summaryrefslogtreecommitdiffstats
path: root/wp-inst/wp-admin/edit-form-advanced.php
diff options
context:
space:
mode:
Diffstat (limited to 'wp-inst/wp-admin/edit-form-advanced.php')
-rw-r--r--wp-inst/wp-admin/edit-form-advanced.php95
1 files changed, 25 insertions, 70 deletions
diff --git a/wp-inst/wp-admin/edit-form-advanced.php b/wp-inst/wp-admin/edit-form-advanced.php
index 0c8853e..8d593e1 100644
--- a/wp-inst/wp-admin/edit-form-advanced.php
+++ b/wp-inst/wp-admin/edit-form-advanced.php
@@ -21,10 +21,12 @@ $messages[3] = __('Custom field deleted.');
if (0 == $post_ID) {
$form_action = 'post';
$temp_ID = -1 * time();
- $form_extra = "<input type='hidden' name='temp_ID' value='$temp_ID' />";
+ $form_extra = "<input type='hidden' id='post_ID' name='temp_ID' value='$temp_ID' />";
+ wp_nonce_field('add-post');
} else {
$form_action = 'editpost';
- $form_extra = "<input type='hidden' name='post_ID' value='$post_ID' />";
+ $form_extra = "<input type='hidden' id='post_ID' name='post_ID' value='$post_ID' />";
+ wp_nonce_field('update-post_' . $post_ID);
}
$form_pingback = '<input type="hidden" name="post_pingback" value="' . get_option('default_pingback_flag') . '" id="post_pingback" />';
@@ -49,7 +51,7 @@ if (empty($post->post_status)) $post->post_status = 'draft';
?>
<input type="hidden" name="user_ID" value="<?php echo $user_ID ?>" />
-<input type="hidden" name="action" value="<?php echo $form_action ?>" />
+<input type="hidden" id="hiddenaction" name="action" value="<?php echo $form_action ?>" />
<input type="hidden" name="post_author" value="<?php echo $post->post_author ?>" />
<input type="hidden" name="post_type" value="post" />
@@ -68,6 +70,16 @@ addLoadEvent(focusit);
<div id="moremeta">
<div id="grabit" class="dbx-group">
+<fieldset id="categorydiv" class="dbx-box">
+<h3 class="dbx-handle"><?php _e('Categories') ?></h3>
+<div class="dbx-content">
+<p id="jaxcat"></p>
+<ul id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></ul></div>
+<?php if ( current_user_can('manage_categories') ) : ?>
+<?php AJAX_search_box( "wpmu-edit.php?action=searchcategories&search=", "newcat", "searchresults" ); ?>
+<?php endif; ?>
+</fieldset>
+
<fieldset id="commentstatusdiv" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Discussion') ?></h3>
<div class="dbx-content">
@@ -89,16 +101,6 @@ addLoadEvent(focusit);
<div class="dbx-content"><input name="post_name" type="text" size="13" id="post_name" value="<?php echo $post->post_name ?>" /></div>
</fieldset>
-<fieldset id="categorydiv" class="dbx-box">
-<h3 class="dbx-handle"><?php _e('Categories') ?></h3>
-<div class="dbx-content">
-<p id="jaxcat"></p>
-<div id="categorychecklist"><?php dropdown_categories(get_settings('default_category')); ?></div></div>
-<?php if ( current_user_can('manage_categories') ) : ?>
-<?php AJAX_search_box( "wpmu-edit.php?action=searchcategories&search=", "newcat", "searchresults" ); ?>
-<?php endif; ?>
-</fieldset>
-
<fieldset class="dbx-box">
<h3 class="dbx-handle"><?php _e('Post Status') ?></h3>
<div class="dbx-content"><?php if ( current_user_can('publish_posts') ) : ?>
@@ -146,55 +148,7 @@ endforeach;
<fieldset id="<?php echo user_can_richedit() ? 'postdivrich' : 'postdiv'; ?>">
<legend><?php _e('Post') ?></legend>
-<?php
- $rows = get_settings('default_post_edit_rows');
- if (($rows < 3) || ($rows > 100)) {
- $rows = 12;
- }
-?>
-<?php the_quicktags(); ?>
-
-<div><textarea <?php if ( user_can_richedit() ) echo 'title="true" '; ?>rows="<?php echo $rows; ?>" cols="40" name="content" tabindex="2" id="content"><?php echo user_can_richedit() ? wp_richedit_pre($post->post_content) : $post->post_content; ?></textarea></div>
-</fieldset>
-
-<script type="text/javascript">
-<!--
-edCanvas = document.getElementById('content');
-<?php if ( user_can_richedit() ) : ?>
-// This code is meant to allow tabbing from Title to Post (TinyMCE).
