source: trunk/www.guidonia.net/wp/wp-admin/admin-ajax.php@ 44

Last change on this file since 44 was 44, checked in by luciano, 15 years ago
File size: 39.8 KB
Line 
1<?php
2/**
3 * WordPress AJAX Process Execution.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/**
10 * Executing AJAX process.
11 *
12 * @since unknown
13 */
14define('DOING_AJAX', true);
15define('WP_ADMIN', true);
16
17require_once('../wp-load.php');
18require_once('includes/admin.php');
19@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
20
21do_action('admin_init');
22
23if ( ! is_user_logged_in() ) {
24
25 if ( $_POST['action'] == 'autosave' ) {
26 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
27
28 if ( ! $id )
29 die('-1');
30
31 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() );
32 $x = new WP_Ajax_Response( array(
33 'what' => 'autosave',
34 'id' => $id,
35 'data' => $message
36 ) );
37 $x->send();
38 }
39
40 if ( !empty( $_POST['action']) )
41 do_action( 'wp_ajax_nopriv_' . $_POST['action'] );
42
43 die('-1');
44}
45
46if ( isset( $_GET['action'] ) ) :
47switch ( $action = $_GET['action'] ) :
48case 'ajax-tag-search' :
49 if ( !current_user_can( 'edit_posts' ) )
50 die('-1');
51
52 $s = $_GET['q']; // is this slashed already?
53
54 if ( isset($_GET['tax']) )
55 $taxonomy = sanitize_title($_GET['tax']);
56 else
57 die('0');
58
59 if ( false !== strpos( $s, ',' ) ) {
60 $s = explode( ',', $s );
61 $s = $s[count( $s ) - 1];
62 }
63 $s = trim( $s );
64 if ( strlen( $s ) < 2 )
65 die; // require 2 chars for matching
66
67 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
68
69 echo join( $results, "\n" );
70 die;
71 break;
72case 'wp-compression-test' :
73 if ( !current_user_can( 'manage_options' ) )
74 die('-1');
75
76 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
77 update_site_option('can_compress_scripts', 0);
78 die('0');
79 }
80
81 if ( isset($_GET['test']) ) {
82 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
83 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
84 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
85 header( 'Pragma: no-cache' );
86 header('Content-Type: application/x-javascript; charset=UTF-8');
87 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
88 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
89
90 if ( 1 == $_GET['test'] ) {
91 echo $test_str;
92 die;
93 } elseif ( 2 == $_GET['test'] ) {
94 if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
95 header('Content-Encoding: deflate');
96 $out = gzdeflate( $test_str, 1 );
97 } elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
98 header('Content-Encoding: gzip');
99 $out = gzencode( $test_str, 1 );
100 } else {
101 die('-1');
102 }
103 echo $out;
104 die;
105 } elseif ( 'no' == $_GET['test'] ) {
106 update_site_option('can_compress_scripts', 0);
107 } elseif ( 'yes' == $_GET['test'] ) {
108 update_site_option('can_compress_scripts', 1);
109 }
110 }
111
112 die('0');
113 break;
114default :
115 do_action( 'wp_ajax_' . $_GET['action'] );
116 die('0');
117 break;
118endswitch;
119endif;
120
121/**
122 * Sends back current comment total and new page links if they need to be updated.
123 *
124 * Contrary to normal success AJAX response ("1"), die with time() on success.
125 *
126 * @since 2.7
127 *
128 * @param int $comment_id
129 * @return die
130 */
131function _wp_ajax_delete_comment_response( $comment_id ) {
132 $total = (int) @$_POST['_total'];
133 $per_page = (int) @$_POST['_per_page'];
134 $page = (int) @$_POST['_page'];
135 $url = esc_url_raw( @$_POST['_url'] );
136 // JS didn't send us everything we need to know. Just die with success message
137 if ( !$total || !$per_page || !$page || !$url )
138 die( (string) time() );
139
140 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
141 $total = 0;
142
143 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
144 die( (string) time() );
145
146 $status = 'total_comments'; // What type of comment count are we looking for?
