Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: trunk/www.guidonia.net/wp/wp-admin/admin-ajax.php@ 44

Last change on this file since 44 was 44, checked in by luciano, 14 years ago

File size: 39.8 KB

Line
1	<?php
2	/**
3	* WordPress AJAX Process Execution.
4	*
5	* @package WordPress
6	* @subpackage Administration
7	*/
8
9	/**
10	* Executing AJAX process.
11	*
12	* @since unknown
13	*/
14	define('DOING_AJAX', true);
15	define('WP_ADMIN', true);
16
17	require_once('../wp-load.php');
18	require_once('includes/admin.php');
19	@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
20
21	do_action('admin_init');
22
23	if ( ! is_user_logged_in() ) {
24
25	if ( $_POST['action'] == 'autosave' ) {
26	$id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
27
28	if ( ! $id )
29	die('-1');
30
31	$message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="blank">Please log in again.</a>'), wp_login_url() );
32	$x = new WP_Ajax_Response( array(
33	'what' => 'autosave',
34	'id' => $id,
35	'data' => $message
36	) );
37	$x->send();
38	}
39
40	if ( !empty( $_POST['action']) )
41	do_action( 'wp_ajax_nopriv_' . $_POST['action'] );
42
43	die('-1');
44	}
45
46	if ( isset( $_GET['action'] ) ) :
47	switch ( $action = $_GET['action'] ) :
48	case 'ajax-tag-search' :
49	if ( !current_user_can( 'edit_posts' ) )
50	die('-1');
51
52	$s = $_GET['q']; // is this slashed already?
53
54	if ( isset($_GET['tax']) )
55	$taxonomy = sanitize_title($_GET['tax']);
56	else
57	die('0');
58
59	if ( false !== strpos( $s, ',' ) ) {
60	$s = explode( ',', $s );
61	$s = $s[count( $s ) - 1];
62	}
63	$s = trim( $s );
64	if ( strlen( $s ) < 2 )
65	die; // require 2 chars for matching
66
67	$results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
68
69	echo join( $results, "\n" );
70	die;
71	break;
72	case 'wp-compression-test' :
73	if ( !current_user_can( 'manage_options' ) )
74	die('-1');
75
76	if ( ini_get('zlib.output_compression') \|\| 'ob_gzhandler' == ini_get('output_handler') ) {
77	update_site_option('can_compress_scripts', 0);
78	die('0');
79	}
80
81	if ( isset($_GET['test']) ) {
82	header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
83	header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
84	header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
85	header( 'Pragma: no-cache' );
86	header('Content-Type: application/x-javascript; charset=UTF-8');
87	$force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
88	$test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
89
90	if ( 1 == $_GET['test'] ) {
91	echo $test_str;
92	die;
93	} elseif ( 2 == $_GET['test'] ) {
94	if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
95	header('Content-Encoding: deflate');
96	$out = gzdeflate( $test_str, 1 );
97	} elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
98	header('Content-Encoding: gzip');
99	$out = gzencode( $test_str, 1 );
100	} else {
101	die('-1');
102	}
103	echo $out;
104	die;
105	} elseif ( 'no' == $_GET['test'] ) {
106	update_site_option('can_compress_scripts', 0);
107	} elseif ( 'yes' == $_GET['test'] ) {
108	update_site_option('can_compress_scripts', 1);
109	}
110	}
111
112	die('0');
113	break;
114	default :
115	do_action( 'wp_ajax_' . $_GET['action'] );
116	die('0');
117	break;
118	endswitch;
119	endif;
120
121	/**
122	* Sends back current comment total and new page links if they need to be updated.
123	*
124	* Contrary to normal success AJAX response ("1"), die with time() on success.
125	*
126	* @since 2.7
127	*
128	* @param int $comment_id
129	* @return die
130	*/
131	function _wp_ajax_delete_comment_response( $comment_id ) {
132	$total = (int) @$_POST['_total'];
133	$per_page = (int) @$_POST['_per_page'];
134	$page = (int) @$_POST['_page'];
135	$url = esc_url_raw( @$_POST['_url'] );
136	// JS didn't send us everything we need to know. Just die with success message
137	if ( !$total \|\| !$per_page \|\| !$page \|\| !$url )
138	die( (string) time() );
139
140	if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
141	$total = 0;
142
143	if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
144	die( (string) time() );
145
146	$status = 'total_comments'; // What type of comment count are we looking for?
