| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 <?php 2 /** 3 * WordPress Post Administration API. 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9 /** 10 * Renames `$_POST` data from form names to DB post columns. 11 * 12 * Manipulates `$_POST` directly. 13 * 14 * @since 2.6.0 15 * 16 * @param bool $update Whether the post already exists. 17 * @param array|null $post_data Optional. The array of post data to process. 18 * Defaults to the `$_POST` superglobal. 19 * @return array|WP_Error Array of post data on success, WP_Error on failure. 20 */ 21 function _wp_translate_postdata( $update = false, $post_data = null ) { 22 23 if ( empty( $post_data ) ) { 24 $post_data = &$_POST; 25 } 26 27 if ( $update ) { 28 $post_data['ID'] = (int) $post_data['post_ID']; 29 } 30 31 $ptype = get_post_type_object( $post_data['post_type'] ); 32 33 if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) { 34 if ( 'page' === $post_data['post_type'] ) { 35 return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) ); 36 } else { 37 return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) ); 38 } 39 } elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) { 40 if ( 'page' === $post_data['post_type'] ) { 41 return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) ); 42 } else { 43 return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) ); 44 } 45 } 46 47 if ( isset( $post_data['content'] ) ) { 48 $post_data['post_content'] = $post_data['content']; 49 } 50 51 if ( isset( $post_data['excerpt'] ) ) { 52 $post_data['post_excerpt'] = $post_data['excerpt']; 53 } 54 55 if ( isset( $post_data['parent_id'] ) ) { 56 $post_data['post_parent'] = (int) $post_data['parent_id']; 57 } 58 59 if ( isset( $post_data['trackback_url'] ) ) { 60 $post_data['to_ping'] = $post_data['trackback_url']; 61 } 62 63 $post_data['user_ID'] = get_current_user_id(); 64 65 if ( ! empty( $post_data['post_author_override'] ) ) { 66 $post_data['post_author'] = (int) $post_data['post_author_override']; 67 } else { 68 if ( ! empty( $post_data['post_author'] ) ) { 69 $post_data['post_author'] = (int) $post_data['post_author']; 70 } else { 71 $post_data['post_author'] = (int) $post_data['user_ID']; 72 } 73 } 74 75 if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] !== $post_data['user_ID'] ) 76 && ! current_user_can( $ptype->cap->edit_others_posts ) ) { 77 78 if ( $update ) { 79 if ( 'page' === $post_data['post_type'] ) { 80 return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) ); 81 } else { 82 return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) ); 83 } 84 } else { 85 if ( 'page' === $post_data['post_type'] ) { 86 return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) ); 87 } else { 88 return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) ); 89 } 90 } 91 } 92 93 if ( ! empty( $post_data['post_status'] ) ) { 94 $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); 95 96 // No longer an auto-draft. 97 if ( 'auto-draft' === $post_data['post_status'] ) { 98 $post_data['post_status'] = 'draft'; 99 } 100 101 if ( ! get_post_status_object( $post_data['post_status'] ) ) { 102 unset( $post_data['post_status'] ); 103 } 104 } 105 106 // What to do based on which button they pressed. 107 if ( isset( $post_data['saveasdraft'] ) && '' !== $post_data['saveasdraft'] ) { 108 $post_data['post_status'] = 'draft'; 109 } 110 if ( isset( $post_data['saveasprivate'] ) && '' !== $post_data['saveasprivate'] ) { 111 $post_data['post_status'] = 'private'; 112 } 113 if ( isset( $post_data['publish'] ) && ( '' !== $post_data['publish'] ) 114 && ( ! isset( $post_data['post_status'] ) || 'private' !== $post_data['post_status'] ) 115 ) { 116 $post_data['post_status'] = 'publish'; 117 } 118 if ( isset( $post_data['advanced'] ) && '' !== $post_data['advanced'] ) { 119 $post_data['post_status'] = 'draft'; 120 } 121 if ( isset( $post_data['pending'] ) && '' !== $post_data['pending'] ) { 122 $post_data['post_status'] = 'pending'; 123 } 124 125 if ( isset( $post_data['ID'] ) ) { 126 $post_id = $post_data['ID']; 127 } else { 128 $post_id = false; 129 } 130 $previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false; 131 132 if ( isset( $post_data['post_status'] ) && 'private' === $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) { 133 $post_data['post_status'] = $previous_status ? $previous_status : 'pending'; 134 } 135 136 $published_statuses = array( 'publish', 'future' ); 137 138 /* 139 * Posts 'submitted for approval' are submitted to $_POST the same as if they were being published. 140 * Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts. 141 */ 142 if ( isset( $post_data['post_status'] ) 143 && ( in_array( $post_data['post_status'], $published_statuses, true ) 144 && ! current_user_can( $ptype->cap->publish_posts ) ) 145 ) { 146 if ( ! in_array( $previous_status, $published_statuses, true ) || ! current_user_can( 'edit_post', $post_id ) ) { 147 $post_data['post_status'] = 'pending'; 148 } 149 } 150 151 if ( ! isset( $post_data['post_status'] ) ) { 152 $post_data['post_status'] = 'auto-draft' === $previous_status ? 'draft' : $previous_status; 153 } 154 155 if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) { 156 unset( $post_data['post_password'] ); 157 } 158 159 if ( ! isset( $post_data['comment_status'] ) ) { 160 $post_data['comment_status'] = 'closed'; 161 } 162 163 if ( ! isset( $post_data['ping_status'] ) ) { 164 $post_data['ping_status'] = 'closed'; 165 } 166 167 foreach ( array( 'aa', 'mm', 'jj', 'hh', 'mn' ) as $timeunit ) { 168 if ( ! empty( $post_data[ 'hidden_' . $timeunit ] ) && $post_data[ 'hidden_' . $timeunit ] !== $post_data[ $timeunit ] ) { 169 $post_data['edit_date'] = '1'; 170 break; 171 } 172 } 173 174 if ( ! empty( $post_data['edit_date'] ) ) { 175 $aa = $post_data['aa']; 176 $mm = $post_data['mm']; 177 $jj = $post_data['jj']; 178 $hh = $post_data['hh']; 179 $mn = $post_data['mn']; 180 $ss = $post_data['ss']; 181 $aa = ( $aa <= 0 ) ? gmdate( 'Y' ) : $aa; 182 $mm = ( $mm <= 0 ) ? gmdate( 'n' ) : $mm; 183 $jj = ( $jj > 31 ) ? 31 : $jj; 184 $jj = ( $jj <= 0 ) ? gmdate( 'j' ) : $jj; 185 $hh = ( $hh > 23 ) ? $hh - 24 : $hh; 186 $mn = ( $mn > 59 ) ? $mn - 60 : $mn; 187 $ss = ( $ss > 59 ) ? $ss - 60 : $ss; 188 189 $post_data['post_date'] = sprintf( '%04d-%02d-%02d %02d:%02d:%02d', $aa, $mm, $jj, $hh, $mn, $ss ); 190 191 $valid_date = wp_checkdate( $mm, $jj, $aa, $post_data['post_date'] ); 192 if ( ! $valid_date ) { 193 return new WP_Error( 'invalid_date', __( 'Invalid date.' ) ); 194 } 195 196 /* 197 * Only assign a post date if the user has explicitly set a new value. 198 * See #59125 and #19907. 199 */ 200 $previous_date = $post_id ? get_post_field( 'post_date', $post_id ) : false; 201 if ( $previous_date && $previous_date !== $post_data['post_date'] ) { 202 $post_data['edit_date'] = true; 203 $post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] ); 204 } else { 205 $post_data['edit_date'] = false; 206 unset( $post_data['post_date'] ); 207 unset( $post_data['post_date_gmt'] ); 208 } 209 } 210 211 if ( isset( $post_data['post_category'] ) ) { 212 $category_object = get_taxonomy( 'category' ); 213 if ( ! current_user_can( $category_object->cap->assign_terms ) ) { 214 unset( $post_data['post_category'] ); 215 } 216 } 217 218 return $post_data; 219 } 220 221 /** 222 * Returns only allowed post data fields. 223 * 224 * @since 5.0.1 225 * 226 * @param array|WP_Error|null $post_data The array of post data to process, or an error object. 227 * Defaults to the `$_POST` superglobal. 228 * @return array|WP_Error Array of post data on success, WP_Error on failure. 229 */ 230 function _wp_get_allowed_postdata( $post_data = null ) { 231 if ( empty( $post_data ) ) { 232 $post_data = $_POST; 233 } 234 235 // Pass through errors. 236 if ( is_wp_error( $post_data ) ) { 237 return $post_data; 238 } 239 240 return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) ); 241 } 242 243 /** 244 * Updates an existing post with values provided in `$_POST`. 245 * 246 * If post data is passed as an argument, it is treated as an array of data 247 * keyed appropriately for turning into a post object. 248 * 249 * If post data is not passed, the `$_POST` global variable is used instead. 250 * 251 * @since 1.5.0 252 * 253 * @global wpdb $wpdb WordPress database abstraction object. 254 * 255 * @param array|null $post_data Optional. The array of post data to process. 256 * Defaults to the `$_POST` superglobal. 257 * @return int Post ID. 258 */ 259 function edit_post( $post_data = null ) { 260 global $wpdb; 261 262 if ( empty( $post_data ) ) { 263 $post_data = &$_POST; 264 } 265 266 // Clear out any data in internal vars. 267 unset( $post_data['filter'] ); 268 269 $post_id = (int) $post_data['post_ID']; 270 $post = get_post( $post_id ); 271 272 $post_data['post_type'] = $post->post_type; 273 $post_data['post_mime_type'] = $post->post_mime_type; 274 275 if ( ! empty( $post_data['post_status'] ) ) { 276 $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); 277 278 if ( 'inherit' === $post_data['post_status'] ) { 279 unset( $post_data['post_status'] ); 280 } 281 } 282 283 $ptype = get_post_type_object( $post_data['post_type'] ); 284 if ( ! current_user_can( 'edit_post', $post_id ) ) { 285 if ( 'page' === $post_data['post_type'] ) { 286 wp_die( __( 'Sorry, you are not allowed to edit this page.' ) ); 287 } else { 288 wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); 289 } 290 } 291 292 if ( post_type_supports( $ptype->name, 'revisions' ) ) { 293 $revisions = wp_get_post_revisions( 294 $post_id, 295 array( 296 'order' => 'ASC', 297 'posts_per_page' => 1, 298 ) 299 ); 300 $revision = current( $revisions ); 301 302 // Check if the revisions have been upgraded. 303 if ( $revisions && _wp_get_post_revision_version( $revision ) < 1 ) { 304 _wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_id ) ); 305 } 306 } 307 308 if ( isset( $post_data['visibility'] ) ) { 309 switch ( $post_data['visibility'] ) { 310 case 'public': 311 $post_data['post_password'] = ''; 312 break; 313 case 'password': 314 unset( $post_data['sticky'] ); 315 break; 316 case 'private': 317 $post_data['post_status'] = 'private'; 318 $post_data['post_password'] = ''; 319 unset( $post_data['sticky'] ); 320 break; 321 } 322 } 323 324 $post_data = _wp_translate_postdata( true, $post_data ); 325 if ( is_wp_error( $post_data ) ) { 326 wp_die( $post_data->get_error_message() ); 327 } 328 $translated = _wp_get_allowed_postdata( $post_data ); 329 330 // Post formats. 