Code analysis report

#	Code	Descriptions
1	<?php
2
3	// -- Post related Meta Boxes
4
5	/**
6	* Display post submit form fields.
7	*
8	* @since 2.7.0
9	*
10	* @param object $post
11	*/
12	function post_submit_meta_box($post) {
13	global $action;
14
15	$post_type = $post->post_type;
16	$post_type_object = get_post_type_object($post_type);
17	$can_publish = current_user_can($post_type_object->cap->publish_posts);
18	?>
19	<div class="submitbox" id="submitpost">
20
21	<div id="minor-publishing">
22
23	<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
24	<div style="display:none;">
25	<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
26	</div>
27
28	<div id="minor-publishing-actions">
29	<div id="save-action">
30	<?php if ( 'publish' != $post->post_status && 'future' != $post->post_status && 'pending' != $post->post_status ) { ?>
31	<input <?php if ( 'private' == $post->post_status ) { ?>style="display:none"<?php } ?> type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save Draft'); ?>" tabindex="4" class="button button-highlighted" />
32	<?php } elseif ( 'pending' == $post->post_status && $can_publish ) { ?>
33	<input type="submit" name="save" id="save-post" value="<?php esc_attr_e('Save as Pending'); ?>" tabindex="4" class="button button-highlighted" />
34	<?php } ?>
35	</div>
36
37	<div id="preview-action">
38	<?php
39	if ( 'publish' == $post->post_status ) {
40	$preview_link = esc_url(get_permalink($post->ID));
41	$preview_button = __('Preview Changes');
42	} else {
43	$preview_link = esc_url(apply_filters('preview_post_link', add_query_arg('preview', 'true', get_permalink($post->ID))));
44	$preview_button = __('Preview');
45	}
46	?>
47	<a class="preview button" href="<?php echo $preview_link; ?>" target="wp-preview" id="post-preview" tabindex="4"><?php echo $preview_button; ?></a>	//Cross Site Scripting
48	<input type="hidden" name="wp-preview" id="wp-preview" value="" />
49	</div>
50
51	<div class="clear"></div>
52	</div><?php // /minor-publishing-actions ?>
53
54	<div id="misc-publishing-actions">
55
56	<div class="misc-pub-section<?php if ( !$can_publish ) { echo ' misc-pub-section-last'; } ?>"><label for="post_status"><?php _e('Status:') ?></label>
57	<span id="post-status-display">
58	<?php
59	switch ( $post->post_status ) {
60	case 'private':
61	_e('Privately Published');
62	break;
63	case 'publish':
64	_e('Published');
65	break;
66	case 'future':
67	_e('Scheduled');
68	break;
69	case 'pending':
70	_e('Pending Review');
71	break;
72	case 'draft':
73	case 'auto-draft':
74	_e('Draft');
75	break;
76	case 'auto-draft':
77	_e('Unsaved');
78	break;
79	}
80	?>
81	</span>
82	<?php if ( 'publish' == $post->post_status \|\| 'private' == $post->post_status \|\| $can_publish ) { ?>
83	<a href="#post_status" <?php if ( 'private' == $post->post_status ) { ?>style="display:none;" <?php } ?>class="edit-post-status hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
84
85	<div id="post-status-select" class="hide-if-js">
86	<input type="hidden" name="hidden_post_status" id="hidden_post_status" value="<?php echo esc_attr( ('auto-draft' == $post->post_status ) ? 'draft' : $post->post_status); ?>" />
87	<select name='post_status' id='post_status' tabindex='4'>
88	<?php if ( 'publish' == $post->post_status ) : ?>
89	<option<?php selected( $post->post_status, 'publish' ); ?> value='publish'><?php _e('Published') ?></option>
90	<?php elseif ( 'private' == $post->post_status ) : ?>
91	<option<?php selected( $post->post_status, 'private' ); ?> value='publish'><?php _e('Privately Published') ?></option>
92	<?php elseif ( 'future' == $post->post_status ) : ?>