147	$parsed = parse_url( $url );
148	if ( isset( $parsed['query'] ) ) {
149	parse_str( $parsed['query'], $query_vars );
150	if ( !empty( $query_vars['comment_status'] ) )
151	$status = $query_vars['comment_status'];
152	}
153
154	$comment_count = wp_count_comments();
155	$time = time(); // The time since the last comment count
156
157	if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
158	$total = $comment_count->$status;
159	// else use the decremented value from above
160
161	$page_links = paginate_links( array(
162	'base' => add_query_arg( 'apage', '%#%', $url ),
163	'format' => '',
164	'prev_text' => __('«'),
165	'next_text' => __('»'),
166	'total' => ceil($total / $per_page),
167	'current' => $page
168	) );
169	$x = new WP_Ajax_Response( array(
170	'what' => 'comment',
171	'id' => $comment_id, // here for completeness - not used
172	'supplemental' => array(
173	'pageLinks' => $page_links,
174	'total' => $total,
175	'time' => $time
176	)
177	) );
178	$x->send();
179	}
180
181	$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
182	switch ( $action = $_POST['action'] ) :
183	case 'delete-comment' : // On success, die with time() instead of 1
184	check_ajax_referer( "delete-comment_$id" );
185	if ( !$comment = get_comment( $id ) )
186	die( (string) time() );
187	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
188	die('-1');
189
190	if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
191	if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
192	die( (string) time() );
193	$r = wp_set_comment_status( $comment->comment_ID, 'spam' );
194	} else {
195	$r = wp_delete_comment( $comment->comment_ID );
196	}
197	if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
198	_wp_ajax_delete_comment_response( $comment->comment_ID );
199	die( '0' );
200	break;
201	case 'delete-cat' :
202	check_ajax_referer( "delete-category_$id" );
203	if ( !current_user_can( 'manage_categories' ) )
204	die('-1');
205
206	$cat = get_category( $id );
207	if ( !$cat \|\| is_wp_error( $cat ) )
208	die('1');
209
210	if ( wp_delete_category( $id ) )
211	die('1');
212	else
213	die('0');
214	break;
215	case 'delete-tag' :
216	check_ajax_referer( "delete-tag_$id" );
217	if ( !current_user_can( 'manage_categories' ) )
218	die('-1');
219
220	if ( !empty($_POST['taxonomy']) )
221	$taxonomy = $_POST['taxonomy'];
222	else
223	$taxonomy = 'post_tag';
224
225	$tag = get_term( $id, $taxonomy );
226	if ( !$tag \|\| is_wp_error( $tag ) )
227	die('1');
228
229	if ( wp_delete_term($id, $taxonomy))
230	die('1');
231	else
232	die('0');
233	break;
234	case 'delete-link-cat' :
235	check_ajax_referer( "delete-link-category_$id" );
236	if ( !current_user_can( 'manage_categories' ) )
237	die('-1');
238
239	$cat = get_term( $id, 'link_category' );
240	if ( !$cat \|\| is_wp_error( $cat ) )
241	die('1');
242
243	$cat_name = get_term_field('name', $id, 'link_category');
244
245	$default = get_option('default_link_category');
246
247	// Don't delete the default cats.
248	if ( $id == $default ) {
249	$x = new WP_AJAX_Response( array(
250	'what' => 'link-cat',
251	'id' => $id,
252	'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
253	) );
254	$x->send();
255	}
256
257	$r = wp_delete_term($id, 'link_category', array('default' => $default));
258	if ( !$r )
259	die('0');
260	if ( is_wp_error($r) ) {
261	$x = new WP_AJAX_Response( array(
262	'what' => 'link-cat',
263	'id' => $id,
264	'data' => $r
265	) );
266	$x->send();
267	}
268	die('1');
269	break;
270	case 'delete-link' :
271	check_ajax_referer( "delete-bookmark_$id" );
272	if ( !current_user_can( 'manage_links' ) )
273	die('-1');
274
275	$link = get_bookmark( $id );
276	if ( !$link \|\| is_wp_error( $link ) )
277	die('1');
278
279	if ( wp_delete_link( $id ) )
280	die('1');
281	else
282	die('0');
283	break;
284	case 'delete-meta' :
285	check_ajax_referer( "delete-meta_$id" );
286	if ( !$meta = get_post_meta_by_id( $id ) )
287	die('1');
288
289	if ( !current_user_can( 'edit_post', $meta->post_id ) )
290	die('-1');
291	if ( delete_meta( $meta->meta_id ) )
292	die('1');
293	die('0');
294	break;
295	case 'delete-post' :
296	check_ajax_referer( "{$action}_$id" );
297	if ( !current_user_can( 'delete_post', $id ) )
298	die('-1');
299
300	if ( !get_post( $id ) )
301	die('1');
302
303	if ( wp_delete_post( $id ) )
304	die('1');
305	else
306	die('0');
307	break;
308	case 'delete-page' :
309	check_ajax_referer( "{$action}_$id" );
310	if ( !current_user_can( 'delete_page', $id ) )
311	die('-1');
312
313	if ( !get_page( $id ) )
314	die('1');
315
316	if ( wp_delete_post( $id ) )
317	die('1');
318	else
319	die('0');
320	break;
321	case 'dim-comment' : // On success, die with time() instead of 1
322
323	if ( !$comment = get_comment( $id ) ) {
324	$x = new WP_Ajax_Response( array(
325	'what' => 'comment',
326	'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
327	) );
328	$x->send();
329	}
330
331	if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
332	die('-1');
333	if ( !current_user_can( 'moderate_comments' ) )
334	die('-1');
335
336	$current = wp_get_comment_status( $comment->comment_ID );
337	if ( $_POST['new'] == $current )
338	die( (string) time() );
339
340	$r = 0;
341	if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
342	check_ajax_referer( "approve-comment_$id" );
343	$result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
344	} else {
345	check_ajax_referer( "unapprove-comment_$id" );
346	$result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
347	}
348	if ( is_wp_error($result) ) {
349	$x = new WP_Ajax_Response( array(
350	'what' => 'comment',
351	'id' => $result
352	) );
353	$x->send();
354	}
355
356	// Decide if we need to send back '1' or a more complicated response including page links and comment counts
357	_wp_ajax_delete_comment_response( $comment->comment_ID );
358	die( '0' );
359	break;
360	case 'add-category' : // On the Fly
361	check_ajax_referer( $action );
362	if ( !current_user_can( 'manage_categories' ) )
363	die('-1');
364	$names = explode(',', $_POST['newcat']);
365	if ( 0 > $parent = (int) $_POST['newcat_parent'] )
366	$parent = 0;
367	$post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
368	$checked_categories = array_map( 'absint', (array) $post_category );
369	$popular_ids = isset( $_POST['popular_ids'] ) ?
