1<?php
2/**
3 * Edit post administration panel.
4 *
5 * Manage Post actions: post, edit, delete, etc.
6 *
7 * @package WordPress
8 * @subpackage Administration
9 */
10
11/** WordPress Administration Bootstrap */
12require_once __DIR__ . '/admin.php';
13
14$parent_file  = 'edit.php';
15$submenu_file = 'edit.php';
16
17wp_reset_vars( array( 'action' ) );
18
19if ( isset( $_GET['post'] ) && isset( $_POST['post_ID'] ) && (int) $_GET['post'] !== (int) $_POST['post_ID'] ) {
20	wp_die( __( 'A post ID mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
21} elseif ( isset( $_GET['post'] ) ) {
22	$post_id = (int) $_GET['post'];
23} elseif ( isset( $_POST['post_ID'] ) ) {
24	$post_id = (int) $_POST['post_ID'];
25} else {
26	$post_id = 0;
27}
28$post_ID = $post_id;
29
30/**
31 * @global string  $post_type
32 * @global object  $post_type_object
33 * @global WP_Post $post             Global post object.
34 */
35global $post_type, $post_type_object, $post;
36
37if ( $post_id ) {
38	$post = get_post( $post_id );
39}
40
41if ( $post ) {
42	$post_type        = $post->post_type;
43	$post_type_object = get_post_type_object( $post_type );
44}
45
46if ( isset( $_POST['post_type'] ) && $post && $post_type !== $_POST['post_type'] ) {
47	wp_die( __( 'A post type mismatch has been detected.' ), __( 'Sorry, you are not allowed to edit this item.' ), 400 );
48}
49
50if ( isset( $_POST['deletepost'] ) ) {
51	$action = 'delete';
52} elseif ( isset( $_POST['wp-preview'] ) && 'dopreview' === $_POST['wp-preview'] ) {
53	$action = 'preview';
54}
55
56$sendback = wp_get_referer();
57if ( ! $sendback ||
58	false !== strpos( $sendback, 'post.php' ) ||
59	false !== strpos( $sendback, 'post-new.php' ) ) {
60	if ( 'attachment' === $post_type ) {
61		$sendback = admin_url( 'upload.php' );
62	} else {
63		$sendback = admin_url( 'edit.php' );
64		if ( ! empty( $post_type ) ) {
65			$sendback = add_query_arg( 'post_type', $post_type, $sendback );
66		}
67	}
68} else {
69	$sendback = remove_query_arg( array( 'trashed', 'untrashed', 'deleted', 'ids' ), $sendback );
70}
71
72switch ( $action ) {
73	case 'post-quickdraft-save':
74		// Check nonce and capabilities.
75		$nonce     = $_REQUEST['_wpnonce'];
76		$error_msg = false;
77
78		// For output of the Quick Draft dashboard widget.
79		require_once ABSPATH . 'wp-admin/includes/dashboard.php';
80
81		if ( ! wp_verify_nonce( $nonce, 'add-post' ) ) {
82			$error_msg = __( 'Unable to submit this form, please refresh and try again.' );
83		}
84
85		if ( ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) {
86			exit;
87		}
88
89		if ( $error_msg ) {
90			return wp_dashboard_quick_press( $error_msg );
91		}
92
93		$post = get_post( $_REQUEST['post_ID'] );
94		check_admin_referer( 'add-' . $post->post_type );
95
96		$_POST['comment_status'] = get_default_comment_status( $post->post_type );
97		$_POST['ping_status']    = get_default_comment_status( $post->post_type, 'pingback' );
98
99		// Wrap Quick Draft content in the Paragraph block.