331 if ( isset( $post_data['post_format'] ) ) { 332 set_post_format( $post_id, $post_data['post_format'] ); 333 } 334 335 $format_meta_urls = array( 'url', 'link_url', 'quote_source_url' ); 336 foreach ( $format_meta_urls as $format_meta_url ) { 337 $keyed = '_format_' . $format_meta_url; 338 if ( isset( $post_data[ $keyed ] ) ) { 339 update_post_meta( $post_id, $keyed, wp_slash( sanitize_url( wp_unslash( $post_data[ $keyed ] ) ) ) ); 340 } 341 } 342 343 $format_keys = array( 'quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed' ); 344 345 foreach ( $format_keys as $key ) { 346 $keyed = '_format_' . $key; 347 if ( isset( $post_data[ $keyed ] ) ) { 348 if ( current_user_can( 'unfiltered_html' ) ) { 349 update_post_meta( $post_id, $keyed, $post_data[ $keyed ] ); 350 } else { 351 update_post_meta( $post_id, $keyed, wp_filter_post_kses( $post_data[ $keyed ] ) ); 352 } 353 } 354 } 355 356 if ( 'attachment' === $post_data['post_type'] && preg_match( '#^(audio|video)/#', $post_data['post_mime_type'] ) ) { 357 $id3data = wp_get_attachment_metadata( $post_id ); 358 if ( ! is_array( $id3data ) ) { 359 $id3data = array(); 360 } 361 362 foreach ( wp_get_attachment_id3_keys( $post, 'edit' ) as $key => $label ) { 363 if ( isset( $post_data[ 'id3_' . $key ] ) ) { 364 $id3data[ $key ] = sanitize_text_field( wp_unslash( $post_data[ 'id3_' . $key ] ) ); 365 } 366 } 367 wp_update_attachment_metadata( $post_id, $id3data ); 368 } 369 370 // Meta stuff. 371 if ( isset( $post_data['meta'] ) && $post_data['meta'] ) { 372 foreach ( $post_data['meta'] as $key => $value ) { 373 $meta = get_post_meta_by_id( $key ); 374 if ( ! $meta ) { 375 continue; 376 } 377 378 if ( (int) $meta->post_id !== $post_id ) { 379 continue; 380 } 381 382 if ( is_protected_meta( $meta->meta_key, 'post' ) 383 || ! current_user_can( 'edit_post_meta', $post_id, $meta->meta_key ) 384 ) { 385 continue; 386 } 387 388 if ( is_protected_meta( $value['key'], 'post' ) 389 || ! current_user_can( 'edit_post_meta', $post_id, $value['key'] ) 390 ) { 391 continue; 392 } 393 394 update_meta( $key, $value['key'], $value['value'] ); 395 } 396 } 397 398 if ( isset( $post_data['deletemeta'] ) && $post_data['deletemeta'] ) { 399 foreach ( $post_data['deletemeta'] as $key => $value ) { 400 $meta = get_post_meta_by_id( $key ); 401 if ( ! $meta ) { 402 continue; 403 } 404 405 if ( (int) $meta->post_id !== $post_id ) { 406 continue; 407 } 408 409 if ( is_protected_meta( $meta->meta_key, 'post' ) 410 || ! current_user_can( 'delete_post_meta', $post_id, $meta->meta_key ) 411 ) { 412 continue; 413 } 414 415 delete_meta( $key ); 416 } 417 } 418 419 // Attachment stuff. 420 if ( 'attachment' === $post_data['post_type'] ) { 421 if ( isset( $post_data['_wp_attachment_image_alt'] ) ) { 422 $image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] ); 423 424 if ( get_post_meta( $post_id, '_wp_attachment_image_alt', true ) !== $image_alt ) { 425 $image_alt = wp_strip_all_tags( $image_alt, true ); 426 427 // update_post_meta() expects slashed. 428 update_post_meta( $post_id, '_wp_attachment_image_alt', wp_slash( $image_alt ) ); 429 } 430 } 431 432 $attachment_data = isset( $post_data['attachments'][ $post_id ] ) ? $post_data['attachments'][ $post_id ] : array(); 433 434 /** This filter is documented in wp-admin/includes/media.php */ 435 $translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data ); 436 } 437 438 // Convert taxonomy input to term IDs, to avoid ambiguity. 439 if ( isset( $post_data['tax_input'] ) ) { 440 foreach ( (array) $post_data['tax_input'] as $taxonomy => $terms ) { 441 $tax_object = get_taxonomy( $taxonomy ); 442 443 if ( $tax_object && isset( $tax_object->meta_box_sanitize_cb ) ) { 444 $translated['tax_input'][ $taxonomy ] = call_user_func_array( $tax_object->meta_box_sanitize_cb, array( $taxonomy, $terms ) ); 445 } 446 } 447 } 448 449 add_meta( $post_id ); 450 451 update_post_meta( $post_id, '_edit_last', get_current_user_id() ); 452 453 $success = wp_update_post( $translated ); 454 455 // If the save failed, see if we can confidence check the main fields and try again. 456 if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) { 457 $fields = array( 'post_title', 'post_content', 'post_excerpt' ); 458 459 foreach ( $fields as $field ) { 460 if ( isset( $translated[ $field ] ) ) { 461 $translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] ); 462 } 463 } 464 465 wp_update_post( $translated ); 466 } 467 468 // Now that we have an ID we can fix any attachment anchor hrefs. 469 _fix_attachment_links( $post_id ); 470 471 wp_set_post_lock( $post_id ); 472 473 if ( current_user_can( $ptype->cap->edit_others_posts ) && current_user_can( $ptype->cap->publish_posts ) ) { 474 if ( ! empty( $post_data['sticky'] ) ) { 475 stick_post( $post_id ); 476 } else { 477 unstick_post( $post_id ); 478 } 479 } 480 481 return $post_id; 482 } 483 484 /** 485 * Processes the post data for the bulk editing of posts. 486 * 487 * Updates all bulk edited posts/pages, adding (but not removing) tags and 488 * categories. Skips pages when they would be their own parent or child. 489 * 490 * @since 2.7.0 491 * 492 * @global wpdb $wpdb WordPress database abstraction object. 493 * 494 * @param array|null $post_data Optional. The array of post data to process. 495 * Defaults to the `$_POST` superglobal. 496 * @return array { 497 * An array of updated, skipped, and locked post IDs. 498 * 499 * @type int[] $updated An array of updated post IDs. 500 * @type int[] $skipped An array of skipped post IDs. 501 * @type int[] $locked An array of locked post IDs. 502 * } 503 */ 504 function bulk_edit_posts( $post_data = null ) { 505 global $wpdb; 506 507 if ( empty( $post_data ) ) { 508 $post_data = &$_POST; 509 } 510 511 if ( isset( $post_data['post_type'] ) ) { 512 $ptype = get_post_type_object( $post_data['post_type'] ); 513 } else { 514 $ptype = get_post_type_object( 'post' ); 515 } 516 517 if ( ! current_user_can( $ptype->cap->edit_posts ) ) { 518 if ( 'page' === $ptype->name ) { 519 wp_die( __( 'Sorry, you are not allowed to edit pages.' ) ); 520 } else { 521 wp_die( __( 'Sorry, you are not allowed to edit posts.' ) ); 522 } 523 } 524 525 if ( '-1' === $post_data['_status'] ) { 526 $post_data['post_status'] = null; 527 unset( $post_data['post_status'] ); 528 } else { 529 $post_data['post_status'] = $post_data['_status']; 530 } 531 unset( $post_data['_status'] ); 532 533 if ( ! empty( $post_data['post_status'] ) ) { 534 $post_data['post_status'] = sanitize_key( $post_data['post_status'] ); 535 536 if ( 'inherit' === $post_data['post_status'] ) { 537 unset( $post_data['post_status'] ); 538 } 539 } 540 541 $post_ids = array_map( 'intval', (array) $post_data['post'] ); 542 543 $reset = array( 544 'post_author', 545 'post_status', 546 'post_password', 547 'post_parent', 548 'page_template', 549 'comment_status', 550 'ping_status', 551 'keep_private', 552 'tax_input', 553 'post_category', 554 'sticky', 555 'post_format', 556 ); 557 558 foreach ( $reset as $field ) { 559 if ( isset( $post_data[ $field ] ) && ( '' === $post_data[ $field ] || '-1' === $post_data[ $field ] ) ) { 560 unset( $post_data[ $field ] ); 561 } 562 } 563 564 if ( isset( $post_data['post_category'] ) ) { 565 if ( is_array( $post_data['post_category'] ) && ! empty( $post_data['post_category'] ) ) { 566 $new_cats = array_map( 'absint', $post_data['post_category'] ); 567 } else { 568 unset( $post_data['post_category'] ); 569 } 570 } 571 572 $tax_input = array(); 573 if ( isset( $post_data['tax_input'] ) ) { 574 foreach ( $post_data['tax_input'] as $tax_name => $terms ) { 575 if ( empty( $terms ) ) { 576 continue; 577 } 578 579 if ( is_taxonomy_hierarchical( $tax_name ) ) { 580 $tax_input[ $tax_name ] = array_map( 'absint', $terms ); 581 } else { 582 $comma = _x( ',', 'tag delimiter' ); 583 if ( ',' !== $comma ) { 584 $terms = str_replace( $comma, ',', $terms ); 585 } 586 $tax_input[ $tax_name ] = explode( ',', trim( $terms, " \n\t\r\0\x0B," ) ); 587 } 588 } 589 } 590 591 if ( isset( $post_data['post_parent'] ) && (int) $post_data['post_parent'] ) { 592 $parent = (int) $post_data['post_parent']; 593 $pages = $wpdb->get_results( "SELECT ID, post_parent FROM $wpdb->posts WHERE post_type = 'page'" ); 594 $children = array(); 595 596 for ( $i = 0; $i < 50 && $parent > 0; $i++ ) { 597 $children[] = $parent; 598 599 foreach ( $pages as $page ) { 600 if ( (int) $page->ID === $parent ) { 601 $parent = (int) $page->post_parent; 602 break; 603 } 604 } 605 } 606 } 607 608 $updated = array(); 609 $skipped = array(); 610 $locked = array(); 611 $shared_post_data = $post_data; 612 613 foreach ( $post_ids as $post_id ) { 614 // Start with fresh post data with each iteration. 615 $post_data = $shared_post_data; 616 617 $post_type_object = get_post_type_object( get_post_type( $post_id ) ); 618 619 if ( ! isset( $post_type_object ) 620 || ( isset( $children ) && in_array( $post_id, $children, true ) ) 621 || ! current_user_can( 'edit_post', $post_id ) 622 ) { 623 $skipped[] = $post_id; 624 continue; 625 } 626 627 if ( wp_check_post_lock( $post_id ) ) { 628 $locked[] = $post_id; 629 continue; 630 } 631 632 $post = get_post( $post_id ); 633 $tax_names = get_object_taxonomies( $post ); 634 635 foreach ( $tax_names as $tax_name ) { 636 $taxonomy_obj = get_taxonomy( $tax_name ); 637 638 if ( ! $taxonomy_obj->show_in_quick_edit ) { 639 continue; 640 } 641 642 if ( isset( $tax_input[ $tax_name ] ) && current_user_can( $taxonomy_obj->cap->assign_terms ) ) { 643 $new_terms = $tax_input[ $tax_name ]; 644 } else { 645 $new_terms = array(); 646 } 647 648 if ( $taxonomy_obj->hierarchical ) { 649 $current_terms = (array) wp_get_object_terms( $post_id, $tax_name, array( 'fields' => 'ids' ) ); 650 } else { 651 $current_terms = (array) wp_get_object_terms( $post_id, $tax_name, array( 'fields' => 'names' ) ); 652 } 653 654 $post_data['tax_input'][ $tax_name ] = array_merge( $current_terms, $new_terms ); 655 } 656 657 if ( isset( $new_cats ) && in_array( 'category', $tax_names, true ) ) { 658 $cats = (array) wp_get_post_categories( $post_id ); 659 660 if ( 661 isset( $post_data['indeterminate_post_category'] ) 662 && is_array( $post_data['indeterminate_post_category'] ) 663 ) { 664 $indeterminate_post_category = $post_data['indeterminate_post_category']; 665 } else { 666 $indeterminate_post_category = array(); 667 } 668 669 $indeterminate_cats = array_intersect( $cats, $indeterminate_post_category ); 670 $determinate_cats = array_diff( $new_cats, $indeterminate_post_category ); 671 $post_data['post_category'] = array_unique( array_merge( $indeterminate_cats, $determinate_cats ) ); 672 673 unset( $post_data['tax_input']['category'] ); 674 } 675 676 $post_data['post_ID'] = $post_id; 677 $post_data['post_type'] = $post->post_type; 678 $post_data['post_mime_type'] = $post->post_mime_type; 679 680 foreach ( array( 'comment_status', 'ping_status', 'post_author' ) as $field ) { 681 if ( ! isset( $post_data[ $field ] ) ) { 682 $post_data[ $field ] = $post->$field; 683 } 684 } 685 686 $post_data = _wp_translate_postdata( true, $post_data ); 687 if ( is_wp_error( $post_data ) ) { 688 $skipped[] = $post_id; 689 continue; 690 } 691 $post_data = _wp_get_allowed_postdata( $post_data ); 692 693 if ( isset( $shared_post_data['post_format'] ) ) { 694 set_post_format( $post_id, $shared_post_data['post_format'] ); 695 } 696 697 // Prevent wp_insert_post() from overwriting post format with the old data. 698 unset( $post_data['tax_input']['post_format'] ); 699 700 // Reset post date of scheduled post to be published. 