370	array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
371	false;
372
373	$x = new WP_Ajax_Response();
374	foreach ( $names as $cat_name ) {
375	$cat_name = trim($cat_name);
376	$category_nicename = sanitize_title($cat_name);
377	if ( '' === $category_nicename )
378	continue;
379	$cat_id = wp_create_category( $cat_name, $parent );
380	$checked_categories[] = $cat_id;
381	if ( $parent ) // Do these all at once in a second
382	continue;
383	$category = get_category( $cat_id );
384	ob_start();
385	wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
386	$data = ob_get_contents();
387	ob_end_clean();
388	$x->add( array(
389	'what' => 'category',
390	'id' => $cat_id,
391	'data' => $data,
392	'position' => -1
393	) );
394	}
395	if ( $parent ) { // Foncy - replace the parent and all its children
396	$parent = get_category( $parent );
397	ob_start();
398	dropdown_categories( 0, $parent );
399	$data = ob_get_contents();
400	ob_end_clean();
401	$x->add( array(
402	'what' => 'category',
403	'id' => $parent->term_id,
404	'old_id' => $parent->term_id,
405	'data' => $data,
406	'position' => -1
407	) );
408
409	}
410	$x->send();
411	break;
412	case 'add-link-category' : // On the Fly
413	check_ajax_referer( $action );
414	if ( !current_user_can( 'manage_categories' ) )
415	die('-1');
416	$names = explode(',', $_POST['newcat']);
417	$x = new WP_Ajax_Response();
418	foreach ( $names as $cat_name ) {
419	$cat_name = trim($cat_name);
420	$slug = sanitize_title($cat_name);
421	if ( '' === $slug )
422	continue;
423	if ( !$cat_id = is_term( $cat_name, 'link_category' ) ) {
424	$cat_id = wp_insert_term( $cat_name, 'link_category' );
425	}
426	$cat_id = $cat_id['term_id'];
427	$cat_name = esc_html(stripslashes($cat_name));
428	$x->add( array(
429	'what' => 'link-category',
430	'id' => $cat_id,
431	'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
432	'position' => -1
433	) );
434	}
435	$x->send();
436	break;
437	case 'add-cat' : // From Manage->Categories
438	check_ajax_referer( 'add-category' );
439	if ( !current_user_can( 'manage_categories' ) )
440	die('-1');
441
442	if ( '' === trim($_POST['cat_name']) ) {
443	$x = new WP_Ajax_Response( array(
444	'what' => 'cat',
445	'id' => new WP_Error( 'cat_name', __('You did not enter a category name.') )
446	) );
447	$x->send();
448	}
449
450	if ( category_exists( trim( $_POST['cat_name'] ), $_POST['category_parent'] ) ) {
451	$x = new WP_Ajax_Response( array(
452	'what' => 'cat',
453	'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
454	) );
455	$x->send();
456	}
457
458	$cat = wp_insert_category( $_POST, true );
459
460	if ( is_wp_error($cat) ) {
461	$x = new WP_Ajax_Response( array(
462	'what' => 'cat',
463	'id' => $cat
464	) );
465	$x->send();
466	}
467
468	if ( !$cat \|\| (!$cat = get_category( $cat )) )
469	die('0');
470
471	$level = 0;
472	$cat_full_name = $cat->name;
473	$_cat = $cat;
474	while ( $_cat->parent ) {
475	$_cat = get_category( $_cat->parent );
476	$cat_full_name = $_cat->name . ' — ' . $cat_full_name;
477	$level++;
478	}
479	$cat_full_name = esc_attr($cat_full_name);
480
481	$x = new WP_Ajax_Response( array(
482	'what' => 'cat',
483	'id' => $cat->term_id,
484	'position' => -1,
485	'data' => _cat_row( $cat, $level, $cat_full_name ),
486	'supplemental' => array('name' => $cat_full_name, 'show-link' => sprintf(__( 'Category <a href="#%s">%s</a> added' ), "cat-$cat->term_id", $cat_full_name))
487	) );
488	$x->send();
489	break;
490	case 'add-link-cat' : // From Blogroll -> Categories
491	check_ajax_referer( 'add-link-category' );
492	if ( !current_user_can( 'manage_categories' ) )
493	die('-1');
494
495	if ( '' === trim($_POST['name']) ) {
496	$x = new WP_Ajax_Response( array(
497	'what' => 'link-cat',
498	'id' => new WP_Error( 'name', __('You did not enter a category name.') )
499	) );
500	$x->send();
501	}
502
503	$r = wp_insert_term($_POST['name'], 'link_category', $_POST );
504	if ( is_wp_error( $r ) ) {
505	$x = new WP_AJAX_Response( array(
506	'what' => 'link-cat',
507	'id' => $r
508	) );
509	$x->send();
510	}
511
512	extract($r, EXTR_SKIP);
513
514	if ( !$link_cat = link_cat_row( $term_id ) )
515	die('0');
516
517	$x = new WP_Ajax_Response( array(
518	'what' => 'link-cat',
519	'id' => $term_id,
520	'position' => -1,
521	'data' => $link_cat
522	) );
523	$x->send();
524	break;
525	case 'add-tag' : // From Manage->Tags
526	check_ajax_referer( 'add-tag' );
527	if ( !current_user_can( 'manage_categories' ) )
528	die('-1');
529
530	if ( '' === trim($_POST['name']) ) {
531	$x = new WP_Ajax_Response( array(
532	'what' => 'tag',
533	'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
534	) );
535	$x->send();
536	}
537
538	if ( !empty($_POST['taxonomy']) )
539	$taxonomy = $_POST['taxonomy'];
540	else
541	$taxonomy = 'post_tag';
542
543	$tag = wp_insert_term($_POST['name'], $taxonomy, $_POST );
544
545	if ( is_wp_error($tag) ) {
546	$x = new WP_Ajax_Response( array(