100		if ( false === strpos( $_POST['content'], '<!-- wp:paragraph -->' ) ) {
101			$_POST['content'] = sprintf(
102				'<!-- wp:paragraph -->%s<!-- /wp:paragraph -->',
103				str_replace( array( "\r\n", "\r", "\n" ), '<br />', $_POST['content'] )
104			);
105		}
106
107		edit_post();
108		wp_dashboard_quick_press();
109		exit;
110
111	case 'postajaxpost':
112	case 'post':
113		check_admin_referer( 'add-' . $post_type );
114		$post_id = 'postajaxpost' === $action ? edit_post() : write_post();
115		redirect_post( $post_id );
116		exit;
117
118	case 'edit':
119		$editing = true;
120
121		if ( empty( $post_id ) ) {
122			wp_redirect( admin_url( 'post.php' ) );
123			exit;
124		}
125
126		if ( ! $post ) {
127			wp_die( __( 'You attempted to edit an item that doesn&#8217;t exist. Perhaps it was deleted?' ) );
128		}
129
130		if ( ! $post_type_object ) {
131			wp_die( __( 'Invalid post type.' ) );
132		}
133
134		if ( ! in_array( $typenow, get_post_types( array( 'show_ui' => true ) ), true ) ) {
135			wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ) );
136		}
137
138		if ( ! current_user_can( 'edit_post', $post_id ) ) {
139			wp_die( __( 'Sorry, you are not allowed to edit this item.' ) );
140		}
141
142		if ( 'trash' === $post->post_status ) {
143			wp_die( __( 'You can&#8217;t edit this item because it is in the Trash. Please restore it and try again.' ) );
144		}
145
146		if ( ! empty( $_GET['get-post-lock'] ) ) {
147			check_admin_referer( 'lock-post_' . $post_id );
148			wp_set_post_lock( $post_id );
149			wp_redirect( get_edit_post_link( $post_id, 'url' ) );
150			exit;
151		}
152
153		$post_type = $post->post_type;
154		if ( 'post' === $post_type ) {
155			$parent_file   = 'edit.php';
156			$submenu_file  = 'edit.php';
157			$post_new_file = 'post-new.php';
158		} elseif ( 'attachment' === $post_type ) {
159			$parent_file   = 'upload.php';
160			$submenu_file  = 'upload.php';
161			$post_new_file = 'media-new.php';
162		} else {
163			if ( isset( $post_type_object ) && $post_type_object->show_in_menu && true !== $post_type_object->show_in_menu ) {
164				$parent_file = $post_type_object->show_in_menu;
165			} else {
166				$parent_file = "edit.php?post_type=$post_type";
167			}
168			$submenu_file  = "edit.php?post_type=$post_type";
169			$post_new_file = "post-new.php?post_type=$post_type";
170		}
171
172		$title = $post_type_object->labels->edit_item;
173
174		/**
175		 * Allows replacement of the editor.
176		 *
177		 * @since 4.9.0
178		 *
179		 * @param bool    $replace Whether to replace the editor. Default false.
180		 * @param WP_Post $post    Post object.
181		 */
182		if ( true === apply_filters( 'replace_editor', false, $post ) ) {
183			break;
184		}
185
186		if ( use_block_editor_for_post( $post ) ) {
187			require ABSPATH . 'wp-admin/edit-form-blocks.php';
188			break;
189		}
190
191		if ( ! wp_check_post_lock( $post->ID ) ) {
192			$active_post_lock = wp_set_post_lock( $post->ID );
193
194			if ( 'attachment' !== $post_type ) {
195				wp_enqueue_script( 'autosave' );
196			}
197		}
198
199		$post = get_post( $post_id, OBJECT, 'edit' );
200
201		if ( post_type_supports( $post_type, 'comments' ) ) {
202			wp_enqueue_script( 'admin-comments' );
203			enqueue_comment_hotkeys_js();
204		}
205
206		require ABSPATH . 'wp-admin/edit-form-advanced.php';
207
208		break;
209
210	case 'editattachment':
211		check_admin_referer( 'update-post_' . $post_id );
212
213		// Don't let these be changed.
214		unset( $_POST['guid'] );
215		$_POST['post_type'] = 'attachment';
216
217		// Update the thumbnail filename.
218		$newmeta          = wp_get_attachment_metadata( $post_id, true );
219		$newmeta['thumb'] = wp_basename( $_POST['thumb'] );
220
221		wp_update_attachment_metadata( $post_id, $newmeta );
222
223		// Intentional fall-through to trigger the edit_post() call.
224	case 'editpost':
225		check_admin_referer( 'update-post_' . $post_id );
226
227		$post_id = edit_post();
228
229		// Session cookie flag that the post was saved.
230		if ( isset( $_COOKIE['wp-saving-post'] ) && $_COOKIE['wp-saving-post'] === $post_id . '-check' ) {
231			setcookie( 'wp-saving-post', $post_id . '-saved', time() + DAY_IN_SECONDS, ADMIN_COOKIE_PATH, COOKIE_DOMAIN, is_ssl() );
232		}
233
234		redirect_post( $post_id ); // Send user on their way while we keep working.
