Browse files

upgrade to Wordpress 2.9.1

  • Loading branch information...
1 parent 2238b4a commit 1159b1559e510afe56934daace4b1756163152a1 Scott Bale committed Feb 14, 2010
Showing with 8,271 additions and 8,507 deletions.
  1. +3 −3 readme.html
  2. +529 −141 wp-admin/admin-ajax.php
  3. +19 −3 wp-admin/admin-footer.php
  4. +35 −39 wp-admin/admin-header.php
  5. +4 −3 wp-admin/admin-post.php
  6. +27 −6 wp-admin/admin.php
  7. +8 −3 wp-admin/async-upload.php
  8. +44 −48 wp-admin/categories.php
  9. +121 −92 wp-admin/comment.php
  10. +11 −11 wp-admin/css/colors-classic-rtl.css
  11. +1 −1,577 wp-admin/css/colors-classic.css
  12. +1,708 −0 wp-admin/css/colors-classic.dev.css
  13. +1 −1,577 wp-admin/css/colors-fresh.css
  14. +1,697 −0 wp-admin/css/colors-fresh.dev.css
  15. +1 −396 wp-admin/css/dashboard.css
  16. +394 −0 wp-admin/css/dashboard.dev.css
  17. +7 −7 wp-admin/css/farbtastic-rtl.css
  18. +17 −9 wp-admin/css/global-rtl.css
  19. +1 −455 wp-admin/css/global.css
  20. +486 −0 wp-admin/css/global.dev.css
  21. +5 −1 wp-admin/css/ie-rtl.css
  22. +135 −35 wp-admin/css/ie.css
  23. +1 −133 wp-admin/css/install.css
  24. +133 −0 wp-admin/css/install.dev.css
  25. +1 −107 wp-admin/css/login.css
  26. +129 −0 wp-admin/css/login.dev.css
  27. +1 −9 wp-admin/css/media-rtl.css
  28. +1 −426 wp-admin/css/media.css
  29. +384 −0 wp-admin/css/media.dev.css
  30. +1 −149 wp-admin/css/plugin-install.css
  31. +148 −0 wp-admin/css/plugin-install.dev.css
  32. +25 −3 wp-admin/css/press-this-rtl.css
  33. +1 −571 wp-admin/css/press-this.css
  34. +586 −0 wp-admin/css/press-this.dev.css
  35. +0 −9 wp-admin/css/theme-editor-rtl.css
  36. +1 −66 wp-admin/css/theme-editor.css
  37. +60 −0 wp-admin/css/theme-editor.dev.css
  38. +1 −0 wp-admin/css/theme-install.css
  39. +142 −0 wp-admin/css/theme-install.dev.css
  40. +1 −17 wp-admin/css/widgets-rtl.css
  41. +1 −177 wp-admin/css/widgets.css
  42. +370 −0 wp-admin/css/widgets.dev.css
  43. +38 −30 wp-admin/custom-header.php
  44. +39 −18 wp-admin/edit-attachment-rows.php
  45. +17 −10 wp-admin/edit-category-form.php
  46. +181 −108 wp-admin/edit-comments.php
  47. +104 −482 wp-admin/edit-form-advanced.php
  48. +26 −28 wp-admin/edit-form-comment.php
  49. +17 −30 wp-admin/edit-link-categories.php
  50. +17 −8 wp-admin/edit-link-category-form.php
  51. +13 −318 wp-admin/edit-link-form.php
  52. +76 −377 wp-admin/edit-page-form.php
  53. +145 −92 wp-admin/edit-pages.php
  54. +3 −1 wp-admin/edit-post-rows.php
  55. +19 −6 wp-admin/edit-tag-form.php
  56. +65 −46 wp-admin/edit-tags.php
  57. +156 −88 wp-admin/edit.php
  58. +6 −3 wp-admin/export.php
  59. +25 −291 wp-admin/gears-manifest.php
  60. BIN wp-admin/images/blue-grad.png
  61. BIN wp-admin/images/button-grad-active-vs.png
  62. BIN wp-admin/images/button-grad-vs.png
  63. BIN wp-admin/images/ed-bg-vs.gif
  64. BIN wp-admin/images/fav-arrow-vs.gif
  65. BIN wp-admin/images/fav-top-vs.gif
  66. BIN wp-admin/images/fav-vs.png
  67. BIN wp-admin/images/imgedit-icons.png
  68. BIN wp-admin/images/menu-bits-rtl-vs.gif
  69. BIN wp-admin/images/menu-bits-vs.gif
  70. BIN wp-admin/images/menu.png
  71. BIN wp-admin/images/visit-site-button-grad-vs.gif
  72. BIN wp-admin/images/visit-site-button-grad.gif
  73. BIN wp-admin/images/wp-logo-vs.gif
  74. BIN wp-admin/images/wpspin_dark.gif
  75. BIN wp-admin/images/wpspin_light.gif
  76. +5 −1 wp-admin/import.php
  77. +42 −26 wp-admin/import/blogger.php
  78. +8 −4 wp-admin/import/blogware.php
  79. +0 −130 wp-admin/import/btt.php
  80. +23 −140 wp-admin/import/dotclear.php
  81. +5 −5 wp-admin/import/greymatter.php
  82. +0 −192 wp-admin/import/jkw.php
Sorry, we could not display the entire diff because too many files (498) changed.
View
6 readme.html
@@ -8,7 +8,7 @@
<body>
<h1 id="logo" style="text-align: center">
<img alt="WordPress" src="wp-admin/images/wordpress-logo.png" />
- <br /> Version 2.7
+ <br /> Version 2.9.1
</h1>
<p style="text-align: center">Semantic Personal Publishing Platform</p>
@@ -29,7 +29,7 @@ <h1 id="logo" style="text-align: center">
<h1>Upgrading</h1>
<p>Before you upgrade anything, make sure you have backup copies of any files you may have modified such as <code>index.php</code>.</p>
-<h2>Upgrading from any previous WordPress to 2.7:</h2>
+<h2>Upgrading from any previous WordPress to 2.9.1:</h2>
<ol>
<li>Delete your old WP files, saving ones you've modified.</li>
<li>Upload the new files.</li>
@@ -57,7 +57,7 @@ <h1 id="logo" style="text-align: center">
<h1>System Recommendations</h1>
<ul>
<li>PHP version <strong>4.3</strong> or higher.</li>
- <li>MySQL version <strong>4.0</strong> or higher.</li>
+ <li>MySQL version <strong>4.1.2</strong> or higher.</li>
<li>... and a link to <a href="http://wordpress.org/">http://wordpress.org</a> on your site.</li>
</ul>
<p>WordPress is the official continuation of <a href="http://cafelog.com/">b2/caf&eacute;log</a>, which came from Michel V. The work has been continued by the <a href="http://wordpress.org/about/">WordPress developers</a>. If you would like to support WordPress, please consider <a href="http://wordpress.org/donate/">donating</a>.</p>
View
670 wp-admin/admin-ajax.php
@@ -16,6 +16,9 @@
require_once('../wp-load.php');
require_once('includes/admin.php');
+@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
+
+do_action('admin_init');
if ( ! is_user_logged_in() ) {
@@ -34,53 +37,205 @@
$x->send();
}
+ if ( !empty( $_REQUEST['action']) )
+ do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
+
die('-1');
}
if ( isset( $_GET['action'] ) ) :
switch ( $action = $_GET['action'] ) :
case 'ajax-tag-search' :
- if ( !current_user_can( 'manage_categories' ) )
+ if ( !current_user_can( 'edit_posts' ) )
die('-1');
$s = $_GET['q']; // is this slashed already?
