post.php

是一个优秀的语义个人发布平台

<?php
/* <Edit> */

require_once('../wp-includes/wp-l10n.php');

function add_magic_quotes($array) {
foreach ($array as $k => $v) {
	if (is_array($v)) {
		$array[$k] = add_magic_quotes($v);
	} else {
		$array[$k] = addslashes($v);
	}
}
return $array;
}

if (!get_magic_quotes_gpc()) {
$_GET    = add_magic_quotes($_GET);
$_POST   = add_magic_quotes($_POST);
$_COOKIE = add_magic_quotes($_COOKIE);
}

$wpvarstoreset = array('action', 'safe_mode', 'withcomments', 'posts', 'poststart', 'postend', 'content', 'edited_post_title', 'comment_error', 'profile', 'trackback_url', 'excerpt', 'showcomments', 'commentstart', 'commentend', 'commentorder');

for ($i=0; $i<count($wpvarstoreset); $i += 1) {
$wpvar = $wpvarstoreset[$i];
if (!isset($$wpvar)) {
	if (empty($_POST["$wpvar"])) {
		if (empty($_GET["$wpvar"])) {
			$$wpvar = '';
		} else {
			$$wpvar = $_GET["$wpvar"];
		}
	} else {
		$$wpvar = $_POST["$wpvar"];
	}
}
}

switch($action) {


case 'post':

		$standalone = 1;
		require_once('admin-header.php');

		$post_pingback = intval($_POST['post_pingback']);
		$content = balanceTags($_POST['content']);
		$content = format_to_post($content);
		$excerpt = balanceTags($_POST['excerpt']);
		$excerpt = format_to_post($excerpt);
		$post_title = addslashes($_POST['post_title']);
		$post_categories = $_POST['post_category'];
		if(get_settings('use_geo_positions')) {
			$latstr = $_POST['post_latf'];
			$lonstr = $_POST['post_lonf'];
			if((strlen($latstr) > 2) && (strlen($lonstr) > 2 ) ) {
				$post_latf = floatval($_POST['post_latf']);
				$post_lonf = floatval($_POST['post_lonf']);
			}
		}
		$post_status = $_POST['post_status'];
		$post_name = $_POST['post_name'];

		if (empty($post_status)) $post_status = 'draft';
		$comment_status = $_POST['comment_status'];
		if (empty($comment_status)) $comment_status = get_settings('default_comment_status');
		$ping_status = $_POST['ping_status'];
		if (empty($ping_status)) $ping_status = get_settings('default_ping_status');
		$post_password = addslashes(stripslashes($_POST['post_password']));
		
		if (empty($post_name))
			$post_name = sanitize_title($post_title);
		else
			$post_name = sanitize_title($post_name);

		$trackback = $_POST['trackback_url'];
	// Format trackbacks
	$trackback = preg_replace('|\s+|', '\n', $trackback);

	if ($user_level == 0)
		die (__('Cheatin&#8217; uh?'));

	if (($user_level > 4) && (!empty($_POST['edit_date']))) {
		$aa = $_POST['aa'];
		$mm = $_POST['mm'];
		$jj = $_POST['jj'];
		$hh = $_POST['hh'];
		$mn = $_POST['mn'];
		$ss = $_POST['ss'];
		$jj = ($jj > 31) ? 31 : $jj;
		$hh = ($hh > 23) ? $hh - 24 : $hh;
		$mn = ($mn > 59) ? $mn - 60 : $mn;
		$ss = ($ss > 59) ? $ss - 60 : $ss;
	$now = "$aa-$mm-$jj $hh:$mn:$ss";
	$now_gmt = get_gmt_from_date("$aa-$mm-$jj $hh:$mn:$ss");
	} else {
	$now = current_time('mysql');
	$now_gmt = current_time('mysql', 1);
	}