93	<option<?php selected( $post->post_status, 'future' ); ?> value='future'><?php _e('Scheduled') ?></option>
94	<?php endif; ?>
95	<option<?php selected( $post->post_status, 'pending' ); ?> value='pending'><?php _e('Pending Review') ?></option>
96	<?php if ( 'auto-draft' == $post->post_status ) : ?>
97	<option<?php selected( $post->post_status, 'auto-draft' ); ?> value='draft'><?php _e('Draft') ?></option>
98	<?php else : ?>
99	<option<?php selected( $post->post_status, 'draft' ); ?> value='draft'><?php _e('Draft') ?></option>
100	<?php endif; ?>
101	</select>
102	<a href="#post_status" class="save-post-status hide-if-no-js button"><?php _e('OK'); ?></a>
103	<a href="#post_status" class="cancel-post-status hide-if-no-js"><?php _e('Cancel'); ?></a>
104	</div>
105
106	<?php } ?>
107	</div><?php // /misc-pub-section ?>
108
109	<div class="misc-pub-section " id="visibility">
110	<?php _e('Visibility:'); ?> <span id="post-visibility-display"><?php
111
112	if ( 'private' == $post->post_status ) {
113	$post->post_password = '';
114	$visibility = 'private';
115	$visibility_trans = __('Private');
116	} elseif ( !empty( $post->post_password ) ) {
117	$visibility = 'password';
118	$visibility_trans = __('Password protected');
119	} elseif ( $post_type == 'post' && is_sticky( $post->ID ) ) {
120	$visibility = 'public';
121	$visibility_trans = __('Public, Sticky');
122	} else {
123	$visibility = 'public';
124	$visibility_trans = __('Public');
125	}
126
127	echo esc_html( $visibility_trans ); ?></span>
128	<?php if ( $can_publish ) { ?>
129	<a href="#visibility" class="edit-visibility hide-if-no-js"><?php _e('Edit'); ?></a>
130
131	<div id="post-visibility-select" class="hide-if-js">
132	<input type="hidden" name="hidden_post_password" id="hidden-post-password" value="<?php echo esc_attr($post->post_password); ?>" />
133	<?php if ($post_type == 'post'): ?>
134	<input type="checkbox" style="display:none" name="hidden_post_sticky" id="hidden-post-sticky" value="sticky" <?php checked(is_sticky($post->ID)); ?> />
135	<?php endif; ?>
136	<input type="hidden" name="hidden_post_visibility" id="hidden-post-visibility" value="<?php echo esc_attr( $visibility ); ?>" />
137
138
139	<input type="radio" name="visibility" id="visibility-radio-public" value="public" <?php checked( $visibility, 'public' ); ?> /> <label for="visibility-radio-public" class="selectit"><?php _e('Public'); ?></label><br />
140	<?php if ($post_type == 'post'): ?>
141	<span id="sticky-span"><input id="sticky" name="sticky" type="checkbox" value="sticky" <?php checked(is_sticky($post->ID)); ?> tabindex="4" /> <label for="sticky" class="selectit"><?php _e('Stick this post to the front page') ?></label><br /></span>
142	<?php endif; ?>
143	<input type="radio" name="visibility" id="visibility-radio-password" value="password" <?php checked( $visibility, 'password' ); ?> /> <label for="visibility-radio-password" class="selectit"><?php _e('Password protected'); ?></label><br />
144	<span id="password-span"><label for="post_password"><?php _e('Password:'); ?></label> <input type="text" name="post_password" id="post_password" value="<?php echo esc_attr($post->post_password); ?>" /><br /></span>
145	<input type="radio" name="visibility" id="visibility-radio-private" value="private" <?php checked( $visibility, 'private' ); ?> /> <label for="visibility-radio-private" class="selectit"><?php _e('Private'); ?></label><br />
146
147	<p>
148	<a href="#visibility" class="save-post-visibility hide-if-no-js button"><?php _e('OK'); ?></a>
149	<a href="#visibility" class="cancel-post-visibility hide-if-no-js"><?php _e('Cancel'); ?></a>
150	</p>
151	</div>
152	<?php } ?>
153
