| [ Index ] |
PHP Cross Reference of WordPress |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress Core Ajax Handlers. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /* 10 * No-privilege Ajax handlers. 11 */ 12 13 function wp_ajax_nopriv_autosave() { 14 $id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0; 15 16 if ( ! $id ) 17 wp_die( -1 ); 18 19 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() ); 20 $x = new WP_Ajax_Response( array( 21 'what' => 'autosave', 22 'id' => $id, 23 'data' => $message 24 ) ); 25 $x->send(); 26 } 27 28 /* 29 * GET-based Ajax handlers. 30 */ 31 function wp_ajax_fetch_list() { 32 global $current_screen, $wp_list_table; 33 34 $list_class = $_GET['list_args']['class']; 35 check_ajax_referer( "fetch-list-$list_class", '_ajax_fetch_list_nonce' ); 36 37 $current_screen = convert_to_screen( $_GET['list_args']['screen']['id'] ); 38 39 define( 'WP_NETWORK_ADMIN', $current_screen->is_network ); 40 define( 'WP_USER_ADMIN', $current_screen->is_user ); 41 42 $wp_list_table = _get_list_table( $list_class ); 43 if ( ! $wp_list_table ) 44 wp_die( 0 ); 45 46 if ( ! $wp_list_table->ajax_user_can() ) 47 wp_die( -1 ); 48 49 $wp_list_table->ajax_response(); 50 51 wp_die( 0 ); 52 } 53 function wp_ajax_ajax_tag_search() { 54 global $wpdb; 55 56 if ( isset( $_GET['tax'] ) ) { 57 $taxonomy = sanitize_key( $_GET['tax'] ); 58 $tax = get_taxonomy( $taxonomy ); 59 if ( ! $tax ) 60 wp_die( 0 ); 61 if ( ! current_user_can( $tax->cap->assign_terms ) ) 62 wp_die( -1 ); 63 } else { 64 wp_die( 0 ); 65 } 66 67 $s = stripslashes( $_GET['q'] ); 68 69 $comma = _x( ',', 'tag delimiter' ); 70 if ( ',' !== $comma ) 71 $s = str_replace( $comma, ',', $s ); 72 if ( false !== strpos( $s, ',' ) ) { 73 $s = explode( ',', $s ); 74 $s = $s[count( $s ) - 1]; 75 } 76 $s = trim( $s ); 77 if ( strlen( $s ) < 2 ) 78 wp_die(); // require 2 chars for matching 79 80 $results = $wpdb->get_col( $wpdb->prepare( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = %s AND t.name LIKE (%s)", $taxonomy, '%' . like_escape( $s ) . '%' ) ); 81 82 echo join( $results, "\n" ); 83 wp_die(); 84 } 85 86 function wp_ajax_wp_compression_test() { 87 if ( !current_user_can( 'manage_options' ) ) 88 wp_die( -1 ); 89 90 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) { 91 update_site_option('can_compress_scripts', 0); 92 wp_die( 0 ); 93 } 94 95 if ( isset($_GET['test']) ) { 96 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' ); 97 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' ); 98 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' ); 99 header( 'Pragma: no-cache' ); 100 header('Content-Type: application/x-javascript; charset=UTF-8'); 101 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP ); 102 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."'; 103 104 if ( 1 == $_GET['test'] ) { 105 echo $test_str; 106 wp_die(); 107 } elseif ( 2 == $_GET['test'] ) { 108 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) ) 109 wp_die( -1 ); 110 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) { 111 header('Content-Encoding: deflate'); 112 $out = gzdeflate( $test_str, 1 ); 113 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) { 114 header('Content-Encoding: gzip'); 115 $out = gzencode( $test_str, 1 ); 116 } else { 117 wp_die( -1 ); 118 } 119 echo $out; 120 wp_die(); 121 } elseif ( 'no' == $_GET['test'] ) { 122 update_site_option('can_compress_scripts', 0); 123 } elseif ( 'yes' == $_GET['test'] ) { 124 update_site_option('can_compress_scripts', 1); 125 } 126 } 127 128 wp_die( 0 ); 129 } 130 131 function wp_ajax_imgedit_preview() { 132 $post_id = intval($_GET['postid']); 133 if ( empty($post_id) || !current_user_can('edit_post', $post_id) ) 134 wp_die( -1 ); 135 136 check_ajax_referer( "image_editor-$post_id" ); 137 138 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 139 if ( ! stream_preview_image($post_id) ) 140 wp_die( -1 ); 141 142 wp_die(); 143 } 144 145 function wp_ajax_oembed_cache() { 146 global $wp_embed; 147 148 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0'; 149 wp_die( $return ); 150 } 151 152 function wp_ajax_autocomplete_user() { 153 if ( ! is_multisite() || ! current_user_can( 'promote_users' ) || wp_is_large_network( 'users' ) ) 154 wp_die( -1 ); 155 156 if ( ! is_super_admin() && ! apply_filters( 'autocomplete_users_for_site_admins', false ) ) 157 wp_die( -1 ); 158 159 $return = array(); 160 161 // Check the type of request 162 if ( isset( $_REQUEST['autocomplete_type'] ) ) 163 $type = $_REQUEST['autocomplete_type']; 164 else 165 $type = 'add'; 166 167 // Exclude current users of this blog 168 if ( isset( $_REQUEST['site_id'] ) ) 169 $id = absint( $_REQUEST['site_id'] ); 170 else 171 $id = get_current_blog_id(); 172 173 $include_blog_users = ( $type == 'search' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() ); 174 $exclude_blog_users = ( $type == 'add' ? get_users( array( 'blog_id' => $id, 'fields' => 'ID' ) ) : array() ); 175 176 $users = get_users( array( 177 'blog_id' => false, 178 'search' => '*' . $_REQUEST['term'] . '*', 179 'include' => $include_blog_users, 180 'exclude' => $exclude_blog_users, 181 'search_columns' => array( 'user_login', 'user_nicename', 'user_email' ), 182 ) ); 183 184 foreach ( $users as $user ) { 185 $return[] = array( 186 /* translators: 1: user_login, 2: user_email */ 187 'label' => sprintf( __( '%1$s (%2$s)' ), $user->user_login, $user->user_email ), 188 'value' => $user->user_login, 189 ); 190 } 191 192 wp_die( json_encode( $return ) ); 193 } 194 195 function wp_ajax_dashboard_widgets() { 196 require ABSPATH . 'wp-admin/includes/dashboard.php'; 197 198 switch ( $_GET['widget'] ) { 199 case 'dashboard_incoming_links' : 200 wp_dashboard_incoming_links(); 201 break; 202 case 'dashboard_primary' : 203 wp_dashboard_primary(); 204 break; 205 case 'dashboard_secondary' : 206 wp_dashboard_secondary(); 207 break; 208 case 'dashboard_plugins' : 209 wp_dashboard_plugins(); 210 break; 211 } 212 wp_die(); 213 } 214 215 function wp_ajax_autocomplete_site() { 216 if ( ! is_multisite() || ! current_user_can( 'manage_sites' ) || wp_is_large_network( 'sites' ) ) 217 wp_die( -1 ); 218 219 $return = array(); 220 221 global $wpdb; 222 $like_escaped_term = '%' . like_escape( stripslashes( $_REQUEST['term'] ) ) . '%'; 223 $sites = $wpdb->get_results( $wpdb->prepare( "SELECT blog_id, domain, path FROM $wpdb->blogs WHERE ( domain LIKE %s OR path LIKE %s ) AND public = '1' AND archived = '0' AND mature = '0' AND spam = '0' AND deleted = '0' ORDER BY registered DESC", $like_escaped_term, $like_escaped_term ), ARRAY_A ); 224 225 if ( empty( $sites ) ) 226 wp_die( -1 ); 227 228 foreach ( (array) $sites as $details ) { 229 $blogname = get_blog_option( $details['blog_id'], 'blogname' ); 230 $return[] = array( 231 'label' => sprintf( '%1$s (%2$s)', $blogname, $details['domain'] . $details['path'] ), 232 'value' => $details['domain'] 233 ); 234 } 235 236 wp_die( json_encode( $return ) ); 237 } 238 239 /* 240 * Ajax helper. 