147 $parsed = parse_url( $url );
148 if ( isset( $parsed['query'] ) ) {
149 parse_str( $parsed['query'], $query_vars );
150 if ( !empty( $query_vars['comment_status'] ) )
151 $status = $query_vars['comment_status'];
152 }
153
154 $comment_count = wp_count_comments();
155 $time = time(); // The time since the last comment count
156
157 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
158 $total = $comment_count->$status;
159 // else use the decremented value from above
160
161 $page_links = paginate_links( array(
162 'base' => add_query_arg( 'apage', '%#%', $url ),
163 'format' => '',
164 'prev_text' => __('&laquo;'),
165 'next_text' => __('&raquo;'),
166 'total' => ceil($total / $per_page),
167 'current' => $page
168 ) );
169 $x = new WP_Ajax_Response( array(
170 'what' => 'comment',
171 'id' => $comment_id, // here for completeness - not used
172 'supplemental' => array(
173 'pageLinks' => $page_links,
174 'total' => $total,
175 'time' => $time
176 )
177 ) );
178 $x->send();
179}
180
181$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
182switch ( $action = $_POST['action'] ) :
183case 'delete-comment' : // On success, die with time() instead of 1
184 check_ajax_referer( "delete-comment_$id" );
185 if ( !$comment = get_comment( $id ) )
186 die( (string) time() );
187 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
188 die('-1');
189
190 if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
191 if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
192 die( (string) time() );
193 $r = wp_set_comment_status( $comment->comment_ID, 'spam' );
194 } else {
195 $r = wp_delete_comment( $comment->comment_ID );
196 }
197 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
198 _wp_ajax_delete_comment_response( $comment->comment_ID );
199 die( '0' );
200 break;
201case 'delete-cat' :
202 check_ajax_referer( "delete-category_$id" );
203 if ( !current_user_can( 'manage_categories' ) )
204 die('-1');
205
206 $cat = get_category( $id );
207 if ( !$cat || is_wp_error( $cat ) )
208 die('1');
209
210 if ( wp_delete_category( $id ) )
211 die('1');
212 else
213 die('0');
214 break;
215case 'delete-tag' :
216 check_ajax_referer( "delete-tag_$id" );
217 if ( !current_user_can( 'manage_categories' ) )
218 die('-1');
219
220 if ( !empty($_POST['taxonomy']) )
221 $taxonomy = $_POST['taxonomy'];
222 else
223 $taxonomy = 'post_tag';
224
225 $tag = get_term( $id, $taxonomy );
226 if ( !$tag || is_wp_error( $tag ) )
227 die('1');
228
229 if ( wp_delete_term($id, $taxonomy))
230 die('1');
231 else
232 die('0');
233 break;
234case 'delete-link-cat' :
235 check_ajax_referer( "delete-link-category_$id" );
236 if ( !current_user_can( 'manage_categories' ) )
237 die('-1');
238
239 $cat = get_term( $id, 'link_category' );
240 if ( !$cat || is_wp_error( $cat ) )
241 die('1');
242
243 $cat_name = get_term_field('name', $id, 'link_category');
244
245 $default = get_option('default_link_category');
246
247 // Don't delete the default cats.
248 if ( $id == $default ) {
249 $x = new WP_AJAX_Response( array(
250 'what' => 'link-cat',
251 'id' => $id,
252 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
253 ) );
254 $x->send();
255 }
256
257 $r = wp_delete_term($id, 'link_category', array('default' => $default));
258 if ( !$r )
259 die('0');
260 if ( is_wp_error($r) ) {
261 $x = new WP_AJAX_Response( array(
262 'what' => 'link-cat',
263 'id' => $id,
264 'data' => $r
265 ) );
266 $x->send();
267 }
268 die('1');
269 break;
270case 'delete-link' :
271 check_ajax_referer( "delete-bookmark_$id" );
272 if ( !current_user_can( 'manage_links' ) )
273 die('-1');
274
275 $link = get_bookmark( $id );
276 if ( !$link || is_wp_error( $link ) )
277 die('1');
278
279 if ( wp_delete_link( $id ) )
280 die('1');
281 else
282 die('0');
283 break;
284case 'delete-meta' :
285 check_ajax_referer( "delete-meta_$id" );
286 if ( !$meta = get_post_meta_by_id( $id ) )
287 die('1');
288
289 if ( !current_user_can( 'edit_post', $meta->post_id ) )
290 die('-1');
291 if ( delete_meta( $meta->meta_id ) )
292 die('1');
293 die('0');
294 break;
295case 'delete-post' :
296 check_ajax_referer( "{$action}_$id" );
297 if ( !current_user_can( 'delete_post', $id ) )
298 die('-1');
299
300 if ( !get_post( $id ) )
301 die('1');
302
303 if ( wp_delete_post( $id ) )
304 die('1');
305 else
306 die('0');
307 break;
308case 'delete-page' :
309 check_ajax_referer( "{$action}_$id" );
310 if ( !current_user_can( 'delete_page', $id ) )
311 die('-1');
312
313 if ( !get_page( $id ) )
314 die('1');
315
316 if ( wp_delete_post( $id ) )
317 die('1');
318 else
319 die('0');
320 break;
321case 'dim-comment' : // On success, die with time() instead of 1
322
323 if ( !$comment = get_comment( $id ) ) {
324 $x = new WP_Ajax_Response( array(
325 'what' => 'comment',
326 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
327 ) );
328 $x->send();
329 }
330
331 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
332 die('-1');
333 if ( !current_user_can( 'moderate_comments' ) )
334 die('-1');
335
336 $current = wp_get_comment_status( $comment->comment_ID );
337 if ( $_POST['new'] == $current )
338 die( (string) time() );
339
340 $r = 0;
341 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
342 check_ajax_referer( "approve-comment_$id" );
343 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
344 } else {
345 check_ajax_referer( "unapprove-comment_$id" );
346 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
347 }
348 if ( is_wp_error($result) ) {
349 $x = new WP_Ajax_Response( array(
350 'what' => 'comment',
351 'id' => $result
352 ) );
353 $x->send();
354 }
355
356 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
357 _wp_ajax_delete_comment_response( $comment->comment_ID );
358 die( '0' );
359 break;
360case 'add-category' : // On the Fly
361 check_ajax_referer( $action );
362 if ( !current_user_can( 'manage_categories' ) )
363 die('-1');
364 $names = explode(',', $_POST['newcat']);
365 if ( 0 > $parent = (int) $_POST['newcat_parent'] )
366 $parent = 0;
367 $post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
368 $checked_categories = array_map( 'absint', (array) $post_category );
369 $popular_ids = isset( $_POST['popular_ids'] ) ?
