Edit File by line
/home/barbar84/public_h.../wp-admin/includes
File: post.php
<?php
[0] Fix | Delete
/**
[1] Fix | Delete
* WordPress Post Administration API.
[2] Fix | Delete
*
[3] Fix | Delete
* @package WordPress
[4] Fix | Delete
* @subpackage Administration
[5] Fix | Delete
*/
[6] Fix | Delete
[7] Fix | Delete
/**
[8] Fix | Delete
* Rename $_POST data from form names to DB post columns.
[9] Fix | Delete
*
[10] Fix | Delete
* Manipulates $_POST directly.
[11] Fix | Delete
*
[12] Fix | Delete
* @since 2.6.0
[13] Fix | Delete
*
[14] Fix | Delete
* @param bool $update Are we updating a pre-existing post?
[15] Fix | Delete
* @param array $post_data Array of post data. Defaults to the contents of $_POST.
[16] Fix | Delete
* @return array|WP_Error Array of post data on success, WP_Error on failure.
[17] Fix | Delete
*/
[18] Fix | Delete
function _wp_translate_postdata( $update = false, $post_data = null ) {
[19] Fix | Delete
[20] Fix | Delete
if ( empty( $post_data ) ) {
[21] Fix | Delete
$post_data = &$_POST;
[22] Fix | Delete
}
[23] Fix | Delete
[24] Fix | Delete
if ( $update ) {
[25] Fix | Delete
$post_data['ID'] = (int) $post_data['post_ID'];
[26] Fix | Delete
}
[27] Fix | Delete
[28] Fix | Delete
$ptype = get_post_type_object( $post_data['post_type'] );
[29] Fix | Delete
[30] Fix | Delete
if ( $update && ! current_user_can( 'edit_post', $post_data['ID'] ) ) {
[31] Fix | Delete
if ( 'page' === $post_data['post_type'] ) {
[32] Fix | Delete
return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) );
[33] Fix | Delete
} else {
[34] Fix | Delete
return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) );
[35] Fix | Delete
}
[36] Fix | Delete
} elseif ( ! $update && ! current_user_can( $ptype->cap->create_posts ) ) {
[37] Fix | Delete
if ( 'page' === $post_data['post_type'] ) {
[38] Fix | Delete
return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) );
[39] Fix | Delete
} else {
[40] Fix | Delete
return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) );
[41] Fix | Delete
}
[42] Fix | Delete
}
[43] Fix | Delete
[44] Fix | Delete
if ( isset( $post_data['content'] ) ) {
[45] Fix | Delete
$post_data['post_content'] = $post_data['content'];
[46] Fix | Delete
}
[47] Fix | Delete
[48] Fix | Delete
if ( isset( $post_data['excerpt'] ) ) {
[49] Fix | Delete
$post_data['post_excerpt'] = $post_data['excerpt'];
[50] Fix | Delete
}
[51] Fix | Delete
[52] Fix | Delete
if ( isset( $post_data['parent_id'] ) ) {
[53] Fix | Delete
$post_data['post_parent'] = (int) $post_data['parent_id'];
[54] Fix | Delete
}
[55] Fix | Delete
[56] Fix | Delete
if ( isset( $post_data['trackback_url'] ) ) {
[57] Fix | Delete
$post_data['to_ping'] = $post_data['trackback_url'];
[58] Fix | Delete
}
[59] Fix | Delete
[60] Fix | Delete
$post_data['user_ID'] = get_current_user_id();
[61] Fix | Delete
[62] Fix | Delete
if ( ! empty( $post_data['post_author_override'] ) ) {
[63] Fix | Delete
$post_data['post_author'] = (int) $post_data['post_author_override'];
[64] Fix | Delete
} else {
[65] Fix | Delete
if ( ! empty( $post_data['post_author'] ) ) {
[66] Fix | Delete
$post_data['post_author'] = (int) $post_data['post_author'];
[67] Fix | Delete
} else {
[68] Fix | Delete
$post_data['post_author'] = (int) $post_data['user_ID'];
[69] Fix | Delete
}
[70] Fix | Delete
}
[71] Fix | Delete
[72] Fix | Delete
if ( isset( $post_data['user_ID'] ) && ( $post_data['post_author'] != $post_data['user_ID'] )