241 */ 242 243 /** 244 * Sends back current comment total and new page links if they need to be updated. 245 * 246 * Contrary to normal success AJAX response ("1"), die with time() on success. 247 * 248 * @since 2.7 249 * 250 * @param int $comment_id 251 * @return die 252 */ 253 function _wp_ajax_delete_comment_response( $comment_id, $delta = -1 ) { 254 $total = (int) @$_POST['_total']; 255 $per_page = (int) @$_POST['_per_page']; 256 $page = (int) @$_POST['_page']; 257 $url = esc_url_raw( @$_POST['_url'] ); 258 // JS didn't send us everything we need to know. Just die with success message 259 if ( !$total || !$per_page || !$page || !$url ) 260 wp_die( time() ); 261 262 $total += $delta; 263 if ( $total < 0 ) 264 $total = 0; 265 266 // Only do the expensive stuff on a page-break, and about 1 other time per page 267 if ( 0 == $total % $per_page || 1 == mt_rand( 1, $per_page ) ) { 268 $post_id = 0; 269 $status = 'total_comments'; // What type of comment count are we looking for? 270 $parsed = parse_url( $url ); 271 if ( isset( $parsed['query'] ) ) { 272 parse_str( $parsed['query'], $query_vars ); 273 if ( !empty( $query_vars['comment_status'] ) ) 274 $status = $query_vars['comment_status']; 275 if ( !empty( $query_vars['p'] ) ) 276 $post_id = (int) $query_vars['p']; 277 } 278 279 $comment_count = wp_count_comments($post_id); 280 281 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count 282 $total = $comment_count->$status; 283 // else use the decremented value from above 284 } 285 286 $time = time(); // The time since the last comment count 287 288 $x = new WP_Ajax_Response( array( 289 'what' => 'comment', 290 'id' => $comment_id, // here for completeness - not used 291 'supplemental' => array( 292 'total_items_i18n' => sprintf( _n( '1 item', '%s items', $total ), number_format_i18n( $total ) ), 293 'total_pages' => ceil( $total / $per_page ), 294 'total_pages_i18n' => number_format_i18n( ceil( $total / $per_page ) ), 295 'total' => $total, 296 'time' => $time 297 ) 298 ) ); 299 $x->send(); 300 } 301 302 /* 303 * POST-based Ajax handlers. 304 */ 305 306 function _wp_ajax_add_hierarchical_term() { 307 $action = $_POST['action']; 308 $taxonomy = get_taxonomy(substr($action, 4)); 309 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name ); 310 if ( !current_user_can( $taxonomy->cap->edit_terms ) ) 311 wp_die( -1 ); 312 $names = explode(',', $_POST['new'.$taxonomy->name]); 313 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0; 314 if ( 0 > $parent ) 315 $parent = 0; 316 if ( $taxonomy->name == 'category' ) 317 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array(); 318 else 319 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array(); 320 $checked_categories = array_map( 'absint', (array) $post_category ); 321 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false); 322 323 foreach ( $names as $cat_name ) { 324 $cat_name = trim($cat_name); 325 $category_nicename = sanitize_title($cat_name); 326 if ( '' === $category_nicename ) 327 continue; 328 if ( !$cat_id = term_exists( $cat_name, $taxonomy->name, $parent ) ) 329 $cat_id = wp_insert_term( $cat_name, $taxonomy->name, array( 'parent' => $parent ) ); 330 if ( is_wp_error( $cat_id ) ) 331 continue; 332 else if ( is_array( $cat_id ) ) 333 $cat_id = $cat_id['term_id']; 334 $checked_categories[] = $cat_id; 335 if ( $parent ) // Do these all at once in a second 336 continue; 337 ob_start(); 338 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids )); 339 $data = ob_get_contents(); 340 ob_end_clean(); 341 $add = array( 342 'what' => $taxonomy->name, 343 'id' => $cat_id, 344 'data' => str_replace( array("\n", "\t"), '', $data), 345 'position' => -1 346 ); 347 } 348 349 if ( $parent ) { // Foncy - replace the parent and all its children 350 $parent = get_term( $parent, $taxonomy->name ); 351 $term_id = $parent->term_id; 352 353 while ( $parent->parent ) { // get the top parent 354 $parent = &get_term( $parent->parent, $taxonomy->name ); 355 if ( is_wp_error( $parent ) ) 356 break; 357 $term_id = $parent->term_id; 358 } 359 360 ob_start(); 361 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids)); 362 $data = ob_get_contents(); 363 ob_end_clean(); 364 $add = array( 365 'what' => $taxonomy->name, 366 'id' => $term_id, 367 'data' => str_replace( array("\n", "\t"), '', $data), 368 'position' => -1 369 ); 370 } 371 372 ob_start(); 373 wp_dropdown_categories( array( 374 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name', 375 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —' 376 ) ); 377 $sup = ob_get_contents(); 378 ob_end_clean(); 379 $add['supplemental'] = array( 'newcat_parent' => $sup ); 380 381 $x = new WP_Ajax_Response( $add ); 382 $x->send(); 383 } 384 385 function wp_ajax_delete_comment() { 386 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 387 388 if ( !$comment = get_comment( $id ) ) 389 wp_die( time() ); 390 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 391 wp_die( -1 ); 392 393 check_ajax_referer( "delete-comment_$id" ); 394 $status = wp_get_comment_status( $comment->comment_ID ); 395 396 $delta = -1; 397 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) { 398 if ( 'trash' == $status ) 399 wp_die( time() ); 400 $r = wp_trash_comment( $comment->comment_ID ); 401 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) { 402 if ( 'trash' != $status ) 403 wp_die( time() ); 404 $r = wp_untrash_comment( $comment->comment_ID ); 405 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'trash' ) // undo trash, not in trash 406 $delta = 1; 407 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) { 408 if ( 'spam' == $status ) 409 wp_die( time() ); 410 $r = wp_spam_comment( $comment->comment_ID ); 411 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) { 412 if ( 'spam' != $status ) 413 wp_die( time() ); 414 $r = wp_unspam_comment( $comment->comment_ID ); 415 if ( ! isset( $_POST['comment_status'] ) || $_POST['comment_status'] != 'spam' ) // undo spam, not in spam 416 $delta = 1; 417 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) { 418 $r = wp_delete_comment( $comment->comment_ID ); 419 } else { 420 wp_die( -1 ); 421 } 422 423 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts 424 _wp_ajax_delete_comment_response( $comment->comment_ID, $delta ); 425 wp_die( 0 ); 426 } 427 428 function wp_ajax_delete_tag() { 429 $tag_id = (int) $_POST['tag_ID']; 430 check_ajax_referer( "delete-tag_$tag_id" ); 431 432 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 433 $tax = get_taxonomy($taxonomy); 434 435 if ( !current_user_can( $tax->cap->delete_terms ) ) 436 wp_die( -1 ); 437 438 $tag = get_term( $tag_id, $taxonomy ); 439 if ( !$tag || is_wp_error( $tag ) ) 440 wp_die( 1 ); 441 442 if ( wp_delete_term($tag_id, $taxonomy)) 443 wp_die( 1 ); 444 else 445 wp_die( 0 ); 446 } 447 448 function wp_ajax_delete_link() { 449 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 450 451 check_ajax_referer( "delete-bookmark_$id" ); 452 if ( !current_user_can( 'manage_links' ) ) 453 wp_die( -1 ); 454 455 $link = get_bookmark( $id ); 456 if ( !