+ if ( isset($_GET['tax']) )
+ $taxonomy = sanitize_title($_GET['tax']);
+ else
+ die('0');
+
if ( false !== strpos( $s, ',' ) ) {
$s = explode( ',', $s );
$s = $s[count( $s ) - 1];
}
$s = trim( $s );
if ( strlen( $s ) < 2 )
die; // require 2 chars for matching
- $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = 'post_tag' AND t.name LIKE ('%". $s . "%')" );
+
+ $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
+
echo join( $results, "\n" );
die;
break;
+case 'wp-compression-test' :
+ if ( !current_user_can( 'manage_options' ) )
+ die('-1');
+
+ if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
+ update_site_option('can_compress_scripts', 0);
+ die('0');
+ }
+
+ if ( isset($_GET['test']) ) {
+ header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
+ header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
+ header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
+ header( 'Pragma: no-cache' );
+ header('Content-Type: application/x-javascript; charset=UTF-8');
+ $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
+ $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
+
+ if ( 1 == $_GET['test'] ) {
+ echo $test_str;
+ die;
+ } elseif ( 2 == $_GET['test'] ) {
+ if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
+ die('-1');
+ if ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
+ header('Content-Encoding: deflate');
+ $out = gzdeflate( $test_str, 1 );
+ } elseif ( false !== strpos( strtolower($_SERVER['HTTP_ACCEPT_ENCODING']), 'gzip') && function_exists('gzencode') ) {
+ header('Content-Encoding: gzip');
+ $out = gzencode( $test_str, 1 );
+ } else {
+ die('-1');
+ }
+ echo $out;
+ die;
+ } elseif ( 'no' == $_GET['test'] ) {
+ update_site_option('can_compress_scripts', 0);
+ } elseif ( 'yes' == $_GET['test'] ) {
+ update_site_option('can_compress_scripts', 1);
+ }
+ }
+
+ die('0');
+ break;
+case 'imgedit-preview' :
+ $post_id = intval($_GET['postid']);
+ if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
+ die('-1');
+
+ check_ajax_referer( "image_editor-$post_id" );
+
+ include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
+ if ( !stream_preview_image($post_id) )
+ die('-1');
+
+ die();
+ break;
+case 'oembed-cache' :
+ $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
+ die( $return );
+ break;
default :
do_action( 'wp_ajax_' . $_GET['action'] );
die('0');
break;
endswitch;
endif;
+/**
+ * Sends back current comment total and new page links if they need to be updated.
+ *
+ * Contrary to normal success AJAX response ("1"), die with time() on success.
+ *
+ * @since 2.7
+ *
+ * @param int $comment_id
+ * @return die
+ */
+function _wp_ajax_delete_comment_response( $comment_id ) {
+ $total = (int) @$_POST['_total'];
+ $per_page = (int) @$_POST['_per_page'];
+ $page = (int) @$_POST['_page'];
+ $url = esc_url_raw( @$_POST['_url'] );
+ // JS didn't send us everything we need to know. Just die with success message
+ if ( !$total || !$per_page || !$page || !$url )
+ die( (string) time() );
+
+ if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
+ $total = 0;
+
+ if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
+ die( (string) time() );
+
+ $post_id = 0;
+ $status = 'total_comments'; // What type of comment count are we looking for?
+ $parsed = parse_url( $url );
+ if ( isset( $parsed['query'] ) ) {
+ parse_str( $parsed['query'], $query_vars );
+ if ( !empty( $query_vars['comment_status'] ) )
+ $status = $query_vars['comment_status'];
+ if ( !empty( $query_vars['p'] ) )
+ $post_id = (int) $query_vars['p'];
+ }
+
+ $comment_count = wp_count_comments($post_id);
+ $time = time(); // The time since the last comment count
+
+ if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
+ $total = $comment_count->$status;
+ // else use the decremented value from above
+
+ $page_links = paginate_links( array(
+ 'base' => add_query_arg( 'apage', '%#%', $url ),
+ 'format' => '',
+ 'prev_text' => __('&laquo;'),
+ 'next_text' => __('&raquo;'),
+ 'total' => ceil($total / $per_page),
+ 'current' => $page
+ ) );
+ $x = new WP_Ajax_Response( array(
+ 'what' => 'comment',
+ 'id' => $comment_id, // here for completeness - not used
+ 'supplemental' => array(
+ 'pageLinks' => $page_links,
+ 'total' => $total,
+ 'time' => $time
+ )
+ ) );
+ $x->send();
+}
+
$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
switch ( $action = $_POST['action'] ) :
-case 'delete-comment' :
- check_ajax_referer( "delete-comment_$id" );
+case 'delete-comment' : // On success, die with time() instead of 1
if ( !$comment = get_comment( $id ) )
- die('1');
+ die( (string) time() );
if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
die('-1');
- if ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
- if ( 'spam' == wp_get_comment_status( $comment->comment_ID ) )
- die('1');
- $r = wp_set_comment_status( $comment->comment_ID, 'spam' );
- } else {
+ check_ajax_referer( "delete-comment_$id" );
+ $status = wp_get_comment_status( $comment->comment_ID );
+
+ if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
+ if ( 'trash' == $status )
+ die( (string) time() );
+ $r = wp_trash_comment( $comment->comment_ID );
+ } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
+ if ( 'trash' != $status )
+ die( (string) time() );
+ $r = wp_untrash_comment( $comment->comment_ID );
+ } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
+ if ( 'spam' == $status )
+ die( (string) time() );
+ $r = wp_spam_comment( $comment->comment_ID );
+ } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
+ if ( 'spam' != $status )
+ die( (string) time() );
+ $r = wp_unspam_comment( $comment->comment_ID );
+ } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
$r = wp_delete_comment( $comment->comment_ID );
+ } else {
+ die('-1');
}
- die( $r ? '1' : '0' );
+ if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
+ _wp_ajax_delete_comment_response( $comment->comment_ID );
+ die( '0' );
break;
case 'delete-cat' :
check_ajax_referer( "delete-category_$id" );
@@ -97,15 +252,18 @@
die('0');
break;
case 'delete-tag' :
- check_ajax_referer( "delete-tag_$id" );
+ $tag_id = (int) $_POST['tag_ID'];
+ check_ajax_referer( "delete-tag_$tag_id" );
if ( !current_user_can( 'manage_categories' ) )
die('-1');
- $tag = get_term( $id, 'post_tag' );
+ $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
+
+ $tag = get_term( $tag_id, $taxonomy );
if ( !$tag || is_wp_error( $tag ) )
die('1');
- if ( wp_delete_term($id, 'post_tag'))
+ if ( wp_delete_term($tag_id, $taxonomy))
die('1');
else
die('0');
@@ -121,8 +279,10 @@
$cat_name = get_term_field('name', $id, 'link_category');
+ $default = get_option('default_link_category');
+
// Don't delete the default cats.