	// What to do based on which button they pressed
	if ('' != $_POST['saveasdraft']) $post_status = 'draft';
	if ('' != $_POST['saveasprivate']) $post_status = 'private';
	if ('' != $_POST['publish']) $post_status = 'publish';
	if ('' != $_POST['advanced']) $post_status = 'draft';


	if((get_settings('use_geo_positions')) && (strlen($latstr) > 2) && (strlen($lonstr) > 2) ) {
	$postquery ="INSERT INTO $tableposts
			(ID, post_author, post_date, post_date_gmt, post_content, post_title, post_lat, post_lon, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, post_modified, post_modified_gmt)
			VALUES
			('0', '$user_ID', '$now', '$now_gmt', '$content', '$post_title', $post_latf, $post_lonf,'$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$trackback', '$now', '$now_gmt')
			";
	} else {
	$postquery ="INSERT INTO $tableposts
			(ID, post_author, post_date, post_date_gmt, post_content, post_title, post_excerpt,  post_status, comment_status, ping_status, post_password, post_name, to_ping, post_modified, post_modified_gmt)
			VALUES
			('0', '$user_ID', '$now', '$now_gmt', '$content', '$post_title', '$excerpt', '$post_status', '$comment_status', '$ping_status', '$post_password', '$post_name', '$trackback', '$now', '$now_gmt')
			";
	}
	$postquery =
	$result = $wpdb->query($postquery);

	$post_ID = $wpdb->get_var("SELECT ID FROM $tableposts ORDER BY ID DESC LIMIT 1");

	if (!empty($_POST['mode'])) {
	switch($_POST['mode']) {
		case 'bookmarklet':
			$location = 'bookmarklet.php?a=b';
			break;
		case 'sidebar':
			$location = 'sidebar.php?a=b';
			break;
		default:
			$location = 'post.php';
			break;
		}
	} else {
		$location = 'post.php';
	}
	if ( '' != $_POST['advanced'] || isset($_POST['save']) )
		$location = "post.php?action=edit&post=$post_ID";
	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $location);

	header("Location: $location"); // Send user on their way while we keep working


	// Insert categories
	// Check to make sure there is a category, if not just set it to some default
	if (!$post_categories) $post_categories[] = 1;
	foreach ($post_categories as $post_category) {
		// Double check it's not there already
		$exists = $wpdb->get_row("SELECT * FROM $tablepost2cat WHERE post_id = $post_ID AND category_id = $post_category");

		 if (!$exists && $result) { 
			$wpdb->query("
			INSERT INTO $tablepost2cat
			(post_id, category_id)
			VALUES
			($post_ID, $post_category)
			");
		}
	}

	add_meta($post_ID);
	
	if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
			sleep($sleep_after_edit);
	}

	if ($post_status == 'publish') {
		if((get_settings('use_geo_positions')) && ($post_latf != null) && ($post_lonf != null)) {
			pingGeoUrl($post_ID);
		}

		if ($post_pingback) {
			pingback($content, $post_ID);
		}
		
		do_action('publish_post', $post_ID);

		// Time for trackbacks
		$to_ping = $wpdb->get_var("SELECT to_ping FROM $tableposts WHERE ID = $post_ID");
		$pinged = $wpdb->get_var("SELECT pinged FROM $tableposts WHERE ID = $post_ID");
		$pinged = explode("\n", $pinged);
		if ('' != $to_ping) {
			if (strlen($excerpt) > 0) {
				$the_excerpt = (strlen(strip_tags($excerpt)) > 255) ? substr(strip_tags($excerpt), 0, 252) . '...' : strip_tags($excerpt)	;
			} else {
				$the_excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252) . '...' : strip_tags($content);
			}
			$excerpt = stripslashes($the_excerpt);
			$to_pings = explode("\n", $to_ping);
			foreach ($to_pings as $tb_ping) {
				$tb_ping = trim($tb_ping);
				if (!in_array($tb_ping, $pinged)) {
				 trackback($tb_ping, stripslashes($post_title), $excerpt, $post_ID);
				}
			}
		}

	} // end if publish

	exit();
	break;

case 'edit':
	$title = __('Edit');

	$standalone = 0;
	require_once('admin-header.php');

	$post = $post_ID = $p = (int) $_GET['post'];
	if ($user_level > 0) {
		$postdata = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID = '$post_ID'");
		$authordata = get_userdata($postdata->post_author);
		if ($user_level < $authordata->user_level)
			die ('You don&#8217;t have the right to edit <strong>'.$authordata[1].'</strong>&#8217;s posts.');