[73] Fix | Delete
&& ! current_user_can( $ptype->cap->edit_others_posts ) ) {
[74] Fix | Delete
[75] Fix | Delete
if ( $update ) {
[76] Fix | Delete
if ( 'page' === $post_data['post_type'] ) {
[77] Fix | Delete
return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to edit pages as this user.' ) );
[78] Fix | Delete
} else {
[79] Fix | Delete
return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to edit posts as this user.' ) );
[80] Fix | Delete
}
[81] Fix | Delete
} else {
[82] Fix | Delete
if ( 'page' === $post_data['post_type'] ) {
[83] Fix | Delete
return new WP_Error( 'edit_others_pages', __( 'Sorry, you are not allowed to create pages as this user.' ) );
[84] Fix | Delete
} else {
[85] Fix | Delete
return new WP_Error( 'edit_others_posts', __( 'Sorry, you are not allowed to create posts as this user.' ) );
[86] Fix | Delete
}
[87] Fix | Delete
}
[88] Fix | Delete
}
[89] Fix | Delete
[90] Fix | Delete
if ( ! empty( $post_data['post_status'] ) ) {
[91] Fix | Delete
$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
[92] Fix | Delete
[93] Fix | Delete
// No longer an auto-draft.
[94] Fix | Delete
if ( 'auto-draft' === $post_data['post_status'] ) {
[95] Fix | Delete
$post_data['post_status'] = 'draft';
[96] Fix | Delete
}
[97] Fix | Delete
[98] Fix | Delete
if ( ! get_post_status_object( $post_data['post_status'] ) ) {
[99] Fix | Delete
unset( $post_data['post_status'] );
[100] Fix | Delete
}
[101] Fix | Delete
}
[102] Fix | Delete
[103] Fix | Delete
// What to do based on which button they pressed.
[104] Fix | Delete
if ( isset( $post_data['saveasdraft'] ) && '' !== $post_data['saveasdraft'] ) {
[105] Fix | Delete
$post_data['post_status'] = 'draft';
[106] Fix | Delete
}
[107] Fix | Delete
if ( isset( $post_data['saveasprivate'] ) && '' !== $post_data['saveasprivate'] ) {
[108] Fix | Delete
$post_data['post_status'] = 'private';
[109] Fix | Delete
}
[110] Fix | Delete
if ( isset( $post_data['publish'] ) && ( '' !== $post_data['publish'] )
[111] Fix | Delete
&& ( ! isset( $post_data['post_status'] ) || 'private' !== $post_data['post_status'] )
[112] Fix | Delete
) {
[113] Fix | Delete
$post_data['post_status'] = 'publish';
[114] Fix | Delete
}
[115] Fix | Delete
if ( isset( $post_data['advanced'] ) && '' !== $post_data['advanced'] ) {
[116] Fix | Delete
$post_data['post_status'] = 'draft';
[117] Fix | Delete
}
[118] Fix | Delete
if ( isset( $post_data['pending'] ) && '' !== $post_data['pending'] ) {
[119] Fix | Delete
$post_data['post_status'] = 'pending';
[120] Fix | Delete
}
[121] Fix | Delete
[122] Fix | Delete
if ( isset( $post_data['ID'] ) ) {
[123] Fix | Delete
$post_id = $post_data['ID'];
[124] Fix | Delete
} else {
[125] Fix | Delete
$post_id = false;
[126] Fix | Delete
}
[127] Fix | Delete
$previous_status = $post_id ? get_post_field( 'post_status', $post_id ) : false;
[128] Fix | Delete
[129] Fix | Delete
if ( isset( $post_data['post_status'] ) && 'private' === $post_data['post_status'] && ! current_user_can( $ptype->cap->publish_posts ) ) {
[130] Fix | Delete
$post_data['post_status'] = $previous_status ? $previous_status : 'pending';
[131] Fix | Delete
}
[132] Fix | Delete
[133] Fix | Delete
$published_statuses = array( 'publish', 'future' );
[134] Fix | Delete
[135] Fix | Delete
// Posts 'submitted for approval' are submitted to $_POST the same as if they were being published.