$link || is_wp_error( $link ) ) 457 wp_die( 1 ); 458 459 if ( wp_delete_link( $id ) ) 460 wp_die( 1 ); 461 else 462 wp_die( 0 ); 463 } 464 465 function wp_ajax_delete_meta() { 466 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 467 468 check_ajax_referer( "delete-meta_$id" ); 469 if ( !$meta = get_metadata_by_mid( 'post', $id ) ) 470 wp_die( 1 ); 471 472 if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $meta->post_id, $meta->meta_key ) ) 473 wp_die( -1 ); 474 if ( delete_meta( $meta->meta_id ) ) 475 wp_die( 1 ); 476 wp_die( 0 ); 477 } 478 479 function wp_ajax_delete_post( $action ) { 480 if ( empty( $action ) ) 481 $action = 'delete-post'; 482 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 483 484 check_ajax_referer( "{$action}_$id" ); 485 if ( !current_user_can( 'delete_post', $id ) ) 486 wp_die( -1 ); 487 488 if ( !get_post( $id ) ) 489 wp_die( 1 ); 490 491 if ( wp_delete_post( $id ) ) 492 wp_die( 1 ); 493 else 494 wp_die( 0 ); 495 } 496 497 function wp_ajax_trash_post( $action ) { 498 if ( empty( $action ) ) 499 $action = 'trash-post'; 500 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 501 502 check_ajax_referer( "{$action}_$id" ); 503 if ( !current_user_can( 'delete_post', $id ) ) 504 wp_die( -1 ); 505 506 if ( !get_post( $id ) ) 507 wp_die( 1 ); 508 509 if ( 'trash-post' == $action ) 510 $done = wp_trash_post( $id ); 511 else 512 $done = wp_untrash_post( $id ); 513 514 if ( $done ) 515 wp_die( 1 ); 516 517 wp_die( 0 ); 518 } 519 520 function wp_ajax_untrash_post( $action ) { 521 if ( empty( $action ) ) 522 $action = 'untrash-post'; 523 wp_ajax_trash_post( $action ); 524 } 525 526 function wp_ajax_delete_page( $action ) { 527 if ( empty( $action ) ) 528 $action = 'delete-page'; 529 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 530 531 check_ajax_referer( "{$action}_$id" ); 532 if ( !current_user_can( 'delete_page', $id ) ) 533 wp_die( -1 ); 534 535 if ( !get_page( $id ) ) 536 wp_die( 1 ); 537 538 if ( wp_delete_post( $id ) ) 539 wp_die( 1 ); 540 else 541 wp_die( 0 ); 542 } 543 544 function wp_ajax_dim_comment() { 545 $id = isset( $_POST['id'] ) ? (int) $_POST['id'] : 0; 546 547 if ( !$comment = get_comment( $id ) ) { 548 $x = new WP_Ajax_Response( array( 549 'what' => 'comment', 550 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id)) 551 ) ); 552 $x->send(); 553 } 554 555 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) && ! current_user_can( 'moderate_comments' ) ) 556 wp_die( -1 ); 557 558 $current = wp_get_comment_status( $comment->comment_ID ); 559 if ( $_POST['new'] == $current ) 560 wp_die( time() ); 561 562 check_ajax_referer( "approve-comment_$id" ); 563 if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) 564 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true ); 565 else 566 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true ); 567 568 if ( is_wp_error($result) ) { 569 $x = new WP_Ajax_Response( array( 570 'what' => 'comment', 571 'id' => $result 572 ) ); 573 $x->send(); 574 } 575 576 // Decide if we need to send back '1' or a more complicated response including page links and comment counts 577 _wp_ajax_delete_comment_response( $comment->comment_ID ); 578 wp_die( 0 ); 579 } 580 581 function wp_ajax_add_link_category( $action ) { 582 if ( empty( $action ) ) 583 $action = 'add-link-category'; 584 check_ajax_referer( $action ); 585 if ( !current_user_can( 'manage_categories' ) ) 586 wp_die( -1 ); 587 $names = explode(',', $_POST['newcat']); 588 $x = new WP_Ajax_Response(); 589 foreach ( $names as $cat_name ) { 590 $cat_name = trim($cat_name); 591 $slug = sanitize_title($cat_name); 592 if ( '' === $slug ) 593 continue; 594 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) 595 $cat_id = wp_insert_term( $cat_name, 'link_category' ); 596 if ( is_wp_error( $cat_id ) ) 597 continue; 598 else if ( is_array( $cat_id ) ) 599 $cat_id = $cat_id['term_id']; 600 $cat_name = esc_html(stripslashes($cat_name)); 601 $x->add( array( 602 'what' => 'link-category', 603 'id' => $cat_id, 604 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>", 605 'position' => -1 606 ) ); 607 } 608 $x->send(); 609 } 610 611 function wp_ajax_add_tag() { 612 global $wp_list_table; 613 614 check_ajax_referer( 'add-tag', '_wpnonce_add-tag' ); 615 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post'; 616 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 617 $tax = get_taxonomy($taxonomy); 618 619 if ( !current_user_can( $tax->cap->edit_terms ) ) 620 wp_die( -1 ); 621 622 $x = new WP_Ajax_Response(); 623 624 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 625 626 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) { 627 $message = __('An error has occurred. Please reload the page and try again.'); 628 if ( is_wp_error($tag) && $tag->get_error_message() ) 629 $message = $tag->get_error_message(); 630 631 $x->add( array( 632 'what' => 'taxonomy', 633 'data' => new WP_Error('error', $message ) 634 ) ); 635 $x->send(); 636 } 637 638 set_current_screen( $_POST['screen'] ); 639 640 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 641 642 $level = 0; 643 if ( is_taxonomy_hierarchical($taxonomy) ) { 644 $level = count( get_ancestors( $tag->term_id, $taxonomy ) ); 645 ob_start(); 646 $wp_list_table->single_row( $tag, $level ); 647 $noparents = ob_get_clean(); 648 } 649 650 ob_start(); 651 $wp_list_table->single_row( $tag ); 652 $parents = ob_get_clean(); 653 654 $x->add( array( 655 'what' => 'taxonomy', 656 'supplemental' => compact('parents', 'noparents') 657 ) ); 658 $x->add( array( 659 'what' => 'term', 660 'position' => $level, 661 'supplemental' => (array) $tag 662 ) ); 663 $x->send(); 664 } 665 666 function wp_ajax_get_tagcloud() { 667 if ( isset( $_POST['tax'] ) ) { 668 $taxonomy = sanitize_key( $_POST['tax'] ); 669 $tax = get_taxonomy( $taxonomy ); 670 if ( ! $tax ) 671 wp_die( 0 ); 672 if ( ! current_user_can( $tax->cap->assign_terms ) ) 673 wp_die( -1 ); 674 } else { 675 wp_die( 0 ); 676 } 677 678 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) ); 679 680 if ( empty( $tags ) ) 681 wp_die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') ); 682 683 if ( is_wp_error( $tags ) ) 684 wp_die( $tags->get_error_message() ); 685 686 foreach ( $tags as $key => $tag ) { 687 $tags[ $key ]->link = '#'; 688 $tags[ $key ]->id = $tag->term_id; 689 } 690 691 // We need raw tag names here, so don't filter the output 692 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) ); 693 694 if ( empty($return) ) 695 wp_die( 0 ); 696 697 echo $return; 698 699 wp_die(); 700 } 701 702 function wp_ajax_get_comments( $action ) { 703 global $wp_list_table, $post_id; 704 if ( empty( $action ) ) 705 $action = 'get-comments'; 706 707 check_ajax_referer( $action ); 708 709 set_current_screen( 'edit-comments' ); 710 711 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 712 713 if ( !current_user_can( 'edit_post', $post_id ) ) 714 wp_die( -1 ); 715 716 $wp_list_table->prepare_items(); 717 718 if ( !