203	$temp_id = (int) $_POST['temp_ID'];
204	if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
205	$draft_ids = array();
206	foreach ( $draft_ids as $temp => $real )
207	if ( time() + $temp > 86400 ) // 1 day: $temp is equal to -1 * time( then )
208	unset($draft_ids[$temp]);
209
210	if ( isset($draft_ids[$temp_id]) ) { // Edit, don't write
211	$_POST['post_ID'] = $draft_ids[$temp_id];
212	unset($_POST['temp_ID']);
213	update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
214	return edit_post();
215	}
216	}
217
218	// Rename.
219	$_POST['post_content'] = $_POST['content'];
220	$_POST['post_excerpt'] = $_POST['excerpt'];
221	$_POST['post_parent'] = $_POST['parent_id'];
222	$_POST['to_ping'] = $_POST['trackback_url'];
223
224	if (!empty ( $_POST['post_author_override'] ) ) {
225	$_POST['post_author'] = (int) $_POST['post_author_override'];
226	} else {
227	if (!empty ( $_POST['post_author'] ) ) {
228	$_POST['post_author'] = (int) $_POST['post_author'];
229	} else {
230	$_POST['post_author'] = (int) $_POST['user_ID'];
231	}
232
233	}
234
235	if ( $_POST['post_author'] != $_POST['user_ID'] ) {
236	if ( 'page' == $_POST['post_type'] ) {
237	if ( !current_user_can( 'edit_others_pages' ) )
238	return new WP_Error( 'edit_others_pages', __( 'You are not allowed to create pages as this user.' ) );
239	} else {
240	if ( !current_user_can( 'edit_others_posts' ) )
241	return new WP_Error( 'edit_others_posts', __( 'You are not allowed to post as this user.' ) );
242
243	}
244	}
245
246	// What to do based on which button they pressed
247	if ('' != $_POST['saveasdraft'] )
248	$_POST['post_status'] = 'draft';
249	if ('' != $_POST['saveasprivate'] )
250	$_POST['post_status'] = 'private';
251	if ('' != $_POST['publish'] )
252	$_POST['post_status'] = 'publish';
253	if ('' != $_POST['advanced'] )
254	$_POST['post_status'] = 'draft';
255
256	if ( 'page' == $_POST['post_type'] ) {
257	if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_pages' ) )
258	$_POST['post_status'] = 'pending';
259	} else {
260	if ('publish' == $_POST['post_status'] && !current_user_can( 'publish_posts' ) )
261	$_POST['post_status'] = 'pending';
262	}
263
264	if (!isset( $_POST['comment_status'] ))
265	$_POST['comment_status'] = 'closed';
266
267	if (!isset( $_POST['ping_status'] ))
268	$_POST['ping_status'] = 'closed';
269
270	if (!empty ( $_POST['edit_date'] ) ) {
271	$aa = $_POST['aa'];
272	$mm = $_POST['mm'];
273	$jj = $_POST['jj'];
274	$hh = $_POST['hh'];
275	$mn = $_POST['mn'];
276	$ss = $_POST['ss'];
277	$jj = ($jj > 31 ) ? 31 : $jj;
278	$hh = ($hh > 23 ) ? $hh -24 : $hh;
279	$mn = ($mn > 59 ) ? $mn -60 : $mn;
280	$ss = ($ss > 59 ) ? $ss -60 : $ss;
281	$_POST['post_date'] = sprintf( "%04d-%02d-%02d %02d:%02d:%02d", $aa, $mm, $jj, $hh, $mn, $ss );
282	$_POST['post_date_gmt'] = get_gmt_from_date( $_POST['post_date'] );
283	}
284
285	// Create the post.
286	$post_ID = wp_insert_post( $_POST );
287	if ( is_wp_error( $post_ID ) )
288	return $post_ID;
289
290	if ( empty($post_ID) )
291	return 0;
292
293	add_meta( $post_ID );
294
295	// Reunite any orphaned attachments with their parent
296	if ( !$draft_ids = get_user_option( 'autosave_draft_ids' ) )
297	$draft_ids = array();
298	if ( $draft_temp_id = (int) array_search( $post_ID, $draft_ids ) )
299	_relocate_children( $draft_temp_id, $post_ID );
300	if ( $temp_id && $temp_id != $draft_temp_id )
301	_relocate_children( $temp_id, $post_ID );
302
303	// Update autosave collision detection
304	if ( $temp_id ) {
305	$draft_ids[$temp_id] = $post_ID;
306	update_user_option( $user_ID, 'autosave_draft_ids', $draft_ids );
307	}
308
309	// Now that we have an ID we can fix any attachment anchor hrefs
310	_fix_attachment_links( $post_ID );
311
312	return $post_ID;
313	}
314
315	function write_post() {
316	$result = wp_write_post();
317	if( is_wp_error( $result ) )
318	wp_die( $result->get_error_message() );
319	else
320	return $result;
321	}
322
323	//
324	// Post Meta
325	//
326
327	function add_meta( $post_ID ) {
328	global $wpdb;
329	$post_ID = (int) $post_ID;
330
331	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
332
333	$metakeyselect = $wpdb->escape( stripslashes( trim( $_POST['metakeyselect'] ) ) );
334	$metakeyinput = $wpdb->escape( stripslashes( trim( $_POST['metakeyinput'] ) ) );