235
236		exit;
237
238	case 'trash':
239		check_admin_referer( 'trash-post_' . $post_id );
240
241		if ( ! $post ) {
242			wp_die( __( 'The item you are trying to move to the Trash no longer exists.' ) );
243		}
244
245		if ( ! $post_type_object ) {
246			wp_die( __( 'Invalid post type.' ) );
247		}
248
249		if ( ! current_user_can( 'delete_post', $post_id ) ) {
250			wp_die( __( 'Sorry, you are not allowed to move this item to the Trash.' ) );
251		}
252
253		$user_id = wp_check_post_lock( $post_id );
254		if ( $user_id ) {
255			$user = get_userdata( $user_id );
256			/* translators: %s: User's display name. */
257			wp_die( sprintf( __( 'You cannot move this item to the Trash. %s is currently editing.' ), $user->display_name ) );
258		}
259
260		if ( ! wp_trash_post( $post_id ) ) {
261			wp_die( __( 'Error in moving the item to Trash.' ) );
262		}
263
264		wp_redirect(
265			add_query_arg(
266				array(
267					'trashed' => 1,
268					'ids'     => $post_id,
269				),
270				$sendback
271			)
272		);
273		exit;
274
275	case 'untrash':
276		check_admin_referer( 'untrash-post_' . $post_id );
277
278		if ( ! $post ) {
279			wp_die( __( 'The item you are trying to restore from the Trash no longer exists.' ) );
280		}
281
282		if ( ! $post_type_object ) {
283			wp_die( __( 'Invalid post type.' ) );
284		}
285
286		if ( ! current_user_can( 'delete_post', $post_id ) ) {
287			wp_die( __( 'Sorry, you are not allowed to restore this item from the Trash.' ) );
288		}
289
290		if ( ! wp_untrash_post( $post_id ) ) {
291			wp_die( __( 'Error in restoring the item from Trash.' ) );
292		}
293
294		$sendback = add_query_arg(
295			array(
296				'untrashed' => 1,
297				'ids'       => $post_id,
298			),
299			$sendback
300		);
301		wp_redirect( $sendback );
302		exit;
303
304	case 'delete':
305		check_admin_referer( 'delete-post_' . $post_id );
306
307		if ( ! $post ) {
308			wp_die( __( 'This item has already been deleted.' ) );
309		}
310
311		if ( ! $post_type_object ) {
312			wp_die( __( 'Invalid post type.' ) );
313		}
314
315		if ( ! current_user_can( 'delete_post', $post_id ) ) {
316			wp_die( __( 'Sorry, you are not allowed to delete this item.' ) );
317		}
318
319		if ( 'attachment' === $post->post_type ) {
320			$force = ( ! MEDIA_TRASH );
321			if ( ! wp_delete_attachment( $post_id, $force ) ) {
322				wp_die( __( 'Error in deleting the attachment.' ) );
323			}
324		} else {
325			if ( ! wp_delete_post( $post_id, true ) ) {
326				wp_die( __( 'Error in deleting the item.' ) );
327			}
328		}
329
330		wp_redirect( add_query_arg( 'deleted', 1, $sendback ) );
331		exit;
332
333	case 'preview':
334		check_admin_referer( 'update-post_' . $post_id );
335
336		$url = post_preview();
337
338		wp_redirect( $url );
339		exit;
340
341	case 'toggle-custom-fields':
342		check_admin_referer( 'toggle-custom-fields', 'toggle-custom-fields-nonce' );
343
344		$current_user_id = get_current_user_id();
345		if ( $current_user_id ) {
346			$enable_custom_fields = (bool) get_user_meta( $current_user_id, 'enable_custom_fields', true );
347			update_user_meta( $current_user_id, 'enable_custom_fields', ! $enable_custom_fields );
348		}
349
350		wp_safe_redirect( wp_get_referer() );
351		exit;
352
353	default:
354		/**
355		 * Fires for a given custom post action request.
356		 *
357		 * The dynamic portion of the hook name, `$action`, refers to the custom post action.
358		 *
359		 * @since 4.6.0
360		 *
361		 * @param int $post_id Post ID sent with the request.
362		 */
363		do_action( "post_action_{$action}", $post_id );
364
365		wp_redirect( admin_url( 'edit.php' ) );
366		exit;
367} // End switch.
368
369require_once ABSPATH . 'wp-admin/admin-footer.php';
370