cap->create_posts ) ) wp_die( __( 'Cheatin’ uh?' ) ); /** * Press It form handler. * * @package WordPress * @subpackage Press_This * @since 2.6.0 * * @return int Post ID */ function press_it() { $post = get_default_post_to_edit(); $post = get_object_vars($post); $post_ID = $post['ID'] = (int) $_POST['post_id']; if ( !current_user_can('edit_post', $post_ID) ) wp_die(__('You are not allowed to edit this post.')); $post['post_category'] = isset($_POST['post_category']) ? $_POST['post_category'] : ''; $post['tax_input'] = isset($_POST['tax_input']) ? $_POST['tax_input'] : ''; $post['post_title'] = isset($_POST['title']) ? $_POST['title'] : ''; $content = isset($_POST['content']) ? $_POST['content'] : ''; $upload = false; if ( !empty($_POST['photo_src']) && current_user_can('upload_files') ) { foreach( (array) $_POST['photo_src'] as $key => $image) { // see if files exist in content - we don't want to upload non-used selected files. if ( strpos($_POST['content'], htmlspecialchars($image)) !== false ) { $desc = isset($_POST['photo_description'][$key]) ? $_POST['photo_description'][$key] : ''; $upload = media_sideload_image($image, $post_ID, $desc); // Replace the POSTED content with correct uploaded ones. Regex contains fix for Magic Quotes if ( !is_wp_error($upload) ) $content = preg_replace('/]*)src=\\\?(\"|\')'.preg_quote(htmlspecialchars($image), '/').'\\\?(\2)([^>\/]*)\/*>/is', $upload, $content); } } } // set the post_content and status $post['post_content'] = $content; if ( isset( $_POST['publish'] ) && current_user_can( 'publish_posts' ) ) $post['post_status'] = 'publish'; elseif ( isset( $_POST['review'] ) ) $post['post_status'] = 'pending'; else $post['post_status'] = 'draft'; // error handling for media_sideload if ( is_wp_error($upload) ) { wp_delete_post($post_ID); wp_die( esc_html( $upload->get_error_message() ) ); } else { // Post formats if ( isset( $_POST['post_format'] ) ) { if ( current_theme_supports( 'post-formats', $_POST['post_format'] ) ) set_post_format( $post_ID, $_POST['post_format'] ); elseif ( '0' == $_POST['post_format'] ) set_post_format( $post_ID, false ); } $post_ID = wp_update_post($post); } return $post_ID; } // For submitted posts. if ( isset($_REQUEST['action']) && 'post' == $_REQUEST['action'] ) { check_admin_referer('press-this'); $posted = $post_ID = press_it(); } else { $post = get_default_post_to_edit('post', true); $post_ID = $post->ID; } // Set Variables $title = isset( $_GET['t'] ) ? trim( strip_tags( html_entity_decode( wp_unslash( $_GET['t'] ) , ENT_QUOTES) ) ) : ''; $selection = ''; if ( !empty($_GET['s']) ) { $selection = str_replace(''', "'", wp_unslash($_GET['s'])); $selection = trim( htmlspecialchars( html_entity_decode($selection, ENT_QUOTES) ) ); } if ( ! empty($selection) ) { $selection = preg_replace('/(\r?\n|\r)/', '
', $selection); $selection = '
' . str_replace('
', '', $selection) . ''; } $url = isset($_GET['u']) ? esc_url($_GET['u']) : ''; $image = isset($_GET['i']) ? $_GET['i'] : ''; if ( !empty($_REQUEST['ajax']) ) { switch ($_REQUEST['ajax']) { case 'video': ?>