$wp_list_table->has_items() ) 719 wp_die( 1 ); 720 721 $x = new WP_Ajax_Response(); 722 ob_start(); 723 foreach ( $wp_list_table->items as $comment ) { 724 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) 725 continue; 726 get_comment( $comment ); 727 $wp_list_table->single_row( $comment ); 728 } 729 $comment_list_item = ob_get_contents(); 730 ob_end_clean(); 731 732 $x->add( array( 733 'what' => 'comments', 734 'data' => $comment_list_item 735 ) ); 736 $x->send(); 737 } 738 739 function wp_ajax_replyto_comment( $action ) { 740 global $wp_list_table, $wpdb; 741 if ( empty( $action ) ) 742 $action = 'replyto-comment'; 743 744 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' ); 745 746 set_current_screen( 'edit-comments' ); 747 748 $comment_post_ID = (int) $_POST['comment_post_ID']; 749 if ( !current_user_can( 'edit_post', $comment_post_ID ) ) 750 wp_die( -1 ); 751 752 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) ); 753 754 if ( empty($status) ) 755 wp_die( 1 ); 756 elseif ( in_array($status, array('draft', 'pending', 'trash') ) ) 757 wp_die( __('ERROR: you are replying to a comment on a draft post.') ); 758 759 $user = wp_get_current_user(); 760 if ( $user->exists() ) { 761 $user_ID = $user->ID; 762 $comment_author = $wpdb->escape($user->display_name); 763 $comment_author_email = $wpdb->escape($user->user_email); 764 $comment_author_url = $wpdb->escape($user->user_url); 765 $comment_content = trim($_POST['content']); 766 if ( current_user_can( 'unfiltered_html' ) ) { 767 if ( wp_create_nonce( 'unfiltered-html-comment' ) != $_POST['_wp_unfiltered_html_comment'] ) { 768 kses_remove_filters(); // start with a clean slate 769 kses_init_filters(); // set up the filters 770 } 771 } 772 } else { 773 wp_die( __( 'Sorry, you must be logged in to reply to a comment.' ) ); 774 } 775 776 if ( '' == $comment_content ) 777 wp_die( __( 'ERROR: please type a comment.' ) ); 778 779 $comment_parent = absint($_POST['comment_ID']); 780 $comment_auto_approved = false; 781 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID'); 782 783 $comment_id = wp_new_comment( $commentdata ); 784 $comment = get_comment($comment_id); 785 if ( ! $comment ) wp_die( 1 ); 786 787 $position = ( isset($_POST['position']) && (int) $_POST['position'] ) ? (int) $_POST['position'] : '-1'; 788 789 // automatically approve parent comment 790 if ( !empty($_POST['approve_parent']) ) { 791 $parent = get_comment( $comment_parent ); 792 793 if ( $parent && $parent->comment_approved === '0' && $parent->comment_post_ID == $comment_post_ID ) { 794 if ( wp_set_comment_status( $parent->comment_ID, 'approve' ) ) 795 $comment_auto_approved = true; 796 } 797 } 798 799 ob_start(); 800 if ( 'dashboard' == $_REQUEST['mode'] ) { 801 require_once ( ABSPATH . 'wp-admin/includes/dashboard.php' ); 802 _wp_dashboard_recent_comments_row( $comment ); 803 } else { 804 if ( 'single' == $_REQUEST['mode'] ) { 805 $wp_list_table = _get_list_table('WP_Post_Comments_List_Table'); 806 } else { 807 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 808 } 809 $wp_list_table->single_row( $comment ); 810 } 811 $comment_list_item = ob_get_contents(); 812 ob_end_clean(); 813 814 $response = array( 815 'what' => 'comment', 816 'id' => $comment->comment_ID, 817 'data' => $comment_list_item, 818 'position' => $position 819 ); 820 821 if ( $comment_auto_approved ) 822 $response['supplemental'] = array( 'parent_approved' => $parent->comment_ID ); 823 824 $x = new WP_Ajax_Response(); 825 $x->add( $response ); 826 $x->send(); 827 } 828 829 function wp_ajax_edit_comment() { 830 global $wp_list_table; 831 832 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' ); 833 834 set_current_screen( 'edit-comments' ); 835 836 $comment_id = (int) $_POST['comment_ID']; 837 if ( ! current_user_can( 'edit_comment', $comment_id ) ) 838 wp_die( -1 ); 839 840 if ( '' == $_POST['content'] ) 841 wp_die( __( 'ERROR: please type a comment.' ) ); 842 843 $_POST['comment_status'] = $_POST['status']; 844 edit_comment(); 845 846 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1'; 847 $comments_status = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : ''; 848 849 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0; 850 $wp_list_table = _get_list_table( $checkbox ? 'WP_Comments_List_Table' : 'WP_Post_Comments_List_Table' ); 851 852 $comment = get_comment( $comment_id ); 853 854 ob_start(); 855 $wp_list_table->single_row( $comment ); 856 $comment_list_item = ob_get_contents(); 857 ob_end_clean(); 858 859 $x = new WP_Ajax_Response(); 860 861 $x->add( array( 862 'what' => 'edit_comment', 863 'id' => $comment->comment_ID, 864 'data' => $comment_list_item, 865 'position' => $position 866 )); 867 868 $x->send(); 869 } 870 871 function wp_ajax_add_menu_item() { 872 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 873 874 if ( ! current_user_can( 'edit_theme_options' ) ) 875 wp_die( -1 ); 876 877 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 878 879 // For performance reasons, we omit some object properties from the checklist. 880 // The following is a hacky way to restore them when adding non-custom items. 881 882 $menu_items_data = array(); 883 foreach ( (array) $_POST['menu-item'] as $menu_item_data ) { 884 if ( 885 ! empty( $menu_item_data['menu-item-type'] ) && 886 'custom' != $menu_item_data['menu-item-type'] && 887 ! empty( $menu_item_data['menu-item-object-id'] ) 888 ) { 889 switch( $menu_item_data['menu-item-type'] ) { 890 case 'post_type' : 891 $_object = get_post( $menu_item_data['menu-item-object-id'] ); 892 break; 893 894 case 'taxonomy' : 895 $_object = get_term( $menu_item_data['menu-item-object-id'], $menu_item_data['menu-item-object'] ); 896 break; 897 } 898 899 $_menu_items = array_map( 'wp_setup_nav_menu_item', array( $_object ) ); 900 $_menu_item = array_shift( $_menu_items ); 901 902 // Restore the missing menu item properties 903 $menu_item_data['menu-item-description'] = $_menu_item->description; 904 } 905 906 $menu_items_data[] = $menu_item_data; 907 } 908 909 $item_ids = wp_save_nav_menu_items( 0, $menu_items_data ); 910 if ( is_wp_error( $item_ids ) ) 911 wp_die( 0 ); 912 913 $menu_items = array(); 914 915 foreach ( (array) $item_ids as $menu_item_id ) { 916 $menu_obj = get_post( $menu_item_id ); 917 if ( ! empty( $menu_obj->ID ) ) { 918 $menu_obj = wp_setup_nav_menu_item( $menu_obj ); 919 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items 920 $menu_items[] = $menu_obj; 921 } 922 } 923 924 $walker_class_name = apply_filters( 'wp_edit_nav_menu_walker', 'Walker_Nav_Menu_Edit', $_POST['menu'] ); 925 926 if ( ! class_exists( $walker_class_name ) ) 927 wp_die( 0 ); 928 929 if ( ! empty( $menu_items ) ) { 930 $args = array( 931 'after' => '', 932 'before' => '', 933 'link_after' => '', 934 'link_before' => '', 