547	'what' => 'tag',
548	'id' => $tag
549	) );
550	$x->send();
551	}
552
553	if ( !$tag \|\| (!$tag = get_term( $tag['term_id'], $taxonomy )) )
554	die('0');
555
556	$tag_full_name = $tag->name;
557	$tag_full_name = esc_attr($tag_full_name);
558
559	$x = new WP_Ajax_Response( array(
560	'what' => 'tag',
561	'id' => $tag->term_id,
562	'position' => '-1',
563	'data' => _tag_row( $tag, '', $taxonomy ),
564	'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
565	) );
566	$x->send();
567	break;
568	case 'get-tagcloud' :
569	if ( !current_user_can( 'edit_posts' ) )
570	die('-1');
571
572	if ( isset($_POST['tax']) )
573	$taxonomy = sanitize_title($_POST['tax']);
574	else
575	die('0');
576
577	$tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
578
579	if ( empty( $tags ) )
580	die( __('No tags found!') );
581
582	if ( is_wp_error($tags) )
583	die($tags->get_error_message());
584
585	foreach ( $tags as $key => $tag ) {
586	$tags[ $key ]->link = '#';
587	$tags[ $key ]->id = $tag->term_id;
588	}
589
590	// We need raw tag names here, so don't filter the output
591	$return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
592
593	if ( empty($return) )
594	die('0');
595
596	echo $return;
597
598	exit;
599	break;
600	case 'add-comment' :
601	check_ajax_referer( $action );
602	if ( !current_user_can( 'edit_post', $id ) )
603	die('-1');
604	$search = isset($_POST['s']) ? $_POST['s'] : false;
605	$status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
606	$per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
607	$start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
608	if ( 1 > $start )
609	$start = 27;
610
611	$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
612	$p = isset($_POST['p']) ? $_POST['p'] : 0;
613	$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
614	list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
615
616	if ( get_option('show_avatars') )
617	add_filter( 'comment_author', 'floated_admin_avatar' );
618
619	if ( !$comments )
620	die('1');
621	$x = new WP_Ajax_Response();
622	foreach ( (array) $comments as $comment ) {
623	get_comment( $comment );
624	ob_start();
625	_wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
626	$comment_list_item = ob_get_contents();
627	ob_end_clean();
628	$x->add( array(
629	'what' => 'comment',
630	'id' => $comment->comment_ID,
631	'data' => $comment_list_item
632	) );
633	}
634	$x->send();
635	break;
636	case 'get-comments' :
637	check_ajax_referer( $action );
638
639	$post_ID = (int) $_POST['post_ID'];
640	if ( !current_user_can( 'edit_post', $post_ID ) )
641	die('-1');
642
643	$start = isset($_POST['start']) ? intval($_POST['start']) : 0;
644	$num = isset($_POST['num']) ? intval($_POST['num']) : 10;
645
646	list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
647
648	if ( !$comments )
649	die('1');
650
651	$comment_list_item = '';
652	$x = new WP_Ajax_Response();
653	foreach ( (array) $comments as $comment ) {
654	get_comment( $comment );
655	ob_start();
656	_wp_comment_row( $comment->comment_ID, 'single', false, false );
657	$comment_list_item .= ob_get_contents();
658	ob_end_clean();
659	}
660	$x->add( array(
661	'what' => 'comments',
662	'data' => $comment_list_item
663	) );
664	$x->send();
665	break;
666	case 'replyto-comment' :
667	check_ajax_referer( $action );
668
669	$comment_post_ID = (int) $_POST['comment_post_ID'];
670	if ( !current_user_can( 'edit_post', $comment_post_ID ) )
671	die('-1');
672
673	$status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
674
675	if ( empty($status) )
676	die('1');
677	elseif ( in_array($status, array('draft', 'pending') ) )
678	die( __('Error: you are replying to a comment on a draft post.') );
679
680	$user = wp_get_current_user();
681	if ( $user->ID ) {
682	$comment_author = $wpdb->escape($user->display_name);
683	$comment_author_email = $wpdb->escape($user->user_email);
684	$comment_author_url = $wpdb->escape($user->user_url);
685	$comment_content = trim($_POST['content']);
686	if ( current_user_can('unfiltered_html') ) {
687	if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
688	kses_remove_filters(); // start with a clean slate
689	kses_init_filters(); // set up the filters
690	}
691	}
692	} else {
693	die( __('Sorry, you must be logged in to reply to a comment.') );
694	}
695
696	if ( '' == $comment_content )
697	die( __('Error: please type a comment.') );
698
699	$comment_parent = absint($_POST['comment_ID']);
700	$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
701
702	$comment_id = wp_new_comment( $commentdata );
703	$comment = get_comment($comment_id);
704	if ( ! $comment ) die('1');
705
706	$modes = array( 'single', 'detail', 'dashboard' );
707	$mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
708	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
709	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
710
711	if ( get_option('show_avatars') && 'single' != $mode )