335	$metavalue = maybe_serialize( stripslashes( (trim( $_POST['metavalue'] ) ) ));
336	$metavalue = $wpdb->escape( $metavalue );
337
338	if ( ('0' === $metavalue \|\| !empty ( $metavalue ) ) && ((('#NONE#' != $metakeyselect) && !empty ( $metakeyselect) ) \|\| !empty ( $metakeyinput) ) ) {
339	// We have a key/value pair. If both the select and the
340	// input for the key have data, the input takes precedence:
341
342	if ('#NONE#' != $metakeyselect)
343	$metakey = $metakeyselect;
344
345	if ( $metakeyinput)
346	$metakey = $metakeyinput; // default
347
348	if ( in_array($metakey, $protected) )
349	return false;
350
351	$result = $wpdb->query( "
352	INSERT INTO $wpdb->postmeta
353	(post_id,meta_key,meta_value )
354	VALUES ('$post_ID','$metakey','$metavalue' )
355	" );
356	return $wpdb->insert_id;
357	}
358	return false;
359	} // add_meta
360
361	function delete_meta( $mid ) {
362	global $wpdb;
363	$mid = (int) $mid;
364
365	return $wpdb->query( "DELETE FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
366	}
367
368	// Get a list of previously defined keys
369	function get_meta_keys() {
370	global $wpdb;
371
372	$keys = $wpdb->get_col( "
373	SELECT meta_key
374	FROM $wpdb->postmeta
375	GROUP BY meta_key
376	ORDER BY meta_key" );
377
378	return $keys;
379	}
380
381	function get_post_meta_by_id( $mid ) {
382	global $wpdb;
383	$mid = (int) $mid;
384
385	$meta = $wpdb->get_row( "SELECT * FROM $wpdb->postmeta WHERE meta_id = '$mid'" );
386	if ( is_serialized_string( $meta->meta_value ) )
387	$meta->meta_value = maybe_unserialize( $meta->meta_value );
388	return $meta;
389	}
390
391	// Some postmeta stuff
392	function has_meta( $postid ) {
393	global $wpdb;
394
395	return $wpdb->get_results( "
396	SELECT meta_key, meta_value, meta_id, post_id
397	FROM $wpdb->postmeta
398	WHERE post_id = '$postid'
399	ORDER BY meta_key,meta_id", ARRAY_A );
400
401	}
402
403	function update_meta( $mid, $mkey, $mvalue ) {
404	global $wpdb;
405
406	$protected = array( '_wp_attached_file', '_wp_attachment_metadata', '_wp_old_slug', '_wp_page_template' );
407
408	if ( in_array($mkey, $protected) )
409	return false;
410
411	$mvalue = maybe_serialize( stripslashes( $mvalue ));
412	$mvalue = $wpdb->escape( $mvalue );
413	$mid = (int) $mid;
414	return $wpdb->query( "UPDATE $wpdb->postmeta SET meta_key = '$mkey', meta_value = '$mvalue' WHERE meta_id = '$mid'" );
415	}
416
417	//
418	// Private
419	//
420
421	// Replace hrefs of attachment anchors with up-to-date permalinks.
422	function _fix_attachment_links( $post_ID ) {
423	global $wp_rewrite;
424
425	$post = & get_post( $post_ID, ARRAY_A );
426
427	$search = "#<a[^>]+rel=('\|\")[^'\"]attachment[^>]>#ie";
428
429	// See if we have any rel="attachment" links
430	if ( 0 == preg_match_all( $search, $post['post_content'], $anchor_matches, PREG_PATTERN_ORDER ) )
431	return;
432
433	$i = 0;
434	$search = "#[\s]+rel=(\"\|')(.*?)wp-att-(\d+)\\1#i";
435	foreach ( $anchor_matches[0] as $anchor ) {
436	if ( 0 == preg_match( $search, $anchor, $id_matches ) )
437	continue;
438
439	$id = (int) $id_matches[3];
440
441	// While we have the attachment ID, let's adopt any orphans.
442	$attachment = & get_post( $id, ARRAY_A );
443	if ( ! empty( $attachment) && ! is_object( get_post( $attachment['post_parent'] ) ) ) {
444	$attachment['post_parent'] = $post_ID;
445	// Escape data pulled from DB.
446	$attachment = add_magic_quotes( $attachment);
447	wp_update_post( $attachment);
448	}
449
450	$post_search[$i] = $anchor;
451	$post_replace[$i] = preg_replace( "#href=(\"\|')[^'\"]*\\1#e", "stripslashes( 'href=\\1' ).get_attachment_link( $id ).stripslashes( '\\1' )", $anchor );
452	++$i;
453	}
454
455	$post['post_content'] = str_replace( $post_search, $post_replace, $post['post_content'] );
456
457	// Escape data pulled from DB.
458	$post = add_magic_quotes( $post);
459
460	return wp_update_post( $post);
461	}
462
463	// Move child posts to a new parent
464	function _relocate_children( $old_ID, $new_ID ) {
465	global $wpdb;
466	$old_ID = (int) $old_ID;
467	$new_ID = (int) $new_ID;
468	return $wpdb->query( "UPDATE $wpdb->posts SET post_parent = $new_ID WHERE post_parent = $old_ID" );
469	}
470
471	?>
472

Note: See TracBrowser for help on using the browser.

root/tags/1.3/wp-admin/includes/post.php

Download in other formats: