diff --git a/wp-admin/edit-form-ajax-cat.php b/wp-admin/edit-form-ajax-cat.php index 81388eb608..5debf95f9b 100644 --- a/wp-admin/edit-form-ajax-cat.php +++ b/wp-admin/edit-form-ajax-cat.php @@ -1,24 +1,24 @@ - + diff --git a/wp-admin/inline-uploading.php b/wp-admin/inline-uploading.php index 038f2bfa04..a88bcab8a2 100644 --- a/wp-admin/inline-uploading.php +++ b/wp-admin/inline-uploading.php @@ -1,451 +1,451 @@ - 4 / 3 ) - return array(128, (int) ($height / $width * 128)); - else - return array((int) ($width / $height * 96), 96); -} - -switch($action) { -case 'delete': - -wp_delete_object($object); - -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start"); -die; - -case 'save': - -$overrides = array('action'=>'save'); - -$file = wp_handle_upload($_FILES['image'], $overrides); - -if ( isset($file['error']) ) - die($file['error'] . 'Back to Image Uploading'); - -$url = $file['url']; -$file = $file['file']; -$filename = basename($file); - -// Construct the object array -$object = array( - 'post_title' => $imgtitle ? $imgtitle : $filename, - 'post_content' => $descr, - 'post_status' => 'object', - 'post_parent' => $post, - 'post_type' => $_FILES['image']['type'], - 'guid' => $url - ); - -// Save the data -$id = wp_attach_object($object, $post); - -// Generate the object's postmeta. -$imagesize = getimagesize($file); -$imagedata['width'] = $imagesize['0']; -$imagedata['height'] = $imagesize['1']; -list($uwidth, $uheight) = get_udims($imagedata['width'], $imagedata['height']); -$imagedata['hwstring_small'] = "height='$uheight' width='$uwidth'"; -$imagedata['file'] = $file; -$imagedata['thumb'] = "thumb-$filename"; - -add_post_meta($id, 'imagedata', $imagedata); - -if ( $imagedata['width'] * $imagedata['height'] < 3 * 1024 * 1024 ) { - if ( $imagedata['width'] > 128 && $imagedata['width'] >= $imagedata['height'] * 4 / 3 ) - $error = wp_create_thumbnail($file['file'], 128); - elseif ( $imagedata['height'] > 96 ) - $error = wp_create_thumbnail($file, 96); -} - -header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&last=true"); -die; - -case 'upload': - -$current_1 = ' class="current"'; -$back = $next = false; -break; - -case 'view': - -// How many images do we show? How many do we query? -$num = 5; -$double = $num * 2; - -if ( $post && empty($all) ) { - $and_post = "AND post_parent = '$post'"; - $current_2 = ' class="current"'; -} else { - $current_3 = ' class="current"'; -} - -if ( $last ) - $start = $wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'object' AND left(post_type, 5) = 'image' $and_post") - $num; -else - $start = (int) $start; - -if ( $start < 0 ) - $start = 0; - -if ( '' == $sort ) - $sort = "ID"; - -$images = $wpdb->get_results("SELECT ID, post_date, post_title, guid FROM $wpdb->posts WHERE post_status = 'object' AND left(post_type, 5) = 'image' $and_post ORDER BY $sort LIMIT $start, $double", ARRAY_A); - -if ( count($images) > $num ) { - $next = $start + count($images) - $num; -} else { - $next = false; -} - -if ( $start > 0 ) { - $back = $start - $num; - if ( $back < 1 ) - $back = '0'; -} else { - $back = false; -} - -$i = 0; -$uwidth_sum = 0; -$images_html = ''; -$images_style = ''; -$images_script = ''; -if ( count($images) > 0 ) { - $images = array_slice( $images, 0, $num ); - $__delete = __('DELETE'); - $__subpost_on = __('SUBPOST ON'); - $__subpost_off = __('SUBPOST OFF'); - $__thumbnail_on = __('THUMBNAIL ON'); - $__thumbnail_off = __('THUMBNAIL OFF'); - $__no_thumbnail = __('THUMBNAIL'); - $__close = __('CLOSE'); - $__confirmdelete = __('Delete this photo from the server?'); - $__nothumb = __('There is no thumbnail associated with this photo.'); - $images_script .= "subposton = '$__subpost_on';\nsubpostoff = '$__subpost_off';\n"; - $images_script .= "thumbnailon = '$__thumbnail_on';\nthumbnailoff = '$__thumbnail_off';\n"; - foreach ( $images as $key => $image ) { - $meta = get_post_meta($image['ID'], 'imagedata', true); - if (!is_array($meta)) { - wp_delete_object($image['ID']); - continue; - } - $image = array_merge($image, $meta); - if ( ($image['width'] > 128 || $image['height'] > 96) && !empty($image['thumb']) && file_exists(dirname($image['file']).'/'.$image['thumb']) ) { - $src = str_replace(basename($image['guid']), '', $image['guid']) . $image['thumb']; - $images_script .= "src".$i."a = '$src';\nsrc".$i."b = '".$image['guid']."';\n"; - $thumb = 'true'; - $thumbtext = $__thumbnail_on; - } else { - $src = $image['guid']; - $thumb = 'false'; - $thumbtext = $__no_thumbnail; - } - list($image['uwidth'], $image['uheight']) = get_udims($image['width'], $image['height']); - $height_width = 'height="'.$image['uheight'].'" width="'.$image['uwidth'].'"'; - $uwidth_sum += 128; - $xpadding = (128 - $image['uwidth']) / 2; - $ypadding = (96 - $image['uheight']) / 2; - $object = $image['ID']; - $images_style .= "#target$i img { padding: {$ypadding}px {$xpadding}px; }\n"; - $href = get_subpost_link($object); - $images_script .= "href".$i."a = '$href';\nhref".$i."b = '{$image['guid']}';\n"; - $images_html .= " -
- - - {$image[ - -
-"; - $i++; - } -} - -$images_width = $uwidth_sum + ( count($images) * 5 ) + 30; - -break; - -default: -die('This script was not meant to be called directly.'); -} - -?> - - - - - - - - - - - - -
-
- -
-
- -
-
- - - - - - -
- - -
-
- - - - - - + 4 / 3 ) + return array(128, (int) ($height / $width * 128)); + else + return array((int) ($width / $height * 96), 96); +} + +switch($action) { +case 'delete': + +wp_delete_object($object); + +header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&start=$start"); +die; + +case 'save': + +$overrides = array('action'=>'save'); + +$file = wp_handle_upload($_FILES['image'], $overrides); + +if ( isset($file['error']) ) + die($file['error'] . 'Back to Image Uploading'); + +$url = $file['url']; +$file = $file['file']; +$filename = basename($file); + +// Construct the object array +$object = array( + 'post_title' => $imgtitle ? $imgtitle : $filename, + 'post_content' => $descr, + 'post_status' => 'object', + 'post_parent' => $post, + 'post_type' => $_FILES['image']['type'], + 'guid' => $url + ); + +// Save the data +$id = wp_attach_object($object, $post); + +// Generate the object's postmeta. +$imagesize = getimagesize($file); +$imagedata['width'] = $imagesize['0']; +$imagedata['height'] = $imagesize['1']; +list($uwidth, $uheight) = get_udims($imagedata['width'], $imagedata['height']); +$imagedata['hwstring_small'] = "height='$uheight' width='$uwidth'"; +$imagedata['file'] = $file; +$imagedata['thumb'] = "thumb-$filename"; + +add_post_meta($id, 'imagedata', $imagedata); + +if ( $imagedata['width'] * $imagedata['height'] < 3 * 1024 * 1024 ) { + if ( $imagedata['width'] > 128 && $imagedata['width'] >= $imagedata['height'] * 4 / 3 ) + $error = wp_create_thumbnail($file['file'], 128); + elseif ( $imagedata['height'] > 96 ) + $error = wp_create_thumbnail($file, 96); +} + +header("Location: ".basename(__FILE__)."