[136] Fix | Delete
// Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
[137] Fix | Delete
if ( isset( $post_data['post_status'] )
[138] Fix | Delete
&& ( in_array( $post_data['post_status'], $published_statuses, true )
[139] Fix | Delete
&& ! current_user_can( $ptype->cap->publish_posts ) )
[140] Fix | Delete
) {
[141] Fix | Delete
if ( ! in_array( $previous_status, $published_statuses, true ) || ! current_user_can( 'edit_post', $post_id ) ) {
[142] Fix | Delete
$post_data['post_status'] = 'pending';
[143] Fix | Delete
}
[144] Fix | Delete
}
[145] Fix | Delete
[146] Fix | Delete
if ( ! isset( $post_data['post_status'] ) ) {
[147] Fix | Delete
$post_data['post_status'] = 'auto-draft' === $previous_status ? 'draft' : $previous_status;
[148] Fix | Delete
}
[149] Fix | Delete
[150] Fix | Delete
if ( isset( $post_data['post_password'] ) && ! current_user_can( $ptype->cap->publish_posts ) ) {
[151] Fix | Delete
unset( $post_data['post_password'] );
[152] Fix | Delete
}
[153] Fix | Delete
[154] Fix | Delete
if ( ! isset( $post_data['comment_status'] ) ) {
[155] Fix | Delete
$post_data['comment_status'] = 'closed';
[156] Fix | Delete
}
[157] Fix | Delete
[158] Fix | Delete
if ( ! isset( $post_data['ping_status'] ) ) {
[159] Fix | Delete
$post_data['ping_status'] = 'closed';
[160] Fix | Delete
}
[161] Fix | Delete
[162] Fix | Delete
foreach ( array( 'aa', 'mm', 'jj', 'hh', 'mn' ) as $timeunit ) {
[163] Fix | Delete
if ( ! empty( $post_data[ 'hidden_' . $timeunit ] ) && $post_data[ 'hidden_' . $timeunit ] != $post_data[ $timeunit ] ) {
[164] Fix | Delete
$post_data['edit_date'] = '1';
[165] Fix | Delete
break;
[166] Fix | Delete
}
[167] Fix | Delete
}
[168] Fix | Delete
[169] Fix | Delete
if ( ! empty( $post_data['edit_date'] ) ) {
[170] Fix | Delete
$aa = $post_data['aa'];
[171] Fix | Delete
$mm = $post_data['mm'];
[172] Fix | Delete
$jj = $post_data['jj'];
[173] Fix | Delete
$hh = $post_data['hh'];
[174] Fix | Delete
$mn = $post_data['mn'];
[175] Fix | Delete
$ss = $post_data['ss'];
[176] Fix | Delete
$aa = ( $aa <= 0 ) ? gmdate( 'Y' ) : $aa;
[177] Fix | Delete
$mm = ( $mm <= 0 ) ? gmdate( 'n' ) : $mm;
[178] Fix | Delete
$jj = ( $jj > 31 ) ? 31 : $jj;
[179] Fix | Delete
$jj = ( $jj <= 0 ) ? gmdate( 'j' ) : $jj;
[180] Fix | Delete
$hh = ( $hh > 23 ) ? $hh - 24 : $hh;
[181] Fix | Delete
$mn = ( $mn > 59 ) ? $mn - 60 : $mn;
[182] Fix | Delete
$ss = ( $ss > 59 ) ? $ss - 60 : $ss;
[183] Fix | Delete
$post_data['post_date'] = sprintf( '%04d-%02d-%02d %02d:%02d:%02d', $aa, $mm, $jj, $hh, $mn, $ss );
[184] Fix | Delete
$valid_date = wp_checkdate( $mm, $jj, $aa, $post_data['post_date'] );
[185] Fix | Delete
if ( ! $valid_date ) {
[186] Fix | Delete
return new WP_Error( 'invalid_date', __( 'Invalid date.' ) );
[187] Fix | Delete
}
[188] Fix | Delete
$post_data['post_date_gmt'] = get_gmt_from_date( $post_data['post_date'] );
[189] Fix | Delete
}
[190] Fix | Delete
[191] Fix | Delete
if ( isset( $post_data['post_category'] ) ) {
[192] Fix | Delete
$category_object = get_taxonomy( 'category' );
[193] Fix | Delete
if ( ! current_user_can( $category_object->cap->assign_terms ) ) {
[194] Fix | Delete
unset( $post_data['post_category'] );
[195] Fix | Delete
}
[196] Fix | Delete
}
[197] Fix | Delete
[198] Fix | Delete
return $post_data;
[199] Fix | Delete
}
[200] Fix | Delete
[201] Fix | Delete
/**
[202] Fix | Delete
* Returns only allowed post data fields
[203] Fix | Delete
*
[204] Fix | Delete
* @since 5.0.1
[205] Fix | Delete
*
[206] Fix | Delete
* @param array $post_data Array of post data. Defaults to the contents of $_POST.
[207] Fix | Delete
* @return array|WP_Error Array of post data on success, WP_Error on failure.
[208] Fix | Delete
*/
[209] Fix | Delete
function _wp_get_allowed_postdata( $post_data = null ) {
[210] Fix | Delete
if ( empty( $post_data ) ) {
[211] Fix | Delete
$post_data = $_POST;
[212] Fix | Delete
}
[213] Fix | Delete
[214] Fix | Delete
// Pass through errors.
[215] Fix | Delete
if ( is_wp_error( $post_data ) ) {
[216] Fix | Delete
return $post_data;
[217] Fix | Delete
}
[218] Fix | Delete
[219] Fix | Delete
return array_diff_key( $post_data, array_flip( array( 'meta_input', 'file', 'guid' ) ) );
[220] Fix | Delete
}
[221] Fix | Delete
[222] Fix | Delete
/**
[223] Fix | Delete
* Update an existing post with values provided in $_POST.
[224] Fix | Delete
*
[225] Fix | Delete
* If post data is passed as an argument, it is treated as an array of data
[226] Fix | Delete
* keyed appropriately for turning into a post object.
[227] Fix | Delete
*
[228] Fix | Delete
* If post data is not passed, the $_POST global variable is used instead.
[229] Fix | Delete
*
[230] Fix | Delete
* @since 1.5.0
[231] Fix | Delete
*
[232] Fix | Delete
* @global wpdb $wpdb WordPress database abstraction object.
[233] Fix | Delete
*
[234] Fix | Delete
* @param array $post_data Optional. Defaults to the $_POST global.
[235] Fix | Delete
* @return int Post ID.
[236] Fix | Delete
*/
[237] Fix | Delete
function edit_post( $post_data = null ) {
[238] Fix | Delete
global $wpdb;
[239] Fix | Delete
[240] Fix | Delete
if ( empty( $post_data ) ) {
[241] Fix | Delete
$post_data = &$_POST;
[242] Fix | Delete
}
[243] Fix | Delete
[244] Fix | Delete
// Clear out any data in internal vars.
[245] Fix | Delete
unset( $post_data['filter'] );
[246] Fix | Delete
[247] Fix | Delete
$post_ID = (int) $post_data['post_ID'];
[248] Fix | Delete
$post = get_post( $post_ID );
[249] Fix | Delete
$post_data['post_type'] = $post->post_type;
[250] Fix | Delete
$post_data['post_mime_type'] = $post->post_mime_type;
[251] Fix | Delete
[252] Fix | Delete
if ( ! empty( $post_data['post_status'] ) ) {
[253] Fix | Delete
$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
[254] Fix | Delete
[255] Fix | Delete
if ( 'inherit' === $post_data['post_status'] ) {
[256] Fix | Delete
unset( $post_data['post_status'] );
[257] Fix | Delete
}
[258] Fix | Delete
}
[259] Fix | Delete
[260] Fix | Delete
$ptype = get_post_type_object( $post_data['post_type'] );
[261] Fix | Delete
if ( ! current_user_can( 'edit_post', $post_ID ) ) {
[262] Fix | Delete
if ( 'page' === $post_data['post_type'] ) {
[263] Fix | Delete
wp_die( __( 'Sorry, you are not allowed to edit this page.' ) );
[264] Fix | Delete
} else {
[265] Fix | Delete
wp_die( __( 'Sorry, you are not allowed to edit this post.' ) );
[266] Fix | Delete
}
[267] Fix | Delete
}
[268] Fix | Delete
[269] Fix | Delete
if ( post_type_supports( $ptype->name, 'revisions' ) ) {
[270] Fix | Delete
$revisions = wp_get_post_revisions(
[271] Fix | Delete
$post_ID,
[272] Fix | Delete
array(
[273] Fix | Delete
'order' => 'ASC',
[274] Fix | Delete
'posts_per_page' => 1,
[275] Fix | Delete
)
[276] Fix | Delete
);
[277] Fix | Delete
$revision = current( $revisions );
[278] Fix | Delete
[279] Fix | Delete
// Check if the revisions have been upgraded.
[280] Fix | Delete
if ( $revisions && _wp_get_post_revision_version( $revision ) < 1 ) {
[281] Fix | Delete
_wp_upgrade_revisions_of_post( $post, wp_get_post_revisions( $post_ID ) );
[282] Fix | Delete
}
[283] Fix | Delete
}
[284] Fix | Delete
[285] Fix | Delete
if ( isset( $post_data['visibility'] ) ) {
[286] Fix | Delete
switch ( $post_data['visibility'] ) {
[287] Fix | Delete
case 'public':
[288] Fix | Delete
$post_data['post_password'] = '';
[289] Fix | Delete
break;
[290] Fix | Delete
case 'password':
[291] Fix | Delete
unset( $post_data['sticky'] );
[292] Fix | Delete
break;
[293] Fix | Delete
case 'private':
[294] Fix | Delete
$post_data['post_status'] = 'private';
[295] Fix | Delete
$post_data['post_password'] = '';
[296] Fix | Delete
unset( $post_data['sticky'] );
[297] Fix | Delete
break;
[298] Fix | Delete
}
[299] Fix | Delete
}
[300] Fix | Delete
[301] Fix | Delete
$post_data = _wp_translate_postdata( true, $post_data );
[302] Fix | Delete
if ( is_wp_error( $post_data ) ) {
[303] Fix | Delete
wp_die( $post_data->get_error_message() );
[304] Fix | Delete
}
[305] Fix | Delete
$translated = _wp_get_allowed_postdata( $post_data );
[306] Fix | Delete
[307] Fix | Delete
// Post formats.