701 if ( 702 in_array( $post->post_status, array( 'future', 'draft' ), true ) && 703 'publish' === $post_data['post_status'] 704 ) { 705 $post_data['post_date'] = current_time( 'mysql' ); 706 $post_data['post_date_gmt'] = ''; 707 } 708 709 $post_id = wp_update_post( $post_data ); 710 update_post_meta( $post_id, '_edit_last', get_current_user_id() ); 711 $updated[] = $post_id; 712 713 if ( isset( $post_data['sticky'] ) && current_user_can( $ptype->cap->edit_others_posts ) ) { 714 if ( 'sticky' === $post_data['sticky'] ) { 715 stick_post( $post_id ); 716 } else { 717 unstick_post( $post_id ); 718 } 719 } 720 } 721 722 /** 723 * Fires after processing the post data for bulk edit. 724 * 725 * @since 6.3.0 726 * 727 * @param int[] $updated An array of updated post IDs. 728 * @param array $shared_post_data Associative array containing the post data. 729 */ 730 do_action( 'bulk_edit_posts', $updated, $shared_post_data ); 731 732 return array( 733 'updated' => $updated, 734 'skipped' => $skipped, 735 'locked' => $locked, 736 ); 737 } 738 739 /** 740 * Returns default post information to use when populating the "Write Post" form. 741 * 742 * @since 2.0.0 743 * 744 * @param string $post_type Optional. A post type string. Default 'post'. 745 * @param bool $create_in_db Optional. Whether to insert the post into database. Default false. 746 * @return WP_Post Post object containing all the default post data as attributes 747 */ 748 function get_default_post_to_edit( $post_type = 'post', $create_in_db = false ) { 749 $post_title = ''; 750 if ( ! empty( $_REQUEST['post_title'] ) ) { 751 $post_title = esc_html( wp_unslash( $_REQUEST['post_title'] ) ); 752 } 753 754 $post_content = ''; 755 if ( ! empty( $_REQUEST['content'] ) ) { 756 $post_content = esc_html( wp_unslash( $_REQUEST['content'] ) ); 757 } 758 759 $post_excerpt = ''; 760 if ( ! empty( $_REQUEST['excerpt'] ) ) { 761 $post_excerpt = esc_html( wp_unslash( $_REQUEST['excerpt'] ) ); 762 } 763 764 if ( $create_in_db ) { 765 $post_id = wp_insert_post( 766 array( 767 'post_title' => __( 'Auto Draft' ), 768 'post_type' => $post_type, 769 'post_status' => 'auto-draft', 770 ), 771 false, 772 false 773 ); 774 $post = get_post( $post_id ); 775 if ( current_theme_supports( 'post-formats' ) && post_type_supports( $post->post_type, 'post-formats' ) && get_option( 'default_post_format' ) ) { 776 set_post_format( $post, get_option( 'default_post_format' ) ); 777 } 778 wp_after_insert_post( $post, false, null ); 779 780 // Schedule auto-draft cleanup. 781 if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) ) { 782 wp_schedule_event( time(), 'daily', 'wp_scheduled_auto_draft_delete' ); 783 } 784 } else { 785 $post = new stdClass(); 786 $post->ID = 0; 787 $post->post_author = ''; 788 $post->post_date = ''; 789 $post->post_date_gmt = ''; 790 $post->post_password = ''; 791 $post->post_name = ''; 792 $post->post_type = $post_type; 793 $post->post_status = 'draft'; 794 $post->to_ping = ''; 795 $post->pinged = ''; 796 $post->comment_status = get_default_comment_status( $post_type ); 797 $post->ping_status = get_default_comment_status( $post_type, 'pingback' ); 798 $post->post_pingback = get_option( 'default_pingback_flag' ); 799 $post->post_category = get_option( 'default_category' ); 800 $post->page_template = 'default'; 801 $post->post_parent = 0; 802 $post->menu_order = 0; 803 $post = new WP_Post( $post ); 804 } 805 806 /** 807 * Filters the default post content initially used in the "Write Post" form. 808 * 809 * @since 1.5.0 810 * 811 * @param string $post_content Default post content. 812 * @param WP_Post $post Post object. 813 */ 814 $post->post_content = (string) apply_filters( 'default_content', $post_content, $post ); 815 816 /** 817 * Filters the default post title initially used in the "Write Post" form. 818 * 819 * @since 1.5.0 820 * 821 * @param string $post_title Default post title. 822 * @param WP_Post $post Post object. 823 */ 824 $post->post_title = (string) apply_filters( 'default_title', $post_title, $post ); 825 826 /** 827 * Filters the default post excerpt initially used in the "Write Post" form. 828 * 829 * @since 1.5.0 830 * 831 * @param string $post_excerpt Default post excerpt. 832 * @param WP_Post $post Post object. 833 */ 834 $post->post_excerpt = (string) apply_filters( 'default_excerpt', $post_excerpt, $post ); 835 836 return $post; 837 } 838 839 /** 840 * Determines if a post exists based on title, content, date and type. 841 * 842 * @since 2.0.0 843 * @since 5.2.0 Added the `$type` parameter. 844 * @since 5.8.0 Added the `$status` parameter. 845 * 846 * @global wpdb $wpdb WordPress database abstraction object. 847 * 848 * @param string $title Post title. 849 * @param string $content Optional. Post content. 850 * @param string $date Optional. Post date. 851 * @param string $type Optional. Post type. 852 * @param string $status Optional. Post status. 853 * @return int Post ID if post exists, 0 otherwise. 854 */ 855 function post_exists( $title, $content = '', $date = '', $type = '', $status = '' ) { 856 global $wpdb; 857 858 $post_title = wp_unslash( sanitize_post_field( 'post_title', $title, 0, 'db' ) ); 859 $post_content = wp_unslash( sanitize_post_field( 'post_content', $content, 0, 'db' ) ); 860 $post_date = wp_unslash( sanitize_post_field( 'post_date', $date, 0, 'db' ) ); 861 $post_type = wp_unslash( sanitize_post_field( 'post_type', $type, 0, 'db' ) ); 862 $post_status = wp_unslash( sanitize_post_field( 'post_status', $status, 0, 'db' ) ); 863 864 $query = "SELECT ID FROM $wpdb->posts WHERE 1=1"; 865 $args = array(); 866 867 if ( ! empty( $date ) ) { 868 $query .= ' AND post_date = %s'; 869 $args[] = $post_date; 870 } 871 872 if ( ! empty( $title ) ) { 873 $query .= ' AND post_title = %s'; 874 $args[] = $post_title; 875 } 876 877 if ( ! empty( $content ) ) { 878 $query .= ' AND post_content = %s'; 879 $args[] = $post_content; 880 } 881 882 if ( ! empty( $type ) ) { 883 $query .= ' AND post_type = %s'; 884 $args[] = $post_type; 885 } 886 887 if ( ! empty( $status ) ) { 888 $query .= ' AND post_status = %s'; 889 $args[] = $post_status; 890 } 891 892 if ( ! empty( $args ) ) { 893 return (int) $wpdb->get_var( $wpdb->prepare( $query, $args ) ); 894 } 895 896 return 0; 897 } 898 899 /** 900 * Creates a new post from the "Write Post" form using `$_POST` information. 901 * 902 * @since 2.1.0 903 * 904 * @global WP_User $current_user 905 * 906 * @return int|WP_Error Post ID on success, WP_Error on failure. 907 */ 908 function wp_write_post() { 909 if ( isset( $_POST['post_type'] ) ) { 910 $ptype = get_post_type_object( $_POST['post_type'] ); 911 } else { 912 $ptype = get_post_type_object( 'post' ); 913 } 914 915 if ( ! current_user_can( $ptype->cap->edit_posts ) ) { 916 if ( 'page' === $ptype->name ) { 917 return new WP_Error( 'edit_pages', __( 'Sorry, you are not allowed to create pages on this site.' ) ); 918 } else { 919 return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to create posts or drafts on this site.' ) ); 920 } 921 } 922 923 $_POST['post_mime_type'] = ''; 924 925 // Clear out any data in internal vars. 926 unset( $_POST['filter'] ); 927 928 // Edit, don't write, if we have a post ID. 929 if ( isset( $_POST['post_ID'] ) ) { 930 return edit_post(); 931 } 932 933 if ( isset( $_POST['visibility'] ) ) { 934 switch ( $_POST['visibility'] ) { 935 case 'public': 936 $_POST['post_password'] = ''; 937 break; 938 case 'password': 939 unset( $_POST['sticky'] ); 940 break; 941 case 'private': 942 $_POST['post_status'] = 'private'; 943 $_POST['post_password'] = ''; 944 unset( $_POST['sticky'] ); 945 break; 946 } 947 } 948 949 $translated = _wp_translate_postdata( false ); 950 if ( is_wp_error( $translated ) ) { 951 return $translated; 952 } 953 $translated = _wp_get_allowed_postdata( $translated ); 954 955 // Create the post. 956 $post_id = wp_insert_post( $translated ); 957 if ( is_wp_error( $post_id ) ) { 958 return $post_id; 959 } 960 961 if ( empty( $post_id ) ) { 962 return 0; 963 } 964 965 add_meta( $post_id ); 966 967 add_post_meta( $post_id, '_edit_last', $GLOBALS['current_user']->ID ); 968 969 // Now that we have an ID we can fix any attachment anchor hrefs. 970 _fix_attachment_links( $post_id ); 971 972 wp_set_post_lock( $post_id ); 973 974 return $post_id; 975 } 976 977 /** 978 * Calls wp_write_post() and handles the errors. 979 * 980 * @since 2.0.0 981 * 982 * @return int|void Post ID on success, void on failure. 983 */ 984 function write_post() { 985 $result = wp_write_post(); 986 if ( is_wp_error( $result ) ) { 987 wp_die( $result->get_error_message() ); 988 } else { 989 return $result; 990 } 991 } 992 993 // 994 // Post Meta. 995 // 996 997 /** 998 * Adds post meta data defined in the `$_POST` superglobal for a post with given ID. 999 * 1000 * @since 1.2.0 1001 * 1002 * @param int $post_id 1003 * @return int|bool 1004 */ 1005 function add_meta( $post_id ) { 1006 $post_id = (int) $post_id; 1007 1008 $metakeyselect = isset( $_POST['metakeyselect'] ) ? wp_unslash( trim( $_POST['metakeyselect'] ) ) : ''; 1009 $metakeyinput = isset( $_POST['metakeyinput'] ) ? wp_unslash( trim( $_POST['metakeyinput'] ) ) : ''; 1010 $metavalue = isset( $_POST['metavalue'] ) ? $_POST['metavalue'] : ''; 1011 if ( is_string( $metavalue ) ) { 1012 $metavalue = trim( $metavalue ); 1013 } 1014 1015 if ( ( ( '#NONE#' !== $metakeyselect ) && ! empty( $metakeyselect ) ) || ! empty( $metakeyinput ) ) { 1016 /* 1017 * We have a key/value pair. If both the select and the input 1018 * for the key have data, the input takes precedence. 1019 */ 1020 if ( '#NONE#' !== $metakeyselect ) { 1021 $metakey = $metakeyselect; 1022 } 1023 1024 if ( $metakeyinput ) { 1025 $metakey = $metakeyinput; // Default. 1026 } 1027 1028 if ( is_protected_meta( $metakey, 'post' ) || ! current_user_can( 'add_post_meta', $post_id, $metakey ) ) { 1029 return false; 1030 } 1031 1032 $metakey = wp_slash( $metakey ); 1033 1034 return add_post_meta( $post_id, $metakey, $metavalue ); 1035 } 1036 1037 return false; 1038 } 1039 1040 /** 1041 * Deletes post meta data by meta ID. 1042 * 1043 * @since 1.2.0 1044 * 1045 * @param int $mid 1046 * @return bool 1047 */ 1048 function delete_meta( $mid ) { 1049 return delete_metadata_by_mid( 'post', $mid ); 1050 } 1051 1052 /** 1053 * Returns a list of previously defined keys. 1054 * 1055 * @since 1.2.0 1056 * 1057 * @global wpdb $wpdb WordPress database abstraction object. 1058 * 1059 * @return string[] Array of meta key names. 1060 */ 1061 function get_meta_keys() { 1062 global $wpdb; 1063 1064 $keys = $wpdb->get_col( 1065 "SELECT meta_key 1066 FROM $wpdb->postmeta 1067 GROUP BY meta_key 1068 ORDER BY meta_key" 1069 ); 1070 1071 return $keys; 1072 } 1073 1074 /** 1075 * Returns post meta data by meta ID. 1076 * 1077 * @since 2.1.0 1078 * 1079 * @param int $mid 1080 * @return object|bool 1081 */ 1082 function get_post_meta_by_id( $mid ) { 1083 return get_metadata_by_mid( 'post', $mid ); 1084 } 1085 1086 /** 1087 * Returns meta data for the given post ID. 1088 * 1089 * @since 1.2.0 1090 * 1091 * @global wpdb $wpdb WordPress database abstraction object. 