712	add_filter( 'comment_author', 'floated_admin_avatar' );
713
714	$x = new WP_Ajax_Response();
715
716	ob_start();
717	if ( 'dashboard' == $mode ) {
718	require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
719	_wp_dashboard_recent_comments_row( $comment, false );
720	} else {
721	_wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
722	}
723	$comment_list_item = ob_get_contents();
724	ob_end_clean();
725
726	$x->add( array(
727	'what' => 'comment',
728	'id' => $comment->comment_ID,
729	'data' => $comment_list_item,
730	'position' => $position
731	));
732
733	$x->send();
734	break;
735	case 'edit-comment' :
736	check_ajax_referer( 'replyto-comment' );
737
738	$comment_post_ID = (int) $_POST['comment_post_ID'];
739	if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
740	die('-1');
741
742	if ( '' == $_POST['content'] )
743	die( __('Error: please type a comment.') );
744
745	$comment_id = (int) $_POST['comment_ID'];
746	$_POST['comment_status'] = $_POST['status'];
747	edit_comment();
748
749	$mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
750	$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
751	$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
752	$comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
753
754	if ( get_option('show_avatars') && 'single' != $mode )
755	add_filter( 'comment_author', 'floated_admin_avatar' );
756
757	$x = new WP_Ajax_Response();
758
759	ob_start();
760	_wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
761	$comment_list_item = ob_get_contents();
762	ob_end_clean();
763
764	$x->add( array(
765	'what' => 'edit_comment',
766	'id' => $comment->comment_ID,
767	'data' => $comment_list_item,
768	'position' => $position
769	));
770
771	$x->send();
772	break;
773	case 'add-meta' :
774	check_ajax_referer( 'add-meta' );
775	$c = 0;
776	$pid = (int) $_POST['post_id'];
777	if ( isset($_POST['metakeyselect']) \|\| isset($_POST['metakeyinput']) ) {
778	if ( !current_user_can( 'edit_post', $pid ) )
779	die('-1');
780	if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
781	die('1');
782	if ( $pid < 0 ) {
783	$now = current_time('timestamp', 1);
784	if ( $pid = wp_insert_post( array(
785	'post_title' => sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now))
786	) ) ) {
787	if ( is_wp_error( $pid ) ) {
788	$x = new WP_Ajax_Response( array(
789	'what' => 'meta',
790	'data' => $pid
791	) );
792	$x->send();
793	}
794	if ( !$mid = add_meta( $pid ) )
795	die(__('Please provide a custom field value.'));
796	} else {
797	die('0');
798	}
799	} else if ( !$mid = add_meta( $pid ) ) {
800	die(__('Please provide a custom field value.'));
801	}
802
803	$meta = get_post_meta_by_id( $mid );
804	$pid = (int) $meta->post_id;
805	$meta = get_object_vars( $meta );
806	$x = new WP_Ajax_Response( array(
807	'what' => 'meta',
808	'id' => $mid,
809	'data' => _list_meta_row( $meta, $c ),
810	'position' => 1,
811	'supplemental' => array('postid' => $pid)
812	) );
813	} else {
814	$mid = (int) array_pop(array_keys($_POST['meta']));
815	$key = $_POST['meta'][$mid]['key'];
816	$value = $_POST['meta'][$mid]['value'];
817	if ( !$meta = get_post_meta_by_id( $mid ) )
818	die('0'); // if meta doesn't exist
819	if ( !current_user_can( 'edit_post', $meta->post_id ) )
820	die('-1');
821	if ( $meta->meta_value != stripslashes($value) ) {
822	if ( !$u = update_meta( $mid, $key, $value ) )
823	die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
824	}
825
826	$key = stripslashes($key);
827	$value = stripslashes($value);
828	$x = new WP_Ajax_Response( array(
829	'what' => 'meta',
830	'id' => $mid, 'old_id' => $mid,
831	'data' => _list_meta_row( array(
832	'meta_key' => $key,
833	'meta_value' => $value,
834	'meta_id' => $mid
835	), $c ),
836	'position' => 0,
837	'supplemental' => array('postid' => $meta->post_id)
838	) );
839	}
840	$x->send();
841	break;
842	case 'add-user' :
843	check_ajax_referer( $action );
844	if ( !current_user_can('create_users') )
845	die('-1');
846	require_once(ABSPATH . WPINC . '/registration.php');
847	if ( !$user_id = add_user() )
848	die('0');
849	elseif ( is_wp_error( $user_id ) ) {
850	$x = new WP_Ajax_Response( array(
851	'what' => 'user',
852	'id' => $user_id
853	) );
854	$x->send();
855	}
856	$user_object = new WP_User( $user_id );
857
858	$x = new WP_Ajax_Response( array(
859	'what' => 'user',
860	'id' => $user_id,
861	'data' => user_row( $user_object, '', $user_object->roles[0] ),
862	'supplemental' => array(
863	'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
864	'role' => $user_object->roles[0]
865	)
866	) );
867	$x->send();
868	break;
869	case 'autosave' : // The name of this action is hardcoded in edit_post()
870	define( 'DOING_AUTOSAVE', true );
871
872	$nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
873	global $current_user;
874
875	$_POST['post_category'] = explode(",", $_POST['catslist']);