935 'walker' => new $walker_class_name, 936 ); 937 echo walk_nav_menu_tree( $menu_items, 0, (object) $args ); 938 } 939 } 940 941 function wp_ajax_add_meta() { 942 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' ); 943 $c = 0; 944 $pid = (int) $_POST['post_id']; 945 $post = get_post( $pid ); 946 947 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) { 948 if ( !current_user_can( 'edit_post', $pid ) ) 949 wp_die( -1 ); 950 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) ) 951 wp_die( 1 ); 952 if ( $post->post_status == 'auto-draft' ) { 953 $save_POST = $_POST; // Backup $_POST 954 $_POST = array(); // Make it empty for edit_post() 955 $_POST['action'] = 'draft'; // Warning fix 956 $_POST['post_ID'] = $pid; 957 $_POST['post_type'] = $post->post_type; 958 $_POST['post_status'] = 'draft'; 959 $now = current_time('timestamp', 1); 960 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now)); 961 962 if ( $pid = edit_post() ) { 963 if ( is_wp_error( $pid ) ) { 964 $x = new WP_Ajax_Response( array( 965 'what' => 'meta', 966 'data' => $pid 967 ) ); 968 $x->send(); 969 } 970 $_POST = $save_POST; // Now we can restore original $_POST again 971 if ( !$mid = add_meta( $pid ) ) 972 wp_die( __( 'Please provide a custom field value.' ) ); 973 } else { 974 wp_die( 0 ); 975 } 976 } else if ( !$mid = add_meta( $pid ) ) { 977 wp_die( __( 'Please provide a custom field value.' ) ); 978 } 979 980 $meta = get_metadata_by_mid( 'post', $mid ); 981 $pid = (int) $meta->post_id; 982 $meta = get_object_vars( $meta ); 983 $x = new WP_Ajax_Response( array( 984 'what' => 'meta', 985 'id' => $mid, 986 'data' => _list_meta_row( $meta, $c ), 987 'position' => 1, 988 'supplemental' => array('postid' => $pid) 989 ) ); 990 } else { // Update? 991 $mid = (int) key( $_POST['meta'] ); 992 $key = stripslashes( $_POST['meta'][$mid]['key'] ); 993 $value = stripslashes( $_POST['meta'][$mid]['value'] ); 994 if ( '' == trim($key) ) 995 wp_die( __( 'Please provide a custom field name.' ) ); 996 if ( '' == trim($value) ) 997 wp_die( __( 'Please provide a custom field value.' ) ); 998 if ( ! $meta = get_metadata_by_mid( 'post', $mid ) ) 999 wp_die( 0 ); // if meta doesn't exist 1000 if ( is_protected_meta( $meta->meta_key, 'post' ) || is_protected_meta( $key, 'post' ) || 1001 ! current_user_can( 'edit_post_meta', $meta->post_id, $meta->meta_key ) || 1002 ! current_user_can( 'edit_post_meta', $meta->post_id, $key ) ) 1003 wp_die( -1 ); 1004 if ( $meta->meta_value != $value || $meta->meta_key != $key ) { 1005 if ( !$u = update_metadata_by_mid( 'post', $mid, $value, $key ) ) 1006 wp_die( 0 ); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems). 1007 } 1008 1009 $x = new WP_Ajax_Response( array( 1010 'what' => 'meta', 1011 'id' => $mid, 'old_id' => $mid, 1012 'data' => _list_meta_row( array( 1013 'meta_key' => $key, 1014 'meta_value' => $value, 1015 'meta_id' => $mid 1016 ), $c ), 1017 'position' => 0, 1018 'supplemental' => array('postid' => $meta->post_id) 1019 ) ); 1020 } 1021 $x->send(); 1022 } 1023 1024 function wp_ajax_add_user( $action ) { 1025 global $wp_list_table; 1026 if ( empty( $action ) ) 1027 $action = 'add-user'; 1028 1029 check_ajax_referer( $action ); 1030 if ( ! current_user_can('create_users') ) 1031 wp_die( -1 ); 1032 if ( ! $user_id = edit_user() ) { 1033 wp_die( 0 ); 1034 } elseif ( is_wp_error( $user_id ) ) { 1035 $x = new WP_Ajax_Response( array( 1036 'what' => 'user', 1037 'id' => $user_id 1038 ) ); 1039 $x->send(); 1040 } 1041 $user_object = new WP_User( $user_id ); 1042 1043 $wp_list_table = _get_list_table('WP_Users_List_Table'); 1044 1045 $x = new WP_Ajax_Response( array( 1046 'what' => 'user', 1047 'id' => $user_id, 1048 'data' => $wp_list_table->single_row( $user_object, '', $user_object->roles[0] ), 1049 'supplemental' => array( 1050 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login), 1051 'role' => $user_object->roles[0] 1052 ) 1053 ) ); 1054 $x->send(); 1055 } 1056 1057 function wp_ajax_autosave() { 1058 global $login_grace_period; 1059 1060 define( 'DOING_AUTOSAVE', true ); 1061 1062 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' ); 1063 1064 $_POST['post_category'] = explode(",", $_POST['catslist']); 1065 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) ) 1066 unset($_POST['post_category']); 1067 1068 $do_autosave = (bool) $_POST['autosave']; 1069 $do_lock = true; 1070 1071 $data = $alert = ''; 1072 /* translators: draft saved date format, see http://php.net/date */ 1073 $draft_saved_date_format = __('g:i:s a'); 1074 /* translators: %s: date and time */ 1075 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) ); 1076 1077 $supplemental = array(); 1078 if ( isset($login_grace_period) ) 1079 $alert .= sprintf( __('Your login has expired. Please open a new browser window and <a href="%s" target="_blank">log in again</a>. '), add_query_arg( 'interim-login', 1, wp_login_url() ) ); 1080 1081 $id = $revision_id = 0; 1082 1083 $post_ID = (int) $_POST['post_ID']; 1084 $_POST['ID'] = $post_ID; 1085 $post = get_post($post_ID); 1086 if ( 'auto-draft' == $post->post_status ) 1087 $_POST['post_status'] = 'draft'; 1088 1089 if ( $last = wp_check_post_lock( $post->ID ) ) { 1090 $do_autosave = $do_lock = false; 1091 1092 $last_user = get_userdata( $last ); 1093 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1094 $data = __( 'Autosave disabled.' ); 1095 1096 $supplemental['disable_autosave'] = 'disable'; 1097 $alert .= sprintf( __( '%s is currently editing this article. If you update it, you will overwrite the changes.' ), esc_html( $last_user_name ) ); 1098 } 1099 1100 if ( 'page' == $post->post_type ) { 1101 if ( !current_user_can('edit_page', $post_ID) ) 1102 wp_die( __( 'You are not allowed to edit this page.' ) ); 1103 } else { 1104 if ( !current_user_can('edit_post', $post_ID) ) 1105 wp_die( __( 'You are not allowed to edit this post.' ) ); 1106 } 1107 1108 if ( $do_autosave ) { 1109 // Drafts and auto-drafts are just overwritten by autosave 1110 if ( 'auto-draft' == $post->post_status || 'draft' == $post->post_status ) { 1111 $id = edit_post(); 1112 } else { // Non drafts are not overwritten. The autosave is stored in a special post revision. 