1092 * 1093 * @param int $post_id A post ID. 1094 * @return array[] { 1095 * Array of meta data arrays for the given post ID. 1096 * 1097 * @type array ...$0 { 1098 * Associative array of meta data. 1099 * 1100 * @type string $meta_key Meta key. 1101 * @type mixed $meta_value Meta value. 1102 * @type string $meta_id Meta ID as a numeric string. 1103 * @type string $post_id Post ID as a numeric string. 1104 * } 1105 * } 1106 */ 1107 function has_meta( $post_id ) { 1108 global $wpdb; 1109 1110 return $wpdb->get_results( 1111 $wpdb->prepare( 1112 "SELECT meta_key, meta_value, meta_id, post_id 1113 FROM $wpdb->postmeta WHERE post_id = %d 1114 ORDER BY meta_key,meta_id", 1115 $post_id 1116 ), 1117 ARRAY_A 1118 ); 1119 } 1120 1121 /** 1122 * Updates post meta data by meta ID. 1123 * 1124 * @since 1.2.0 1125 * 1126 * @param int $meta_id Meta ID. 1127 * @param string $meta_key Meta key. Expect slashed. 1128 * @param string $meta_value Meta value. Expect slashed. 1129 * @return bool 1130 */ 1131 function update_meta( $meta_id, $meta_key, $meta_value ) { 1132 $meta_key = wp_unslash( $meta_key ); 1133 $meta_value = wp_unslash( $meta_value ); 1134 1135 return update_metadata_by_mid( 'post', $meta_id, $meta_value, $meta_key ); 1136 } 1137 1138 // 1139 // Private. 1140 // 1141 1142 /** 1143 * Replaces hrefs of attachment anchors with up-to-date permalinks. 1144 * 1145 * @since 2.3.0 1146 * @access private 1147 * 1148 * @param int|WP_Post $post Post ID or post object. 1149 * @return void|int|WP_Error Void if nothing fixed. 0 or WP_Error on update failure. The post ID on update success. 1150 */ 1151 function _fix_attachment_links( $post ) { 1152 $post = get_post( $post, ARRAY_A ); 1153 $content = $post['post_content']; 1154 1155 // Don't run if no pretty permalinks or post is not published, scheduled, or privately published. 1156 if ( ! get_option( 'permalink_structure' ) || ! in_array( $post['post_status'], array( 'publish', 'future', 'private' ), true ) ) { 1157 return; 1158 } 1159 1160 // Short if there aren't any links or no '?attachment_id=' strings (strpos cannot be zero). 1161 if ( ! strpos( $content, '?attachment_id=' ) || ! preg_match_all( '/<a ([^>]+)>[\s\S]+?<\/a>/', $content, $link_matches ) ) { 1162 return; 1163 } 1164 1165 $site_url = get_bloginfo( 'url' ); 1166 $site_url = substr( $site_url, (int) strpos( $site_url, '://' ) ); // Remove the http(s). 1167 $replace = ''; 1168 1169 foreach ( $link_matches[1] as $key => $value ) { 1170 if ( ! strpos( $value, '?attachment_id=' ) || ! strpos( $value, 'wp-att-' ) 1171 || ! preg_match( '/href=(["\'])[^"\']*\?attachment_id=(\d+)[^"\']*\\1/', $value, $url_match ) 1172 || ! preg_match( '/rel=["\'][^"\']*wp-att-(\d+)/', $value, $rel_match ) ) { 1173 continue; 1174 } 1175 1176 $quote = $url_match[1]; // The quote (single or double). 1177 $url_id = (int) $url_match[2]; 1178 $rel_id = (int) $rel_match[1]; 1179 1180 if ( ! $url_id || ! $rel_id || $url_id !== $rel_id || ! str_contains( $url_match[0], $site_url ) ) { 1181 continue; 1182 } 1183 1184 $link = $link_matches[0][ $key ]; 1185 $replace = str_replace( $url_match[0], 'href=' . $quote . get_attachment_link( $url_id ) . $quote, $link ); 1186 1187 $content = str_replace( $link, $replace, $content ); 1188 } 1189 1190 if ( $replace ) { 1191 $post['post_content'] = $content; 1192 // Escape data pulled from DB. 1193 $post = add_magic_quotes( $post ); 1194 1195 return wp_update_post( $post ); 1196 } 1197 } 1198 1199 /** 1200 * Returns all the possible statuses for a post type. 1201 * 1202 * @since 2.5.0 1203 * 1204 * @param string $type The post_type you want the statuses for. Default 'post'. 1205 * @return string[] An array of all the statuses for the supplied post type. 1206 */ 1207 function get_available_post_statuses( $type = 'post' ) { 1208 $statuses = wp_count_posts( $type ); 1209 1210 return array_keys( get_object_vars( $statuses ) ); 1211 } 1212 1213 /** 1214 * Runs the query to fetch the posts for listing on the edit posts page. 1215 * 1216 * @since 2.5.0 1217 * 1218 * @param array|false $q Optional. Array of query variables to use to build the query. 1219 * Defaults to the `$_GET` superglobal. 1220 * @return string[] An array of all the statuses for the queried post type. 1221 */ 1222 function wp_edit_posts_query( $q = false ) { 1223 if ( false === $q ) { 1224 $q = $_GET; 1225 } 1226 1227 $q['m'] = isset( $q['m'] ) ? (int) $q['m'] : 0; 1228 $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0; 1229 1230 $post_statuses = get_post_stati(); 1231 1232 if ( isset( $q['post_type'] ) && in_array( $q['post_type'], get_post_types(), true ) ) { 1233 $post_type = $q['post_type']; 1234 } else { 1235 $post_type = 'post'; 1236 } 1237 1238 $avail_post_stati = get_available_post_statuses( $post_type ); 1239 $post_status = ''; 1240 $perm = ''; 1241 1242 if ( isset( $q['post_status'] ) && in_array( $q['post_status'], $post_statuses, true ) ) { 1243 $post_status = $q['post_status']; 1244 $perm = 'readable'; 1245 } 1246 1247 $orderby = ''; 1248 1249 if ( isset( $q['orderby'] ) ) { 1250 $orderby = $q['orderby']; 1251 } elseif ( isset( $q['post_status'] ) && in_array( $q['post_status'], array( 'pending', 'draft' ), true ) ) { 1252 $orderby = 'modified'; 1253 } 1254 1255 $order = ''; 1256 1257 if ( isset( $q['order'] ) ) { 1258 $order = $q['order']; 1259 } elseif ( isset( $q['post_status'] ) && 'pending' === $q['post_status'] ) { 1260 $order = 'ASC'; 1261 } 1262 1263 $per_page = "edit_{$post_type}_per_page"; 1264 $posts_per_page = (int) get_user_option( $per_page ); 1265 if ( empty( $posts_per_page ) || $posts_per_page < 1 ) { 1266 $posts_per_page = 20; 1267 } 1268 1269 /** 1270 * Filters the number of items per page to show for a specific 'per_page' type. 1271 * 1272 * The dynamic portion of the hook name, `$post_type`, refers to the post type. 1273 * 1274 * Possible hook names include: 1275 * 1276 * - `edit_post_per_page` 1277 * - `edit_page_per_page` 1278 * - `edit_attachment_per_page` 1279 * 1280 * @since 3.0.0 1281 * 1282 * @param int $posts_per_page Number of posts to display per page for the given post 1283 * type. Default 20. 1284 */ 1285 $posts_per_page = apply_filters( "edit_{$post_type}_per_page", $posts_per_page ); 1286 1287 /** 1288 * Filters the number of posts displayed per page when specifically listing "posts". 1289 * 1290 * @since 2.8.0 1291 * 1292 * @param int $posts_per_page Number of posts to be displayed. Default 20. 1293 * @param string $post_type The post type. 1294 */ 1295 $posts_per_page = apply_filters( 'edit_posts_per_page', $posts_per_page, $post_type ); 1296 1297 $query = compact( 'post_type', 'post_status', 'perm', 'order', 'orderby', 'posts_per_page' ); 1298 1299 // Hierarchical types require special args. 1300 if ( is_post_type_hierarchical( $post_type ) && empty( $orderby ) ) { 1301 $query['orderby'] = 'menu_order title'; 1302 $query['order'] = 'asc'; 1303 $query['posts_per_page'] = -1; 1304 $query['posts_per_archive_page'] = -1; 1305 $query['fields'] = 'id=>parent'; 1306 } 1307 1308 if ( ! empty( $q['show_sticky'] ) ) { 1309 $query['post__in'] = (array) get_option( 'sticky_posts' ); 1310 } 1311 1312 wp( $query ); 1313 1314 return $avail_post_stati; 1315 } 1316 1317 /** 1318 * Returns the query variables for the current attachments request. 1319 * 1320 * @since 4.2.0 1321 * 1322 * @param array|false $q Optional. Array of query variables to use to build the query. 1323 * Defaults to the `$_GET` superglobal. 1324 * @return array The parsed query vars. 1325 */ 1326 function wp_edit_attachments_query_vars( $q = false ) { 1327 if ( false === $q ) { 1328 $q = $_GET; 1329 } 1330 $q['m'] = isset( $q['m'] ) ? (int) $q['m'] : 0; 1331 $q['cat'] = isset( $q['cat'] ) ? (int) $q['cat'] : 0; 1332 $q['post_type'] = 'attachment'; 1333 $post_type = get_post_type_object( 'attachment' ); 1334 $states = 'inherit'; 1335 if ( current_user_can( $post_type->cap->read_private_posts ) ) { 1336 $states .= ',private'; 1337 } 1338 1339 $q['post_status'] = isset( $q['status'] ) && 'trash' === $q['status'] ? 'trash' : $states; 1340 $q['post_status'] = isset( $q['attachment-filter'] ) && 'trash' === $q['attachment-filter'] ? 'trash' : $states; 1341 1342 $media_per_page = (int) get_user_option( 'upload_per_page' ); 1343 if ( empty( $media_per_page ) || $media_per_page < 1 ) { 1344 $media_per_page = 20; 1345 } 1346 1347 /** 1348 * Filters the number of items to list per page when listing media items. 1349 * 1350 * @since 2.9.0 1351 * 1352 * @param int $media_per_page Number of media to list. Default 20. 1353 */ 1354 $q['posts_per_page'] = apply_filters( 'upload_per_page', $media_per_page ); 1355 1356 $post_mime_types = get_post_mime_types(); 1357 if ( isset( $q['post_mime_type'] ) && ! array_intersect( (array) $q['post_mime_type'], array_keys( $post_mime_types ) ) ) { 1358 unset( $q['post_mime_type'] ); 1359 } 1360 1361 foreach ( array_keys( $post_mime_types ) as $type ) { 1362 if ( isset( $q['attachment-filter'] ) && "post_mime_type:$type" === $q['attachment-filter'] ) { 1363 $q['post_mime_type'] = $type; 1364 break; 1365 } 1366 } 1367 1368 if ( isset( $q['detached'] ) || ( isset( $q['attachment-filter'] ) && 'detached' === $q['attachment-filter'] ) ) { 1369 $q['post_parent'] = 0; 1370 } 1371 1372 if ( isset( $q['mine'] ) || ( isset( $q['attachment-filter'] ) && 'mine' === $q['attachment-filter'] ) ) { 1373 $q['author'] = get_current_user_id(); 1374 } 1375 1376 // Filter query clauses to include filenames. 1377 if ( isset( $q['s'] ) ) { 1378 add_filter( 'wp_allow_query_attachment_by_filename', '__return_true' ); 1379 } 1380 1381 return $q; 1382 } 1383 1384 /** 1385 * Executes a query for attachments. An array of WP_Query arguments 1386 * can be passed in, which will override the arguments set by this function. 1387 * 1388 * @since 2.5.0 1389 * 1390 * @param array|false $q Optional. Array of query variables to use to build the query. 1391 * Defaults to the `$_GET` superglobal. 1392 * @return array { 1393 * Array containing the post mime types and available post mime types. 1394 * 1395 * @type array[] $post_mime_types Post mime types. 1396 * @type string[] $avail_post_mime_types Available post mime types. 1397 * } 1398 */ 1399 function wp_edit_attachments_query( $q = false ) { 1400 wp( wp_edit_attachments_query_vars( $q ) ); 1401 1402 $post_mime_types = get_post_mime_types(); 1403 $avail_post_mime_types = get_available_post_mime_types( 'attachment' ); 1404 1405 return array( $post_mime_types, $avail_post_mime_types ); 1406 } 1407 1408 /** 1409 * Returns the list of classes to be used by a meta box. 1410 * 1411 * @since 2.5.0 1412 * 1413 * @param string $box_id Meta box ID (used in the 'id' attribute for the meta box). 1414 * @param string $screen_id The screen on which the meta box is shown. 1415 * @return string Space-separated string of class names. 1416 */ 1417 function postbox_classes( $box_id, $screen_id ) { 1418 if ( isset( $_GET['edit'] ) && $_GET['edit'] === $box_id ) { 1419 $classes = array( '' ); 1420 } elseif ( get_user_option( 'closedpostboxes_' . $screen_id ) ) { 1421 $closed = get_user_option( 'closedpostboxes_' . $screen_id ); 1422 if ( ! is_array( $closed ) ) { 1423 $classes = array( '' ); 1424 } else { 1425 $classes = in_array( $box_id, $closed, true ) ? array( 'closed' ) : array( '' ); 1426 } 1427 } else { 1428 $classes = array( '' ); 1429 } 1430 1431 /** 1432 * Filters the postbox classes for a specific screen and box ID combo. 1433 * 1434 * The dynamic portions of the hook name, `$screen_id` and `$box_id`, refer to 1435 * the screen ID and meta box ID, respectively. 1436 * 1437 * @since 3.2.0 1438 * 1439 * @param string[] $classes An array of postbox classes. 1440 */ 1441 $classes = apply_filters( "postbox_classes_{$screen_id}_{$box_id}", $classes ); 1442 1443 return implode( ' ', $classes ); 1444 } 1445 1446 /** 1447 * Returns a sample permalink based on the post name. 1448 * 1449 * @since 2.5.0 1450 * 1451 * @param int|WP_Post $post Post ID or post object. 1452 * @param string|null $title Optional. Title to override the post's current title 1453 * when generating the post name. Default null. 1454 * @param string|null $name Optional. Name to override the post name. Default null. 1455 * @return array { 1456 * Array containing the sample permalink with placeholder for the post name, and the post name. 1457 * 1458 * @type string $0 The permalink with placeholder for the post name. 1459 * @type string $1 The post name. 1460 * } 1461 */ 1462 function get_sample_permalink( $post, $title = null, $name = null ) { 1463 $post = get_post( $post ); 1464 1465 if ( ! $post ) { 1466 return array( '', '' ); 1467 } 1468 1469 $ptype = get_post_type_object( $post->post_type ); 1470 1471 $original_status = $post->post_status; 1472 $original_date = $post->post_date; 1473 $original_name = $post->post_name; 1474 $original_filter = $post->filter; 1475 1476 // Hack: get_permalink() would return plain permalink for drafts, so we will fake that our post is published. 1477 if ( in_array( $post->post_status, array( 'auto-draft', 'draft', 'pending', 'future' ), true ) ) { 1478 $post->post_status = 'publish'; 1479 $post->post_name = sanitize_title( $post->post_name ? $post->post_name : $post->post_title, $post->ID ); 1480 } 1481 1482 /* 1483 * If the user wants to set a new name -- override the current one. 1484 * Note: if empty name is supplied -- use the title instead, see #6072. 1485 */ 1486 if ( ! is_null( $name ) ) { 1487 $post->post_name = sanitize_title( $name ? $name : $title, $post->ID ); 1488 } 1489 1490 $post->post_name = wp_unique_post_slug( $post->post_name, $post->ID, $post->post_status, $post->post_type, $post->post_parent ); 1491 1492 $post->filter = 'sample'; 1493 1494 $permalink = get_permalink( $post, true ); 1495 1496 // Replace custom post_type token with generic pagename token for ease of use. 1497 $permalink = str_replace( "%$post->post_type%", '%pagename%', $permalink ); 1498 1499 // Handle page hierarchy. 1500 if ( $ptype->hierarchical ) { 1501 $uri = get_page_uri( $post ); 1502 if ( $uri ) { 1503 $uri = untrailingslashit( $uri ); 1504 $uri = strrev( stristr( strrev( $uri ), '/' ) ); 1505 $uri = untrailingslashit( $uri ); 1506 } 1507 1508 /** This filter is documented in wp-admin/edit-tag-form.php */ 1509 $uri = apply_filters( 'editable_slug', $uri, $post ); 1510 if ( ! empty( $uri ) ) { 1511 $uri .= '/'; 1512 } 1513 $permalink = str_replace( '%pagename%', "{$uri}%pagename%", $permalink ); 1514 } 1515 1516 /** This filter is documented in wp-admin/edit-tag-form.php */ 1517 $permalink = array( $permalink, apply_filters( 'editable_slug', $post->post_name, $post ) ); 1518 $post->post_status = $original_status; 1519 $post->post_date = $original_date; 1520 $post->post_name = $original_name; 1521 $post->filter = $original_filter; 1522 1523 /** 1524 * Filters the sample permalink. 1525 * 1526 * @since 4.4.0 1527 * 1528 * @param array $permalink { 1529 * Array containing the sample permalink with placeholder for the post name, and the post name. 1530 * 1531 * @type string $0 The permalink with placeholder for the post name. 1532 * @type string $1 The post name. 1533 * } 1534 * @param int $post_id Post ID. 1535 * @param string $title Post title. 1536 * @param string $name Post name (slug). 1537 * @param WP_Post $post Post object. 1538 */ 1539 return apply_filters( 'get_sample_permalink', $permalink, $post->ID, $title, $name, $post ); 1540 } 1541 1542 /** 1543 * Returns the HTML of the sample permalink slug editor. 1544 * 1545 * @since 2.5.0 1546 * 1547 * @param int|WP_Post $post Post ID or post object. 1548 * @param string|null $new_title Optional. New title. Default null. 1549 * @param string|null $new_slug Optional. New slug. Default null. 1550 * @return string The HTML of the sample permalink slug editor. 1551 */ 1552 function get_sample_permalink_html( $post, $new_title = null, $new_slug = null ) { 1553 $post = get_post( $post ); 1554 1555 if ( ! $post ) { 1556 return ''; 1557 } 1558 1559 list($permalink, $post_name) = get_sample_permalink( $post->ID, $new_title, $new_slug ); 1560 1561 $view_link = false; 1562 $preview_target = ''; 1563 1564 if ( current_user_can( 'read_post', $post->ID ) ) { 1565 if ( 'draft' === $post->post_status || empty( $post->post_name ) ) { 1566 $view_link = get_preview_post_link( $post ); 1567 $preview_target = " target='wp-preview-{$post->ID}'"; 1568 } else { 1569 if ( 'publish' === $post->post_status || 'attachment' === $post->post_type ) { 1570 $view_link = get_permalink( $post ); 1571 } else { 1572 // Allow non-published (private, future) to be viewed at a pretty permalink, in case $post->post_name is set. 1573 $view_link = str_replace( array( '%pagename%', '%postname%' ), $post->post_name, $permalink ); 1574 } 1575 } 1576 } 1577 1578 // Permalinks without a post/page name placeholder don't have anything to edit. 1579 if ( ! str_contains( $permalink, '%postname%' ) && ! str_contains( $permalink, '%pagename%' ) ) { 1580 $return = '<strong>' . __( 'Permalink:' ) . "</strong>\n"; 1581 1582 if ( false !== $view_link ) { 1583 $display_link = urldecode( $view_link ); 1584 $return .= '<a id="sample-permalink" href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . esc_html( $display_link ) . "</a>\n"; 1585 } else { 1586 $return .= '<span id="sample-permalink">' . $permalink . "</span>\n"; 1587 } 1588 1589 // Encourage a pretty permalink setting. 1590 if ( ! get_option( 'permalink_structure' ) && current_user_can( 'manage_options' ) 1591 && ! ( 'page' === get_option( 'show_on_front' ) && (int) get_option( 'page_on_front' ) === $post->ID ) 1592 ) { 1593 $return .= '<span id="change-permalinks"><a href="options-permalink.php" class="button button-small">' . __( 'Change Permalink Structure' ) . "</a></span>\n"; 1594 } 1595 } else { 1596 if ( mb_strlen( $post_name ) > 34 ) { 1597 $post_name_abridged = mb_substr( $post_name, 0, 16 ) . '…' . mb_substr( $post_name, -16 ); 1598 } else { 1599 $post_name_abridged = $post_name; 1600 } 1601 1602 $post_name_html = '<span id="editable-post-name">' . esc_html( $post_name_abridged ) . '</span>'; 1603 $display_link = str_replace( array( '%pagename%', '%postname%' ), $post_name_html, esc_html( urldecode( $permalink ) ) ); 1604 1605 $return = '<strong>' . __( 'Permalink:' ) . "</strong>\n"; 1606 $return .= '<span id="sample-permalink"><a href="' . esc_url( $view_link ) . '"' . $preview_target . '>' . $display_link . "</a></span>\n"; 1607 $return .= '‎'; // Fix bi-directional text display defect in RTL languages. 1608 $return .= '<span id="edit-slug-buttons"><button type="button" class="edit-slug button button-small hide-if-no-js" aria-label="' . __( 'Edit permalink' ) . '">' . __( 'Edit' ) . "</button></span>\n"; 1609 $return .= '<span id="editable-post-name-full">' . esc_html( $post_name ) . "</span>\n"; 1610 } 1611 1612 /** 1613 * Filters the sample permalink HTML markup. 1614 * 1615 * @since 2.9.0 1616 * @since 4.4.0 Added `$post` parameter. 1617 * 1618 * @param string $return Sample permalink HTML markup. 1619 * @param int $post_id Post ID. 1620 * @param string|null $new_title New sample permalink title. 1621 * @param string|null $new_slug New sample permalink slug. 1622 * @param WP_Post $post Post object. 1623 */ 1624 $return = apply_filters( 'get_sample_permalink_html', $return, $post->ID, $new_title, $new_slug, $post ); 1625 1626 return $return; 1627 } 1628 1629 /** 1630 * Returns HTML for the post thumbnail meta box. 1631 * 1632 * @since 2.9.0 1633 * 1634 * @param int|null $thumbnail_id Optional. Thumbnail attachment ID. Default null. 1635 * @param int|WP_Post|null $post Optional. The post ID or object associated 1636 * with the thumbnail. Defaults to global $post. 1637 * @return string The post thumbnail HTML. 1638 */ 1639 function _wp_post_thumbnail_html( $thumbnail_id = null, $post = null ) { 1640 $_wp_additional_image_sizes = wp_get_additional_image_sizes(); 1641 1642 $post = get_post( $post ); 1643 $post_type_object = get_post_type_object( $post->post_type ); 1644 $set_thumbnail_link = '<p class="hide-if-no-js"><a href="%s" id="set-post-thumbnail"%s class="thickbox">%s</a></p>'; 1645 $upload_iframe_src = get_upload_iframe_src( 'image', $post->ID ); 1646 1647 $content = sprintf( 1648 $set_thumbnail_link, 1649 esc_url( $upload_iframe_src ), 1650 '', // Empty when there's no featured image set, `aria-describedby` attribute otherwise. 1651 esc_html( $post_type_object->labels->set_featured_image ) 1652 ); 1653 1654 if ( $thumbnail_id && get_post( $thumbnail_id ) ) { 1655 $size = isset( $_wp_additional_image_sizes['post-thumbnail'] ) ? 'post-thumbnail' : array( 266, 266 ); 1656 1657 /** 1658 * Filters the size used to display the post thumbnail image in the 'Featured image' meta box. 1659 * 1660 * Note: When a theme adds 'post-thumbnail' support, a special 'post-thumbnail' 1661 * image size is registered, which differs from the 'thumbnail' image size 1662 * managed via the Settings > Media screen. 1663 * 1664 * @since 4.4.0 1665 * 1666 * @param string|int[] $size Requested image size. Can be any registered image size name, or 1667 * an array of width and height values in pixels (in that order). 1668 * @param int $thumbnail_id Post thumbnail attachment ID. 1669 * @param WP_Post $post The post object associated with the thumbnail. 1670 */ 1671 $size = apply_filters( 'admin_post_thumbnail_size', $size, $thumbnail_id, $post ); 1672 1673 $thumbnail_html = wp_get_attachment_image( $thumbnail_id, $size ); 1674 1675 if ( ! empty( $thumbnail_html ) ) { 1676 $content = sprintf( 1677 $set_thumbnail_link, 1678 esc_url( $upload_iframe_src ), 1679 ' aria-describedby="set-post-thumbnail-desc"', 1680 $thumbnail_html 1681 ); 1682 $content .= '<p class="hide-if-no-js howto" id="set-post-thumbnail-desc">' . __( 'Click the image to edit or update' ) . '</p>'; 1683 $content .= '<p class="hide-if-no-js"><a href="#" id="remove-post-thumbnail">' . esc_html( $post_type_object->labels->remove_featured_image ) . '</a></p>'; 1684 } 1685 } 1686 1687 $content .= '<input type="hidden" id="_thumbnail_id" name="_thumbnail_id" value="' . esc_attr( $thumbnail_id ? $thumbnail_id : '-1' ) . '" />'; 1688 1689 /** 1690 * Filters the admin post thumbnail HTML markup to return. 1691 * 1692 * @since 2.9.0 1693 * @since 3.5.0 Added the `$post_id` parameter. 1694 * @since 4.6.0 Added the `$thumbnail_id` parameter. 1695 * 1696 * @param string $content Admin post thumbnail HTML markup. 1697 * @param int $post_id Post ID. 1698 * @param int|null $thumbnail_id Thumbnail attachment ID, or null if there isn't one. 1699 */ 1700 return apply_filters( 'admin_post_thumbnail_html', $content, $post->ID, $thumbnail_id ); 1701 } 1702 1703 /** 1704 * Determines whether the post is currently being edited by another user. 1705 * 1706 * @since 2.5.0 1707 * 1708 * @param int|WP_Post $post ID or object of the post to check for editing. 1709 * @return int|false ID of the user with lock. False if the post does not exist, post is not locked, 1710 * the user with lock does not exist, or the post is locked by current user. 1711 */ 1712 function wp_check_post_lock( $post ) { 1713 $post = get_post( $post ); 1714 1715 if ( ! $post ) { 1716 return false; 1717 } 1718 1719 $lock = get_post_meta( $post->ID, '_edit_lock', true ); 1720 1721 if ( ! $lock ) { 1722 return false; 1723 } 1724 1725 $lock = explode( ':', $lock ); 1726 $time = $lock[0]; 1727 $user = isset( $lock[1] ) ? (int) $lock[1] : (int) get_post_meta( $post->ID, '_edit_last', true ); 1728 1729 if ( ! get_userdata( $user ) ) { 1730 return false; 1731 } 1732 1733 /** This filter is documented in wp-admin/includes/ajax-actions.php */ 1734 $time_window = apply_filters( 'wp_check_post_lock_window', 150 ); 1735 1736 if ( $time && $time > time() - $time_window && get_current_user_id() !== $user ) { 1737 return $user; 1738 } 1739 1740 return false; 1741 } 1742 1743 /** 1744 * Marks the post as currently being edited by the current user. 1745 * 1746 * @since 2.5.0 1747 * 1748 * @param int|WP_Post $post ID or object of the post being edited. 1749 * @return array|false { 1750 * Array of the lock time and user ID. False if the post does not exist, or there 1751 * is no current user. 1752 * 1753 * @type int $0 The current time as a Unix timestamp. 1754 * @type int $1 The ID of the current user. 1755 * } 1756 */ 1757 function wp_set_post_lock( $post ) { 1758 $post = get_post( $post ); 1759 1760 if ( ! $post ) { 1761 return false; 1762 } 1763 1764 $user_id = get_current_user_id(); 1765 1766 if ( 0 === $user_id ) { 1767 return false; 1768 } 1769 1770 $now = time(); 1771 $lock = "$now:$user_id"; 1772 1773 update_post_meta( $post->ID, '_edit_lock', $lock ); 1774 1775 return array( $now, $user_id ); 1776 } 1777 1778 /** 1779 * Outputs the HTML for the notice to say that someone else is editing or has taken over editing of this post. 1780 * 1781 * @since 2.8.5 1782 */ 1783 function _admin_notice_post_locked() { 1784 $post = get_post(); 1785 1786 if ( ! $post ) { 1787 return; 1788 } 1789 1790 $user = null; 1791 $user_id = wp_check_post_lock( $post->ID ); 1792 1793 if ( $user_id ) { 1794 $user = get_userdata( $user_id ); 1795 } 1796 1797 if ( $user ) { 1798 /** 1799 * Filters whether to show the post locked dialog. 1800 * 1801 * Returning false from the filter will prevent the dialog from being displayed. 1802 * 1803 * @since 3.6.0 1804 * 1805 * @param bool $display Whether to display the dialog. Default true. 1806 * @param WP_Post $post Post object. 1807 * @param WP_User $user The user with the lock for the post. 1808 */ 1809 if ( ! apply_filters( 'show_post_locked_dialog', true, $post, $user ) ) { 1810 return; 1811 } 1812 1813 $locked = true; 1814 } else { 1815 $locked = false; 1816 } 1817 1818 $sendback = wp_get_referer(); 1819 $sendback_text = __( 'Go back' ); 1820 1821 if ( ! $locked || ! $sendback || str_contains( $sendback, 'post.php' ) || str_contains( $sendback, 'post-new.php' ) ) { 1822 $sendback = admin_url( 'edit.php' ); 1823 1824 if ( 'post' !== $post->post_type ) { 1825 $sendback = add_query_arg( 'post_type', $post->post_type, $sendback ); 1826 } 1827 1828 $post_type_object = get_post_type_object( $post->post_type ); 1829 1830 if ( $post_type_object ) { 1831 $sendback_text = $post_type_object->labels->all_items; 1832 } 1833 } 1834 1835 $hidden = $locked ? '' : ' hidden'; 1836 1837 ?> 1838 <div id="post-lock-dialog" class="notification-dialog-wrap<?php echo $hidden; ?>"> 1839 <div class="notification-dialog-background"></div> 1840 <div class="notification-dialog"> 1841 <?php 1842 1843 if ( $locked ) { 1844 $query_args = array(); 1845 if ( get_post_type_object( $post->post_type )->public ) { 1846 if ( 'publish' === $post->post_status || $user->ID !== (int) $post->post_author ) { 1847 // Latest content is in autosave. 1848 $nonce = wp_create_nonce( 'post_preview_' . $post->ID ); 1849 $query_args['preview_id'] = $post->ID; 1850 $query_args['preview_nonce'] = $nonce; 1851 } 1852 } 1853 1854 $preview_link = get_preview_post_link( $post->ID, $query_args ); 1855 1856 /** 1857 * Filters whether to allow the post lock to be overridden. 1858 * 1859 * Returning false from the filter will disable the ability 1860 * to override the post lock. 1861 * 1862 * @since 3.6.0 1863 * 1864 * @param bool $override Whether to allow the post lock to be overridden. Default true. 1865 * @param WP_Post $post Post object. 1866 * @param WP_User $user The user with the lock for the post. 1867 */ 1868 $override = apply_filters( 'override_post_lock', true, $post, $user ); 1869 $tab_last = $override ? '' : ' wp-tab-last'; 1870 1871 ?> 1872 <div class="post-locked-message"> 1873 <div class="post-locked-avatar"><?php echo get_avatar( $user->ID, 64 ); ?></div> 1874 <p class="currently-editing wp-tab-first" tabindex="0"> 1875 <?php 1876 if ( $override ) { 1877 /* translators: %s: User's display name. */ 1878 printf( __( '%s is currently editing this post. Do you want to take over?' ), esc_html( $user->display_name ) ); 1879 } else { 1880 /* translators: %s: User's display name. */ 1881 printf( __( '%s is currently editing this post.' ), esc_html( $user->display_name ) ); 1882 } 1883 ?> 1884 </p> 1885 <?php 1886 /** 1887 * Fires inside the post locked dialog before the buttons are displayed. 1888 * 1889 * @since 3.6.0 1890 * @since 5.4.0 The $user parameter was added. 1891 * 1892 * @param WP_Post $post Post object. 1893 * @param WP_User $user The user with the lock for the post. 1894 */ 1895 do_action( 'post_locked_dialog', $post, $user ); 1896 ?> 1897 <p> 1898 <a class="button" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a> 1899 <?php if ( $preview_link ) { ?> 1900 <a class="button<?php echo $tab_last; ?>" href="<?php echo esc_url( $preview_link ); ?>"><?php _e( 'Preview' ); ?></a> 1901 <?php 1902 } 1903 1904 // Allow plugins to prevent some users overriding the post lock. 1905 if ( $override ) { 1906 ?> 1907 <a class="button button-primary wp-tab-last" href="<?php echo esc_url( add_query_arg( 'get-post-lock', '1', wp_nonce_url( get_edit_post_link( $post->ID, 'url' ), 'lock-post_' . $post->ID ) ) ); ?>"><?php _e( 'Take over' ); ?></a> 1908 <?php 1909 } 1910 1911 ?> 1912 </p> 1913 </div> 1914 <?php 1915 } else { 1916 ?> 1917 <div class="post-taken-over"> 1918 <div class="post-locked-avatar"></div> 1919 <p class="wp-tab-first" tabindex="0"> 1920 <span class="currently-editing"></span><br /> 1921 <span class="locked-saving hidden"><img src="<?php echo esc_url( admin_url( 'images/spinner-2x.gif' ) ); ?>" width="16" height="16" alt="" /> <?php _e( 'Saving revision…' ); ?></span> 1922 <span class="locked-saved hidden"><?php _e( 'Your latest changes were saved as a revision.' ); ?></span> 1923 </p> 1924 <?php 1925 /** 1926 * Fires inside the dialog displayed when a user has lost the post lock. 1927 * 1928 * @since 3.6.0 1929 * 1930 * @param WP_Post $post Post object. 1931 */ 1932 do_action( 'post_lock_lost_dialog', $post ); 1933 ?> 1934 <p><a class="button button-primary wp-tab-last" href="<?php echo esc_url( $sendback ); ?>"><?php echo $sendback_text; ?></a></p> 1935 </div> 1936 <?php 1937 } 1938 1939 ?> 1940 </div> 1941 </div> 1942 <?php 1943 } 1944 1945 /** 1946 * Creates autosave data for the specified post from `$_POST` data. 1947 * 1948 * @since 2.6.0 1949 * 1950 * @param array|int $post_data Associative array containing the post data, or integer post ID. 1951 * If a numeric post ID is provided, will use the `$_POST` superglobal. 1952 * @return int|WP_Error The autosave revision ID. WP_Error or 0 on error. 1953 */ 1954 function wp_create_post_autosave( $post_data ) { 1955 if ( is_numeric( $post_data ) ) { 1956 $post_id = $post_data; 1957 $post_data = $_POST; 1958 } else { 1959 $post_id = (int) $post_data['post_ID']; 1960 } 1961 1962 $post_data = _wp_translate_postdata( true, $post_data ); 1963 if ( is_wp_error( $post_data ) ) { 1964 return $post_data; 1965 } 1966 $post_data = _wp_get_allowed_postdata( $post_data ); 1967 1968 $post_author = get_current_user_id(); 1969 1970 // Store one autosave per author. If there is already an autosave, overwrite it. 1971 $old_autosave = wp_get_post_autosave( $post_id, $post_author ); 1972 if ( $old_autosave ) { 1973 $new_autosave = _wp_post_revision_data( $post_data, true ); 1974 $new_autosave['ID'] = $old_autosave->ID; 1975 $new_autosave['post_author'] = $post_author; 1976 1977 $post = get_post( $post_id ); 1978 1979 // If the new autosave has the same content as the post, delete the autosave. 1980 $autosave_is_different = false; 1981 foreach ( array_intersect( array_keys( $new_autosave ), array_keys( _wp_post_revision_fields( $post ) ) ) as $field ) { 1982 if ( normalize_whitespace( $new_autosave[ $field ] ) !== normalize_whitespace( $post->$field ) ) { 1983 $autosave_is_different = true; 1984 break; 1985 } 1986 } 1987 1988 if ( ! $autosave_is_different ) { 1989 wp_delete_post_revision( $old_autosave->ID ); 1990 return 0; 1991 } 1992 1993 /** 1994 * Fires before an autosave is stored. 1995 * 1996 * @since 4.1.0 1997 * @since 6.4.0 The `$is_update` parameter was added to indicate if the autosave is being updated or was newly created. 1998 * 1999 * @param array $new_autosave Post array - the autosave that is about to be saved. 2000 * @param bool $is_update Whether this is an existing autosave. 2001 */ 2002 do_action( 'wp_creating_autosave', $new_autosave, true ); 2003 return wp_update_post( $new_autosave ); 2004 } 2005 2006 // _wp_put_post_revision() expects unescaped. 2007 $post_data = wp_unslash( $post_data ); 2008 2009 // Otherwise create the new autosave as a special post revision. 2010 $revision = _wp_put_post_revision( $post_data, true ); 2011 2012 if ( ! is_wp_error( $revision ) && 0 !== $revision ) { 2013 2014 /** This action is documented in wp-admin/includes/post.php */ 2015 do_action( 'wp_creating_autosave', get_post( $revision, ARRAY_A ), false ); 2016 } 2017 2018 return $revision; 2019 } 2020 2021 /** 2022 * Autosaves the revisioned meta fields. 2023 * 2024 * Iterates through the revisioned meta fields and checks each to see if they are set, 2025 * and have a changed value. If so, the meta value is saved and attached to the autosave. 2026 * 2027 * @since 6.4.0 2028 * 2029 * @param array $new_autosave The new post data being autosaved. 2030 */ 2031 function wp_autosave_post_revisioned_meta_fields( $new_autosave ) { 2032 /* 2033 * The post data arrives as either $_POST['data']['wp_autosave'] or the $_POST 2034 * itself. This sets $posted_data to the correct variable. 2035 * 2036 * Ignoring sanitization to avoid altering meta. Ignoring the nonce check because 2037 * this is hooked on inner core hooks where a valid nonce was already checked. 2038 */ 2039 $posted_data = isset( $_POST['data']['wp_autosave'] ) ? $_POST['data']['wp_autosave'] : $_POST; 2040 2041 $post_type = get_post_type( $new_autosave['post_parent'] ); 2042 2043 /* 2044 * Go through the revisioned meta keys and save them as part of the autosave, 2045 * if the meta key is part of the posted data, the meta value is not blank, 2046 * and the meta value has changes from the last autosaved value. 2047 */ 2048 foreach ( wp_post_revision_meta_keys( $post_type ) as $meta_key ) { 2049 2050 if ( isset( $posted_data[ $meta_key ] ) 2051 && get_post_meta( $new_autosave['ID'], $meta_key, true ) !== wp_unslash( $posted_data[ $meta_key ] ) 2052 ) { 2053 /* 2054 * Use the underlying delete_metadata() and add_metadata() functions 2055 * vs delete_post_meta() and add_post_meta() to make sure we're working 2056 * with the actual revision meta. 2057 */ 2058 delete_metadata( 'post', $new_autosave['ID'], $meta_key ); 2059 2060 // One last check to ensure meta value is not empty. 2061 if ( ! empty( $posted_data[ $meta_key ] ) ) { 2062 // Add the revisions meta data to the autosave. 2063 add_metadata( 'post', $new_autosave['ID'], $meta_key, $posted_data[ $meta_key ] ); 2064 } 2065 } 2066 } 2067 } 2068 2069 /** 2070 * Saves a draft or manually autosaves for the purpose of showing a post preview. 2071 * 2072 * @since 2.7.0 2073 * 2074 * @return string URL to redirect to show the preview. 2075 */ 2076 function post_preview() { 2077 2078 $post_id = (int) $_POST['post_ID']; 2079 $_POST['ID'] = $post_id; 2080 2081 $post = get_post( $post_id ); 2082 2083 if ( ! $post ) { 2084 wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); 2085 } 2086 2087 if ( ! current_user_can( 'edit_post', $post->ID ) ) { 2088 wp_die( __( 'Sorry, you are not allowed to edit this post.' ) ); 2089 } 2090 2091 $is_autosave = false; 2092 2093 if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() === (int) $post->post_author 2094 && ( 'draft' === $post->post_status || 'auto-draft' === $post->post_status ) 2095 ) { 2096 $saved_post_id = edit_post(); 2097 } else { 2098 $is_autosave = true; 2099 2100 if ( isset( $_POST['post_status'] ) && 'auto-draft' === $_POST['post_status'] ) { 2101 $_POST['post_status'] = 'draft'; 2102 } 2103 2104 $saved_post_id = wp_create_post_autosave( $post->ID ); 2105 } 2106 2107 if ( is_wp_error( $saved_post_id ) ) { 2108 wp_die( $saved_post_id->get_error_message() ); 2109 } 2110 2111 $query_args = array(); 2112 2113 if ( $is_autosave && $saved_post_id ) { 2114 $query_args['preview_id'] = $post->ID; 2115 $query_args['preview_nonce'] = wp_create_nonce( 'post_preview_' . $post->ID ); 2116 2117 if ( isset( $_POST['post_format'] ) ) { 2118 $query_args['post_format'] = empty( $_POST['post_format'] ) ? 'standard' : sanitize_key( $_POST['post_format'] ); 2119 } 2120 2121 if ( isset( $_POST['_thumbnail_id'] ) ) { 2122 $query_args['_thumbnail_id'] = ( (int) $_POST['_thumbnail_id'] <= 0 ) ? '-1' : (int) $_POST['_thumbnail_id']; 2123 } 2124 } 2125 2126 return get_preview_post_link( $post, $query_args ); 2127 } 2128 2129 /** 2130 * Saves a post submitted with XHR. 2131 * 2132 * Intended for use with heartbeat and autosave.js 2133 * 2134 * @since 3.9.0 2135 * 2136 * @param array $post_data Associative array of the submitted post data. 2137 * @return mixed The value 0 or WP_Error on failure. The saved post ID on success. 2138 * The ID can be the draft post_id or the autosave revision post_id. 2139 */ 2140 function wp_autosave( $post_data ) { 2141 // Back-compat. 2142 if ( ! defined( 'DOING_AUTOSAVE' ) ) { 2143 define( 'DOING_AUTOSAVE', true ); 2144 } 2145 2146 $post_id = (int) $post_data['post_id']; 2147 $post_data['ID'] = $post_id; 2148 $post_data['post_ID'] = $post_id; 2149 2150 if ( false === wp_verify_nonce( $post_data['_wpnonce'], 'update-post_' . $post_id ) ) { 2151 return new WP_Error( 'invalid_nonce', __( 'Error while saving.' ) ); 2152 } 2153 2154 $post = get_post( $post_id ); 2155 2156 if ( ! current_user_can( 'edit_post', $post->ID ) ) { 2157 return new WP_Error( 'edit_posts', __( 'Sorry, you are not allowed to edit this item.' ) ); 2158 } 2159 2160 if ( 'auto-draft' === $post->post_status ) { 2161 $post_data['post_status'] = 'draft'; 2162 } 2163 2164 if ( 'page' !== $post_data['post_type'] && ! empty( $post_data['catslist'] ) ) { 2165 $post_data['post_category'] = explode( ',', $post_data['catslist'] ); 2166 } 2167 2168 if ( ! wp_check_post_lock( $post->ID ) && get_current_user_id() === (int) $post->post_author 2169 && ( 'auto-draft' === $post->post_status || 'draft' === $post->post_status ) 2170 ) { 2171 // Drafts and auto-drafts are just overwritten by autosave for the same user if the post is not locked. 2172 return edit_post( wp_slash( $post_data ) ); 2173 } else { 2174 /* 2175 * Non-drafts or other users' drafts are not overwritten. 2176 * The autosave is stored in a special post revision for each user. 2177 */ 2178 return wp_create_post_autosave( wp_slash( $post_data ) ); 2179 } 2180 } 2181 2182 /** 2183 * Redirects to previous page. 2184 * 2185 * @since 2.7.0 2186 * 2187 * @param int $post_id Optional. Post ID. 2188 */ 2189 function redirect_post( $post_id = 0 ) { 2190 if ( isset( $_POST['save'] ) || isset( $_POST['publish'] ) ) { 2191 $status = get_post_status( $post_id ); 2192 2193 switch ( $status ) { 2194 case 'pending': 2195 $message = 8; 2196 break; 2197 case 'future': 2198 $message = 9; 2199 break; 2200 case 'draft': 2201 $message = 10; 2202 break; 2203 default: 2204 $message = isset( $_POST['publish'] ) ? 6 : 1; 2205 break; 2206 } 2207 2208 $location = add_query_arg( 'message', $message, get_edit_post_link( $post_id, 'url' ) ); 2209 } elseif ( isset( $_POST['addmeta'] ) && $_POST['addmeta'] ) { 2210 $location = add_query_arg( 'message', 2, wp_get_referer() ); 2211 $location = explode( '#', $location ); 2212 $location = $location[0] . '#postcustom'; 2213 } elseif ( isset( $_POST['deletemeta'] ) && $_POST['deletemeta'] ) { 2214 $location = add_query_arg( 'message', 3, wp_get_referer() ); 2215 $location = explode( '#', $location ); 2216 $location = $location[0] . '#postcustom'; 2217 } else { 2218 $location = add_query_arg( 'message', 4, get_edit_post_link( $post_id, 'url' ) ); 2219 } 2220 2221 /** 2222 * Filters the post redirect destination URL. 2223 * 2224 * @since 2.9.0 2225 * 2226 * @param string $location The destination URL. 2227 * @param int $post_id The post ID. 2228 */ 2229 wp_redirect( apply_filters( 'redirect_post_location', $location, $post_id ) ); 2230 exit; 2231 } 2232 2233 /** 2234 * Sanitizes POST values from a checkbox taxonomy metabox. 2235 * 2236 * @since 5.1.0 2237 * 2238 * @param string $taxonomy The taxonomy name. 2239 * @param array $terms Raw term data from the 'tax_input' field. 2240 * @return int[] Array of sanitized term IDs. 2241 */ 2242 function taxonomy_meta_box_sanitize_cb_checkboxes( $taxonomy, $terms ) { 2243 return array_map( 'intval', $terms ); 2244 } 2245 2246 /** 2247 * Sanitizes POST values from an input taxonomy metabox. 2248 * 2249 * @since 5.1.0 2250 * 2251 * @param string $taxonomy The taxonomy name. 2252 * @param array|string $terms Raw term data from the 'tax_input' field. 2253 * @return array 2254 */ 2255 function taxonomy_meta_box_sanitize_cb_input( $taxonomy, $terms ) { 2256 /* 2257 * Assume that a 'tax_input' string is a comma-separated list of term names. 2258 * Some languages may use a character other than a comma as a delimiter, so we standardize on 2259 * commas before parsing the list. 2260 */ 2261 if ( ! is_array( $terms ) ) { 2262 $comma = _x( ',', 'tag delimiter' ); 2263 if ( ',' !== $comma ) { 2264 $terms = str_replace( $comma, ',', $terms ); 2265 } 2266 $terms = explode( ',', trim( $terms, " \n\t\r\0\x0B," ) ); 2267 } 2268 2269 $clean_terms = array(); 2270 foreach ( $terms as $term ) { 2271 // Empty terms are invalid input. 2272 if ( empty( $term ) ) { 2273 continue; 2274 } 2275 2276 $_term = get_terms( 2277 array( 2278 'taxonomy' => $taxonomy, 2279 'name' => $term, 2280 'fields' => 'ids', 2281 'hide_empty' => false, 2282 ) 2283 ); 2284 2285 if ( ! empty( $_term ) ) { 2286 $clean_terms[] = (int) $_term[0]; 2287 } else { 2288 // No existing term was found, so pass the string. A new term will be created. 2289 $clean_terms[] = $term; 2290 } 2291 } 2292 2293 return $clean_terms; 2294 } 2295 2296 /** 2297 * Prepares server-registered blocks for the block editor. 2298 * 2299 * Returns an associative array of registered block data keyed by block name. Data includes properties 2300 * of a block relevant for client registration. 2301 * 2302 * @since 5.0.0 2303 * @since 6.3.0 Added `selectors` field. 2304 * @since 6.4.0 Added `block_hooks` field. 2305 * 2306 * @return array An associative array of registered block data. 2307 */ 2308 function get_block_editor_server_block_settings() { 2309 $block_registry = WP_Block_Type_Registry::get_instance(); 2310 $blocks = array(); 2311 $fields_to_pick = array( 2312 'api_version' => 'apiVersion', 2313 'title' => 'title', 2314 'description' => 'description', 2315 'icon' => 'icon', 2316 'attributes' => 'attributes', 2317 'provides_context' => 'providesContext', 2318 'uses_context' => 'usesContext', 2319 'block_hooks' => 'blockHooks', 2320 'selectors' => 'selectors', 2321 'supports' => 'supports', 2322 'category' => 'category', 2323 'styles' => 'styles', 2324 'textdomain' => 'textdomain', 2325 'parent' => 'parent', 2326 'ancestor' => 'ancestor', 2327 'keywords' => 'keywords', 2328 'example' => 'example', 2329 'variations' => 'variations', 2330 'allowed_blocks' => 'allowedBlocks', 2331 ); 2332 2333 foreach ( $block_registry->get_all_registered() as $block_name => $block_type ) { 2334 foreach ( $fields_to_pick as $field => $key ) { 2335 if ( ! isset( $block_type->{ $field } ) ) { 2336 continue; 2337 } 2338 2339 if ( ! isset( $blocks[ $block_name ] ) ) { 2340 $blocks[ $block_name ] = array(); 2341 } 2342 2343 $blocks[ $block_name ][ $key ] = $block_type->{ $field }; 2344 } 2345 } 2346 2347 return $blocks; 2348 } 2349 2350 /** 2351 * Renders the meta boxes forms. 2352 * 2353 * @since 5.0.0 2354 * 2355 * @global WP_Post $post Global post object. 2356 * @global WP_Screen $current_screen WordPress current screen object. 