370 array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
371 false;
372
373 $x = new WP_Ajax_Response();
374 foreach ( $names as $cat_name ) {
375 $cat_name = trim($cat_name);
376 $category_nicename = sanitize_title($cat_name);
377 if ( '' === $category_nicename )
378 continue;
379 $cat_id = wp_create_category( $cat_name, $parent );
380 $checked_categories[] = $cat_id;
381 if ( $parent ) // Do these all at once in a second
382 continue;
383 $category = get_category( $cat_id );
384 ob_start();
385 wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
386 $data = ob_get_contents();
387 ob_end_clean();
388 $x->add( array(
389 'what' => 'category',
390 'id' => $cat_id,
391 'data' => $data,
392 'position' => -1
393 ) );
394 }
395 if ( $parent ) { // Foncy - replace the parent and all its children
396 $parent = get_category( $parent );
397 ob_start();
398 dropdown_categories( 0, $parent );
399 $data = ob_get_contents();
400 ob_end_clean();
401 $x->add( array(
402 'what' => 'category',
403 'id' => $parent->term_id,
404 'old_id' => $parent->term_id,
405 'data' => $data,
406 'position' => -1
407 ) );
408
409 }
410 $x->send();
411 break;
412case 'add-link-category' : // On the Fly
413 check_ajax_referer( $action );
414 if ( !current_user_can( 'manage_categories' ) )
415 die('-1');
416 $names = explode(',', $_POST['newcat']);
417 $x = new WP_Ajax_Response();
418 foreach ( $names as $cat_name ) {
419 $cat_name = trim($cat_name);
420 $slug = sanitize_title($cat_name);
421 if ( '' === $slug )
422 continue;
423 if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
424 $cat_id = wp_insert_term( $cat_name, 'link_category' );
425 }
426 $cat_id = $cat_id['term_id'];
427 $cat_name = esc_html(stripslashes($cat_name));
428 $x->add( array(
429 'what' => 'link-category',
430 'id' => $cat_id,
431 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
432 'position' => -1
433 ) );
434 }
435 $x->send();
436 break;
437case 'add-cat' : // From Manage->Categories
438 check_ajax_referer( 'add-category' );
439 if ( !current_user_can( 'manage_categories' ) )
440 die('-1');
441
442 if ( '' === trim($_POST['cat_name']) ) {
443 $x = new WP_Ajax_Response( array(
444 'what' => 'cat',
445 'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') )
446 ) );
447 $x->send();
448 }
449
450 if ( category_exists( trim( $_POST['cat_name'] ), $_POST['category_parent'] ) ) {
451 $x = new WP_Ajax_Response( array(
452 'what' => 'cat',
453 'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
454 ) );
455 $x->send();
456 }
457
458 $cat = wp_insert_category( $_POST, true );
459
460 if ( is_wp_error($cat) ) {
461 $x = new WP_Ajax_Response( array(
462 'what' => 'cat',
463 'id' => $cat
464 ) );
465 $x->send();
466 }
467
468 if ( !$cat || (!$cat = get_category( $cat )) )
469 die('0');
470
471 $level = 0;
472 $cat_full_name = $cat->name;
473 $_cat = $cat;
474 while ( $_cat->parent ) {
475 $_cat = get_category( $_cat->parent );
476 $cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
477 $level++;
478 }
479 $cat_full_name = esc_attr($cat_full_name);
480
481 $x = new WP_Ajax_Response( array(
482 'what' => 'cat',
483 'id' => $cat->term_id,
484 'position' => -1,
485 'data' => _cat_row( $cat, $level, $cat_full_name ),
486 'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name))
487 ) );
488 $x->send();
489 break;
490case 'add-link-cat' : // From Blogroll -> Categories
491 check_ajax_referer( 'add-link-category' );
492 if ( !current_user_can( 'manage_categories' ) )
493 die('-1');
494
495 if ( '' === trim($_POST['name']) ) {
496 $x = new WP_Ajax_Response( array(
497 'what' => 'link-cat',
498 'id' => new WP_Error( 'name', __('You did not enter a category name.') )
499 ) );
500 $x->send();
501 }
502
503 $r = wp_insert_term($_POST['name'], 'link_category', $_POST );
504 if ( is_wp_error( $r ) ) {
505 $x = new WP_AJAX_Response( array(
506 'what' => 'link-cat',
507 'id' => $r
508 ) );
509 $x->send();
510 }
511
512 extract($r, EXTR_SKIP);
513
514 if ( !$link_cat = link_cat_row( $term_id ) )
515 die('0');
516
517 $x = new WP_Ajax_Response( array(
518 'what' => 'link-cat',
519 'id' => $term_id,
520 'position' => -1,
521 'data' => $link_cat
522 ) );
523 $x->send();
524 break;
525case 'add-tag' : // From Manage->Tags
526 check_ajax_referer( 'add-tag' );
527 if ( !current_user_can( 'manage_categories' ) )
528 die('-1');
529
530 if ( '' === trim($_POST['name']) ) {
531 $x = new WP_Ajax_Response( array(
532 'what' => 'tag',
533 'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
534 ) );
535 $x->send();
536 }
537
538 if ( !empty($_POST['taxonomy']) )
539 $taxonomy = $_POST['taxonomy'];
540 else
541 $taxonomy = 'post_tag';
542
543 $tag = wp_insert_term($_POST['name'], $taxonomy, $_POST );
544
545 if ( is_wp_error($tag) ) {
546 $x = new WP_Ajax_Response( array(