876	if($_POST['post_type'] == 'page' \|\| empty($_POST['post_category']))
877	unset($_POST['post_category']);
878
879	$do_autosave = (bool) $_POST['autosave'];
880	$do_lock = true;
881
882	$data = '';
883	/* translators: draft saved date format, see http://php.net/date */
884	$draft_saved_date_format = __('g:i:s a');
885	$message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );
886
887	$supplemental = array();
888
889	$id = $revision_id = 0;
890	if($_POST['post_ID'] < 0) {
891	$_POST['post_status'] = 'draft';
892	$_POST['temp_ID'] = $_POST['post_ID'];
893	if ( $do_autosave ) {
894	$id = wp_write_post();
895	$data = $message;
896	}
897	} else {
898	$post_ID = (int) $_POST['post_ID'];
899	$_POST['ID'] = $post_ID;
900	$post = get_post($post_ID);
901
902	if ( $last = wp_check_post_lock( $post->ID ) ) {
903	$do_autosave = $do_lock = false;
904
905	$last_user = get_userdata( $last );
906	$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
907	$data = new WP_Error( 'locked', sprintf(
908	$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
909	esc_html( $last_user_name )
910	) );
911
912	$supplemental['disable_autosave'] = 'disable';
913	}
914
915	if ( 'page' == $post->post_type ) {
916	if ( !current_user_can('edit_page', $post_ID) )
917	die(__('You are not allowed to edit this page.'));
918	} else {
919	if ( !current_user_can('edit_post', $post_ID) )
920	die(__('You are not allowed to edit this post.'));
921	}
922
923	if ( $do_autosave ) {
924	// Drafts are just overwritten by autosave
925	if ( 'draft' == $post->post_status ) {
926	$id = edit_post();
927	} else { // Non drafts are not overwritten. The autosave is stored in a special post revision.
928	$revision_id = wp_create_post_autosave( $post->ID );
929	if ( is_wp_error($revision_id) )
930	$id = $revision_id;
931	else
932	$id = $post->ID;
933	}
934	$data = $message;
935	} else {
936	$id = $post->ID;
937	}
938	}
939
940	if ( $do_lock && $id && is_numeric($id) )
941	wp_set_post_lock( $id );
942
943	if ( $nonce_age == 2 ) {
944	$supplemental['replace-autosavenonce'] = wp_create_nonce('autosave');
945	$supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink');
946	$supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink');
947	$supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes');
948	if ( $id ) {
949	if ( $_POST['post_type'] == 'post' )
950	$supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id);
951	elseif ( $_POST['post_type'] == 'page' )
952	$supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id);
953	}
954	}
955
956	$x = new WP_Ajax_Response( array(
957	'what' => 'autosave',
958	'id' => $id,
959	'data' => $id ? $data : '',
960	'supplemental' => $supplemental
961	) );
962	$x->send();
963	break;
964	case 'autosave-generate-nonces' :
965	check_ajax_referer( 'autosave', 'autosavenonce' );
966	$ID = (int) $_POST['post_ID'];
967	if($_POST['post_type'] == 'post') {
968	if(current_user_can('edit_post', $ID))
969	die(wp_create_nonce('update-post_' . $ID));
970	}
971	if($_POST['post_type'] == 'page') {
972	if(current_user_can('edit_page', $ID)) {
973	die(wp_create_nonce('update-page_' . $ID));
974	}
975	}
976	die('0');
977	break;
978	case 'closed-postboxes' :
979	check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
980	$closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
981	$closed = explode( ',', $_POST['closed'] );
982	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
983	$hidden = explode( ',', $_POST['hidden'] );
984	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
985
986	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
987	die('-1');
988
989	if ( ! $user = wp_get_current_user() )
990	die('-1');
991
992	if ( is_array($closed) )
993	update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
994
995	if ( is_array($hidden) ) {
996	$hidden = array_diff( $hidden, array('submitdiv', 'pagesubmitdiv', 'linksubmitdiv') ); // postboxes that are always shown
997	update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
998	}
999
1000	die('1');
1001	break;
1002	case 'hidden-columns' :
1003	check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
1004	$hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
1005	$hidden = explode( ',', $_POST['hidden'] );
1006	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1007
1008	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1009	die('-1');
1010
1011	if ( ! $user = wp_get_current_user() )
1012	die('-1');
1013
1014	if ( is_array($hidden) )
1015	update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden);
1016
1017	die('1');
1018	break;
1019	case 'meta-box-order':
1020	check_ajax_referer( 'meta-box-order' );
1021	$order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
1022	$page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
1023	$page = isset( $_POST['page'] ) ? $_POST['page'] : '';
1024
1025	if ( !preg_match( '/^[a-z_-]+$/', $page ) )
1026	die('-1');
1027