- if ( $id == get_option('default_link_category') ) {
+ if ( $id == $default ) {
$x = new WP_AJAX_Response( array(
'what' => 'link-cat',
'id' => $id,
@@ -131,7 +291,7 @@
$x->send();
}
- $r = wp_delete_term($id, 'link_category');
+ $r = wp_delete_term($id, 'link_category', array('default' => $default));
if ( !$r )
die('0');
if ( is_wp_error($r) ) {
@@ -182,6 +342,25 @@
else
die('0');
break;
+case 'trash-post' :
+case 'untrash-post' :
+ check_ajax_referer( "{$action}_$id" );
+ if ( !current_user_can( 'delete_post', $id ) )
+ die('-1');
+
+ if ( !get_post( $id ) )
+ die('1');
+
+ if ( 'trash-post' == $action )
+ $done = wp_trash_post( $id );
+ else
+ $done = wp_untrash_post( $id );
+
+ if ( $done )
+ die('1');
+
+ die('0');
+ break;
case 'delete-page' :
check_ajax_referer( "{$action}_$id" );
if ( !current_user_can( 'delete_page', $id ) )
@@ -195,29 +374,40 @@
else
die('0');
break;
-case 'dim-comment' :
- if ( !$comment = get_comment( $id ) )
- die('0');
+case 'dim-comment' : // On success, die with time() instead of 1
- if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
- die('-1');
- if ( !current_user_can( 'moderate_comments' ) )
+ if ( !$comment = get_comment( $id ) ) {
+ $x = new WP_Ajax_Response( array(
+ 'what' => 'comment',
+ 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
+ ) );
+ $x->send();
+ }
+
+ if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
die('-1');
$current = wp_get_comment_status( $comment->comment_ID );
if ( $_POST['new'] == $current )
- die('1');
+ die( (string) time() );
- if ( in_array( $current, array( 'unapproved', 'spam' ) ) ) {
- check_ajax_referer( "approve-comment_$id" );
- if ( wp_set_comment_status( $comment->comment_ID, 'approve' ) )
- die('1');
- } else {
- check_ajax_referer( "unapprove-comment_$id" );
- if ( wp_set_comment_status( $comment->comment_ID, 'hold' ) )
- die('1');
+ check_ajax_referer( "approve-comment_$id" );
+ if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
+ $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
+ else
+ $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
+
+ if ( is_wp_error($result) ) {
+ $x = new WP_Ajax_Response( array(
+ 'what' => 'comment',
+ 'id' => $result
+ ) );
+ $x->send();
}
- die('0');
+
+ // Decide if we need to send back '1' or a more complicated response including page links and comment counts
+ _wp_ajax_delete_comment_response( $comment->comment_ID );
+ die( '0' );
break;
case 'add-category' : // On the Fly
check_ajax_referer( $action );
@@ -228,11 +418,8 @@
$parent = 0;
$post_category = isset($_POST['post_category'])? (array) $_POST['post_category'] : array();
$checked_categories = array_map( 'absint', (array) $post_category );
- $popular_ids = isset( $_POST['popular_ids'] ) ?
- array_map( 'absint', explode( ',', $_POST['popular_ids'] ) ) :
- false;
+ $popular_ids = wp_popular_terms_checklist('category', 0, 10, false);
- $x = new WP_Ajax_Response();
foreach ( $names as $cat_name ) {
$cat_name = trim($cat_name);
$category_nicename = sanitize_title($cat_name);
@@ -247,28 +434,43 @@
wp_category_checklist( 0, $cat_id, $checked_categories, $popular_ids );
$data = ob_get_contents();
ob_end_clean();
- $x->add( array(
+ $add = array(
'what' => 'category',
'id' => $cat_id,
- 'data' => $data,
+ 'data' => str_replace( array("\n", "\t"), '', $data),
'position' => -1
- ) );
+ );
}
if ( $parent ) { // Foncy - replace the parent and all its children
$parent = get_category( $parent );
+ $term_id = $parent->term_id;
+
+ while ( $parent->parent ) { // get the top parent
+ $parent = &get_category( $parent->parent );
+ if ( is_wp_error( $parent ) )
+ break;
+ $term_id = $parent->term_id;
+ }
+
ob_start();
- dropdown_categories( 0, $parent );
+ wp_category_checklist( 0, $term_id, $checked_categories, $popular_ids, null, false );
$data = ob_get_contents();
ob_end_clean();
- $x->add( array(
+ $add = array(
'what' => 'category',
- 'id' => $parent->term_id,
- 'old_id' => $parent->term_id,
- 'data' => $data,
+ 'id' => $term_id,
+ 'data' => str_replace( array("\n", "\t"), '', $data),
'position' => -1
- ) );
-
+ );
}
+
+ ob_start();
+ wp_dropdown_categories( array( 'hide_empty' => 0, 'name' => 'newcat_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => __('Parent category') ) );
+ $sup = ob_get_contents();
+ ob_end_clean();
+ $add['supplemental'] = array( 'newcat_parent' => $sup );
+
+ $x = new WP_Ajax_Response( $add );
$x->send();
break;
case 'add-link-category' : // On the Fly
@@ -286,11 +488,11 @@
$cat_id = wp_insert_term( $cat_name, 'link_category' );
}
$cat_id = $cat_id['term_id'];
- $cat_name = wp_specialchars(stripslashes($cat_name));
+ $cat_name = esc_html(stripslashes($cat_name));
$x->add( array(
'what' => 'link-category',
'id' => $cat_id,
- 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='$cat_id' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
+ 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
'position' => -1
) );
}
@@ -309,7 +511,7 @@
$x->send();
}
- if ( category_exists( trim( $_POST['cat_name'] ) ) ) {
+ if ( category_exists( trim( $_POST['cat_name'] ), $_POST['category_parent'] ) ) {
$x = new WP_Ajax_Response( array(
'what' => 'cat',
'id' => new WP_Error( 'cat_exists', __('The category you are trying to create already exists.'), array( 'form-field' => 'cat_name' ) ),
@@ -338,7 +540,7 @@
$cat_full_name = $_cat->name . ' &#8212; ' . $cat_full_name;
$level++;
}
- $cat_full_name = attribute_escape($cat_full_name);
+ $cat_full_name = esc_attr($cat_full_name);
$x = new WP_Ajax_Response( array(
'what' => 'cat',
@@ -389,54 +591,41 @@
if ( !current_user_can( 'manage_categories' ) )
die('-1');
- if ( '' === trim($_POST['name']) ) {
- $x = new WP_Ajax_Response( array(
- 'what' => 'tag',
- 'id' => new WP_Error( 'name', __('You did not enter a tag name.') )
- ) );
- $x->send();
- }
-
- $tag = wp_insert_term($_POST['name'], 'post_tag', $_POST );
+ $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
+ $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
- if ( is_wp_error($tag) ) {
- $x = new WP_Ajax_Response( array(
- 'what' => 'tag',
- 'id' => $tag
- ) );
- $x->send();
+ if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
+ echo '<div class="error"><p>' . __('An error has occured. Please reload the page and try again.') . '</p></div>';
+ exit;
}
- if ( !$tag || (!$tag = get_term( $tag['term_id'], 'post_tag' )) )
- die('0');
-
- $tag_full_name = $tag->name;
- $tag_full_name = attribute_escape($tag_full_name);
-
- $x = new WP_Ajax_Response( array(
- 'what' => 'tag',
- 'id' => $tag->term_id,
- 'position' => '-1',
- 'data' => _tag_row( $tag ),
- 'supplemental' => array('name' => $tag_full_name, 'show-link' => sprintf(__( 'Tag <a href="#%s">%s</a> added' ), "tag-$tag->term_id", $tag_full_name))
- ) );
- $x->send();
+ echo _tag_row( $tag, '', $taxonomy );
+ exit;
break;
case 'get-tagcloud' :
- if ( !current_user_can( 'manage_categories' ) )
+ if ( !current_user_can( 'edit_posts' ) )
die('-1');
- $tags = get_tags( array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
+ if ( isset($_POST['tax']) )
+ $taxonomy = sanitize_title($_POST['tax']);
+ else