547 'what' => 'tag',
548 'id' => $tag
549 ) );
550 $x->send();
551 }
552
553 if ( !$tag || (!$tag = get_term( $tag['term_id'], $taxonomy )) )
554 die('0');
555
556 $tag_full_name = $tag->name;
557 $tag_full_name = esc_attr($tag_full_name);
558
559 $x = new WP_Ajax_Response( array(
560 'what' => 'tag',
561 'id' => $tag->term_id,
562 'position' => '-1',
563 'data' => _tag_row( $tag, '', $taxonomy ),
564 'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
565 ) );
566 $x->send();
567 break;
568case 'get-tagcloud' :
569 if ( !current_user_can( 'edit_posts' ) )
570 die('-1');
571
572 if ( isset($_POST['tax']) )
573 $taxonomy = sanitize_title($_POST['tax']);
574 else
575 die('0');
576
577 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
578
579 if ( empty( $tags ) )
580 die( __('No tags found!') );
581
582 if ( is_wp_error($tags) )
583 die($tags->get_error_message());
584
585 foreach ( $tags as $key => $tag ) {
586 $tags[ $key ]->link = '#';
587 $tags[ $key ]->id = $tag->term_id;
588 }
589
590 // We need raw tag names here, so don't filter the output
591 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
592
593 if ( empty($return) )
594 die('0');
595
596 echo $return;
597
598 exit;
599 break;
600case 'add-comment' :
601 check_ajax_referer( $action );
602 if ( !current_user_can( 'edit_post', $id ) )
603 die('-1');
604 $search = isset($_POST['s']) ? $_POST['s'] : false;
605 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
606 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
607 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
608 if ( 1 > $start )
609 $start = 27;
610
611 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
612 $p = isset($_POST['p']) ? $_POST['p'] : 0;
613 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
614 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
615
616 if ( get_option('show_avatars') )
617 add_filter( 'comment_author', 'floated_admin_avatar' );
618
619 if ( !$comments )
620 die('1');
621 $x = new WP_Ajax_Response();
622 foreach ( (array) $comments as $comment ) {
623 get_comment( $comment );
624 ob_start();
625 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
626 $comment_list_item = ob_get_contents();
627 ob_end_clean();
628 $x->add( array(
629 'what' => 'comment',
630 'id' => $comment->comment_ID,
631 'data' => $comment_list_item
632 ) );
633 }
634 $x->send();
635 break;
636case 'get-comments' :
637 check_ajax_referer( $action );
638
639 $post_ID = (int) $_POST['post_ID'];
640 if ( !current_user_can( 'edit_post', $post_ID ) )
641 die('-1');
642
643 $start = isset($_POST['start']) ? intval($_POST['start']) : 0;
644 $num = isset($_POST['num']) ? intval($_POST['num']) : 10;
645
646 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
647
648 if ( !$comments )
649 die('1');
650
651 $comment_list_item = '';
652 $x = new WP_Ajax_Response();
653 foreach ( (array) $comments as $comment ) {
654 get_comment( $comment );
655 ob_start();
656 _wp_comment_row( $comment->comment_ID, 'single', false, false );
657 $comment_list_item .= ob_get_contents();
658 ob_end_clean();
659 }
660 $x->add( array(
661 'what' => 'comments',
662 'data' => $comment_list_item
663 ) );
664 $x->send();
665 break;
666case 'replyto-comment' :
667 check_ajax_referer( $action );
668
669 $comment_post_ID = (int) $_POST['comment_post_ID'];
670 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
671 die('-1');
672
673 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
674
675 if ( empty($status) )
676 die('1');
677 elseif ( in_array($status, array('draft', 'pending') ) )
678 die( __('Error: you are replying to a comment on a draft post.') );
679
680 $user = wp_get_current_user();
681 if ( $user->ID ) {
682 $comment_author = $wpdb->escape($user->display_name);
683 $comment_author_email = $wpdb->escape($user->user_email);
684 $comment_author_url = $wpdb->escape($user->user_url);
685 $comment_content = trim($_POST['content']);
686 if ( current_user_can('unfiltered_html') ) {
687 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
688 kses_remove_filters(); // start with a clean slate
689 kses_init_filters(); // set up the filters
690 }
691 }
692 } else {
693 die( __('Sorry, you must be logged in to reply to a comment.') );
694 }
695
696 if ( '' == $comment_content )
697 die( __('Error: please type a comment.') );
698
699 $comment_parent = absint($_POST['comment_ID']);
700 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
701
702 $comment_id = wp_new_comment( $commentdata );
703 $comment = get_comment($comment_id);
704 if ( ! $comment ) die('1');
705
706 $modes = array( 'single', 'detail', 'dashboard' );
707 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
708 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
709 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
710