[308] Fix | Delete
if ( isset( $post_data['post_format'] ) ) {
[309] Fix | Delete
set_post_format( $post_ID, $post_data['post_format'] );
[310] Fix | Delete
}
[311] Fix | Delete
[312] Fix | Delete
$format_meta_urls = array( 'url', 'link_url', 'quote_source_url' );
[313] Fix | Delete
foreach ( $format_meta_urls as $format_meta_url ) {
[314] Fix | Delete
$keyed = '_format_' . $format_meta_url;
[315] Fix | Delete
if ( isset( $post_data[ $keyed ] ) ) {
[316] Fix | Delete
update_post_meta( $post_ID, $keyed, wp_slash( esc_url_raw( wp_unslash( $post_data[ $keyed ] ) ) ) );
[317] Fix | Delete
}
[318] Fix | Delete
}
[319] Fix | Delete
[320] Fix | Delete
$format_keys = array( 'quote', 'quote_source_name', 'image', 'gallery', 'audio_embed', 'video_embed' );
[321] Fix | Delete
[322] Fix | Delete
foreach ( $format_keys as $key ) {
[323] Fix | Delete
$keyed = '_format_' . $key;
[324] Fix | Delete
if ( isset( $post_data[ $keyed ] ) ) {
[325] Fix | Delete
if ( current_user_can( 'unfiltered_html' ) ) {
[326] Fix | Delete
update_post_meta( $post_ID, $keyed, $post_data[ $keyed ] );
[327] Fix | Delete
} else {
[328] Fix | Delete
update_post_meta( $post_ID, $keyed, wp_filter_post_kses( $post_data[ $keyed ] ) );
[329] Fix | Delete
}
[330] Fix | Delete
}
[331] Fix | Delete
}
[332] Fix | Delete
[333] Fix | Delete
if ( 'attachment' === $post_data['post_type'] && preg_match( '#^(audio|video)/#', $post_data['post_mime_type'] ) ) {
[334] Fix | Delete
$id3data = wp_get_attachment_metadata( $post_ID );
[335] Fix | Delete
if ( ! is_array( $id3data ) ) {
[336] Fix | Delete
$id3data = array();
[337] Fix | Delete
}
[338] Fix | Delete
[339] Fix | Delete
foreach ( wp_get_attachment_id3_keys( $post, 'edit' ) as $key => $label ) {
[340] Fix | Delete
if ( isset( $post_data[ 'id3_' . $key ] ) ) {
[341] Fix | Delete
$id3data[ $key ] = sanitize_text_field( wp_unslash( $post_data[ 'id3_' . $key ] ) );
[342] Fix | Delete
}
[343] Fix | Delete
}
[344] Fix | Delete
wp_update_attachment_metadata( $post_ID, $id3data );
[345] Fix | Delete
}
[346] Fix | Delete
[347] Fix | Delete
// Meta stuff.
[348] Fix | Delete
if ( isset( $post_data['meta'] ) && $post_data['meta'] ) {
[349] Fix | Delete
foreach ( $post_data['meta'] as $key => $value ) {
[350] Fix | Delete
$meta = get_post_meta_by_id( $key );
[351] Fix | Delete
if ( ! $meta ) {
[352] Fix | Delete
continue;
[353] Fix | Delete
}
[354] Fix | Delete
if ( $meta->post_id != $post_ID ) {
[355] Fix | Delete
continue;
[356] Fix | Delete
}
[357] Fix | Delete
if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $meta->meta_key ) ) {
[358] Fix | Delete
continue;
[359] Fix | Delete
}
[360] Fix | Delete
if ( is_protected_meta( $value['key'], 'post' ) || ! current_user_can( 'edit_post_meta', $post_ID, $value['key'] ) ) {
[361] Fix | Delete
continue;
[362] Fix | Delete
}
[363] Fix | Delete
update_meta( $key, $value['key'], $value['value'] );
[364] Fix | Delete
}
[365] Fix | Delete
}
[366] Fix | Delete
[367] Fix | Delete
if ( isset( $post_data['deletemeta'] ) && $post_data['deletemeta'] ) {
[368] Fix | Delete
foreach ( $post_data['deletemeta'] as $key => $value ) {
[369] Fix | Delete
$meta = get_post_meta_by_id( $key );
[370] Fix | Delete
if ( ! $meta ) {
[371] Fix | Delete
continue;
[372] Fix | Delete
}
[373] Fix | Delete
if ( $meta->post_id != $post_ID ) {
[374] Fix | Delete
continue;
[375] Fix | Delete
}
[376] Fix | Delete
if ( is_protected_meta( $meta->meta_key, 'post' ) || ! current_user_can( 'delete_post_meta', $post_ID, $meta->meta_key ) ) {
[377] Fix | Delete
continue;
[378] Fix | Delete
}
[379] Fix | Delete
delete_meta( $key );
[380] Fix | Delete
}
[381] Fix | Delete
}
[382] Fix | Delete
[383] Fix | Delete
// Attachment stuff.