1028	if ( ! $user = wp_get_current_user() )
1029	die('-1');
1030
1031	if ( $order )
1032	update_user_option($user->ID, "meta-box-order_$page", $order);
1033
1034	if ( $page_columns )
1035	update_usermeta($user->ID, "screen_layout_$page", $page_columns);
1036
1037	die('1');
1038	break;
1039	case 'get-permalink':
1040	check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
1041	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1042	die(add_query_arg(array('preview' => 'true'), get_permalink($post_id)));
1043	break;
1044	case 'sample-permalink':
1045	check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' );
1046	$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
1047	$title = isset($_POST['new_title'])? $_POST['new_title'] : '';
1048	$slug = isset($_POST['new_slug'])? $_POST['new_slug'] : '';
1049	die(get_sample_permalink_html($post_id, $title, $slug));
1050	break;
1051	case 'inline-save':
1052	check_ajax_referer( 'inlineeditnonce', '_inline_edit' );
1053
1054	if ( ! isset($_POST['post_ID']) \|\| ! ( $post_ID = (int) $_POST['post_ID'] ) )
1055	exit;
1056
1057	if ( 'page' == $_POST['post_type'] ) {
1058	if ( ! current_user_can( 'edit_page', $post_ID ) )
1059	die( __('You are not allowed to edit this page.') );
1060	} else {
1061	if ( ! current_user_can( 'edit_post', $post_ID ) )
1062	die( __('You are not allowed to edit this post.') );
1063	}
1064
1065	if ( $last = wp_check_post_lock( $post_ID ) ) {
1066	$last_user = get_userdata( $last );
1067	$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
1068	printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
1069	exit;
1070	}
1071
1072	$data = &$_POST;
1073
1074	$post = get_post( $post_ID, ARRAY_A );
1075	$post = add_magic_quotes($post); //since it is from db
1076
1077	$data['content'] = $post['post_content'];
1078	$data['excerpt'] = $post['post_excerpt'];
1079
1080	// rename
1081	$data['user_ID'] = $GLOBALS['user_ID'];
1082
1083	if ( isset($data['post_parent']) )
1084	$data['parent_id'] = $data['post_parent'];
1085
1086	// status
1087	if ( isset($data['keep_private']) && 'private' == $data['keep_private'] )
1088	$data['post_status'] = 'private';
1089	else
1090	$data['post_status'] = $data['_status'];
1091
1092	if ( empty($data['comment_status']) )
1093	$data['comment_status'] = 'closed';
1094	if ( empty($data['ping_status']) )
1095	$data['ping_status'] = 'closed';
1096
1097	// update the post
1098	edit_post();
1099
1100	$post = array();
1101	if ( 'page' == $_POST['post_type'] ) {
1102	$post[] = get_post($_POST['post_ID']);
1103	page_rows($post);
1104	} elseif ( 'post' == $_POST['post_type'] ) {
1105	$mode = $_POST['post_view'];
1106	$post[] = get_post($_POST['post_ID']);
1107	post_rows($post);
1108	}
1109
1110	exit;
1111	break;
1112	case 'inline-save-tax':
1113	check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
1114
1115	if ( ! current_user_can('manage_categories') )
1116	die( __('Cheatin’ uh?') );
1117
1118	if ( ! isset($_POST['tax_ID']) \|\| ! ( $id = (int) $_POST['tax_ID'] ) )
1119	die(-1);
1120
1121	switch ($_POST['tax_type']) {
1122	case 'cat' :
1123	$data = array();
1124	$data['cat_ID'] = $id;
1125	$data['cat_name'] = $_POST['name'];
1126	$data['category_nicename'] = $_POST['slug'];
1127	if ( isset($_POST['parent']) && (int) $_POST['parent'] > 0 )
1128	$data['category_parent'] = $_POST['parent'];
1129
1130	$cat = get_category($id, ARRAY_A);
1131	$data['category_description'] = $cat['category_description'];
1132
1133	$updated = wp_update_category($data);
1134
1135	if ( $updated && !is_wp_error($updated) )
1136	echo _cat_row( $updated, 0 );
1137	else
1138	die( __('Category not updated.') );
1139
1140	break;
1141	case 'link-cat' :
1142	$updated = wp_update_term($id, 'link_category', $_POST);
1143
1144	if ( $updated && !is_wp_error($updated) )
1145	echo link_cat_row($updated['term_id']);
1146	else
1147	die( __('Category not updated.') );
1148
1149	break;
1150	case 'tag' :
1151	if ( !empty($_POST['taxonomy']) )
1152	$taxonomy = $_POST['taxonomy'];
1153	else
1154	$taxonomy = 'post_tag';
1155
1156	$tag = get_term( $id, $taxonomy );
1157	$_POST['description'] = $tag->description;
1158
1159	$updated = wp_update_term($id, $taxonomy, $_POST);
1160	if ( $updated && !is_wp_error($updated) ) {
1161	$tag = get_term( $updated['term_id'], $taxonomy );
1162	if ( !$tag \|\| is_wp_error( $tag ) )
1163	die( __('Tag not updated.') );
1164
1165	echo _tag_row($tag);
1166	} else {
1167	die( __('Tag not updated.') );
1168	}
1169
1170	break;
1171	}
1172
1173	exit;
1174	break;
1175	case 'find_posts':
1176	check_ajax_referer( 'find-posts' );
1177
1178	if ( empty($_POST['ps']) )
1179	exit;
1180
1181	$what = isset($_POST['pages']) ? 'page' : 'post';
1182	$s = stripslashes($_POST['ps']);
1183	preg_match_all('/".*?("\|$)\|((?<=[\\s",+])\|^)[^\\s",+]+/', $s, $matches);
1184	$search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
1185
1186	$searchand = $search = '';
