2006-03-28 20:51:55 -05:00
< ? php
require_once ( '../wp-config.php' );
require_once ( 'admin-functions.php' );
require_once ( 'admin-db.php' );
define ( 'DOING_AJAX' , true );
check_ajax_referer ();
if ( ! is_user_logged_in () )
die ( '-1' );
function get_out_now () { exit ; }
add_action ( 'shutdown' , 'get_out_now' , - 1 );
function wp_ajax_echo_meta ( $pid , $mid , $key , $value ) {
$value = wp_specialchars ( $value , true );
$key_js = addslashes ( wp_specialchars ( $key , 'double' ));
$key = wp_specialchars ( $key , true );
2006-09-02 18:05:37 -04:00
$r = " <meta><id> $mid </id><postid> $pid </postid><newitem><![CDATA[ " ;
2006-03-28 20:51:55 -05:00
$r .= " <tr id='meta- $mid '><td valign='top'> " ;
$r .= " <input name='meta[ $mid ][key]' tabindex='6' onkeypress='return killSubmit( \" theList.ajaxUpdater('meta','meta- $mid '); \" ,event);' type='text' size='20' value=' $key ' /> " ;
$r .= " </td><td><textarea name='meta[ $mid ][value]' tabindex='6' rows='2' cols='30'> $value </textarea></td><td align='center'> " ;
$r .= " <input name='updatemeta' type='button' class='updatemeta' tabindex='6' value='Update' onclick='return theList.ajaxUpdater('meta','meta- $mid ');' /><br /> " ;
$r .= " <input name='deletemeta[ $mid ]' type='submit' onclick= \" return deleteSomething( 'meta', $mid , ' " ;
$r .= sprintf ( __ ( " You are about to delete the "%s" custom field on this post. \\ n"OK" to delete, "Cancel" to stop. " ), $key_js );
$r .= " ' ); \" class='deletemeta' tabindex='6' value='Delete' /> " ;
2006-09-02 18:05:37 -04:00
$r .= " </td></tr>]]></newitem></meta> " ;
2006-03-28 20:51:55 -05:00
return $r ;
}
$id = ( int ) $_POST [ 'id' ];
switch ( $_POST [ 'action' ] ) :
case 'delete-comment' :
if ( ! $comment = get_comment ( $id ) )
die ( '0' );
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
if ( wp_delete_comment ( $comment -> comment_ID ) )
die ( '1' );
else die ( '0' );
break ;
case 'delete-comment-as-spam' :
if ( ! $comment = get_comment ( $id ) )
die ( '0' );
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
if ( wp_set_comment_status ( $comment -> comment_ID , 'spam' ) )
die ( '1' );
else die ( '0' );
break ;
case 'delete-cat' :
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
if ( wp_delete_category ( $id ) )
die ( '1' );
else die ( '0' );
break ;
case 'delete-link' :
if ( ! current_user_can ( 'manage_links' ) )
die ( '-1' );
if ( wp_delete_link ( $id ) )
die ( '1' );
else die ( '0' );
break ;
case 'delete-meta' :
if ( ! $meta = get_post_meta_by_id ( $id ) )
die ( '0' );
if ( ! current_user_can ( 'edit_post' , $meta -> post_id ) )
die ( '-1' );
if ( delete_meta ( $meta -> meta_id ) )
die ( '1' );
die ( '0' );
break ;
case 'delete-post' :
if ( ! current_user_can ( 'delete_post' , $id ) )
die ( '-1' );
if ( wp_delete_post ( $id ) )
die ( '1' );
else die ( '0' );
break ;
case 'delete-page' :
if ( ! current_user_can ( 'delete_page' , $id ) )
die ( '-1' );
if ( wp_delete_post ( $id ) )
die ( '1' );
else die ( '0' );
break ;
case 'dim-comment' :
if ( ! $comment = get_comment ( $id ) )
die ( '0' );