-if ( tinyMCE.isMSIE )
- document.getElementById('title').onkeydown = function (e)
- {
- e = e ? e : window.event;
- if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
- var i = tinyMCE.selectedInstance;
- if(typeof i == 'undefined')
- return true;
- tinyMCE.execCommand("mceStartTyping");
- this.blur();
- i.contentWindow.focus();
- e.returnValue = false;
- return false;
- }
- }
-else
- document.getElementById('title').onkeypress = function (e)
- {
- e = e ? e : window.event;
- if (e.keyCode == 9 && !e.shiftKey && !e.controlKey && !e.altKey) {
- var i = tinyMCE.selectedInstance;
- if(typeof i == 'undefined')
- return true;
- tinyMCE.execCommand("mceStartTyping");
- this.blur();
- i.contentWindow.focus();
- e.returnValue = false;
- return false;
- }
- }
-<?php endif; ?>
-//-->
-</script>
+ <?php the_editor($post->post_content); ?>
<?php echo $form_pingback ?>
<?php echo $form_prevstatus ?>
@@ -224,7 +178,7 @@ else
<?php
if (current_user_can('upload_files')) {
$uploading_iframe_ID = (0 == $post_ID ? $temp_ID : $post_ID);
- $uploading_iframe_src = "inline-uploading.php?action=view&amp;post=$uploading_iframe_ID";
+ $uploading_iframe_src = wp_nonce_url("inline-uploading.php?action=view&amp;post=$uploading_iframe_ID", 'inlineuploading');
$uploading_iframe_src = apply_filters('uploading_iframe_src', $uploading_iframe_src);
if ( false != $uploading_iframe_src )
echo '<iframe id="uploading" border="0" src="' . $uploading_iframe_src . '">' . __('This feature requires iframe support.') . '</iframe>';
@@ -251,16 +205,17 @@ if ( ! empty($pings) )
<fieldset id="postcustom" class="dbx-box">
<h3 class="dbx-handle"><?php _e('Custom Fields') ?></h3>
<div id="postcustomstuff" class="dbx-content">
-<?php
-if($metadata = has_meta($post_ID)) {
-?>
+<table cellpadding="3">
<?php
- list_meta($metadata);
+$metadata = has_meta($post_ID);
+list_meta($metadata);
?>
+
+</table>
<?php
-}
meta_form();
?>
+<div id="ajax-response"></div>
</div>
</fieldset>
@@ -268,8 +223,8 @@ if($metadata = has_meta($post_ID)) {
</div>
-<?php if ('edit' == $action) : ?>
-<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"return confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "')\""; ?> />
+<?php if ('edit' == $action) : $delete_nonce = wp_create_nonce( 'delete-post_' . $post_ID ); ?>
+<input name="deletepost" class="button" type="submit" id="deletepost" tabindex="10" value="<?php _e('Delete this post') ?>" <?php echo "onclick=\"if ( confirm('" . sprintf(__("You are about to delete this post \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), addslashes($post->post_title) ) . "') ) { document.forms.post._wpnonce.value = '$delete_nonce'; return true;}\""; ?> />
<?php endif; ?>
</div>
generated by cgit (git 2.34.1) at 2025-05-24 08:21:34 +0000