+ die('0');
+
+ $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
if ( empty( $tags ) )
die( __('No tags found!') );
+ if ( is_wp_error($tags) )
+ die($tags->get_error_message());
+
foreach ( $tags as $key => $tag ) {
$tags[ $key ]->link = '#';
$tags[ $key ]->id = $tag->term_id;
}
- $return = wp_generate_tag_cloud( $tags );
+ // We need raw tag names here, so don't filter the output
+ $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
if ( empty($return) )
die('0');
@@ -447,11 +636,15 @@
break;
case 'add-comment' :
check_ajax_referer( $action );
- if ( !current_user_can( 'edit_post', $id ) )
+ if ( !current_user_can( 'edit_posts' ) )
die('-1');
$search = isset($_POST['s']) ? $_POST['s'] : false;
- $start = isset($_POST['page']) ? intval($_POST['page']) * 25 - 1: 24;
- $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : false;
+ $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
+ $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
+ $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
+ if ( 1 > $start )
+ $start = 27;
+
$mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
$p = isset($_POST['p']) ? $_POST['p'] : 0;
$comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
@@ -518,7 +711,7 @@
if ( empty($status) )
die('1');
- elseif ( in_array($status, array('draft', 'pending') ) )
+ elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
die( __('Error: you are replying to a comment on a draft post.') );
$user = wp_get_current_user();
@@ -593,14 +786,15 @@
$mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
$position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
$checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
+ $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
if ( get_option('show_avatars') && 'single' != $mode )
add_filter( 'comment_author', 'floated_admin_avatar' );
$x = new WP_Ajax_Response();
ob_start();
- _wp_comment_row( $comment_id, $mode, true, $checkbox );
+ _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
$comment_list_item = ob_get_contents();
ob_end_clean();
@@ -620,7 +814,7 @@
if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
if ( !current_user_can( 'edit_post', $pid ) )
die('-1');
- if ( '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
+ if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
die('1');
if ( $pid < 0 ) {
$now = current_time('timestamp', 1);
@@ -634,12 +828,13 @@
) );
$x->send();
}
- $mid = add_meta( $pid );
+ if ( !$mid = add_meta( $pid ) )
+ die(__('Please provide a custom field value.'));
} else {
die('0');
}
} else if ( !$mid = add_meta( $pid ) ) {
- die('0');
+ die(__('Please provide a custom field value.'));
}
$meta = get_post_meta_by_id( $mid );
@@ -660,8 +855,11 @@
die('0'); // if meta doesn't exist
if ( !current_user_can( 'edit_post', $meta->post_id ) )
die('-1');
- if ( !$u = update_meta( $mid, $key, $value ) )
- die('1'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+ if ( $meta->meta_value != stripslashes($value) ) {
+ if ( !$u = update_meta( $mid, $key, $value ) )
+ die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
+ }
+
$key = stripslashes($key);
$value = stripslashes($value);
$x = new WP_Ajax_Response( array(
@@ -712,17 +910,20 @@
global $current_user;
$_POST['post_category'] = explode(",", $_POST['catslist']);
- $_POST['tags_input'] = explode(",", $_POST['tags_input']);
if($_POST['post_type'] == 'page' || empty($_POST['post_category']))
unset($_POST['post_category']);
$do_autosave = (bool) $_POST['autosave'];
$do_lock = true;
$data = '';
- $message = sprintf( __('Draft Saved at %s.'), date( __('g:i:s a'), current_time( 'timestamp', true ) ) );
+ /* translators: draft saved date format, see http://php.net/date */
+ $draft_saved_date_format = __('g:i:s a');
+ $message = sprintf( __('Draft Saved at %s.'), date_i18n( $draft_saved_date_format ) );
$supplemental = array();
+ if ( isset($login_grace_period) )
+ $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
$id = $revision_id = 0;
if($_POST['post_ID'] < 0) {
@@ -744,7 +945,7 @@
$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
$data = new WP_Error( 'locked', sprintf(
$_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
- wp_specialchars( $last_user_name )
+ esc_html( $last_user_name )
) );
$supplemental['disable_autosave'] = 'disable';
@@ -802,45 +1003,73 @@
case 'autosave-generate-nonces' :
check_ajax_referer( 'autosave', 'autosavenonce' );
$ID = (int) $_POST['post_ID'];
- if($_POST['post_type'] == 'post') {
- if(current_user_can('edit_post', $ID))
- die(wp_create_nonce('update-post_' . $ID));
- }
- if($_POST['post_type'] == 'page') {
- if(current_user_can('edit_page', $ID)) {
- die(wp_create_nonce('update-page_' . $ID));
- }
- }
+ $post_type = ( 'page' == $_POST['post_type'] ) ? 'page' : 'post';
+ if ( current_user_can( "edit_{$post_type}", $ID ) )
+ die( json_encode( array( 'updateNonce' => wp_create_nonce( "update-{$post_type}_{$ID}" ), 'deleteURL' => str_replace( '&amp;', '&', wp_nonce_url( admin_url( $post_type . '.php?action=trash&post=' . $ID ), "trash-{$post_type}_{$ID}" ) ) ) ) );
+ do_action('autosave_generate_nonces');
die('0');
break;
case 'closed-postboxes' :
check_ajax_referer( 'closedpostboxes', 'closedpostboxesnonce' );
- $closed = isset( $_POST['closed'] )? $_POST['closed'] : '';
+ $closed = isset( $_POST['closed'] ) ? $_POST['closed'] : '';
$closed = explode( ',', $_POST['closed'] );
- $hidden = isset( $_POST['hidden'] )? $_POST['hidden'] : '';
+ $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
$hidden = explode( ',', $_POST['hidden'] );
- $page = isset( $_POST['page'] )? $_POST['page'] : '';
- if ( !preg_match( '/^[a-z-_]+$/', $page ) ) {
- die(-1);
- }
- $current_user = wp_get_current_user();
+ $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
+
+ if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+ die('-1');
+
+ if ( ! $user = wp_get_current_user() )
+ die('-1');
+
if ( is_array($closed) )
- update_usermeta($current_user->ID, 'closedpostboxes_'.$page, $closed);
- if ( is_array($hidden) )
- update_usermeta($current_user->ID, 'meta-box-hidden_'.$page, $hidden);
-break;
+ update_usermeta($user->ID, 'closedpostboxes_'.$page, $closed);
+
+ if ( is_array($hidden) ) {
+ $hidden = array_diff( $hidden, array('submitdiv', 'linksubmitdiv') ); // postboxes that are always shown
+ update_usermeta($user->ID, 'meta-box-hidden_'.$page, $hidden);
+ }
+
+ die('1');
+ break;
case 'hidden-columns' :
- check_ajax_referer( 'hiddencolumns', 'hiddencolumnsnonce' );
- $hidden = isset( $_POST['hidden'] )? $_POST['hidden'] : '';
+ check_ajax_referer( 'screen-options-nonce', 'screenoptionnonce' );
+ $hidden = isset( $_POST['hidden'] ) ? $_POST['hidden'] : '';
$hidden = explode( ',', $_POST['hidden'] );
- $page = isset( $_POST['page'] )? $_POST['page'] : '';
- if ( !preg_match( '/^[a-z-_]+$/', $page ) ) {
- die(-1);
- }
- $current_user = wp_get_current_user();
+ $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
+
+ if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+ die('-1');
+
+ if ( ! $user = wp_get_current_user() )
+ die('-1');
+
if ( is_array($hidden) )