?post=$post&all=$all&action=view&last=true"); +die; + +case 'upload': + +$current_1 = ' class="current"'; +$back = $next = false; +break; + +case 'view': + +// How many images do we show? How many do we query? +$num = 5; +$double = $num * 2; + +if ( $post && empty($all) ) { + $and_post = "AND post_parent = '$post'"; + $current_2 = ' class="current"'; +} else { + $current_3 = ' class="current"'; +} + +if ( $last ) + $start = $wpdb->get_var("SELECT count(ID) FROM $wpdb->posts WHERE post_status = 'object' AND left(post_type, 5) = 'image' $and_post") - $num; +else + $start = (int) $start; + +if ( $start < 0 ) + $start = 0; + +if ( '' == $sort ) + $sort = "ID"; + +$images = $wpdb->get_results("SELECT ID, post_date, post_title, guid FROM $wpdb->posts WHERE post_status = 'object' AND left(post_type, 5) = 'image' $and_post ORDER BY $sort LIMIT $start, $double", ARRAY_A); + +if ( count($images) > $num ) { + $next = $start + count($images) - $num; +} else { + $next = false; +} + +if ( $start > 0 ) { + $back = $start - $num; + if ( $back < 1 ) + $back = '0'; +} else { + $back = false; +} + +$i = 0; +$uwidth_sum = 0; +$images_html = ''; +$images_style = ''; +$images_script = ''; +if ( count($images) > 0 ) { + $images = array_slice( $images, 0, $num ); + $__delete = __('DELETE'); + $__subpost_on = __('SUBPOST ON'); + $__subpost_off = __('SUBPOST OFF'); + $__thumbnail_on = __('THUMBNAIL ON'); + $__thumbnail_off = __('THUMBNAIL OFF'); + $__no_thumbnail = __('THUMBNAIL'); + $__close = __('CLOSE'); + $__confirmdelete = __('Delete this photo from the server?'); + $__nothumb = __('There is no thumbnail associated with this photo.'); + $images_script .= "subposton = '$__subpost_on';\nsubpostoff = '$__subpost_off';\n"; + $images_script .= "thumbnailon = '$__thumbnail_on';\nthumbnailoff = '$__thumbnail_off';\n"; + foreach ( $images as $key => $image ) { + $meta = get_post_meta($image['ID'], 'imagedata', true); + if (!is_array($meta)) { + wp_delete_object($image['ID']); + continue; + } + $image = array_merge($image, $meta); + if ( ($image['width'] > 128 || $image['height'] > 96) && !empty($image['thumb']) && file_exists(dirname($image['file']).'/'.$image['thumb']) ) { + $src = str_replace(basename($image['guid']), '', $image['guid']) . $image['thumb']; + $images_script .= "src".$i."a = '$src';\nsrc".$i."b = '".$image['guid']."';\n"; + $thumb = 'true'; + $thumbtext = $__thumbnail_on; + } else { + $src = $image['guid']; + $thumb = 'false'; + $thumbtext = $__no_thumbnail; + } + list($image['uwidth'], $image['uheight']) = get_udims($image['width'], $image['height']); + $height_width = 'height="'.$image['uheight'].'" width="'.$image['uwidth'].'"'; + $uwidth_sum += 128; + $xpadding = (128 - $image['uwidth']) / 2; + $ypadding = (96 - $image['uheight']) / 2; + $object = $image['ID']; + $images_style .= "#target$i img { padding: {$ypadding}px {$xpadding}px; }\n"; + $href = get_subpost_link($object); + $images_script .= "href".$i."a = '$href';\nhref".$i."b = '{$image['guid']}';\n"; + $images_html .= " +
+ + + {$image[ + +
+"; + $i++; + } +} + +$images_width = $uwidth_sum + ( count($images) * 5 ) + 30; + +break; + +default: +die('This script was not meant to be called directly.'); +} + +?> + + + + + + + + + + + + +
+
+ +
+
+ +
+
+ + + + + + +
+ + +
+