2357 * @global array $wp_meta_boxes Global meta box state. 2358 */ 2359 function the_block_editor_meta_boxes() { 2360 global $post, $current_screen, $wp_meta_boxes; 2361 2362 // Handle meta box state. 2363 $_original_meta_boxes = $wp_meta_boxes; 2364 2365 /** 2366 * Fires right before the meta boxes are rendered. 2367 * 2368 * This allows for the filtering of meta box data, that should already be 2369 * present by this point. Do not use as a means of adding meta box data. 2370 * 2371 * @since 5.0.0 2372 * 2373 * @param array $wp_meta_boxes Global meta box state. 2374 */ 2375 $wp_meta_boxes = apply_filters( 'filter_block_editor_meta_boxes', $wp_meta_boxes ); 2376 $locations = array( 'side', 'normal', 'advanced' ); 2377 $priorities = array( 'high', 'sorted', 'core', 'default', 'low' ); 2378 2379 // Render meta boxes. 2380 ?> 2381 <form class="metabox-base-form"> 2382 <?php the_block_editor_meta_box_post_form_hidden_fields( $post ); ?> 2383 </form> 2384 <form id="toggle-custom-fields-form" method="post" action="<?php echo esc_url( admin_url( 'post.php' ) ); ?>"> 2385 <?php wp_nonce_field( 'toggle-custom-fields', 'toggle-custom-fields-nonce' ); ?> 2386 <input type="hidden" name="action" value="toggle-custom-fields" /> 2387 </form> 2388 <?php foreach ( $locations as $location ) : ?> 2389 <form class="metabox-location-<?php echo esc_attr( $location ); ?>" onsubmit="return false;"> 2390 <div id="poststuff" class="sidebar-open"> 2391 <div id="postbox-container-2" class="postbox-container"> 2392 <?php 2393 do_meta_boxes( 2394 $current_screen, 2395 $location, 2396 $post 2397 ); 2398 ?> 2399 </div> 2400 </div> 2401 </form> 2402 <?php endforeach; ?> 2403 <?php 2404 2405 $meta_boxes_per_location = array(); 2406 foreach ( $locations as $location ) { 2407 $meta_boxes_per_location[ $location ] = array(); 2408 2409 if ( ! isset( $wp_meta_boxes[ $current_screen->id ][ $location ] ) ) { 2410 continue; 2411 } 2412 2413 foreach ( $priorities as $priority ) { 2414 if ( ! isset( $wp_meta_boxes[ $current_screen->id ][ $location ][ $priority ] ) ) { 2415 continue; 2416 } 2417 2418 $meta_boxes = (array) $wp_meta_boxes[ $current_screen->id ][ $location ][ $priority ]; 2419 foreach ( $meta_boxes as $meta_box ) { 2420 if ( false === $meta_box || ! $meta_box['title'] ) { 2421 continue; 2422 } 2423 2424 // If a meta box is just here for back compat, don't show it in the block editor. 2425 if ( isset( $meta_box['args']['__back_compat_meta_box'] ) && $meta_box['args']['__back_compat_meta_box'] ) { 2426 continue; 2427 } 2428 2429 $meta_boxes_per_location[ $location ][] = array( 2430 'id' => $meta_box['id'], 2431 'title' => $meta_box['title'], 2432 ); 2433 } 2434 } 2435 } 2436 2437 /* 2438 * Sadly we probably cannot add this data directly into editor settings. 2439 * 2440 * Some meta boxes need `admin_head` to fire for meta box registry. 2441 * `admin_head` fires after `admin_enqueue_scripts`, which is where we create 2442 * our editor instance. 2443 */ 2444 $script = 'window._wpLoadBlockEditor.then( function() { 2445 wp.data.dispatch( \'core/edit-post\' ).setAvailableMetaBoxesPerLocation( ' . wp_json_encode( $meta_boxes_per_location ) . ' ); 2446 } );'; 2447 2448 wp_add_inline_script( 'wp-edit-post', $script ); 2449 2450 /* 2451 * When `wp-edit-post` is output in the `<head>`, the inline script needs to be manually printed. 2452 * Otherwise, meta boxes will not display because inline scripts for `wp-edit-post` 2453 * will not be printed again after this point. 2454 */ 2455 if ( wp_script_is( 'wp-edit-post', 'done' ) ) { 2456 printf( "<script type='text/javascript'>\n%s\n</script>\n", trim( $script ) ); 2457 } 2458 2459 /* 2460 * If the 'postcustom' meta box is enabled, then we need to perform 2461 * some extra initialization on it. 2462 */ 2463 $enable_custom_fields = (bool) get_user_meta( get_current_user_id(), 'enable_custom_fields', true ); 2464 2465 if ( $enable_custom_fields ) { 2466 $script = "( function( $ ) { 2467 if ( $('#postcustom').length ) { 2468 $( '#the-list' ).wpList( { 2469 addBefore: function( s ) { 2470 s.data += '&post_id=$post->ID'; 2471 return s; 2472 }, 2473 addAfter: function() { 2474 $('table#list-table').show(); 2475 } 2476 }); 2477 } 2478 } )( jQuery );"; 2479 wp_enqueue_script( 'wp-lists' ); 2480 wp_add_inline_script( 'wp-lists', $script ); 2481 } 2482 2483 /* 2484 * Refresh nonces used by the meta box loader. 2485 * 2486 * The logic is very similar to that provided by post.js for the classic editor. 2487 */ 2488 $script = "( function( $ ) { 2489 var check, timeout; 2490 2491 function schedule() { 2492 check = false; 2493 window.clearTimeout( timeout ); 2494 timeout = window.setTimeout( function() { check = true; }, 300000 ); 2495 } 2496 2497 $( document ).on( 'heartbeat-send.wp-refresh-nonces', function( e, data ) { 2498 var post_id, \$authCheck = $( '#wp-auth-check-wrap' ); 2499 2500 if ( check || ( \$authCheck.length && ! \$authCheck.hasClass( 'hidden' ) ) ) { 2501 if ( ( post_id = $( '#post_ID' ).val() ) && $( '#_wpnonce' ).val() ) { 2502 data['wp-refresh-metabox-loader-nonces'] = { 2503 post_id: post_id 2504 }; 2505 } 2506 } 2507 }).on( 'heartbeat-tick.wp-refresh-nonces', function( e, data ) { 2508 var nonces = data['wp-refresh-metabox-loader-nonces']; 2509 2510 if ( nonces ) { 2511 if ( nonces.replace ) { 2512 if ( nonces.replace.metabox_loader_nonce && window._wpMetaBoxUrl && wp.url ) { 2513 window._wpMetaBoxUrl= wp.url.addQueryArgs( window._wpMetaBoxUrl, { 'meta-box-loader-nonce': nonces.replace.metabox_loader_nonce } ); 2514 } 2515 2516 if ( nonces.replace._wpnonce ) { 2517 $( '#_wpnonce' ).val( nonces.replace._wpnonce ); 2518 } 2519 } 2520 } 2521 }).ready( function() { 2522 schedule(); 2523 }); 2524 } )( jQuery );"; 2525 wp_add_inline_script( 'heartbeat', $script ); 2526 2527 // Reset meta box data. 2528 $wp_meta_boxes = $_original_meta_boxes; 2529 } 2530 2531 /** 2532 * Renders the hidden form required for the meta boxes form. 2533 * 2534 * @since 5.0.0 2535 * 2536 * @param WP_Post $post Current post object. 2537 */ 2538 function the_block_editor_meta_box_post_form_hidden_fields( $post ) { 2539 $form_extra = ''; 2540 if ( 'auto-draft' === $post->post_status ) { 2541 $form_extra .= "<input type='hidden' id='auto_draft' name='auto_draft' value='1' />"; 2542 } 2543 $form_action = 'editpost'; 2544 $nonce_action = 'update-post_' . $post->ID; 2545 $form_extra .= "<input type='hidden' id='post_ID' name='post_ID' value='" . esc_attr( $post->ID ) . "' />"; 2546 $referer = wp_get_referer(); 2547 $current_user = wp_get_current_user(); 2548 $user_id = $current_user->ID; 2549 wp_nonce_field( $nonce_action ); 2550 2551 /* 2552 * Some meta boxes hook into these actions to add hidden input fields in the classic post form. 2553 * For backward compatibility, we can capture the output from these actions, 2554 * and extract the hidden input fields. 2555 */ 2556 ob_start(); 2557 /** This filter is documented in wp-admin/edit-form-advanced.php */ 2558 do_action( 'edit_form_after_title', $post ); 2559 /** This filter is documented in wp-admin/edit-form-advanced.php */ 2560 do_action( 'edit_form_advanced', $post ); 2561 $classic_output = ob_get_clean(); 2562 2563 $classic_elements = wp_html_split( $classic_output ); 2564 $hidden_inputs = ''; 2565 foreach ( $classic_elements as $element ) { 2566 if ( ! str_starts_with( $element, '<input ' ) ) { 2567 continue; 2568 } 2569 2570 if ( preg_match( '/\stype=[\'"]hidden[\'"]\s/', $element ) ) { 2571 echo $element; 2572 } 2573 } 2574 ?> 2575 <input type="hidden" id="user-id" name="user_ID" value="<?php echo (int) $user_id; ?>" /> 2576 <input type="hidden" id="hiddenaction" name="action" value="<?php echo esc_attr( $form_action ); ?>" /> 2577 <input type="hidden" id="originalaction" name="originalaction" value="<?php echo esc_attr( $form_action ); ?>" /> 2578 <input type="hidden" id="post_type" name="post_type" value="<?php echo esc_attr( $post->post_type ); ?>" /> 2579 <input type="hidden" id="original_post_status" name="original_post_status" value="<?php echo esc_attr( $post->post_status ); ?>" /> 2580 <input type="hidden" id="referredby" name="referredby" value="<?php echo $referer ? esc_url( $referer ) : ''; ?>" /> 2581 2582 <?php 2583 if ( 'draft' !== get_post_status( $post ) ) { 2584 wp_original_referer_field( true, 'previous' ); 2585 } 2586 echo $form_extra; 2587 wp_nonce_field( 'meta-box-order', 'meta-box-order-nonce', false ); 2588 wp_nonce_field( 'closedpostboxes', 'closedpostboxesnonce', false ); 2589 // Permalink title nonce. 2590 wp_nonce_field( 'samplepermalink', 'samplepermalinknonce', false ); 2591 2592 /** 2593 * Adds hidden input fields to the meta box save form. 2594 * 2595 * Hook into this action to print `<input type="hidden" ... />` fields, which will be POSTed back to 2596 * the server when meta boxes are saved. 2597 * 2598 * @since 5.0.0 2599 * 2600 * @param WP_Post $post The post that is being edited. 2601 */ 2602 do_action( 'block_editor_meta_box_hidden_fields', $post ); 2603 } 2604 2605 /** 2606 * Disables block editor for wp_navigation type posts so they can be managed via the UI. 2607 * 2608 * @since 5.9.0 2609 * @access private 2610 * 2611 * @param bool $value Whether the CPT supports block editor or not. 2612 * @param string $post_type Post type. 2613 * @return bool Whether the block editor should be disabled or not. 2614 */ 2615 function _disable_block_editor_for_navigation_post_type( $value, $post_type ) { 2616 if ( 'wp_navigation' === $post_type ) { 2617 return false; 2618 } 2619 2620 return $value; 2621 } 2622 2623 /** 2624 * This callback disables the content editor for wp_navigation type posts. 2625 * Content editor cannot handle wp_navigation type posts correctly. 2626 * We cannot disable the "editor" feature in the wp_navigation's CPT definition 2627 * because it disables the ability to save navigation blocks via REST API. 2628 * 2629 * @since 5.9.0 2630 * @access private 2631 * 2632 * @param WP_Post $post An instance of WP_Post class. 2633 */ 2634 function _disable_content_editor_for_navigation_post_type( $post ) { 2635 $post_type = get_post_type( $post ); 2636 if ( 'wp_navigation' !== $post_type ) { 2637 return; 2638 } 2639 2640 remove_post_type_support( $post_type, 'editor' ); 2641 } 2642 2643 /** 2644 * This callback enables content editor for wp_navigation type posts. 2645 * We need to enable it back because we disable it to hide 2646 * the content editor for wp_navigation type posts. 2647 * 2648 * @since 5.9.0 2649 * @access private 2650 * 2651 * @see _disable_content_editor_for_navigation_post_type 2652 * 2653 * @param WP_Post $post An instance of WP_Post class. 2654 */ 2655 function _enable_content_editor_for_navigation_post_type( $post ) { 2656 $post_type = get_post_type( $post ); 2657 if ( 'wp_navigation' !== $post_type ) { 2658 return; 2659 } 2660 2661 add_post_type_support( $post_type, 'editor' ); 2662 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Sat Jul 26 08:20:01 2025 | Cross-referenced by PHPXref |