- update_usermeta($current_user->ID, "manage-$page-columns-hidden", $hidden);
-break;
+ update_usermeta($user->ID, "manage-$page-columns-hidden", $hidden);
+
+ die('1');
+ break;
+case 'meta-box-order':
+ check_ajax_referer( 'meta-box-order' );
+ $order = isset( $_POST['order'] ) ? (array) $_POST['order'] : false;
+ $page_columns = isset( $_POST['page_columns'] ) ? (int) $_POST['page_columns'] : 0;
+ $page = isset( $_POST['page'] ) ? $_POST['page'] : '';
+
+ if ( !preg_match( '/^[a-z_-]+$/', $page ) )
+ die('-1');
+
+ if ( ! $user = wp_get_current_user() )
+ die('-1');
+
+ if ( $order )
+ update_user_option($user->ID, "meta-box-order_$page", $order);
+
+ if ( $page_columns )
+ update_usermeta($user->ID, "screen_layout_$page", $page_columns);
+
+ die('1');
+ break;
case 'get-permalink':
check_ajax_referer( 'getpermalink', 'getpermalinknonce' );
$post_id = isset($_POST['post_id'])? intval($_POST['post_id']) : 0;
@@ -870,12 +1099,15 @@
if ( $last = wp_check_post_lock( $post_ID ) ) {
$last_user = get_userdata( $last );
$last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
- printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), wp_specialchars( $last_user_name ) );
+ printf( $_POST['post_type'] == 'page' ? __( 'Saving is disabled: %s is currently editing this page.' ) : __( 'Saving is disabled: %s is currently editing this post.' ), esc_html( $last_user_name ) );
exit;
}
$data = &$_POST;
+
$post = get_post( $post_ID, ARRAY_A );
+ $post = add_magic_quotes($post); //since it is from db
+
$data['content'] = $post['post_content'];
$data['excerpt'] = $post['post_excerpt'];
@@ -897,7 +1129,6 @@
$data['ping_status'] = 'closed';
// update the post
- $_POST = $data;
edit_post();
$post = array();
@@ -951,13 +1182,18 @@
break;
case 'tag' :
- $updated = wp_update_term($id, 'post_tag', $_POST);
+ $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
+
+ $tag = get_term( $id, $taxonomy );
+ $_POST['description'] = $tag->description;
+
+ $updated = wp_update_term($id, $taxonomy, $_POST);
if ( $updated && !is_wp_error($updated) ) {
- $tag = get_term( $updated['term_id'], 'post_tag' );
+ $tag = get_term( $updated['term_id'], $taxonomy );
if ( !$tag || is_wp_error( $tag ) )
die( __('Tag not updated.') );
- echo _tag_row($tag);
+ echo _tag_row($tag, '', $taxonomy);
} else {
die( __('Tag not updated.') );
}
@@ -967,11 +1203,6 @@
exit;
break;
-case 'meta-box-order':
- check_ajax_referer( 'meta-box-order' );
- update_user_option( $GLOBALS['current_user']->ID, "meta-box-order_$_POST[page]", $_POST['order'] );
- die('1');
- break;
case 'find_posts':
check_ajax_referer( 'find-posts' );
@@ -981,10 +1212,10 @@
$what = isset($_POST['pages']) ? 'page' : 'post';
$s = stripslashes($_POST['ps']);
preg_match_all('/".*?("|$)|((?<=[\\s",+])|^)[^\\s",+]+/', $s, $matches);
- $search_terms = array_map(create_function('$a', 'return trim($a, "\\"\'\\n\\r ");'), $matches[0]);
+ $search_terms = array_map('_search_terms_tidy', $matches[0]);
$searchand = $search = '';
- foreach( (array) $search_terms as $term) {
+ foreach ( (array) $search_terms as $term ) {
$term = addslashes_gpc($term);
$search .= "{$searchand}(($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%'))";
$searchand = ' AND ';
@@ -993,12 +1224,12 @@
if ( count($search_terms) > 1 && $search_terms[0] != $s )
$search .= " OR ($wpdb->posts.post_title LIKE '%{$term}%') OR ($wpdb->posts.post_content LIKE '%{$term}%')";
- $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND $search ORDER BY post_date_gmt DESC LIMIT 50" );
+ $posts = $wpdb->get_results( "SELECT ID, post_title, post_status, post_date FROM $wpdb->posts WHERE post_type = '$what' AND post_status IN ('draft', 'publish') AND ($search) ORDER BY post_date_gmt DESC LIMIT 50" );
if ( ! $posts )
exit( __('No posts found.') );
- $html = '<table class="widefat"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Time').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
+ $html = '<table class="widefat" cellspacing="0"><thead><tr><th class="found-radio"><br /></th><th>'.__('Title').'</th><th>'.__('Date').'</th><th>'.__('Status').'</th></tr></thead><tbody>';
foreach ( $posts as $post ) {
switch ( $post->post_status ) {
@@ -1013,18 +1244,19 @@
$stat = __('Pending Review');
break;
case 'draft' :
- $stat = __('Unpublished');
+ $stat = __('Draft');
break;
}
if ( '0000-00-00 00:00:00' == $post->post_date ) {
$time = '';
} else {
+ /* translators: date format in table columns, see http://php.net/date */
$time = mysql2date(__('Y/m/d'), $post->post_date);
}
- $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="'.$post->ID.'"></td>';
- $html .= '<td><label for="found-'.$post->ID.'">'.wp_specialchars($post->post_title, true).'</label></td><td>'.wp_specialchars($time, true).'</td><td>'.wp_specialchars($stat, true).'</td></tr>'."\n\n";
+ $html .= '<tr class="found-posts"><td class="found-radio"><input type="radio" id="found-'.$post->ID.'" name="found_post_id" value="' . esc_attr($post->ID) . '"></td>';
+ $html .= '<td><label for="found-'.$post->ID.'">'.esc_html( $post->post_title ).'</label></td><td>'.esc_html( $time ).'</td><td>'.esc_html( $stat ).'</td></tr>'."\n\n";
}
$html .= '</tbody></table>';
@@ -1036,6 +1268,162 @@
$x->send();
break;
+case 'lj-importer' :
+ check_ajax_referer( 'lj-api-import' );
+ if ( !current_user_can( 'publish_posts' ) )
+ die('-1');
+ if ( empty( $_POST['step'] ) )
+ die( '-1' );
+ define('WP_IMPORTING', true);
+ include( ABSPATH . 'wp-admin/import/livejournal.php' );
+ $result = $lj_api_import->{ 'step' . ( (int) $_POST['step'] ) }();
+ if ( is_wp_error( $result ) )
+ echo $result->get_error_message();
+ die;
+ break;
+case 'widgets-order' :
+ check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
+
+ if ( !current_user_can('switch_themes') )
+ die('-1');
+
+ unset( $_POST['savewidgets'], $_POST['action'] );
+
+ // save widgets order for all sidebars
+ if ( is_array($_POST['sidebars']) ) {
+ $sidebars = array();
+ foreach ( $_POST['sidebars'] as $key => $val ) {
+ $sb = array();
+ if ( !empty($val) ) {
+ $val = explode(',', $val);
+ foreach ( $val as $k => $v ) {
+ if ( strpos($v, 'widget-') === false )
+ continue;
+
+ $sb[$k] = substr($v, strpos($v, '_') + 1);
+ }
+ }
+ $sidebars[$key] = $sb;
+ }
+ wp_set_sidebars_widgets($sidebars);
+ die('1');
+ }
+
+ die('-1');
+ break;
+case 'save-widget' :
+ check_ajax_referer( 'save-sidebar-widgets', 'savewidgets' );
+
+ if ( !current_user_can('switch_themes') || !isset($_POST['id_base']) )
+ die('-1');
+
+ unset( $_POST['savewidgets'], $_POST['action'] );
+
+ do_action('load-widgets.php');
+ do_action('widgets.php');
+ do_action('sidebar_admin_setup');
+
+ $id_base = $_POST['id_base'];
+ $widget_id = $_POST['widget-id'];
+ $sidebar_id = $_POST['sidebar'];
+ $multi_number = !empty($_POST['multi_number']) ? (int) $_POST['multi_number'] : 0;
+ $settings = isset($_POST['widget-' . $id_base]) && is_array($_POST['widget-' . $id_base]) ? $_POST['widget-' . $id_base] : false;
+ $error = '<p>' . __('An error has occured. Please reload the page and try again.') . '</p>';
+
+ $sidebars = wp_get_sidebars_widgets();
+ $sidebar = isset($sidebars[$sidebar_id]) ? $sidebars[$sidebar_id] : array();
+
+ // delete
+ if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
+
+ if ( !isset($wp_registered_widgets[$widget_id]) )
+ die($error);
+
+ $sidebar = array_diff( $sidebar, array($widget_id) );
+ $_POST = array('sidebar' => $sidebar_id, 'widget-' . $id_base => array(), 'the-widget-id' => $widget_id, 'delete_widget' => '1');
+ } elseif ( $settings && preg_match( '/__i__|%i%/', key($settings) ) ) {
+ if ( !$multi_number )
+ die($error);
+
+ $_POST['widget-' . $id_base] = array( $multi_number => array_shift($settings) );
+ $widget_id = $id_base . '-' . $multi_number;
+ $sidebar[] = $widget_id;
+ }
+ $_POST['widget-id'] = $sidebar;
+
+ foreach ( (array) $wp_registered_widget_updates as $name => $control ) {
+
+ if ( $name == $id_base ) {
+ if ( !is_callable( $control['callback'] ) )
+ continue;
+
+ ob_start();
+ call_user_func_array( $control['callback'], $control['params'] );
+ ob_end_clean();
+ break;
+ }
+ }
+
+ if ( isset($_POST['delete_widget']) && $_POST['delete_widget'] ) {
+ $sidebars[$sidebar_id] = $sidebar;
+ wp_set_sidebars_widgets($sidebars);
+ echo "deleted:$widget_id";
+ die();
+ }
+
+ if ( !empty($_POST['add_new']) )
+ die();
+
+ if ( $form = $wp_registered_widget_controls[$widget_id] )
+ call_user_func_array( $form['callback'], $form['params'] );
+
+ die();
+ break;
+case 'image-editor':
+ $attachment_id = intval($_POST['postid']);
+ if ( empty($attachment_id) || !current_user_can('edit_post', $attachment_id) )
+ die('-1');
+
+ check_ajax_referer( "image_editor-$attachment_id" );
+ include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
+
+ $msg = false;
+ switch ( $_POST['do'] ) {
+ case 'save' :
+ $msg = wp_save_image($attachment_id);
+ $msg = json_encode($msg);
+ die($msg);
+ break;
+ case 'scale' :
+ $msg = wp_save_image($attachment_id);
+ break;
+ case 'restore' :
+ $msg = wp_restore_image($attachment_id);
+ break;
+ }
+
+ wp_image_editor($attachment_id, $msg);
+ die();
+ break;
+case 'set-post-thumbnail':
+ $post_id = intval( $_POST['post_id'] );
+ if ( !current_user_can( 'edit_post', $post_id ) )
+ die( '-1' );
+ $thumbnail_id = intval( $_POST['thumbnail_id'] );
+
+ if ( $thumbnail_id == '-1' ) {
+ delete_post_meta( $post_id, '_thumbnail_id' );
+ die( _wp_post_thumbnail_html() );
+ }
+
+ if ( $thumbnail_id && get_post( $thumbnail_id ) ) {
+ $thumbnail_html = wp_get_attachment_image( $thumbnail_id, 'thumbnail' );
+ if ( !empty( $thumbnail_html ) ) {
+ update_post_meta( $post_id, '_thumbnail_id', $thumbnail_id );
+ die( _wp_post_thumbnail_html( $thumbnail_id ) );
+ }
+ }
+ die( '0' );
default :
do_action( 'wp_ajax_' . $_POST['action'] );
die('0');
View
22 wp-admin/admin-footer.php
@@ -5,6 +5,10 @@
* @package WordPress
* @subpackage Administration
*/
+
+// don't load directly
+if ( !defined('ABSPATH') )
+ die('-1');
?>
<div class="clear"></div></div><!-- wpbody-content -->
@@ -16,13 +20,25 @@
<p id="footer-left" class="alignleft"><?php
do_action( 'in_admin_footer' );
$upgrade = apply_filters( 'update_footer', '' );
-echo '<span id="footer-thankyou">' . __('Thank you for creating with <a href="http://wordpress.org/">WordPress</a>.').'</span> | '.__('<a href="http://codex.wordpress.org/">Documentation</a>').' | '.__('<a href="http://wordpress.org/support/forum/4">Feedback</a>'); ?>
+echo apply_filters( 'admin_footer_text', '<span id="footer-thankyou">' . __('Thank you for creating with <a href="http://wordpress.org/">WordPress</a>.').'</span> | '.__('<a href="http://codex.wordpress.org/">Documentation</a>').' | '.__('<a href="http://wordpress.org/support/forum/4">Feedback</a>') ); ?>
</p>
<?php // if ( $is_IE ) browse_happy(); ?>
<p id="footer-upgrade" class="alignright"><?php echo $upgrade; ?></p>
<div class="clear"></div>
</div>
-<?php do_action('admin_footer', ''); ?>
+<?php
+do_action('admin_footer', '');
+do_action('admin_print_footer_scripts');
+do_action("admin_footer-$hook_suffix");
+
+// get_site_option() won't exist when auto upgrading from <= 2.7
+if ( function_exists('get_site_option') ) {
+ if ( false === get_site_option('can_compress_scripts') )
+ compression_test();
+}
+
+?>
+
<script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
</body>
-</html>
+</html>
View
74 wp-admin/admin-header.php
@@ -10,73 +10,73 @@
if (!isset($_GET["page"])) require_once('admin.php');
get_admin_page_title();
-$title = wp_specialchars( strip_tags( $title ) );
+$title = esc_html( strip_tags( $title ) );
wp_user_settings();
+wp_menu_unfold();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>>
<head>
<meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" />
-<title><?php bloginfo('name') ?> &rsaquo; <?php echo $title; ?> &#8212; WordPress</title>
+<title><?php echo $title; ?> &lsaquo; <?php bloginfo('name') ?> &#8212; WordPress</title>
<?php
wp_admin_css( 'css/global' );
wp_admin_css();
wp_admin_css( 'css/colors' );
wp_admin_css( 'css/ie' );
+wp_enqueue_script('utils');
+$hook_suffix = '';
+if ( isset($page_hook) )
+ $hook_suffix = "$page_hook";
+else if ( isset($plugin_page) )
+ $hook_suffix = "$plugin_page";
+else if ( isset($pagenow) )
+ $hook_suffix = "$pagenow";
+
+$admin_body_class = preg_replace('/[^a-z0-9_-]+/i', '-', $hook_suffix);
?>
<script type="text/javascript">
//<![CDATA[
-addLoadEvent = function(func) {if (typeof jQuery != "undefined") jQuery(document).ready(func); else if (typeof wpOnload!='function'){wpOnload=func;} else {var oldonload=wpOnload; wpOnload=function(){oldonload();func();}}};
-
-function convertEntities(o) {
- var c = function(s) {
- if (/&[^;]+;/.test(s)) {
- var e = document.createElement("div");
- e.innerHTML = s;
- return !e.firstChild ? s : e.firstChild.nodeValue;
- }
- return s;
- }
-
- if ( typeof o === 'string' )
- return c(o);
- else if ( typeof o === 'object' )
- for (var v in o) {
- if ( typeof o[v] === 'string' )
- o[v] = c(o[v]);
- }
- return o;
-};
+addLoadEvent = function(func){if(typeof jQuery!="undefined")jQuery(document).ready(func);else if(typeof wpOnload!='function'){wpOnload=func;}else{var oldonload=wpOnload;wpOnload=function(){oldonload();func();}}};
+var userSettings = {'url':'<?php echo SITECOOKIEPATH; ?>','uid':'<?php if ( ! isset($current_user) ) $current_user = wp_get_current_user(); echo $current_user->ID; ?>','time':'<?php echo time() ?>'};
+var ajaxurl = '<?php echo admin_url('admin-ajax.php'); ?>', pagenow = '<?php echo substr($pagenow, 0, -4); ?>', adminpage = '<?php echo $admin_body_class; ?>', thousandsSeparator = '<?php echo $wp_locale->number_format['thousands_sep']; ?>', decimalPoint = '<?php echo $wp_locale->number_format['decimal_point']; ?>';
//]]>
</script>
<?php
if ( in_array( $pagenow, array('post.php', 'post-new.php', 'page.php', 'page-new.php') ) ) {
- add_action( 'admin_head', 'wp_tiny_mce' );
+ add_action( 'admin_print_footer_scripts', 'wp_tiny_mce', 25 );
+ wp_enqueue_script('quicktags');
}
-$hook_suffix = '';
-if ( isset($page_hook) )
- $hook_suffix = "$page_hook";
-else if ( isset($plugin_page) )
- $hook_suffix = "$plugin_page";
-else if ( isset($pagenow) )
- $hook_suffix = "$pagenow";
-
+do_action('admin_enqueue_scripts', $hook_suffix);
do_action("admin_print_styles-$hook_suffix");
do_action('admin_print_styles');
do_action("admin_print_scripts-$hook_suffix");
do_action('admin_print_scripts');
do_action("admin_head-$hook_suffix");
do_action('admin_head');
+if ( get_user_setting('mfold') == 'f' ) {
+ $admin_body_class .= ' folded';
+}
+
if ( $is_iphone ) { ?>
<style type="text/css">.row-actions{visibility:visible;}</style>
<?php } ?>
</head>
-<body class="wp-admin <?php echo apply_filters( 'admin_body_class', '' ); ?>">
+<body class="wp-admin no-js <?php echo apply_filters( 'admin_body_class', '' ) . " $admin_body_class"; ?>">
+<script type="text/javascript">
+//<![CDATA[
+(function(){
+var c = document.body.className;
+c = c.replace(/no-js/, 'js');
+document.body.className = c;
+})();
+//]]>
+</script>
<div id="wpwrap">
<div id="wpcontent">
@@ -101,7 +101,7 @@ function convertEntities(o) {
}
?>
-<img id="header-logo" src="../wp-includes/images/blank.gif" alt="" width="32" height="32" /> <h1 <?php echo $title_class ?>><a href="<?php echo trailingslashit( get_bloginfo('url') ); ?>" title="<?php _e('Visit site') ?>"><?php echo $blog_name ?> <span>&larr; <?php _e('Visit site') ?></span></a></h1>
+<img id="header-logo" src="../wp-includes/images/blank.gif" alt="" width="32" height="32" /> <h1 id="site-heading" <?php echo $title_class ?>><a href="<?php echo trailingslashit( get_bloginfo('url') ); ?>" title="<?php _e('Visit Site') ?>"><span id="site-title"><?php echo $blog_name ?></span> <em id="site-visit-button"><?php _e('Visit Site') ?></em></a></h1>
<div id="wphead-info">
<div id="user_info">
@@ -110,14 +110,10 @@ function convertEntities(o) {
<a href="<?php echo wp_logout_url() ?>" title="<?php _e('Log Out') ?>"><?php _e('Log Out'); ?></a></p>
</div>
-<?php favorite_actions(); ?>
+<?php favorite_actions($hook_suffix); ?>
</div>
</div>
-<?php if ( get_user_setting('mfold') == 'f' ) { ?>
-<script type="text/javascript">jQuery('#wpcontent').addClass('folded');</script>
-<?php } ?>
-
<div id="wpbody">
<?php require(ABSPATH . 'wp-admin/menu-header.php'); ?>
View
7 wp-admin/admin-post.php
@@ -16,14 +16,15 @@
require_once(ABSPATH . 'wp-admin/includes/admin.php');
-if ( !wp_validate_auth_cookie() )
- wp_die(__('Cheatin&#8217; uh?'));
-
nocache_headers();
do_action('admin_init');
$action = 'admin_post';
+
+if ( !wp_validate_auth_cookie() )
+ $action .= '_nopriv';
+
if ( !empty($_REQUEST['action']) )
$action .= '_' . $_REQUEST['action'];
View
33 wp-admin/admin.php
@@ -11,14 +11,25 @@
*
* @since unknown
*/
-define('WP_ADMIN', TRUE);
+if ( !defined('WP_ADMIN') )
+ define('WP_ADMIN', TRUE);
if ( defined('ABSPATH') )
require_once(ABSPATH . 'wp-load.php');
else
require_once('../wp-load.php');
-if ( get_option('db_version') != $wp_db_version ) {
+if ( get_option('db_upgraded') ) {
+ $wp_rewrite->flush_rules();
+ update_option( 'db_upgraded', false );
+
+ /**
+ * Runs on the next page load after successful upgrade
+ *
+ * @since 2.8
+ */
+ do_action('after_db_upgrade');
+} elseif ( get_option('db_version') != $wp_db_version ) {
wp_redirect(admin_url('upgrade.php?_wp_http_referer=' . urlencode(stripslashes($_SERVER['REQUEST_URI']))));
exit;
}
@@ -31,12 +42,17 @@
update_category_cache();
+// Schedule trash collection
+if ( !wp_next_scheduled('wp_scheduled_delete') && !defined('WP_INSTALLING') )
+ wp_schedule_event(time(), 'daily', 'wp_scheduled_delete');
+
+set_screen_options();
+
$posts_per_page = get_option('posts_per_page');
-$what_to_show = get_option('what_to_show');
$date_format = get_option('date_format');
$time_format = get_option('time_format');
-wp_reset_vars(array('profile', 'redirect', 'redirect_url', 'a', 'popuptitle', 'popupurl', 'text', 'trackback', 'pingback'));
+wp_reset_vars(array('profile', 'redirect', 'redirect_url', 'a', 'text', 'trackback', 'pingback'));
wp_admin_css_color('classic', __('Blue'), admin_url("css/colors-classic.css"), array('#073447', '#21759B', '#EAF3FA', '#BBD8E7'));
wp_admin_css_color('fresh', __('Gray'), admin_url("css/colors-fresh.css"), array('#464646', '#6D6D6D', '#F1F1F1', '#DFDFDF'));
@@ -61,7 +77,12 @@
$page_hook = get_plugin_page_hook($plugin_page, $plugin_page);
// backwards compatibility for plugins using add_management_page
if ( empty( $page_hook ) && 'edit.php' == $pagenow && '' != get_plugin_page_hook($plugin_page, 'tools.php') ) {
- wp_redirect('tools.php?page=' . $plugin_page);
+ // There could be plugin specific params on the URL, so we need the whole query string
+ if ( !empty($_SERVER[ 'QUERY_STRING' ]) )
+ $query_string = $_SERVER[ 'QUERY_STRING' ];
+ else
+ $query_string = 'page=' . $plugin_page;
+ wp_redirect( 'tools.php?' . $query_string );
exit;
}
}
@@ -129,7 +150,7 @@
// Make sure rules are flushed
global $wp_rewrite;
- $wp_rewrite->flush_rules();
+ $wp_rewrite->flush_rules(false);
exit();
} else {
View
11 wp-admin/async-upload.php
@@ -6,6 +6,8 @@
* @subpackage Administration
*/
+define('WP_ADMIN', true);
+
if ( defined('ABSPATH') )
require_once(ABSPATH . 'wp-load.php');
else
@@ -16,6 +18,8 @@
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
elseif ( empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie']) )
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
+if ( empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie']) )
+ $_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
unset($current_user);
require_once('admin.php');
@@ -28,8 +32,9 @@
if ( isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch'] ) {
if ( 2 == $_REQUEST['fetch'] ) {
add_filter('attachment_fields_to_edit', 'media_single_attachment_fields_to_edit', 10, 2);
- echo get_media_item($id, array( 'send' => false, 'delete' => false ));
+ echo get_media_item($id, array( 'send' => false, 'delete' => true ));
} else {
+ add_filter('attachment_fields_to_edit', 'media_post_single_attachment_fields_to_edit', 10, 2);
echo get_media_item($id);
}
exit;
@@ -39,7 +44,7 @@
$id = media_handle_upload('async-upload', $_REQUEST['post_id']);
if (is_wp_error($id)) {
- echo '<div id="media-upload-error">'.wp_specialchars($id->get_error_message()).'</div>';
+ echo '<div id="media-upload-error">'.esc_html($id->get_error_message()).'</div>';
exit;
}
@@ -53,4 +58,4 @@
echo apply_filters("async_upload_{$type}", $id);
}
-?>
+?>
View
92 wp-admin/categories.php
@@ -25,30 +25,33 @@
if ( !current_user_can('manage_categories') )
wp_die(__('Cheatin&#8217; uh?'));
- if( wp_insert_category($_POST ) ) {
- wp_redirect('categories.php?message=1#addcat');
- } else {
- wp_redirect('categories.php?message=4#addcat');
- }
+ if ( wp_insert_category($_POST ) )
+ wp_safe_redirect( add_query_arg( 'message', 1, wp_get_referer() ) . '#addcat' );
+ else
+ wp_safe_redirect( add_query_arg( 'message', 4, wp_get_referer() ) . '#addcat' );
+
exit;
break;
case 'delete':
+ if ( !isset( $_GET['cat_ID'] ) ) {
+ wp_redirect('categories.php');
+ exit;
+ }
+
$cat_ID = (int) $_GET['cat_ID'];
check_admin_referer('delete-category_' . $cat_ID);
if ( !current_user_can('manage_categories') )
wp_die(__('Cheatin&#8217; uh?'));
- $cat_name = get_catname($cat_ID);
-
// Don't delete the default cats.