1187	foreach( (array) $search_terms as $term) {
1188	$term = addslashes_gpc($term);
1189	$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
1190	$searchand = ' AND ';
1191	}
1192	$term = $wpdb->escape($s);
1193	if ( count($search_terms) > 1 && $search_terms[0] != $s )
1194	$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
1195
1196	$posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
1197
1198	if ( ! $posts )
1199	exit( __('No posts found.') );
1200
1201	$html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
1202	foreach ( $posts as $post ) {
1203
1204	switch ( $post->post_status ) {
1205	case 'publish' :
1206	case 'private' :
1207	$stat = __('Published');
1208	break;
1209	case 'future' :
1210	$stat = __('Scheduled');
1211	break;
1212	case 'pending' :
1213	$stat = __('Pending Review');
1214	break;
1215	case 'draft' :
1216	$stat = __('Unpublished');
1217	break;
1218	}
1219
1220	if ( '0000-00-00 00:00:00' == $post->post_date ) {
1221	$time = '';
1222	} else {
1223	/* translators: date format in table columns, see http://php.net/date */
1224	$time = mysql2date(__('Y/m/d'), $post->post_date);
1225	}
1226
1227	$html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
1228	$html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
1229	}
1230	$html .= '</tbody></table>';
1231
1232	$x = new WP_Ajax_Response();
1233	$x->add( array(
1234	'what' => $what,
1235	'data' => $html
1236	));
1237	$x->send();
1238
1239	break;
1240	case 'lj-importer' :
1241	check_ajax_referer( 'lj-api-import' );
1242	if ( !current_user_can( 'publish_posts' ) )
1243	die('-1');
1244	if ( empty( $_POST['step'] ) )
1245	die( '-1' );
1246	define('WP_IMPORTING', true);
1247	include( ABSPATH . 'wp-admin/import/livejournal.php' );
1248	$result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
1249	if ( is_wp_error( $result ) )
1250	echo $result->get_error_message();
1251	die;
1252	break;
1253	case 'widgets-order' :
1254	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1255
1256	if ( !current_user_can('switch_themes') )
1257	die('-1');
1258
1259	unset( $_POST['savewidgets'], $_POST['action'] );
1260
1261	// save widgets order for all sidebars
1262	if ( is_array($_POST['sidebars']) ) {
1263	$sidebars = array();
1264	foreach ( $_POST['sidebars'] as $key => $val ) {
1265	$sb = array();
1266	if ( !empty($val) ) {
1267	$val = explode(',', $val);
1268	foreach ( $val as $k => $v ) {
1269	if ( strpos($v, 'widget-') === false )
1270	continue;
1271
1272	$sb[$k] = substr($v, strpos($v, '_') + 1);
1273	}
1274	}
1275	$sidebars[$key] = $sb;
1276	}
1277	wp_set_sidebars_widgets($sidebars);
1278	die('1');
1279	}
1280
1281	die('-1');
1282	break;
1283	case 'save-widget' :
1284	check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
1285
1286	if ( !current_user_can('switch_themes') \|\| !isset($_POST['id_base']) )
1287	die('-1');
1288
1289	unset( $_POST['savewidgets'], $_POST['action'] );
1290
1291	do_action('load-widgets.php');
1292	do_action('widgets.php');
1293	do_action('sidebar_admin_setup');
1294
1295	$id_base = $_POST['id_base'];
1296	$widget_id = $_POST['widget-id'];
1297	$sidebar_id = $_POST['sidebar'];
1298	$multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
1299	$settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
1300	$error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
1301
1302	$sidebars = wp_get_sidebars_widgets();
1303	$sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
1304
1305	// delete
1306	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1307
1308	if ( !isset($wp_registered_widgets[$widget_id]) )
1309	die($error);
1310
1311	$sidebar = array_diff( $sidebar, array($widget_id) );
1312	$_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
1313	} elseif ( $settings && preg_match( '/__i__\|%i%/', key($settings) ) ) {
1314	if ( !$multi_number )
1315	die($error);
1316
1317	$_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
1318	$widget_id = $id_base . '-' . $multi_number;
1319	$sidebar[] = $widget_id;
1320	}
1321	$_POST['widget-id'] = $sidebar;
1322
1323	foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
1324
1325	if ( $name == $id_base ) {
1326	if ( !is_callable( $control['callback'] ) )
1327	continue;
1328
1329	ob_start();
1330	call_user_func_array( $control['callback'], $control['params'] );
1331	ob_end_clean();
1332	break;
1333	}
1334	}
1335
1336	if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
1337	$sidebars[$sidebar_id] = $sidebar;
1338	wp_set_sidebars_widgets($sidebars);
1339	echo "deleted:$widget_id";
1340	die();
1341	}
1342
1343	if ( !empty($_POST['add_new']) )
1344	die();
1345
1346	if ( $form = $wp_registered_widget_controls[$widget_id] )
1347	call_user_func_array( $form['callback'], $form['params'] );
1348
1349	die();
1350	break;
1351	default :
1352	do_action( 'wp_ajax_' . $_POST['action'] );
1353	die('0');
1354	break;
1355	endswitch;
1356	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: