admin-ajax.php

Revision 1522, 29.2 kB (checked in by donncha, 3 days ago)
WP Merge with revision 9730

Line
1	<?php
2	/**
3	* WordPress AJAX Process Execution.
4	*
5	* @package WordPress
6	* @subpackage Administration
7	*/
8
9	/**
10	* Executing AJAX process.
11	*
12	* @since unknown
13	*/
14	define('DOING_AJAX', true);
15	define('WP_ADMIN', true);
16
17	require_once('../wp-load.php');
18	require_once('includes/admin.php');
19
20	if ( ! is_user_logged_in() ) {
21
22	if ( $_POST['action'] == 'autosave' ) {
23	$id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
24
25	if ( ! $id )
26	die('-1');
27
28	$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() );
29	$x = new WP_Ajax_Response( array(
30	'what' => 'autosave',
31	'id' => $id,
32	'data' => $message
33	) );
34	$x->send();
35	}
36
37	die('-1');
38	}
39
40	if ( isset( $_GET['action'] ) ) :
41	switch ( $action = $_GET['action'] ) :
42	case 'ajax-tag-search' :
43	if ( !current_user_can( 'manage_categories' ) )
44	die('-1');
45
46	$s = $_GET['q']; // is this slashed already?
47
48	if ( false !== strpos( $s, ',' ) ) {
49	$s = explode( ',', $s );
50	$s = $s[count( $s ) - 1];
51	}
52	$s = trim( $s );
53	if ( strlen( $s ) < 2 )
54	die; // require 2 chars for matching
55	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ('%". $s . "%')" );
56	echo join( $results, "\n" );
57	die;
58	break;
59	default :
60	do_action( 'wp_ajax_' . $_GET['action'] );
61	die('0');
62	break;
63	endswitch;
64	endif;
65
66	$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
67	switch ( $action = $_POST['action'] ) :
68	case 'delete-comment' :
69	check_ajax_referer( "delete-comment_$id" );
70	if ( !$comment = get_comment( $id ) )
71	die('1');
72	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
73	die('-1');
74
75	if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
76	if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
77	die('1');
78	$r = wp_set_comment_status( $comment->comment_ID, 'spam' );
79	} else {
80	$r = wp_delete_comment( $comment->comment_ID );
81	}
82
83	die( $r ? '1' : '0' );
84	break;
85	case 'delete-cat' :
86	check_ajax_referer( "delete-category_$id" );
87	if ( !current_user_can( 'manage_categories' ) )
88	die('-1');
89
90	$cat = get_category( $id );
91	if ( !$cat \|\| is_wp_error( $cat ) )
92	die('1');
93
94	if ( wp_delete_category( $id ) )
95	die('1');
96	else
97	die('0');
98	break;
99	case 'delete-tag' :
100	check_ajax_referer( "delete-tag_$id" );
101	if ( !current_user_can( 'manage_categories' ) )
102	die('-1');
103
104	$tag = get_term( $id, 'post_tag' );
105	if ( !$tag \|\| is_wp_error( $tag ) )
106	die('1');
107
108	if ( wp_delete_term($id, 'post_tag'))
109	die('1');
110	else
111	die('0');
112	break;
113	case 'delete-link-cat' :
114	check_ajax_referer( "delete-link-category_$id" );
115	if ( !current_user_can( 'manage_categories' ) )
116	die('-1');
117
118	$cat = get_term( $id, 'link_category' );
119	if ( !$cat \|\| is_wp_error( $cat ) )
120	die('1');
121
122	$cat_name = get_term_field('name', $id, 'link_category');
123
124	// Don't delete the default cats.