711 if ( get_option('show_avatars') && 'single' != $mode )
712 add_filter( 'comment_author', 'floated_admin_avatar' );
713
714 $x = new WP_Ajax_Response();
715
716 ob_start();
717 if ( 'dashboard' == $mode ) {
718 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
719 _wp_dashboard_recent_comments_row( $comment, false );
720 } else {
721 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
722 }
723 $comment_list_item = ob_get_contents();
724 ob_end_clean();
725
726 $x->add( array(
727 'what' => 'comment',
728 'id' => $comment->comment_ID,
729 'data' => $comment_list_item,
730 'position' => $position
731 ));
732
733 $x->send();
734 break;
735case 'edit-comment' :
736 check_ajax_referer( 'replyto-comment' );
737
738 $comment_post_ID = (int) $_POST['comment_post_ID'];
739 if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
740 die('-1');
741
742 if ( '' == $_POST['content'] )
743 die( __('Error: please type a comment.') );
744
745 $comment_id = (int) $_POST['comment_ID'];
746 $_POST['comment_status'] = $_POST['status'];
747 edit_comment();
748
749 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
750 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
751 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
752 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
753
754 if ( get_option('show_avatars') && 'single' != $mode )
755 add_filter( 'comment_author', 'floated_admin_avatar' );
756
757 $x = new WP_Ajax_Response();
758
759 ob_start();
760 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
761 $comment_list_item = ob_get_contents();
762 ob_end_clean();
763
764 $x->add( array(
765 'what' => 'edit_comment',
766 'id' => $comment->comment_ID,
767 'data' => $comment_list_item,
768 'position' => $position
769 ));
770
771 $x->send();
772 break;
773case 'add-meta' :
774 check_ajax_referer( 'add-meta' );
775 $c = 0;
776 $pid = (int) $_POST['post_id'];
777 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
778 if ( !current_user_can( 'edit_post', $pid ) )
779 die('-1');
780 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
781 die('1');
782 if ( $pid < 0 ) {
783 $now = current_time('timestamp', 1);
784 if ( $pid = wp_insert_post( array(
785 'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
786 ) ) ) {
787 if ( is_wp_error( $pid ) ) {
788 $x = new WP_Ajax_Response( array(
789 'what' => 'meta',
790 'data' => $pid
791 ) );
792 $x->send();
793 }
794 if ( !$mid = add_meta( $pid ) )
795 die(__('Please provide a custom field value.'));
796 } else {
797 die('0');
798 }
799 } else if ( !$mid = add_meta( $pid ) ) {
800 die(__('Please provide a custom field value.'));
801 }
802
803 $meta = get_post_meta_by_id( $mid );
804 $pid = (int) $meta->post_id;
805 $meta = get_object_vars( $meta );
806 $x = new WP_Ajax_Response( array(
807 'what' => 'meta',
808 'id' => $mid,
809 'data' => _list_meta_row( $meta, $c ),
810 'position' => 1,
811 'supplemental' => array('postid' => $pid)
812 ) );
813 } else {
814 $mid = (int) array_pop(array_keys($_POST['meta']));
815 $key = $_POST['meta'][$mid]['key'];
816 $value = $_POST['meta'][$mid]['value'];
817 if ( !$meta = get_post_meta_by_id( $mid ) )
818 die('0'); // if meta doesn't exist
819 if ( !current_user_can( 'edit_post', $meta->post_id ) )
820 die('-1');
821 if ( $meta->meta_value != stripslashes($value) ) {
822 if ( !$u = update_meta( $mid, $key, $value ) )
823 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
824 }
825
826 $key = stripslashes($key);
827 $value = stripslashes($value);
828 $x = new WP_Ajax_Response( array(
829 'what' => 'meta',
830 'id' => $mid, 'old_id' => $mid,
831 'data' => _list_meta_row( array(
832 'meta_key' => $key,
833 'meta_value' => $value,
834 'meta_id' => $mid
835 ), $c ),
836 'position' => 0,
837 'supplemental' => array('postid' => $meta->post_id)
838 ) );
839 }
840 $x->send();
841 break;
842case 'add-user' :
843 check_ajax_referer( $action );
844 if ( !current_user_can('create_users') )
845 die('-1');
846 require_once(ABSPATH . WPINC . '/registration.php');
847 if ( !$user_id = add_user() )
848 die('0');
849 elseif ( is_wp_error( $user_id ) ) {
850 $x = new WP_Ajax_Response( array(
851 'what' => 'user',
852 'id' => $user_id
853 ) );
854 $x->send();
855 }
856 $user_object = new WP_User( $user_id );
857
858 $x = new WP_Ajax_Response( array(
859 'what' => 'user',
860 'id' => $user_id,
861 'data' => user_row( $user_object, '', $user_object->roles[0] ),
862 'supplemental' => array(
863 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
864 'role' => $user_object->roles[0]
865 )
866 ) );
867 $x->send();
868 break;
869case 'autosave' : // The name of this action is hardcoded in edit_post()
870 define( 'DOING_AUTOSAVE', true );
871
872 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
873 global $current_user;
874