[384] Fix | Delete
if ( 'attachment' === $post_data['post_type'] ) {
[385] Fix | Delete
if ( isset( $post_data['_wp_attachment_image_alt'] ) ) {
[386] Fix | Delete
$image_alt = wp_unslash( $post_data['_wp_attachment_image_alt'] );
[387] Fix | Delete
[388] Fix | Delete
if ( get_post_meta( $post_ID, '_wp_attachment_image_alt', true ) !== $image_alt ) {
[389] Fix | Delete
$image_alt = wp_strip_all_tags( $image_alt, true );
[390] Fix | Delete
[391] Fix | Delete
// update_post_meta() expects slashed.
[392] Fix | Delete
update_post_meta( $post_ID, '_wp_attachment_image_alt', wp_slash( $image_alt ) );
[393] Fix | Delete
}
[394] Fix | Delete
}
[395] Fix | Delete
[396] Fix | Delete
$attachment_data = isset( $post_data['attachments'][ $post_ID ] ) ? $post_data['attachments'][ $post_ID ] : array();
[397] Fix | Delete
[398] Fix | Delete
/** This filter is documented in wp-admin/includes/media.php */
[399] Fix | Delete
$translated = apply_filters( 'attachment_fields_to_save', $translated, $attachment_data );
[400] Fix | Delete
}
[401] Fix | Delete
[402] Fix | Delete
// Convert taxonomy input to term IDs, to avoid ambiguity.
[403] Fix | Delete
if ( isset( $post_data['tax_input'] ) ) {
[404] Fix | Delete
foreach ( (array) $post_data['tax_input'] as $taxonomy => $terms ) {
[405] Fix | Delete
$tax_object = get_taxonomy( $taxonomy );
[406] Fix | Delete
[407] Fix | Delete
if ( $tax_object && isset( $tax_object->meta_box_sanitize_cb ) ) {
[408] Fix | Delete
$translated['tax_input'][ $taxonomy ] = call_user_func_array( $tax_object->meta_box_sanitize_cb, array( $taxonomy, $terms ) );
[409] Fix | Delete
}
[410] Fix | Delete
}
[411] Fix | Delete
}
[412] Fix | Delete
[413] Fix | Delete
add_meta( $post_ID );
[414] Fix | Delete
[415] Fix | Delete
update_post_meta( $post_ID, '_edit_last', get_current_user_id() );
[416] Fix | Delete
[417] Fix | Delete
$success = wp_update_post( $translated );
[418] Fix | Delete
[419] Fix | Delete
// If the save failed, see if we can sanity check the main fields and try again.
[420] Fix | Delete
if ( ! $success && is_callable( array( $wpdb, 'strip_invalid_text_for_column' ) ) ) {
[421] Fix | Delete
$fields = array( 'post_title', 'post_content', 'post_excerpt' );
[422] Fix | Delete
[423] Fix | Delete
foreach ( $fields as $field ) {
[424] Fix | Delete
if ( isset( $translated[ $field ] ) ) {
[425] Fix | Delete
$translated[ $field ] = $wpdb->strip_invalid_text_for_column( $wpdb->posts, $field, $translated[ $field ] );
[426] Fix | Delete
}
[427] Fix | Delete
}
[428] Fix | Delete
[429] Fix | Delete
wp_update_post( $translated );
[430] Fix | Delete
}
[431] Fix | Delete
[432] Fix | Delete
// Now that we have an ID we can fix any attachment anchor hrefs.