125	if ( $id == get_option('default_link_category') ) {
126	$x = new WP_AJAX_Response( array(
127	'what' => 'link-cat',
128	'id' => $id,
129	'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
130	) );
131	$x->send();
132	}
133
134	$r = wp_delete_term($id, 'link_category');
135	if ( !$r )
136	die('0');
137	if ( is_wp_error($r) ) {
138	$x = new WP_AJAX_Response( array(
139	'what' => 'link-cat',
140	'id' => $id,
141	'data' => $r
142	) );
143	$x->send();
144	}
145	die('1');
146	break;
147	case 'delete-link' :
148	check_ajax_referer( "delete-bookmark_$id" );
149	if ( !current_user_can( 'manage_links' ) )
150	die('-1');
151
152	$link = get_bookmark( $id );
153	if ( !$link \|\| is_wp_error( $link ) )
154	die('1');
155
156	if ( wp_delete_link( $id ) )
157	die('1');
158	else
159	die('0');
160	break;
161	case 'delete-meta' :
162	check_ajax_referer( "delete-meta_$id" );
163	if ( !$meta = get_post_meta_by_id( $id ) )
164	die('1');
165
166	if ( !current_user_can( 'edit_post', $meta->post_id ) )
167	die('-1');
168	if ( delete_meta( $meta->meta_id ) )
169	die('1');
170	die('0');
171	break;
172	case 'delete-post' :
173	check_ajax_referer( "{$action}_$id" );
174	if ( !current_user_can( 'delete_post', $id ) )
175	die('-1');
176
177	if ( !get_post( $id ) )
178	die('1');
179
180	if ( wp_delete_post( $id ) )
181	die('1');
182	else
183	die('0');
184	break;
185	case 'delete-page' :
186	check_ajax_referer( "{$action}_$id" );
187	if ( !current_user_can( 'delete_page', $id ) )
188	die('-1');
189
190	if ( !get_page( $id ) )
191	die('1');
192
193	if ( wp_delete_post( $id ) )
194	die('1');
195	else
196	die('0');
197	break;
198	case 'dim-comment' :
199	if ( !$comment = get_comment( $id ) )
200	die('0');
201
202	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
203	die('-1');
204	if ( !current_user_can( 'moderate_comments' ) )
205	die('-1');
206
207	$current = wp_get_comment_status( $comment->comment_ID );
208	if ( $_POST['new'] == $current )
209	die('1');
210
211	if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
212	check_ajax_referer( "approve-comment_$id" );
213	if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
214	die('1');
215	} else {
216	check_ajax_referer( "unapprove-comment_$id" );
217	if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
218	die('1');
219	}
220	die('0');
221	break;
222	case 'add-category' : // On the Fly
223	check_ajax_referer( $action );
224	if ( !current_user_can( 'manage_categories' ) )
225	die('-1');
226	$names = explode(',', $_POST['newcat']);
227	if ( 0 > $parent = (int) $_POST['newcat_parent'] )
228	$parent = 0;
229	$post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
230	$checked_categories = array_map( 'absint', (array) $post_category );
231	$popular_ids = isset( $_POST['popular_ids'] ) ?
232	array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
233	false;
234
235	$x = new WP_Ajax_Response();
236	foreach ( $names as $cat_name ) {
237	$cat_name = trim($cat_name);
238	$category_nicename = sanitize_title($cat_name);
239	if ( '' === $category_nicename )
240	continue;
241	$cat_id = wp_create_category( $cat_name, $parent );
242	$checked_categories[] = $cat_id;
243	if ( $parent ) // Do these all at once in a second
244	continue;
245	$category = get_category( $cat_id );
246	ob_start();
247	wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
248	$data = ob_get_contents();
249	ob_end_clean();
250	$x->add( array(
251	'what' => 'category',
252	'id' => $cat_id,
253	'data' => $data,
254	'position' => -1
255	) );
256	}
257	if ( $parent ) { // Foncy - replace the parent and all its children
258	$parent = get_category( $parent );
259	ob_start();
260	dropdown_categories( 0, $parent );
261	$data = ob_get_contents();
262	ob_end_clean();
263	$x->add( array(
264	'what' => 'category',
265	'id' => $parent->term_id,
266	'old_id' => $parent->term_id,
267	'data' => $data,
268	'position' => -1
269	) );
270
271	}
272	$x->send();
273	break;
274	case 'add-link-category' : // On the Fly
275	check_ajax_referer( $action );
276	if ( !current_user_can( 'manage_categories' ) )
277	die('-1');
278	$names = explode(',', $_POST['newcat']);
279	$x = new WP_Ajax_Response();
280	foreach ( $names as $cat_name ) {
281	$cat_name = trim($cat_name);
282	$slug = sanitize_title($cat_name);
283	if ( '' === $slug )
284	continue;
285	if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
286	$cat_id = wp_insert_term( $cat_name, 'link_category' );
287	}
288	$cat_id = $cat_id['term_id'];
289	$cat_name = wp_specialchars(stripslashes($cat_name));
290	$x->add( array(
291	'what' => 'link-category',
292	'id' => $cat_id,
293	'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
294	'position' => -1
295	) );
296	}
297	$x->send();
298	break;
299	case 'add-cat' : // From Manage->Categories
300	check_ajax_referer( 'add-category' );
301	if ( !current_user_can( 'manage_categories' ) )
302	die('-1');
303
304	if ( '' === trim($_POST['cat_name']) ) {
305	$x = new WP_Ajax_Response( array(
306	'what' => 'cat',
307	'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') )
308	) );
309	$x->send();