875 $_POST['post_category'] = explode(",", $_POST['catslist']);
876 if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
877 unset($_POST['post_category']);
878
879 $do_autosave = (bool) $_POST['autosave'];
880 $do_lock = true;
881
882 $data = '';
883 /* translators: draft saved date format, see http://php.net/date */
884 $draft_saved_date_format = __('g:i:s a');
885 $message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );
886
887 $supplemental = array();
888
889 $id = $revision_id = 0;
890 if($_POST['post_ID'] < 0) {
891 $_POST['post_status'] = 'draft';
892 $_POST['temp_ID'] = $_POST['post_ID'];
893 if ( $do_autosave ) {
894 $id = wp_write_post();
895 $data = $message;
896 }
897 } else {
898 $post_ID = (int) $_POST['post_ID'];
899 $_POST['ID'] = $post_ID;
900 $post = get_post($post_ID);
901
902 if ( $last = wp_check_post_lock( $post->ID ) ) {
903 $do_autosave = $do_lock = false;
904
905 $last_user = get_userdata( $last );
906 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
907 $data = new WP_Error( 'locked', sprintf(
908 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
909 esc_html( $last_user_name )
910 ) );
911
912 $supplemental['disable_autosave'] = 'disable';
913 }
914
915 if ( 'page' == $post->post_type ) {
916 if ( !current_user_can('edit_page', $post_ID) )
917 die(__('You are not allowed to edit this page.'));
918 } else {
919 if ( !current_user_can('edit_post', $post_ID) )
920 die(__('You are not allowed to edit this post.'));
921 }
922
923 if ( $do_autosave ) {
924 // Drafts are just overwritten by autosave
925 if ( 'draft' == $post->post_status ) {
926 $id = edit_post();
927 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
928 $revision_id = wp_create_post_autosave( $post->ID );
929 if ( is_wp_error($revision_id) )
930 $id = $revision_id;
931 else
932 $id = $post->ID;
933 }
934 $data = $message;
935 } else {
936 $id = $post->ID;
937 }
938 }
939
940 if ( $do_lock && $id && is_numeric($id) )
941 wp_set_post_lock( $id );
942
943 if ( $nonce_age == 2 ) {
944 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
945 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
946 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
947 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
948 if ( $id ) {
949 if ( $_POST['post_type'] == 'post' )
950 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
951 elseif ( $_POST['post_type'] == 'page' )
952 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
953 }
954 }
955
956 $x = new WP_Ajax_Response( array(
957 'what' => 'autosave',
958 'id' => $id,
959 'data' => $id ? $data : '',
960 'supplemental' => $supplemental
961 ) );
962 $x->send();
963 break;
964case 'autosave-generate-nonces' :
965 check_ajax_referer( 'autosave', 'autosavenonce' );
966 $ID = (int) $_POST['post_ID'];
967 if($_POST['post_type'] == 'post') {
968 if(current_user_can('edit_post', $ID))
969 die(wp_create_nonce('update-post_' . $ID));
970 }
971 if($_POST['post_type'] == 'page') {
972 if(current_user_can('edit_page', $ID)) {
973 die(wp_create_nonce('update-page_' . $ID));
974 }
975 }
976 die('0');
977break;
978case 'closed-postboxes' :
979 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
980 $closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
981 $closed = explode( ',', $_POST['closed'] );
982 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
983 $hidden = explode( ',', $_POST['hidden'] );
984 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
985
986 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
987 die('-1');
988
989 if ( ! $user = wp_get_current_user() )
990 die('-1');
991
992 if ( is_array($closed) )
993 update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
994
995 if ( is_array($hidden) ) {
996 $hidden = array_diff( $hidden, array('submitdiv', 'pagesubmitdiv', 'linksubmitdiv') ); // postboxes that are always shown
997 update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
998 }
999
1000 die('1');
1001 break;
1002case 'hidden-columns' :
1003 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1004 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1005 $hidden = explode( ',', $_POST['hidden'] );
1006 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1007
1008 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1009 die('-1');
1010
1011 if ( ! $user = wp_get_current_user() )
1012 die('-1');
1013
1014 if ( is_array($hidden) )
1015 update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden);
1016
1017 die('1');
1018 break;
1019case 'meta-box-order':
1020 check_ajax_referer( 'meta-box-order' );
1021 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1022 $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1023 $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1024
1025 if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1026 die('-1');