+ + + + + + diff --git a/wp-admin/list-manipulation.js b/wp-admin/list-manipulation.js index 3d34ab7389..38cc60247c 100644 --- a/wp-admin/list-manipulation.js +++ b/wp-admin/list-manipulation.js @@ -1,96 +1,96 @@ -var listItems; -var reg_color = '#FFFFFF'; -var alt_color = '#F1F1F1'; - -addLoadEvent(getListItems); - -function deleteSomething( what, id, message ) { - what.replace('-', ' '); - if (!message) message = 'Are you sure you want to delete this ' + what + '?'; - if ( confirm(message) ) { - return ajaxDelete( what.replace(' ', '-'), id ); - } else { - return false; - } -} - -function getResponseElement() { - var p = document.getElementById('ajax-response-p'); - if (!p) { - p = document.createElement('p'); - p.id = 'ajax-response-p'; - document.getElementById('ajax-response').appendChild(p); - return p; - } -} - -function ajaxDelete(what, id) { - ajaxDel = new sack('list-manipulation.php'); - if ( ajaxDel.failed ) return true; - ajaxDel.myResponseElement = getResponseElement(); - ajaxDel.method = 'POST'; - ajaxDel.onLoading = function() { ajaxDel.myResponseElement.innerHTML = 'Sending Data...'; }; - ajaxDel.onLoaded = function() { ajaxDel.myResponseElement.innerHTML = 'Data Sent...'; }; - ajaxDel.onInteractive = function() { ajaxDel.myResponseElement.innerHTML = 'Processing Data...'; }; - ajaxDel.onCompletion = function() { removeThisItem( what + '-' + id ); }; - ajaxDel.runAJAX('action=delete-' + what + '&id=' + id); - return false; -} - -function removeThisItem(id) { - var response = ajaxDel.response; - if ( isNaN(response) ) { alert(response); } - response = parseInt(response, 10); - if ( -1 == response ) { ajaxDel.myResponseElement.innerHTML = "You don't have permission to do that."; } - else if ( 0 == response ) { ajaxDel.myResponseElement.interHTML = "Something odd happened. Try refreshing the page? Either that or what you tried to delete never existed in the first place."; } - else if ( 1 == response ) { - theItem = document.getElementById(id); - Fat.fade_element(id,null,700,'#FF3333'); - setTimeout('theItem.parentNode.removeChild(theItem)', 705); - var pos = getListPos(id); - listItems.splice(pos,1); - recolorList(pos); - ajaxDel.myResponseElement.parentNode.removeChild(ajaxDel.myResponseElement); - - } -} - -function getListPos(id) { - for (var i = 0; i < listItems.length; i++) { - if (id == listItems[i]) { - var pos = i; - break; - } - } - return pos; -} - -function getListItems() { - if (list) return; - listItems = new Array(); - var extra = false; - var list = document.getElementById('the-list'); - if (!list) { var list = document.getElementById('the-list-x'); extra = true; } - if (list) { - var items = list.getElementsByTagName('tr'); - if (!items[0]) { items = list.getElementsByTagName('li'); } - for (var i=0; iquery("DELETE FROM $wpdb->links WHERE link_id = '$id'") ) - die('1'); - else die('0'); - break; -case 'delete-post' : -case 'delete-page' : - $id = (int) $_POST['id']; - if ( !current_user_can('edit_post', $post_id) ) - die('-1'); - - if ( wp_delete_post($id) ) - die('1'); - else die('0'); - break; -case 'delete-cat' : - if ( !current_user_can('manage_categories') ) - die ('-1'); - - $id = (int) $_POST['id']; - $cat_name = get_catname($cat_ID); - - if ( wp_delete_category($id) ) - die('1'); - else die('0'); - break; -case 'delete-comment' : - $id = (int) $_POST['id']; - - if ( !$comment = get_comment($id) ) - die('0'); - if ( !current_user_can('edit_post', $comment->comment_post_ID) ) - die('-1'); - - if ( wp_set_comment_status($comment->comment_ID, "delete") ) { - do_action('delete_comment', $comment->comment_ID); - die('1'); - } else { - die('0'); - } - break; -case 'delete-link-category' : - $id = (int) $_POST['id']; - if ( 1 == $id ) - die('0'); - if ( !current_user_can('manage_links') ) - die('-1'); - - if ( $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$id'") ) { - $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$id'"); - die('1'); - } else { - die('0'); - } - break; -endswitch; -?