310	}
311
312	if ( category_exists( trim( $_POST['cat_name'] ) ) ) {
313	$x = new WP_Ajax_Response( array(
314	'what' => 'cat',
315	'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
316	) );
317	$x->send();
318	}
319
320	$cat = wp_insert_category( $_POST, true );
321
322	if ( is_wp_error($cat) ) {
323	$x = new WP_Ajax_Response( array(
324	'what' => 'cat',
325	'id' => $cat
326	) );
327	$x->send();
328	}
329
330	if ( !$cat \|\| (!$cat = get_category( $cat )) )
331	die('0');
332
333	$level = 0;
334	$cat_full_name = $cat->name;
335	$_cat = $cat;
336	while ( $_cat->parent ) {
337	$_cat = get_category( $_cat->parent );
338	$cat_full_name = $_cat->name . ' — ' . $cat_full_name;
339	$level++;
340	}
341	$cat_full_name = attribute_escape($cat_full_name);
342
343	$x = new WP_Ajax_Response( array(
344	'what' => 'cat',
345	'id' => $cat->term_id,
346	'position' => -1,
347	'data' => _cat_row( $cat, $level, $cat_full_name ),
348	'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name))
349	) );
350	$x->send();
351	break;
352	case 'add-link-cat' : // From Blogroll -> Categories
353	check_ajax_referer( 'add-link-category' );
354	if ( !current_user_can( 'manage_categories' ) )
355	die('-1');
356
357	if ( '' === trim($_POST['name']) ) {
358	$x = new WP_Ajax_Response( array(
359	'what' => 'link-cat',
360	'id' => new WP_Error( 'name', __('You did not enter a category name.') )
361	) );
362	$x->send();
363	}
364
365	$r = wp_insert_term($_POST['name'], 'link_category', $_POST );
366	if ( is_wp_error( $r ) ) {
367	$x = new WP_AJAX_Response( array(
368	'what' => 'link-cat',
369	'id' => $r
370	) );
371	$x->send();
372	}
373
374	extract($r, EXTR_SKIP);
375
376	if ( !$link_cat = link_cat_row( $term_id ) )
377	die('0');
378
379	$x = new WP_Ajax_Response( array(
380	'what' => 'link-cat',
381	'id' => $term_id,
382	'position' => -1,
383	'data' => $link_cat
384	) );
385	$x->send();
386	break;
387	case 'add-tag' : // From Manage->Tags
388	check_ajax_referer( 'add-tag' );
389	if ( !current_user_can( 'manage_categories' ) )
390	die('-1');
391
392	if ( '' === trim($_POST['name']) ) {
393	$x = new WP_Ajax_Response( array(
394	'what' => 'tag',
395	'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
396	) );
397	$x->send();
398	}
399
400	$tag = wp_insert_term($_POST['name'], 'post_tag', $_POST );
401
402	if ( is_wp_error($tag) ) {
403	$x = new WP_Ajax_Response( array(
404	'what' => 'tag',
405	'id' => $tag
406	) );
407	$x->send();
408	}
409
410	if ( !$tag \|\| (!$tag = get_term( $tag['term_id'], 'post_tag' )) )
411	die('0');
412
413	$tag_full_name = $tag->name;
414	$tag_full_name = attribute_escape($tag_full_name);
415
416	$x = new WP_Ajax_Response( array(
417	'what' => 'tag',
418	'id' => $tag->term_id,
419	'position' => '-1',
420	'data' => _tag_row( $tag ),
421	'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
422	) );
423	$x->send();
424	break;
425	case 'get-tagcloud' :
426	if ( !current_user_can( 'manage_categories' ) )
427	die('-1');
428
429	$tags = get_tags( array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
430
431	if ( empty( $tags ) )
432	die('0');
433
434	foreach ( $tags as $key => $tag ) {
435	$tags[ $key ]->link = '#';
436	$tags[ $key ]->id = $tag->term_id;
437	}
438
439	$return = wp_generate_tag_cloud( $tags );
440
441	if ( empty($return) )
442	die('0');
443
444	echo $return;
445
446	exit;
447	break;
448	case 'add-comment' :
449	check_ajax_referer( $action );
450	if ( !current_user_can( 'edit_post', $id ) )
451	die('-1');
452	$search = isset($_POST['s']) ? $_POST['s'] : false;
453	$start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
454	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false;
455	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
456
457	list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1 );
458
459	if ( get_option('show_avatars') )
460	add_filter( 'comment_author', 'floated_admin_avatar' );
461
462	if ( !$comments )
463	die('1');
464	$x = new WP_Ajax_Response();
465	foreach ( (array) $comments as $comment ) {
466	get_comment( $comment );
467	ob_start();
468	_wp_comment_row( $comment->comment_ID, $mode, $status );
469	$comment_list_item = ob_get_contents();
470	ob_end_clean();
471	$x->add( array(
472	'what' => 'comment',
473	'id' => $comment->comment_ID,
474	'data' => $comment_list_item
475	) );
476	}
477	$x->send();
478	break;
479	case 'get-comments' :
480	check_ajax_referer( $action );
481
482	$post_ID = (int) $_POST['post_ID'];
483	if ( !current_user_can( 'edit_post', $post_ID ) )
484	die('-1');
485
486	$start = isset($_POST['start']) ? intval($_POST['start']) : 0;
487	$num = isset($_POST['num']) ? intval($_POST['num']) : 10;
488
489	list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
490
491	if ( !$comments )
492	die('1');
493
494	$comment_list_item = '';
495	$x = new WP_Ajax_Response();
496	foreach ( (array) $comments as $comment ) {
497	get_comment( $comment );
498	ob_start();
499	_wp_comment_row( $comment->comment_ID, 'single', false, false );
500	$comment_list_item .= ob_get_contents();
501	ob_end_clean();
502	}
503	&n