1113 $revision_id = wp_create_post_autosave( $post->ID ); 1114 if ( is_wp_error($revision_id) ) 1115 $id = $revision_id; 1116 else 1117 $id = $post->ID; 1118 } 1119 $data = $message; 1120 } else { 1121 if ( ! empty( $_POST['auto_draft'] ) ) 1122 $id = 0; // This tells us it didn't actually save 1123 else 1124 $id = $post->ID; 1125 } 1126 1127 if ( $do_lock && empty( $_POST['auto_draft'] ) && $id && is_numeric( $id ) ) { 1128 $lock_result = wp_set_post_lock( $id ); 1129 $supplemental['active-post-lock'] = implode( ':', $lock_result ); 1130 } 1131 1132 if ( $nonce_age == 2 ) { 1133 $supplemental['replace-autosavenonce'] = wp_create_nonce('autosave'); 1134 $supplemental['replace-getpermalinknonce'] = wp_create_nonce('getpermalink'); 1135 $supplemental['replace-samplepermalinknonce'] = wp_create_nonce('samplepermalink'); 1136 $supplemental['replace-closedpostboxesnonce'] = wp_create_nonce('closedpostboxes'); 1137 $supplemental['replace-_ajax_linking_nonce'] = wp_create_nonce( 'internal-linking' ); 1138 if ( $id ) { 1139 if ( $_POST['post_type'] == 'post' ) 1140 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-post_' . $id); 1141 elseif ( $_POST['post_type'] == 'page' ) 1142 $supplemental['replace-_wpnonce'] = wp_create_nonce('update-page_' . $id); 1143 } 1144 } 1145 1146 if ( ! empty($alert) ) 1147 $supplemental['alert'] = $alert; 1148 1149 $x = new WP_Ajax_Response( array( 1150 'what' => 'autosave', 1151 'id' => $id, 1152 'data' => $id ? $data : '', 1153 'supplemental' => $supplemental 1154 ) ); 1155 $x->send(); 1156 } 1157 1158 function wp_ajax_closed_postboxes() { 1159 check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' ); 1160 $closed = isset( $_POST['closed'] ) ? explode( ',', $_POST['closed']) : array(); 1161 $closed = array_filter($closed); 1162 1163 $hidden = isset( $_POST['hidden'] ) ? explode( ',', $_POST['hidden']) : array(); 1164 $hidden = array_filter($hidden); 1165 1166 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1167 1168 if ( $page != sanitize_key( $page ) ) 1169 wp_die( 0 ); 1170 1171 if ( ! $user = wp_get_current_user() ) 1172 wp_die( -1 ); 1173 1174 if ( is_array($closed) ) 1175 update_user_option($user->ID, "closedpostboxes_$page", $closed, true); 1176 1177 if ( is_array($hidden) ) { 1178 $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv', 'manage-menu', 'create-menu') ); // postboxes that are always shown 1179 update_user_option($user->ID, "metaboxhidden_$page", $hidden, true); 1180 } 1181 1182 wp_die( 1 ); 1183 } 1184 1185 function wp_ajax_hidden_columns() { 1186 check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' ); 1187 $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : ''; 1188 $hidden = explode( ',', $_POST['hidden'] ); 1189 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1190 1191 if ( $page != sanitize_key( $page ) ) 1192 wp_die( 0 ); 1193 1194 if ( ! $user = wp_get_current_user() ) 1195 wp_die( -1 ); 1196 1197 if ( is_array($hidden) ) 1198 update_user_option($user->ID, "manage{$page}columnshidden", $hidden, true); 1199 1200 wp_die( 1 ); 1201 } 1202 1203 function wp_ajax_update_welcome_panel() { 1204 check_ajax_referer( 'welcome-panel-nonce', 'welcomepanelnonce' ); 1205 1206 if ( ! current_user_can( 'edit_theme_options' ) ) 1207 wp_die( -1 ); 1208 1209 update_user_meta( get_current_user_id(), 'show_welcome_panel', empty( $_POST['visible'] ) ? 0 : 1 ); 1210 1211 wp_die( 1 ); 1212 } 1213 1214 function wp_ajax_menu_get_metabox() { 1215 if ( ! current_user_can( 'edit_theme_options' ) ) 1216 wp_die( -1 ); 1217 1218 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1219 1220 if ( isset( $_POST['item-type'] ) && 'post_type' == $_POST['item-type'] ) { 1221 $type = 'posttype'; 1222 $callback = 'wp_nav_menu_item_post_type_meta_box'; 1223 $items = (array) get_post_types( array( 'show_in_nav_menus' => true ), 'object' ); 1224 } elseif ( isset( $_POST['item-type'] ) && 'taxonomy' == $_POST['item-type'] ) { 1225 $type = 'taxonomy'; 1226 $callback = 'wp_nav_menu_item_taxonomy_meta_box'; 1227 $items = (array) get_taxonomies( array( 'show_ui' => true ), 'object' ); 1228 } 1229 1230 if ( ! empty( $_POST['item-object'] ) && isset( $items[$_POST['item-object']] ) ) { 1231 $item = apply_filters( 'nav_menu_meta_box_object', $items[ $_POST['item-object'] ] ); 1232 ob_start(); 1233 call_user_func_array($callback, array( 1234 null, 1235 array( 1236 'id' => 'add-' . $item->name, 1237 'title' => $item->labels->name, 1238 'callback' => $callback, 1239 'args' => $item, 1240 ) 1241 )); 1242 1243 $markup = ob_get_clean(); 1244 1245 echo json_encode(array( 1246 'replace-id' => $type . '-' . $item->name, 1247 'markup' => $markup, 1248 )); 1249 } 1250 1251 wp_die(); 1252 } 1253 1254 function wp_ajax_wp_link_ajax() { 1255 check_ajax_referer( 'internal-linking', '_ajax_linking_nonce' ); 1256 1257 $args = array(); 1258 1259 if ( isset( $_POST['search'] ) ) 1260 $args['s'] = stripslashes( $_POST['search'] ); 1261 $args['pagenum'] = ! empty( $_POST['page'] ) ? absint( $_POST['page'] ) : 1; 1262 1263 require(ABSPATH . WPINC . '/class-wp-editor.php'); 1264 $results = _WP_Editors::wp_link_query( $args ); 1265 1266 if ( ! isset( $results ) ) 1267 wp_die( 0 ); 1268 1269 echo json_encode( $results ); 1270 echo "\n"; 1271 1272 wp_die(); 1273 } 1274 1275 function wp_ajax_menu_locations_save() { 1276 if ( ! current_user_can( 'edit_theme_options' ) ) 1277 wp_die( -1 ); 1278 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' ); 1279 if ( ! isset( $_POST['menu-locations'] ) ) 1280 wp_die( 0 ); 1281 set_theme_mod( 'nav_menu_locations', array_map( 'absint', $_POST['menu-locations'] ) ); 1282 wp_die( 1 ); 1283 } 1284 1285 function wp_ajax_meta_box_order() { 1286 check_ajax_referer( 'meta-box-order' ); 1287 $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false; 1288 $page_columns = isset( $_POST['page_columns'] ) ? $_POST['page_columns'] : 'auto'; 1289 1290 if ( $page_columns != 'auto' ) 1291 $page_columns = (int) $page_columns; 1292 1293 $page = isset( $_POST['page'] ) ? $_POST['page'] : ''; 1294 1295 if ( $page != sanitize_key( $page ) ) 1296 wp_die( 0 ); 1297 1298 if ( ! $user = wp_get_current_user() ) 1299 wp_die( -1 ); 1300 1301 if ( $order ) 1302 update_user_option($user->ID, "meta-box-order_$page", $order, true); 1303 1304 if ( $page_columns ) 1305 update_user_option($user->ID, "screen_layout_$page", $page_columns, true); 1306 1307 wp_die( 1 ); 1308 } 1309 1310 function wp_ajax_menu_quick_search() { 1311 if ( ! current_user_can( 'edit_theme_options' ) ) 1312 wp_die( -1 ); 1313 1314 require_once ABSPATH . 'wp-admin/includes/nav-menu.php'; 1315 1316 _wp_ajax_menu_quick_search( $_POST ); 1317 1318 wp_die(); 1319 } 1320 1321 function wp_ajax_get_permalink() { 1322 check_ajax_referer( 'getpermalink', 'getpermalinknonce' ); 1323 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1324 wp_die( add_query_arg( array( 'preview' => 'true' ), get_permalink( $post_id ) ) ); 1325 } 1326 1327 function wp_ajax_sample_permalink() { 1328 check_ajax_referer( 'samplepermalink', 'samplepermalinknonce' ); 1329 $post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0; 1330 $title = isset($_POST['new_title'])? $_POST['new_title'] : ''; 1331 $slug = isset($_POST['new_slug'])? $_POST['new_slug'] : null; 1332 wp_die( get_sample_permalink_html( $post_id, $title, $slug ) ); 1333 } 1334 1335 function wp_ajax_inline_save() { 1336 global $wp_list_table; 1337 1338 check_ajax_referer( 'inlineeditnonce', '_inline_edit' ); 1339 1340 if ( ! isset($_POST['post_ID']) || ! ( $post_ID = (int) $_POST['post_ID'] ) ) 1341 wp_die(); 1342 1343 if ( 'page' == $_POST['post_type'] ) { 1344 if ( ! current_user_can( 'edit_page', $post_ID ) ) 1345 wp_die( __( 'You are not allowed to edit this