154	</div><?php // /misc-pub-section ?>
155
156
157	<?php
158	// translators: Publish box date formt, see http://php.net/date
159	$datef = __( 'M j, Y @ G:i' );
160	if ( 0 != $post->ID ) {
161	if ( 'future' == $post->post_status ) { // scheduled for publishing at a future date
162	$stamp = __('Scheduled for: <b>%1$s</b>');
163	} else if ( 'publish' == $post->post_status \|\| 'private' == $post->post_status ) { // already published
164	$stamp = __('Published on: <b>%1$s</b>');
165	} else if ( '0000-00-00 00:00:00' == $post->post_date_gmt ) { // draft, 1 or more saves, no date specified
166	$stamp = __('Publish <b>immediately</b>');
167	} else if ( time() < strtotime( $post->post_date_gmt . ' +0000' ) ) { // draft, 1 or more saves, future date specified
168	$stamp = __('Schedule for: <b>%1$s</b>');
169	} else { // draft, 1 or more saves, date specified
170	$stamp = __('Publish on: <b>%1$s</b>');
171	}
172	$date = date_i18n( $datef, strtotime( $post->post_date ) );
173	} else { // draft (no saves, and thus no date specified)
174	$stamp = __('Publish <b>immediately</b>');
175	$date = date_i18n( $datef, strtotime( current_time('mysql') ) );
176	}
177
178	if ( $can_publish ) : // Contributors don't get to choose the date of publish ?>
179	<div class="misc-pub-section curtime misc-pub-section-last">
180	<span id="timestamp">
181	<?php printf($stamp, $date); ?></span>	//Cross Site Scripting
182	<a href="#edit_timestamp" class="edit-timestamp hide-if-no-js" tabindex='4'><?php _e('Edit') ?></a>
183	<div id="timestampdiv" class="hide-if-js"><?php touch_time(($action == 'edit'),1,4); ?></div>
184	</div><?php // /misc-pub-section ?>
185	<?php endif; ?>
186
187	<?php do_action('post_submitbox_misc_actions'); ?>
188	</div>
189	<div class="clear"></div>
190	</div>
191
192	<div id="major-publishing-actions">
193	<?php do_action('post_submitbox_start'); ?>
194	<div id="delete-action">
195	<?php
196	if ( current_user_can( "delete_post", $post->ID ) ) {
197	if ( !EMPTY_TRASH_DAYS )
198	$delete_text = __('Delete Permanently');
199	else
200	$delete_text = __('Move to Trash');
201	?>
202	<a class="submitdelete deletion" href="<?php echo get_delete_post_link($post->ID); ?>"><?php echo $delete_text; ?></a><?php	//Cross Site Scripting
203	} ?>
204	</div>
205
206	<div id="publishing-action">
207	<img src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" id="ajax-loading" style="visibility:hidden;" alt="" />
208	<?php
209	if ( !in_array( $post->post_status, array('publish', 'future', 'private') ) \|\| 0 == $post->ID ) {
210	if ( $can_publish ) :
211	if ( !empty($post->post_date_gmt) && time() < strtotime( $post->post_date_gmt . ' +0000' ) ) : ?>
212	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Schedule') ?>" />
213	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Schedule') ?>" />
214	<?php else : ?>
215	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Publish') ?>" />
216	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Publish') ?>" />
217	<?php endif;
218	else : ?>
219	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Submit for Review') ?>" />
220	<input name="publish" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Submit for Review') ?>" />
221	<?php
222	endif;
223	} else { ?>
224	<input name="original_publish" type="hidden" id="original_publish" value="<?php esc_attr_e('Update') ?>" />
225	<input name="save" type="submit" class="button-primary" id="publish" tabindex="5" accesskey="p" value="<?php esc_attr_e('Update') ?>" />
226	<?php
227	} ?>
228	</div>
229	<div class="clear"></div>
230	</div>
231	</div>
232
233	<?php
234	}
235
236
237	/**
238	* Display post tags form fields.