- if ( $cat_ID == get_option('default_category') )
- wp_die(sprintf(__("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name));
+ if ( $cat_ID == get_option('default_category') )
+ wp_die( sprintf( __("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), get_cat_name($cat_ID) ) );
wp_delete_category($cat_ID);
- wp_redirect('categories.php?message=2');
+ wp_safe_redirect( add_query_arg( 'message', 2, wp_get_referer() ) );
exit;
break;
@@ -59,20 +62,20 @@
if ( !current_user_can('manage_categories') )
wp_die( __('You are not allowed to delete categories.') );
- foreach ( (array) $_GET['delete'] as $cat_ID ) {
- $cat_name = get_catname($cat_ID);
+ $cats = (array) $_GET['delete'];
+ $default_cat = get_option('default_category');
+ foreach ( $cats as $cat_ID ) {
+ $cat_ID = (int) $cat_ID;
- // Don't delete the default cats.
- if ( $cat_ID == get_option('default_category') )
- wp_die(sprintf(__("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), $cat_name));
+ // Don't delete the default cat.
+ if ( $cat_ID == $default_cat )
+ wp_die( sprintf( __("Can&#8217;t delete the <strong>%s</strong> category: this is the default one"), get_cat_name($cat_ID) ) );
wp_delete_category($cat_ID);
}
- $sendback = wp_get_referer();
-
- wp_redirect($sendback);
- exit();
+ wp_safe_redirect( wp_get_referer() );
+ exit;
break;
case 'edit':
@@ -131,9 +134,9 @@
<div class="wrap nosubsub">
<?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
if ( isset($_GET['s']) && $_GET['s'] )
- printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', wp_specialchars( stripslashes($_GET['s']) ) ); ?>
+ printf( '<span class="subtitle">' . __('Search results for &#8220;%s&#8221;') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?>
</h2>
<?php
@@ -144,9 +147,9 @@
<form class="search-form topmargin" action="" method="get">
<p class="search-box">
- <label class="hidden" for="category-search-input"><?php _e('Search Categories'); ?>:</label>
- <input type="text" class="search-input" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
- <input type="submit" value="<?php _e( 'Search Categories' ); ?>" class="button" />
+ <label class="screen-reader-text" for="category-search-input"><?php _e('Search Categories'); ?>:</label>
+ <input type="text" id="category-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+ <input type="submit" value="<?php esc_attr_e( 'Search Categories' ); ?>" class="button" />
</p>
</form>
<br class="clear" />
@@ -162,15 +165,23 @@
$pagenum = isset( $_GET['pagenum'] ) ? absint( $_GET['pagenum'] ) : 0;
if ( empty($pagenum) )
$pagenum = 1;
-if( ! isset( $catsperpage ) || $catsperpage < 0 )
- $catsperpage = 20;
+
+$cats_per_page = (int) get_user_option( 'categories_per_page', 0, false );
+if ( empty( $cats_per_page ) || $cats_per_page < 1 )
+ $cats_per_page = 20;
+$cats_per_page = apply_filters( 'edit_categories_per_page', $cats_per_page );
+
+if ( !empty($_GET['s']) )
+ $num_cats = count(get_categories(array('hide_empty' => 0, 'search' => $_GET['s'])));
+else
+ $num_cats = wp_count_terms('category');
$page_links = paginate_links( array(
'base' => add_query_arg( 'pagenum', '%#%' ),
'format' => '',
'prev_text' => __('&laquo;'),
'next_text' => __('&raquo;'),
- 'total' => ceil(wp_count_terms('category') / $catsperpage),
+ 'total' => ceil($num_cats / $cats_per_page),
'current' => $pagenum
));
@@ -183,7 +194,7 @@
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
<?php wp_nonce_field('bulk-categories'); ?>
</div>
@@ -207,7 +218,7 @@
<tbody id="the-list" class="list:cat">
<?php
-cat_rows(0, 0, 0, $pagenum, $catsperpage);
+cat_rows(0, 0, 0, $pagenum, $cats_per_page);
?>
</tbody>
</table>
@@ -223,7 +234,7 @@
<option value="" selected="selected"><?php _e('Bulk Actions'); ?></option>
<option value="delete"><?php _e('Delete'); ?></option>
</select>
-<input type="submit" value="<?php _e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
+<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
<?php wp_nonce_field('bulk-categories'); ?>
</div>
@@ -233,7 +244,7 @@
</form>
<div class="form-wrap">
-<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the category <strong>%s</strong>.'), apply_filters('the_category', get_catname(get_option('default_category')))) ?></p>
+<p><?php printf(__('<strong>Note:</strong><br />Deleting a category does not delete the posts in that category. Instead, posts that were only assigned to the deleted category are set to the category <strong>%s</strong>.'), apply_filters('the_category', get_cat_name(get_option('default_category')))) ?></p>
<p><?php printf(__('Categories can be selectively converted to tags using the <a href="%s">category to tag converter</a>.'), 'admin.php?import=wp-cat2tag') ?></p>
</div>
@@ -274,10 +285,10 @@
<div class="form-field">
<label for="category_description"><?php _e('Description') ?></label>
<textarea name="category_description" id="category_description" rows="5" cols="40"></textarea>
- <p><?php _e('The description is not prominent by default, however some themes may show it.'); ?></p>
+ <p><?php _e('The description is not prominent by default; however, some themes may show it.'); ?></p>
</div>
-<p class="submit"><input type="submit" class="button" name="submit" value="<?php _e('Add Category'); ?>" /></p>
+<p class="submit"><input type="submit" class="button" name="submit" value="<?php esc_attr_e('Add Category'); ?>" /></p>
<?php do_action('edit_category_form', $category); ?>
</form></div>
@@ -289,21 +300,6 @@
</div><!-- /col-container -->
</div><!-- /wrap -->
-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
- $(document).ready(function(){
- $('#doaction, #doaction2').click(function(){
- if ( $('select[name^="action"]').val() == 'delete' ) {
- var m = '<?php echo js_escape(__("You are about to delete the selected categories.\n 'Cancel' to stop, 'OK' to delete.")); ?>';
- return showNotice.warn(m);
- }
- });
- });
-})(jQuery);
-/* ]]> */
-</script>
-
<?php
inline_edit_term_row('categories');
View
213 wp-admin/comment.php
@@ -17,12 +17,24 @@
if ( isset( $_POST['deletecomment'] ) )
$action = 'deletecomment';
+if ( 'cdc' == $action )
+ $action = 'delete';
+elseif ( 'mac' == $action )
+ $action = 'approve';
+
+if ( isset( $_GET['dt'] ) ) {
+ if ( 'spam' == $_GET['dt'] )
+ $action = 'spam';
+ elseif ( 'trash' == $_GET['dt'] )
+ $action = 'trash';
+}
+
/**
* Display error message at bottom of comments.
*
* @param string $msg Error Message. Assumed to contain HTML and be sanitized.
*/
-function comment_footer_die( $msg ) { //
+function comment_footer_die( $msg ) {
echo "<div class='wrap'><p>$msg</p></div>";
include('admin-footer.php');
die;
@@ -44,68 +56,60 @@ function comment_footer_die( $msg ) { //
if ( !current_user_can('edit_post', $comment->comment_post_ID) )
comment_footer_die( __('You are not allowed to edit comments on this post.') );
+ if ( 'trash' == $comment->comment_approved )
+ comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') );