[433] Fix | Delete
_fix_attachment_links( $post_ID );
[434] Fix | Delete
[435] Fix | Delete
wp_set_post_lock( $post_ID );
[436] Fix | Delete
[437] Fix | Delete
if ( current_user_can( $ptype->cap->edit_others_posts ) && current_user_can( $ptype->cap->publish_posts ) ) {
[438] Fix | Delete
if ( ! empty( $post_data['sticky'] ) ) {
[439] Fix | Delete
stick_post( $post_ID );
[440] Fix | Delete
} else {
[441] Fix | Delete
unstick_post( $post_ID );
[442] Fix | Delete
}
[443] Fix | Delete
}
[444] Fix | Delete
[445] Fix | Delete
return $post_ID;
[446] Fix | Delete
}
[447] Fix | Delete
[448] Fix | Delete
/**
[449] Fix | Delete
* Process the post data for the bulk editing of posts.
[450] Fix | Delete
*
[451] Fix | Delete
* Updates all bulk edited posts/pages, adding (but not removing) tags and
[452] Fix | Delete
* categories. Skips pages when they would be their own parent or child.
[453] Fix | Delete
*
[454] Fix | Delete
* @since 2.7.0
[455] Fix | Delete
*
[456] Fix | Delete
* @global wpdb $wpdb WordPress database abstraction object.
[457] Fix | Delete
*
[458] Fix | Delete
* @param array $post_data Optional, the array of post data to process if not provided will use $_POST superglobal.
[459] Fix | Delete
* @return array
[460] Fix | Delete
*/
[461] Fix | Delete
function bulk_edit_posts( $post_data = null ) {
[462] Fix | Delete
global $wpdb;
[463] Fix | Delete
[464] Fix | Delete
if ( empty( $post_data ) ) {
[465] Fix | Delete
$post_data = &$_POST;
[466] Fix | Delete
}
[467] Fix | Delete
[468] Fix | Delete
if ( isset( $post_data['post_type'] ) ) {
[469] Fix | Delete
$ptype = get_post_type_object( $post_data['post_type'] );
[470] Fix | Delete
} else {
[471] Fix | Delete
$ptype = get_post_type_object( 'post' );
[472] Fix | Delete
}
[473] Fix | Delete
[474] Fix | Delete
if ( ! current_user_can( $ptype->cap->edit_posts ) ) {
[475] Fix | Delete
if ( 'page' === $ptype->name ) {
[476] Fix | Delete
wp_die( __( 'Sorry, you are not allowed to edit pages.' ) );
[477] Fix | Delete
} else {
[478] Fix | Delete
wp_die( __( 'Sorry, you are not allowed to edit posts.' ) );
[479] Fix | Delete
}
[480] Fix | Delete
}
[481] Fix | Delete
[482] Fix | Delete
if ( -1 == $post_data['_status'] ) {
[483] Fix | Delete
$post_data['post_status'] = null;
[484] Fix | Delete
unset( $post_data['post_status'] );
[485] Fix | Delete
} else {
[486] Fix | Delete
$post_data['post_status'] = $post_data['_status'];
[487] Fix | Delete
}
[488] Fix | Delete
unset( $post_data['_status'] );
[489] Fix | Delete
[490] Fix | Delete
if ( ! empty( $post_data['post_status'] ) ) {
[491] Fix | Delete
$post_data['post_status'] = sanitize_key( $post_data['post_status'] );
[492] Fix | Delete
[493] Fix | Delete
if ( 'inherit' === $post_data['post_status'] ) {
[494] Fix | Delete
unset( $post_data['post_status'] );
[495] Fix | Delete
}
[496] Fix | Delete
}
[497] Fix | Delete
[498] Fix | Delete
$post_IDs = array_map( 'intval', (array) $post_data['post'] );
[499] Fix | Delete
12345
It is recommended that you Edit text format, this type of Fix handles quite a lot in one request
Function