		$content = $postdata->post_content;
		$content = format_to_edit($content);
		$edited_lat = $postdata->post_lat;
		$edited_lon = $postdata->post_lon;
		$excerpt = $postdata->post_excerpt;
		$excerpt = format_to_edit($excerpt);
		$edited_post_title = format_to_edit($postdata->post_title);
		$post_status = $postdata->post_status;
		$comment_status = $postdata->comment_status;
		$ping_status = $postdata->ping_status;
		$post_password = $postdata->post_password;
		$to_ping = $postdata->to_ping;
		$pinged = $postdata->pinged;
		$post_name = $postdata->post_name;

		include('edit-form-advanced.php');

		$post = $wpdb->get_row("SELECT * FROM $tableposts WHERE ID = '$post_ID'");
		?>
<div id='preview' class='wrap'>
	 <h2><?php _e('Post Preview (updated when post is saved)'); ?></h2>
																		<h3 class="storytitle" id="post-<?php the_ID(); ?>"><a href="<?php the_permalink() ?>" rel="bookmark" title="<?php printf(__("Permanent Link: %s"), the_title()); ?>"><?php the_title(); ?></a></h3>
																																																																					<div class="meta"><?php _e("Filed under:"); ?> <?php the_category(','); ?> &#8212; <?php the_author() ?> @ <?php the_time() ?></div>

<div class="storycontent">
<?php 
$content = apply_filters('the_content', $post->post_content);
echo $content;
?>
</div>
		</div>
<?php
	} else {
?>
		<p><?php printf(__('Since you&#8217;re a newcomer, you&#8217;ll have to wait for an admin to raise your level to 1, in order to be authorized to post.<br />
You can also <a href="mailto:%s?subject=Promotion?">e-mail the admin</a> to ask for a promotion.<br />
When you&#8217;re promoted, just reload this page and you&#8217;ll be able to blog. :)'), get_settings('admin_email')); ?>
		</p>
<?php
	}
	break;

case 'editpost':
// die(var_dump('<pre>', $_POST));
	$standalone = 1;
	require_once('./admin-header.php');

	if ($user_level == 0)
		die (__('Cheatin&#8217; uh?'));

	if (!isset($blog_ID)) {
		$blog_ID = 1;
	}
		$post_ID = $_POST['post_ID'];
		$post_categories = $_POST['post_category'];
		if (!$post_categories) $post_categories[] = 1;
		$content = balanceTags($_POST['content']);
		$content = format_to_post($content);
		$excerpt = balanceTags($_POST['excerpt']);
		$excerpt = format_to_post($excerpt);
		$post_title = addslashes($_POST['post_title']);
		if(get_settings('use_geo_positions')) {
			$latf = floatval($_POST["post_latf"]);
				$lonf = floatval($_POST["post_lonf"]);
				$latlonaddition = "";
				if( ($latf != null) && ($latf <= 90 ) && ($latf >= -90) && ($lonf != null) && ($lonf <= 360) && ($lonf >= -360) ) {
						pingGeoUrl($post_ID);
				$latlonaddition = " post_lat=".$latf.", post_lon =".$lonf.", ";
				} else {
				$latlonaddition = " post_lat=null, post_lon=null, ";
			}
		} else {
			$latlonaddition = '';
		}
		$prev_status = $_POST['prev_status'];
		$post_status = $_POST['post_status'];
		$comment_status = $_POST['comment_status'];
		if (empty($comment_status)) $comment_status = 'closed';
		//if (!$_POST['comment_status']) $comment_status = get_settings('default_comment_status');