1027
1028 if ( ! $user = wp_get_current_user() )
1029 die('-1');
1030
1031 if ( $order )
1032 update_user_option($user->ID, "meta-box-order_$page", $order);
1033
1034 if ( $page_columns )
1035 update_usermeta($user->ID, "screen_layout_$page", $page_columns);
1036
1037 die('1');
1038 break;
1039case 'get-permalink':
1040 check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1041 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1042 die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1043break;
1044case 'sample-permalink':
1045 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1046 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1047 $title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1048 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : '';
1049 die(get_sample_permalink_html($post_id, $title, $slug));
1050break;
1051case 'inline-save':
1052 check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1053
1054 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) )
1055 exit;
1056
1057 if ( 'page' == $_POST['post_type'] ) {
1058 if ( ! current_user_can( 'edit_page', $post_ID ) )
1059 die( __('You are not allowed to edit this page.') );
1060 } else {
1061 if ( ! current_user_can( 'edit_post', $post_ID ) )
1062 die( __('You are not allowed to edit this post.') );
1063 }
1064
1065 if ( $last = wp_check_post_lock( $post_ID ) ) {
1066 $last_user = get_userdata( $last );
1067 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1068 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1069 exit;
1070 }
1071
1072 $data = &$_POST;
1073
1074 $post = get_post( $post_ID, ARRAY_A );
1075 $post = add_magic_quotes($post); //since it is from db
1076
1077 $data['content'] = $post['post_content'];
1078 $data['excerpt'] = $post['post_excerpt'];
1079
1080 // rename
1081 $data['user_ID'] = $GLOBALS['user_ID'];
1082
1083 if ( isset($data['post_parent']) )
1084 $data['parent_id'] = $data['post_parent'];
1085
1086 // status
1087 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1088 $data['post_status'] = 'private';
1089 else
1090 $data['post_status'] = $data['_status'];
1091
1092 if ( empty($data['comment_status']) )
1093 $data['comment_status'] = 'closed';
1094 if ( empty($data['ping_status']) )
1095 $data['ping_status'] = 'closed';
1096
1097 // update the post
1098 edit_post();
1099
1100 $post = array();
1101 if ( 'page' == $_POST['post_type'] ) {
1102 $post[] = get_post($_POST['post_ID']);
1103 page_rows($post);
1104 } elseif ( 'post' == $_POST['post_type'] ) {
1105 $mode = $_POST['post_view'];
1106 $post[] = get_post($_POST['post_ID']);
1107 post_rows($post);
1108 }
1109
1110 exit;
1111 break;
1112case 'inline-save-tax':
1113 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1114
1115 if ( ! current_user_can('manage_categories') )
1116 die( __('Cheatin&#8217; uh?') );
1117
1118 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )
1119 die(-1);
1120
1121 switch ($_POST['tax_type']) {
1122 case 'cat' :
1123 $data = array();
1124 $data['cat_ID'] = $id;
1125 $data['cat_name'] = $_POST['name'];
1126 $data['category_nicename'] = $_POST['slug'];
1127 if ( isset($_POST['parent']) && (int) $_POST['parent'] > 0 )
1128 $data['category_parent'] = $_POST['parent'];
1129
1130 $cat = get_category($id, ARRAY_A);
1131 $data['category_description'] = $cat['category_description'];
1132
1133 $updated = wp_update_category($data);
1134
1135 if ( $updated && !is_wp_error($updated) )
1136 echo _cat_row( $updated, 0 );
1137 else
1138 die( __('Category not updated.') );
1139
1140 break;
1141 case 'link-cat' :
1142 $updated = wp_update_term($id, 'link_category', $_POST);
1143
1144 if ( $updated && !is_wp_error($updated) )
1145 echo link_cat_row($updated['term_id']);
1146 else
1147 die( __('Category not updated.') );
1148
1149 break;
1150 case 'tag' :
1151 if ( !empty($_POST['taxonomy']) )
1152 $taxonomy = $_POST['taxonomy'];
1153 else
1154 $taxonomy = 'post_tag';
1155
1156 $tag = get_term( $id, $taxonomy );
1157 $_POST['description'] = $tag->description;
1158
1159 $updated = wp_update_term($id, $taxonomy, $_POST);
1160 if ( $updated && !is_wp_error($updated) ) {
1161 $tag = get_term( $updated['term_id'], $taxonomy );
1162 if ( !$tag || is_wp_error( $tag ) )
1163 die( __('Tag not updated.') );
1164
1165 echo _tag_row($tag);
1166 } else {
1167 die( __('Tag not updated.') );
1168 }
1169
1170 break;
1171 }
1172
1173 exit;
1174 break;
1175case 'find_posts':
1176 check_ajax_referer( 'find-posts' );
1177
1178 if ( empty($_POST['ps']) )
1179 exit;
1180
1181 $what = isset($_POST['pages']) ? 'page' : 'post';
1182 $s = stripslashes($_POST['ps']);
1183 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
1184 $search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
1185
1186 $searchand = $search = '';