239	*
240	* @since 2.6.0
241	*
242	* @param object $post
243	*/
244	function post_tags_meta_box($post, $box) {
245	$defaults = array('taxonomy' => 'post_tag');
246	if ( !isset($box['args']) \|\| !is_array($box['args']) )
247	$args = array();
248	else
249	$args = $box['args'];
250	extract( wp_parse_args($args, $defaults), EXTR_SKIP );
251	$tax_name = esc_attr($taxonomy);
252	$taxonomy = get_taxonomy($taxonomy);
253	$disabled = !current_user_can($taxonomy->cap->assign_terms) ? 'disabled="disabled"' : '';
254	?>
255	<div class="tagsdiv" id="<?php echo $tax_name; ?>">	//Cross Site Scripting
256	<div class="jaxtag">
257	<div class="nojs-tags hide-if-js">
258	<p><?php echo $taxonomy->labels->add_or_remove_items; ?></p>	//Cross Site Scripting
259	<textarea name="<?php echo "tax_input[$tax_name]"; ?>" rows="3" cols="20" class="the-tags" id="tax-input-<?php echo $tax_name; ?>" <?php echo $disabled; ?>><?php echo esc_attr(get_terms_to_edit( $post->ID, $tax_name )); ?></textarea></div>	//Cross Site Scripting
260	<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
261	<div class="ajaxtag hide-if-no-js">
262	<label class="screen-reader-text" for="new-tag-<?php echo $tax_name; ?>"><?php echo $box['title']; ?></label>	//Cross Site Scripting
263	<div class="taghint"><?php echo $taxonomy->labels->add_new_item; ?></div>	//Cross Site Scripting
264	<p><input type="text" id="new-tag-<?php echo $tax_name; ?>" name="newtag[<?php echo $tax_name; ?>]" class="newtag form-input-tip" size="16" autocomplete="off" value="" />	//Cross Site Scripting
265	<input type="button" class="button tagadd" value="<?php esc_attr_e('Add'); ?>" tabindex="3" /></p>
266	</div>
267	<p class="howto"><?php echo esc_attr( $taxonomy->labels->separate_items_with_commas ); ?></p>
268	<?php endif; ?>
269	</div>
270	<div class="tagchecklist"></div>
271	</div>
272	<?php if ( current_user_can($taxonomy->cap->assign_terms) ) : ?>
273	<p class="hide-if-no-js"><a href="#titlediv" class="tagcloud-link" id="link-<?php echo $tax_name; ?>"><?php echo $taxonomy->labels->choose_from_most_used; ?></a></p>	//Cross Site Scripting
274	<?php else : ?>
275	<p><em><?php _e('You cannot modify this taxonomy.'); ?></em></p>
276	<?php endif; ?>
277	<?php
278	}
279
280
281	/**
282	* Display post categories form fields.
283	*
284	* @since 2.6.0
285	*
286	* @param object $post
287	*/
288	function post_categories_meta_box( $post, $box ) {
289	$defaults = array('taxonomy' => 'category');
290	if ( !isset($box['args']) \|\| !is_array($box['args']) )
291	$args = array();
292	else
293	$args = $box['args'];
294	extract( wp_parse_args($args, $defaults), EXTR_SKIP );
295	$tax = get_taxonomy($taxonomy);
296
297	?>
298	<div id="taxonomy-<?php echo $taxonomy; ?>" class="categorydiv">	//Cross Site Scripting
299	<ul id="<?php echo $taxonomy; ?>-tabs" class="category-tabs">	//Cross Site Scripting
300	<li class="tabs"><a href="#<?php echo $taxonomy; ?>-all" tabindex="3"><?php echo $tax->labels->all_items; ?></a></li>	//Cross Site Scripting
301	<li class="hide-if-no-js"><a href="#<?php echo $taxonomy; ?>-pop" tabindex="3"><?php _e( 'Most Used' ); ?></a></li>	//Cross Site Scripting
302	</ul>
303
304	<div id="<?php echo $taxonomy; ?>-pop" class="tabs-panel" style="display: none;">	//Cross Site Scripting
305	<ul id="<?php echo $taxonomy; ?>checklist-pop" class="categorychecklist form-no-clear" >	//Cross Site Scripting
306	<?php $popular_ids = wp_popular_terms_checklist($taxonomy); ?>
307	</ul>
308	</div>
309
310	<div id="<?php echo $taxonomy; ?>-all" class="tabs-panel">	//Cross Site Scripting
311	<?php
312	$name = ( $taxonomy == 'category' ) ? 'post_category' : 'tax_input[' . $taxonomy . ']';
313	echo "<input type='hidden' name='{$name}[]' value='0' />"; // Allows for an empty term set to be sent. 0 is an invalid Term ID and will be ignored by empty() checks.