		$ping_status = $_POST['ping_status'];
		if (empty($ping_status)) $ping_status = 'closed';
		//if (!$_POST['ping_status']) $ping_status = get_settings('default_ping_status');
		$post_password = addslashes($_POST['post_password']);
		$post_name = sanitize_title($_POST['post_name']);
		if (empty($post_name)) $post_name = sanitize_title($post_title);
		$trackback = $_POST['trackback_url'];
	// Format trackbacks
	$trackback = preg_replace('|\s+|', '\n', $trackback);
	
	if (isset($_POST['publish'])) $post_status = 'publish';

	if (($user_level > 4) && (!empty($_POST['edit_date']))) {
		$aa = $_POST['aa'];
		$mm = $_POST['mm'];
		$jj = $_POST['jj'];
		$hh = $_POST['hh'];
		$mn = $_POST['mn'];
		$ss = $_POST['ss'];
		$jj = ($jj > 31) ? 31 : $jj;
		$hh = ($hh > 23) ? $hh - 24 : $hh;
		$mn = ($mn > 59) ? $mn - 60 : $mn;
		$ss = ($ss > 59) ? $ss - 60 : $ss;
		$datemodif = ", post_date = '$aa-$mm-$jj $hh:$mn:$ss'";
	$datemodif_gmt = ", post_date_gmt = '".get_gmt_from_date("$aa-$mm-$jj $hh:$mn:$ss")."'";
	} else {
		$datemodif = '';
		$datemodif_gmt = '';
	}

	if ($_POST['save']) {
		$location = $_SERVER['HTTP_REFERER'];
	} elseif ($_POST['updatemeta']) {
		$location = $_SERVER['HTTP_REFERER'] . '&message=2#postcustom';
	} elseif ($_POST['deletemeta']) {
		$location = $_SERVER['HTTP_REFERER'] . '&message=3#postcustom';
	} else {
		$location = 'post.php';
	}
	$location = preg_replace('|[^a-z0-9-~+_.?#=&;,/:]|i', '', $location);
	header ('Location: ' . $location); // Send user on their way while we keep working

$now = current_time('mysql');
$now_gmt = current_time('mysql', 1);

	$result = $wpdb->query("
		UPDATE $tableposts SET
			post_content = '$content',
			post_excerpt = '$excerpt',
			post_title = '$post_title'"
			.$datemodif_gmt
			.$datemodif.","
			.$latlonaddition."
			
			post_status = '$post_status',
			comment_status = '$comment_status',
			ping_status = '$ping_status',
			post_password = '$post_password',
			post_name = '$post_name',
			to_ping = '$trackback',
			post_modified = '$now',
			post_modified_gmt = '$now_gmt'
		WHERE ID = $post_ID ");


	// Now it's category time!
	// First the old categories
	$old_categories = $wpdb->get_col("SELECT category_id FROM $tablepost2cat WHERE post_id = $post_ID");
	
	// Delete any?
	foreach ($old_categories as $old_cat) {
		if (!in_array($old_cat, $post_categories)) // If a category was there before but isn't now
			$wpdb->query("DELETE FROM $tablepost2cat WHERE category_id = $old_cat AND post_id = $post_ID LIMIT 1");
	}
	
	// Add any?
	foreach ($post_categories as $new_cat) {
		if (!in_array($new_cat, $old_categories))
			$wpdb->query("INSERT INTO $tablepost2cat (post_id, category_id) VALUES ($post_ID, $new_cat)");
	}
	
	if (isset($sleep_after_edit) && $sleep_after_edit > 0) {
		sleep($sleep_after_edit);
	}

	// are we going from draft/private to published?
	if ($prev_status != 'publish' && $post_status == 'publish') {
		generic_ping();
		if ($post_pingback) {
			pingback($content, $post_ID);
		}
	} // end if moving from draft/private to published
	if ($post_status == 'publish') {
		do_action('publish_post', $post_ID);
		// Trackback time.
		$to_ping = trim($wpdb->get_var("SELECT to_ping FROM $tableposts WHERE ID = $post_ID"));
		$pinged = trim($wpdb->get_var("SELECT pinged FROM $tableposts WHERE ID = $post_ID"));
		$pinged = explode("\n", $pinged);
		if ('' != $to_ping) {
			if (strlen($excerpt) > 0) {
				$the_excerpt = (strlen(strip_tags($excerpt)) > 255) ? substr(strip_tags($excerpt), 0, 252) . '...' : strip_tags($excerpt)	;
			} else {
				$the_excerpt = (strlen(strip_tags($content)) > 255) ? substr(strip_tags($content), 0, 252) . '...' : strip_tags($content);
			}
			$excerpt = stripslashes($the_excerpt);
			$to_pings = explode("\n", $to_ping);