1187 foreach( (array) $search_terms as $term) {
1188 $term = addslashes_gpc($term);
1189 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1190 $searchand = ' AND ';
1191 }
1192 $term = $wpdb->escape($s);
1193 if ( count($search_terms) > 1 && $search_terms[0] != $s )
1194 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1195
1196 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
1197
1198 if ( ! $posts )
1199 exit( __('No posts found.') );
1200
1201 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1202 foreach ( $posts as $post ) {
1203
1204 switch ( $post->post_status ) {
1205 case 'publish' :
1206 case 'private' :
1207 $stat = __('Published');
1208 break;
1209 case 'future' :
1210 $stat = __('Scheduled');
1211 break;
1212 case 'pending' :
1213 $stat = __('Pending Review');
1214 break;
1215 case 'draft' :
1216 $stat = __('Unpublished');
1217 break;
1218 }
1219
1220 if ( '0000-00-00 00:00:00' == $post->post_date ) {
1221 $time = '';
1222 } else {
1223 /* translators: date format in table columns, see http://php.net/date */
1224 $time = mysql2date(__('Y/m/d'), $post->post_date);
1225 }
1226
1227 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1228 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1229 }
1230 $html .= '</tbody></table>';
1231
1232 $x = new WP_Ajax_Response();
1233 $x->add( array(
1234 'what' => $what,
1235 'data' => $html
1236 ));
1237 $x->send();
1238
1239 break;
1240case 'lj-importer' :
1241 check_ajax_referer( 'lj-api-import' );
1242 if ( !current_user_can( 'publish_posts' ) )
1243 die('-1');
1244 if ( empty( $_POST['step'] ) )
1245 die( '-1' );
1246 define('WP_IMPORTING', true);
1247 include( ABSPATH . 'wp-admin/import/livejournal.php' );
1248 $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1249 if ( is_wp_error( $result ) )
1250 echo $result->get_error_message();
1251 die;
1252 break;
1253case 'widgets-order' :
1254 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1255
1256 if ( !current_user_can('switch_themes') )
1257 die('-1');
1258
1259 unset( $_POST['savewidgets'], $_POST['action'] );
1260
1261 // save widgets order for all sidebars
1262 if ( is_array($_POST['sidebars']) ) {
1263 $sidebars = array();
1264 foreach ( $_POST['sidebars'] as $key => $val ) {
1265 $sb = array();
1266 if ( !empty($val) ) {
1267 $val = explode(',', $val);
1268 foreach ( $val as $k => $v ) {
1269 if ( strpos($v, 'widget-') === false )
1270 continue;
1271
1272 $sb[$k] = substr($v, strpos($v, '_') + 1);
1273 }
1274 }
1275 $sidebars[$key] = $sb;
1276 }
1277 wp_set_sidebars_widgets($sidebars);
1278 die('1');
1279 }
1280
1281 die('-1');
1282 break;
1283case 'save-widget' :
1284 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1285
1286 if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) )
1287 die('-1');
1288
1289 unset( $_POST['savewidgets'], $_POST['action'] );
1290
1291 do_action('load-widgets.php');
1292 do_action('widgets.php');
1293 do_action('sidebar_admin_setup');
1294
1295 $id_base = $_POST['id_base'];
1296 $widget_id = $_POST['widget-id'];
1297 $sidebar_id = $_POST['sidebar'];
1298 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1299 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1300 $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1301
1302 $sidebars = wp_get_sidebars_widgets();
1303 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1304
1305 // delete
1306 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1307
1308 if ( !isset($wp_registered_widgets[$widget_id]) )
1309 die($error);
1310
1311 $sidebar = array_diff( $sidebar, array($widget_id) );
1312 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1313 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
1314 if ( !$multi_number )
1315 die($error);
1316
1317 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1318 $widget_id = $id_base . '-' . $multi_number;
1319 $sidebar[] = $widget_id;
1320 }
1321 $_POST['widget-id'] = $sidebar;
1322
1323 foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1324
1325 if ( $name == $id_base ) {
1326 if ( !is_callable( $control['callback'] ) )
1327 continue;
1328
1329 ob_start();
1330 call_user_func_array( $control['callback'], $control['params'] );
1331 ob_end_clean();
1332 break;
1333 }
1334 }
1335
1336 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1337 $sidebars[$sidebar_id] = $sidebar;
1338 wp_set_sidebars_widgets($sidebars);
1339 echo "deleted:$widget_id";
1340 die();
1341 }
1342
1343 if ( !empty($_POST['add_new']) )
1344 die();
1345
1346 if ( $form = $wp_registered_widget_controls[$widget_id] )
1347 call_user_func_array( $form['callback'], $form['params'] );
1348
1349 die();
1350 break;
1351default :
1352 do_action( 'wp_ajax_' . $_POST['action'] );
1353 die('0');
1354 break;
1355endswitch;
1356?>
Note: See TracBrowser for help on using the repository browser.