page.' ) ); 1346 } else { 1347 if ( ! current_user_can( 'edit_post', $post_ID ) ) 1348 wp_die( __( 'You are not allowed to edit this post.' ) ); 1349 } 1350 1351 set_current_screen( $_POST['screen'] ); 1352 1353 if ( $last = wp_check_post_lock( $post_ID ) ) { 1354 $last_user = get_userdata( $last ); 1355 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' ); 1356 printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) ); 1357 wp_die(); 1358 } 1359 1360 $data = &$_POST; 1361 1362 $post = get_post( $post_ID, ARRAY_A ); 1363 $post = add_magic_quotes($post); //since it is from db 1364 1365 $data['content'] = $post['post_content']; 1366 $data['excerpt'] = $post['post_excerpt']; 1367 1368 // rename 1369 $data['user_ID'] = $GLOBALS['user_ID']; 1370 1371 if ( isset($data['post_parent']) ) 1372 $data['parent_id'] = $data['post_parent']; 1373 1374 // status 1375 if ( isset($data['keep_private']) && 'private' == $data['keep_private'] ) 1376 $data['post_status'] = 'private'; 1377 else 1378 $data['post_status'] = $data['_status']; 1379 1380 if ( empty($data['comment_status']) ) 1381 $data['comment_status'] = 'closed'; 1382 if ( empty($data['ping_status']) ) 1383 $data['ping_status'] = 'closed'; 1384 1385 // update the post 1386 edit_post(); 1387 1388 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 1389 1390 $mode = $_POST['post_view']; 1391 $wp_list_table->display_rows( array( get_post( $_POST['post_ID'] ) ) ); 1392 1393 wp_die(); 1394 } 1395 1396 function wp_ajax_inline_save_tax() { 1397 global $wp_list_table; 1398 1399 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1400 1401 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1402 $tax = get_taxonomy( $taxonomy ); 1403 if ( ! $tax ) 1404 wp_die( 0 ); 1405 1406 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1407 wp_die( -1 ); 1408 1409 set_current_screen( 'edit-' . $taxonomy ); 1410 1411 $wp_list_table = _get_list_table('WP_Terms_List_Table'); 1412 1413 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1414 wp_die( -1 ); 1415 1416 $tag = get_term( $id, $taxonomy ); 1417 $_POST['description'] = $tag->description; 1418 1419 $updated = wp_update_term($id, $taxonomy, $_POST); 1420 if ( $updated && !is_wp_error($updated) ) { 1421 $tag = get_term( $updated['term_id'], $taxonomy ); 1422 if ( !$tag || is_wp_error( $tag ) ) { 1423 if ( is_wp_error($tag) && $tag->get_error_message() ) 1424 wp_die( $tag->get_error_message() ); 1425 wp_die( __( 'Item not updated.' ) ); 1426 } 1427 1428 echo $wp_list_table->single_row( $tag ); 1429 } else { 1430 if ( is_wp_error($updated) && $updated->get_error_message() ) 1431 wp_die( $updated->get_error_message() ); 1432 wp_die( __( 'Item not updated.' ) ); 1433 } 1434 1435 wp_die(); 1436 } 1437 1438 function wp_ajax_find_posts() { 1439 global $wpdb; 1440 1441 check_ajax_referer( 'find-posts' ); 1442 1443 if ( empty($_POST['ps']) ) 1444 wp_die(); 1445 1446 if ( !empty($_POST['post_type']) && in_array( $_POST['post_type'], get_post_types() ) ) 1447 $what = $_POST['post_type']; 1448 else 1449 $what = 'post'; 1450 1451 $s = stripslashes($_POST['ps']); 1452 preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches); 1453 $search_terms = array_map('_search_terms_tidy', $matches[0]); 1454 1455 $searchand = $search = ''; 1456 foreach ( (array) $search_terms as $term ) { 1457 $term = esc_sql( like_escape( $term ) ); 1458 $search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))"; 1459 $searchand = ' AND '; 1460 } 1461 $term = esc_sql( like_escape( $s ) ); 1462 if ( count($search_terms) > 1 && $search_terms[0] != $s ) 1463 $search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')"; 1464 1465 $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" ); 1466 1467 if ( ! $posts ) { 1468 $posttype = get_post_type_object($what); 1469 wp_die( $posttype->labels->not_found ); 1470 } 1471 1472 $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>'; 1473 foreach ( $posts as $post ) { 1474 1475 switch ( $post->post_status ) { 1476 case 'publish' : 1477 case 'private' : 1478 $stat = __('Published'); 1479 break; 1480 case 'future' : 1481 $stat = __('Scheduled'); 1482 break; 1483 case 'pending' : 1484 $stat = __('Pending Review'); 1485 break; 1486 case 'draft' : 1487 $stat = __('Draft'); 1488 break; 1489 } 1490 1491 if ( '0000-00-00 00:00:00' == $post->post_date ) { 1492 $time = ''; 1493 } else { 1494 /* translators: date format in table columns, see http://php.net/date */ 1495 $time = mysql2date(__('Y/m/d'), $post->post_date); 1496 } 1497 1498 $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>'; 1499 $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n"; 1500 } 1501 $html .= '</tbody></table>'; 1502 1503 $x = new WP_Ajax_Response(); 1504 $x->add( array( 1505 'what' => $what, 1506 'data' => $html 1507 )); 1508 $x->send(); 1509 1510 } 1511 1512 function wp_ajax_widgets_order() { 1513 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1514 1515 if ( !current_user_can('edit_theme_options') ) 1516 wp_die( -1 ); 1517 1518 unset( $_POST['savewidgets'], $_POST['action'] ); 1519 1520 // save widgets order for all sidebars 1521 if ( is_array($_POST['sidebars']) ) { 1522 $sidebars = array(); 1523 foreach ( $_POST['sidebars'] as $key => $val ) { 1524 $sb = array(); 1525 if ( !empty($val) ) { 1526 $val = explode(',', $val); 1527 foreach ( $val as $k => $v ) { 1528 if ( strpos($v, 'widget-') === false ) 1529 continue; 1530 1531 $sb[$k] = substr($v, strpos($v, '_') + 1); 1532 } 1533 } 1534 $sidebars[$key] = $sb; 1535 } 1536 wp_set_sidebars_widgets($sidebars); 1537 wp_die( 1 ); 1538 } 1539 1540 wp_die( -1 ); 1541 } 1542 1543 function wp_ajax_save_widget() { 1544 global $wp_registered_widgets, $wp_registered_widget_controls, $wp_registered_widget_updates; 1545 1546 check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' ); 1547 1548 if ( !current_user_can('edit_theme_options') || !isset($_POST['id_base']) ) 1549 wp_die( -1 ); 1550 1551 unset( $_POST['savewidgets'], $_POST['action'] ); 1552 1553 do_action('load-widgets.php'); 1554 do_action('widgets.php'); 1555 do_action('sidebar_admin_setup'); 1556 1557 $id_base = $_POST['id_base']; 1558 $widget_id = $_POST['widget-id']; 1559 $sidebar_id = $_POST['sidebar']; 1560 $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0; 1561 $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false; 1562 $error = '<p>' . __('An error has occurred. Please reload the page and try again.') . '</p>'; 1563 1564 $sidebars = wp_get_sidebars_widgets(); 1565 $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array(); 1566 1567 // delete 1568 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1569 1570 if ( !isset($wp_registered_widgets[$widget_id]) ) 1571 wp_die( $error ); 1572 1573 $sidebar = array_diff( $sidebar, array($widget_id) ); 1574 $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1'); 1575 } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) { 1576 if ( !