if ( ! current_user_can ( 'edit_post' , $comment -> comment_post_ID ) )
die ( '-1' );
if ( ! current_user_can ( 'moderate_comments' ) )
die ( '-1' );
if ( 'unapproved' == wp_get_comment_status ( $comment -> comment_ID ) ) {
if ( wp_set_comment_status ( $comment -> comment_ID , 'approve' ) )
die ( '1' );
} else {
if ( wp_set_comment_status ( $comment -> comment_ID , 'hold' ) )
die ( '1' );
}
die ( '0' );
break ;
case 'add-category' : // On the Fly
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
$names = explode ( ',' , $_POST [ 'newcat' ]);
$r = " <?xml version='1.0' standalone='yes'?><ajaxresponse> " ;
foreach ( $names as $cat_name ) {
$cat_name = trim ( $cat_name );
if ( ! $category_nicename = sanitize_title ( $cat_name ) )
die ( '0' );
if ( ! $cat_id = category_exists ( $cat_name ) )
$cat_id = wp_create_category ( $cat_name );
$cat_name = wp_specialchars ( stripslashes ( $cat_name ));
$r .= " <category><id> $cat_id </id><newitem><![CDATA[ " ;
$r .= " <li id='category- $cat_id '><label for='in-category- $cat_id ' class='selectit'> " ;
$r .= " <input value=' $cat_id ' type='checkbox' checked='checked' name='post_category[]' id='in-category- $cat_id '/> $cat_name </label></li> " ;
$r .= " ]]></newitem></category> " ;
}
$r .= '</ajaxresponse>' ;
header ( 'Content-type: text/xml' );
die ( $r );
break ;
case 'add-cat' : // From Manage->Categories
if ( ! current_user_can ( 'manage_categories' ) )
die ( '-1' );
if ( ! $cat = wp_insert_category ( $_POST ) )
die ( '0' );
if ( ! $cat = get_category ( $cat ) )
die ( '0' );
2006-07-25 02:36:10 -04:00
$level = 0 ;
$cat_full_name = $cat -> cat_name ;
2006-03-28 20:51:55 -05:00
$_cat = $cat ;
while ( $_cat -> category_parent ) {
$_cat = get_category ( $_cat -> category_parent );
2006-07-25 02:36:10 -04:00
$cat_full_name = $_cat -> cat_name . ' — ' . $cat_full_name ;
$level ++ ;
2006-03-28 20:51:55 -05:00
}
2006-07-25 02:36:10 -04:00
$cat_full_name = wp_specialchars ( $cat_full_name , 1 );
2006-03-28 20:51:55 -05:00
$r = " <?xml version='1.0' standalone='yes'?><ajaxresponse> " ;
2006-09-02 18:05:37 -04:00
$r .= " <cat><id> $cat->cat_ID </id><name> $cat_full_name </name><newitem><![CDATA[ " ;
2006-07-25 02:36:10 -04:00
$r .= _cat_row ( $cat , $level , $cat_full_name );
2006-09-02 18:05:37 -04:00
$r .= " ]]></newitem></cat></ajaxresponse> " ;
2006-03-28 20:51:55 -05:00
header ( 'Content-type: text/xml' );
die ( $r );
break ;
case 'add-meta' :
if ( ! current_user_can ( 'edit_post' , $id ) )
die ( '-1' );
if ( $id < 0 ) {
2006-09-02 13:03:57 -04:00
if ( $pid = wp_insert_post () )
$mid = add_meta ( $pid );
2006-03-28 20:51:55 -05:00
else
die ( '0' );
2006-09-02 13:03:57 -04:00
} else if ( ! $mid = add_meta ( $id ) ) {
die ( '0' );
2006-03-28 20:51:55 -05:00
}
2006-09-02 13:03:57 -04:00
$meta = get_post_meta_by_id ( $mid );
$key = $meta -> meta_key ;
$value = $meta -> meta_value ;
$pid = ( int ) $meta -> post_id ;
2006-03-28 20:51:55 -05:00
$r = " <?xml version='1.0' standalone='yes'?><ajaxresponse> " ;
$r .= wp_ajax_echo_meta ( $pid , $mid , $key , $value );
$r .= '</ajaxresponse>' ;