> +query("DELETE FROM $wpdb->links WHERE link_id = '$id'") ) + die('1'); + else die('0'); + break; +case 'delete-post' : +case 'delete-page' : + $id = (int) $_POST['id']; + if ( !current_user_can('edit_post', $post_id) ) + die('-1'); + + if ( wp_delete_post($id) ) + die('1'); + else die('0'); + break; +case 'delete-cat' : + if ( !current_user_can('manage_categories') ) + die ('-1'); + + $id = (int) $_POST['id']; + $cat_name = get_catname($cat_ID); + + if ( wp_delete_category($id) ) + die('1'); + else die('0'); + break; +case 'delete-comment' : + $id = (int) $_POST['id']; + + if ( !$comment = get_comment($id) ) + die('0'); + if ( !current_user_can('edit_post', $comment->comment_post_ID) ) + die('-1'); + + if ( wp_set_comment_status($comment->comment_ID, "delete") ) { + do_action('delete_comment', $comment->comment_ID); + die('1'); + } else { + die('0'); + } + break; +case 'delete-link-category' : + $id = (int) $_POST['id']; + if ( 1 == $id ) + die('0'); + if ( !current_user_can('manage_links') ) + die('-1'); + + if ( $wpdb->query("DELETE FROM $wpdb->linkcategories WHERE cat_id='$id'") ) { + $wpdb->query("UPDATE $wpdb->links SET link_category=1 WHERE link_category='$id'"); + die('1'); + } else { + die('0'); + } + break; +endswitch; +?> diff --git a/wp-admin/users.php b/wp-admin/users.php index 4c2af57236..7118079d83 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -6,6 +6,7 @@ $title = __('Users'); $parent_file = 'profile.php'; $action = $_REQUEST['action']; +$update = ''; switch ($action) { @@ -19,13 +20,20 @@ case 'promote': if ( !current_user_can('edit_users') ) die(__('You can’t edit users.')); - $userids = $_POST['users']; - foreach($userids as $id) { - $user = new WP_User($id); - $user->set_role($_POST['new_role']); - } + $userids = $_POST['users']; + $update = 'promote'; + foreach($userids as $id) { + // The new role of the current user must also have edit_users caps + if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { + $update = 'err_admin_role'; + continue; + } + + $user = new WP_User($id); + $user->set_role($_POST['new_role']); + } - header('Location: users.php?update=promote'); + header('Location: users.php?update=' . $update); break; @@ -33,7 +41,7 @@ case 'dodelete': check_admin_referer(); - if (empty($_POST['users'])) { + if ( empty($_POST['users']) ) { header('Location: users.php'); } @@ -42,8 +50,13 @@ case 'dodelete': $userids = $_POST['users']; - foreach($userids as $id) { - switch($_POST['delete_option']) { + $update = 'del'; + foreach ($userids as $id) { + if($id == $current_user->id) { + $update = 'err_admin_del'; + continue; + } + switch($_POST['delete_option']) { case 'delete': wp_delete_user($id); break; @@ -53,7 +66,7 @@ case 'dodelete': } } - header('Location: users.php?update=del'); + header('Location: users.php?update=' . $update); break; @@ -74,26 +87,32 @@ case 'delete': ?>
-

-

-
    - "; - echo "{$id}: {$user->data->user_login}\n"; - } - $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); - $user_dropdown = '" . sprintf('ID #%1s: %2s', $id, $user->data->user_login) . "\n"; + $go_delete = true; } - } - $user_dropdown .= ''; - ?> -
-

+ } + $all_logins = $wpdb->get_results("SELECT ID, user_login FROM $wpdb->users ORDER BY user_login"); + $user_dropdown = ''; + ?> + + +

    • @@ -102,6 +121,9 @@ case 'delete':

+ +

+

+

+

+ +

+

+