$multi_number ) 1577 wp_die( $error ); 1578 1579 $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) ); 1580 $widget_id = $id_base . '-' . $multi_number; 1581 $sidebar[] = $widget_id; 1582 } 1583 $_POST['widget-id'] = $sidebar; 1584 1585 foreach ( (array) $wp_registered_widget_updates as $name => $control ) { 1586 1587 if ( $name == $id_base ) { 1588 if ( !is_callable( $control['callback'] ) ) 1589 continue; 1590 1591 ob_start(); 1592 call_user_func_array( $control['callback'], $control['params'] ); 1593 ob_end_clean(); 1594 break; 1595 } 1596 } 1597 1598 if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) { 1599 $sidebars[$sidebar_id] = $sidebar; 1600 wp_set_sidebars_widgets($sidebars); 1601 echo "deleted:$widget_id"; 1602 wp_die(); 1603 } 1604 1605 if ( !empty($_POST['add_new']) ) 1606 wp_die(); 1607 1608 if ( $form = $wp_registered_widget_controls[$widget_id] ) 1609 call_user_func_array( $form['callback'], $form['params'] ); 1610 1611 wp_die(); 1612 } 1613 1614 function wp_ajax_upload_attachment() { 1615 check_ajax_referer( 'media-form' ); 1616 1617 if ( ! current_user_can( 'upload_files' ) ) 1618 wp_die( -1 ); 1619 1620 if ( isset( $_REQUEST['post_id'] ) ) { 1621 $post_id = $_REQUEST['post_id']; 1622 if ( ! current_user_can( 'edit_post', $post_id ) ) 1623 wp_die( -1 ); 1624 } else { 1625 $post_id = null; 1626 } 1627 1628 $post_data = isset( $_REQUEST['post_data'] ) ? $_REQUEST['post_data'] : array(); 1629 1630 $attachment_id = media_handle_upload( 'async-upload', $post_id, $post_data ); 1631 1632 if ( is_wp_error( $attachment_id ) ) { 1633 echo json_encode( array( 1634 'type' => 'error', 1635 'data' => array( 1636 'message' => $attachment_id->get_error_message(), 1637 'filename' => $_FILES['async-upload']['name'], 1638 ), 1639 ) ); 1640 wp_die(); 1641 } 1642 1643 $post = get_post( $attachment_id ); 1644 1645 echo json_encode( array( 1646 'type' => 'success', 1647 'data' => array( 1648 'id' => $attachment_id, 1649 'title' => esc_attr( $post->post_title ), 1650 'filename' => esc_html( basename( $post->guid ) ), 1651 'url' => wp_get_attachment_url( $attachment_id ), 1652 'meta' => wp_get_attachment_metadata( $attachment_id ), 1653 ), 1654 ) ); 1655 wp_die(); 1656 } 1657 1658 function wp_ajax_image_editor() { 1659 $attachment_id = intval($_POST['postid']); 1660 if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) ) 1661 wp_die( -1 ); 1662 1663 check_ajax_referer( "image_editor-$attachment_id" ); 1664 include_once ( ABSPATH . 'wp-admin/includes/image-edit.php' ); 1665 1666 $msg = false; 1667 switch ( $_POST['do'] ) { 1668 case 'save' : 1669 $msg = wp_save_image($attachment_id); 1670 $msg = json_encode($msg); 1671 wp_die( $msg ); 1672 break; 1673 case 'scale' : 1674 $msg = wp_save_image($attachment_id); 1675 break; 1676 case 'restore' : 1677 $msg = wp_restore_image($attachment_id); 1678 break; 1679 } 1680 1681 wp_image_editor($attachment_id, $msg); 1682 wp_die(); 1683 } 1684 1685 function wp_ajax_set_post_thumbnail() { 1686 $post_ID = intval( $_POST['post_id'] ); 1687 if ( !current_user_can( 'edit_post', $post_ID ) ) 1688 wp_die( -1 ); 1689 $thumbnail_id = intval( $_POST['thumbnail_id'] ); 1690 1691 check_ajax_referer( "set_post_thumbnail-$post_ID" ); 1692 1693 if ( $thumbnail_id == '-1' ) { 1694 if ( delete_post_thumbnail( $post_ID ) ) 1695 wp_die( _wp_post_thumbnail_html( null, $post_ID ) ); 1696 else 1697 wp_die( 0 ); 1698 } 1699 1700 if ( set_post_thumbnail( $post_ID, $thumbnail_id ) ) 1701 wp_die( _wp_post_thumbnail_html( $thumbnail_id, $post_ID ) ); 1702 wp_die( 0 ); 1703 } 1704 1705 function wp_ajax_date_format() { 1706 wp_die( date_i18n( sanitize_option( 'date_format', $_POST['date'] ) ) ); 1707 } 1708 1709 function wp_ajax_time_format() { 1710 wp_die( date_i18n( sanitize_option( 'time_format', $_POST['date'] ) ) ); 1711 } 1712 1713 function wp_ajax_wp_fullscreen_save_post() { 1714 $post_id = isset( $_POST['post_ID'] ) ? (int) $_POST['post_ID'] : 0; 1715 1716 $post = $post_type = null; 1717 1718 if ( $post_id ) 1719 $post = get_post( $post_id ); 1720 1721 if ( $post ) 1722 $post_type = $post->post_type; 1723 elseif ( isset( $_POST['post_type'] ) && post_type_exists( $_POST['post_type'] ) ) 1724 $post_type = $_POST['post_type']; 1725 1726 check_ajax_referer('update-' . $post_type . '_' . $post_id, '_wpnonce'); 1727 1728 $post_id = edit_post(); 1729 1730 if ( is_wp_error($post_id) ) { 1731 if ( $post_id->get_error_message() ) 1732 $message = $post_id->get_error_message(); 1733 else 1734 $message = __('Save failed'); 1735 1736 echo json_encode( array( 'message' => $message, 'last_edited' => '' ) ); 1737 wp_die(); 1738 } else { 1739 $message = __('Saved.'); 1740 } 1741 1742 if ( $post ) { 1743 $last_date = mysql2date( get_option('date_format'), $post->post_modified ); 1744 $last_time = mysql2date( get_option('time_format'), $post->post_modified ); 1745 } else { 1746 $last_date = date_i18n( get_option('date_format') ); 1747 $last_time = date_i18n( get_option('time_format') ); 1748 } 1749 1750 if ( $last_id = get_post_meta($post_id, '_edit_last', true) ) { 1751 $last_user = get_userdata($last_id); 1752 $last_edited = sprintf( __('Last edited by %1$s on %2$s at %3$s'), esc_html( $last_user->display_name ), $last_date, $last_time ); 1753 } else { 1754 $last_edited = sprintf( __('Last edited on %1$s at %2$s'), $last_date, $last_time ); 1755 } 1756 1757 echo json_encode( array( 'message' => $message, 'last_edited' => $last_edited ) ); 1758 wp_die(); 1759 } 1760 1761 function wp_ajax_wp_remove_post_lock() { 1762 if ( empty( $_POST['post_ID'] ) || empty( $_POST['active_post_lock'] ) ) 1763 wp_die( 0 ); 1764 $post_id = (int) $_POST['post_ID']; 1765 if ( ! $post = get_post( $post_id ) ) 1766 wp_die( 0 ); 1767 1768 check_ajax_referer( 'update-' . $post->post_type . '_' . $post_id ); 1769 1770 if ( ! current_user_can( 'edit_post', $post_id ) ) 1771 wp_die( -1 ); 1772 1773 $active_lock = array_map( 'absint', explode( ':', $_POST['active_post_lock'] ) ); 1774 if ( $active_lock[1] != get_current_user_id() ) 1775 wp_die( 0 ); 1776 1777 $new_lock = ( time() - apply_filters( 'wp_check_post_lock_window', AUTOSAVE_INTERVAL * 2 ) + 5 ) . ':' . $active_lock[1]; 1778 update_post_meta( $post_id, '_edit_lock', $new_lock, implode( ':', $active_lock ) ); 1779 wp_die( 1 ); 1780 } 1781 1782 function wp_ajax_dismiss_wp_pointer() { 1783 $pointer = $_POST['pointer']; 1784 if ( $pointer != sanitize_key( $pointer ) ) 1785 wp_die( 0 ); 1786 1787 // check_ajax_referer( 'dismiss-pointer_' . $pointer ); 1788 1789 $dismissed = array_filter( explode( ',', (string) get_user_meta( get_current_user_id(), 'dismissed_wp_pointers', true ) ) ); 1790 1791 if ( in_array( $pointer, $dismissed ) ) 1792 wp_die( 0 ); 1793 1794 $dismissed[] = $pointer; 1795 $dismissed = implode( ',', $dismissed ); 1796 1797 update_user_meta( get_current_user_id(), 'dismissed_wp_pointers', $dismissed ); 1798 wp_die( 1 ); 1799 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Fri May 25 03:56:23 2012 | Hosted by follow the white rabbit. |