header ( 'Content-type: text/xml' );
die ( $r );
break ;
case 'update-meta' :
$mid = ( int ) array_pop ( array_keys ( $_POST [ 'meta' ]));
$key = $_POST [ 'meta' ][ $mid ][ 'key' ];
$value = $_POST [ 'meta' ][ $mid ][ 'value' ];
if ( ! $meta = get_post_meta_by_id ( $mid ) )
die ( '0' );
if ( ! current_user_can ( 'edit_post' , $meta -> post_id ) )
die ( '-1' );
$r = " <?xml version='1.0' standalone='yes'?><ajaxresponse> " ;
if ( $u = update_meta ( $mid , $key , $value ) ) {
$key = stripslashes ( $key );
$value = stripslashes ( $value );
$r .= wp_ajax_echo_meta ( $meta -> post_id , $mid , $key , $value );
}
$r .= '</ajaxresponse>' ;
header ( 'Content-type: text/xml' );
die ( $r );
break ;
2006-04-01 19:31:26 -05:00
case 'add-user' :
if ( ! current_user_can ( 'edit_users' ) )
die ( '-1' );
2006-06-11 13:55:18 -04:00
require_once ( ABSPATH . WPINC . '/registration.php' );
2006-04-01 19:31:26 -05:00
$user_id = add_user ();
if ( is_wp_error ( $user_id ) ) {
2006-04-01 19:48:14 -05:00
foreach ( $user_id -> get_error_messages () as $message )
echo " $message <br /> " ;
2006-04-01 19:31:26 -05:00
exit ;
} elseif ( ! $user_id ) {
die ( '0' );
}
2006-09-02 18:05:37 -04:00
$r = " <?xml version='1.0' standalone='yes'?><ajaxresponse><user><id> $user_id </id><newitem><![CDATA[ " ;
2006-04-01 19:31:26 -05:00
$r .= user_row ( $user_id );
2006-09-02 18:05:37 -04:00
$r .= " ]]></newitem></user></ajaxresponse> " ;
2006-04-01 19:31:26 -05:00
header ( 'Content-type: text/xml' );
die ( $r );
break ;
2006-08-10 23:54:45 -04:00
case 'autosave' :
$_POST [ 'post_content' ] = $_POST [ 'content' ];
$_POST [ 'post_excerpt' ] = $_POST [ 'excerpt' ];
$_POST [ 'post_status' ] = 'draft' ;
$_POST [ 'post_category' ] = explode ( " , " , $_POST [ 'catslist' ]);
if ( $_POST [ 'post_type' ] == 'page' || empty ( $_POST [ 'post_category' ]))
unset ( $_POST [ 'post_category' ]);
if ( $_POST [ 'post_ID' ] < 0 ) {
$_POST [ 'temp_ID' ] = $_POST [ 'post_ID' ];
$id = wp_write_post ();
if ( is_wp_error ( $id ))
die ( $id -> get_error_message ());
else
die ( " $id " );
} else {
$post_ID = ( int ) $_POST [ 'post_ID' ];
$_POST [ 'ID' ] = $post_ID ;
$post = get_post ( $post_ID );
if ( 'page' == $post -> post_type ) {
if ( ! current_user_can ( 'edit_page' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this page.' ));
} else {
if ( ! current_user_can ( 'edit_post' , $post_ID ) )
die ( __ ( 'You are not allowed to edit this post.' ));
}
wp_update_post ( $_POST );
}
die ( '0' );
break ;
2006-08-11 14:50:28 -04:00
case 'autosave-generate-nonces' :
$ID = ( int ) $_POST [ 'post_ID' ];
if ( $_POST [ 'post_type' ] == 'post' ) {
if ( current_user_can ( 'edit_post' , $ID ))
die ( wp_create_nonce ( 'update-post_' . $ID ));
}
if ( $_POST [ 'post_type' ] == 'page' ) {
if ( current_user_can ( 'edit_page' , $ID )) {
die ( wp_create_nonce ( 'update-page_' . $ID ));
}
}
die ( $_POST [ 'post_type' ]);
break ;
2006-03-28 20:51:55 -05:00
default :
2006-07-25 15:01:52 -04:00
do_action ( 'wp_ajax_' . $_POST [ 'action' ] );
2006-03-28 20:51:55 -05:00
die ( '0' );
break ;
endswitch ;
?>