314	?>
315	<ul id="<?php echo $taxonomy; ?>checklist" class="list:<?php echo $taxonomy?> categorychecklist form-no-clear">	//Cross Site Scripting
316	<?php wp_terms_checklist($post->ID, array( 'taxonomy' => $taxonomy, 'popular_cats' => $popular_ids ) ) ?>
317	</ul>
318	</div>
319	<?php if ( !current_user_can($tax->cap->assign_terms) ) : ?>
320	<p><em><?php _e('You cannot modify this taxonomy.'); ?></em></p>
321	<?php endif; ?>
322	<?php if ( current_user_can($tax->cap->edit_terms) ) : ?>
323	<div id="<?php echo $taxonomy; ?>-adder" class="wp-hidden-children">	//Cross Site Scripting
324	<h4>
325	<a id="<?php echo $taxonomy; ?>-add-toggle" href="#<?php echo $taxonomy; ?>-add" class="hide-if-no-js" tabindex="3">	//Cross Site Scripting
326	<?php
327	/* translators: %s: add new taxonomy label */
328	printf( __( '+ %s' ), $tax->labels->add_new_item );
329	?>
330	</a>
331	</h4>
332	<p id="<?php echo $taxonomy; ?>-add" class="category-add wp-hidden-child">	//Cross Site Scripting
333	<label class="screen-reader-text" for="new<?php echo $taxonomy; ?>"><?php echo $tax->labels->add_new_item; ?></label>	//Cross Site Scripting
334	<input type="text" name="new<?php echo $taxonomy; ?>" id="new<?php echo $taxonomy; ?>" class="form-required form-input-tip" value="<?php echo esc_attr( $tax->labels->new_item_name ); ?>" tabindex="3" aria-required="true"/>	//Cross Site Scripting //Arbitrary code inclusion
335	<label class="screen-reader-text" for="new<?php echo $taxonomy; ?>_parent">	//Cross Site Scripting
336	<?php echo $tax->labels->parent_item_colon; ?>	//Cross Site Scripting
337	</label>
338	<?php wp_dropdown_categories( array( 'taxonomy' => $taxonomy, 'hide_empty' => 0, 'name' => 'new'.$taxonomy.'_parent', 'orderby' => 'name', 'hierarchical' => 1, 'show_option_none' => '— ' . $tax->labels->parent_item . ' —', 'tab_index' => 3 ) ); ?>
339	<input type="button" id="<?php echo $taxonomy; ?>-add-submit" class="add:<?php echo $taxonomy ?>checklist:<?php echo $taxonomy ?>-add button category-add-sumbit" value="<?php echo esc_attr( $tax->labels->add_new_item ); ?>" tabindex="3" />	//Cross Site Scripting
340	<?php wp_nonce_field( 'add-'.$taxonomy, '_ajax_nonce-add-'.$taxonomy, false ); ?>
341	<span id="<?php echo $taxonomy; ?>-ajax-response"></span>	//Cross Site Scripting
342	</p>
343	</div>
344	<?php endif; ?>
345	</div>
346	<?php
347	}
348
349
350	/**
351	* Display post excerpt form fields.
352	*
353	* @since 2.6.0
354	*
355	* @param object $post
356	*/
357	function post_excerpt_meta_box($post) {
358	?>
359	<label class="screen-reader-text" for="excerpt"><?php _e('Excerpt') ?></label><textarea rows="1" cols="40" name="excerpt" tabindex="6" id="excerpt"><?php echo $post->post_excerpt ?></textarea>
360	<p><?php _e('Excerpts are optional hand-crafted summaries of your content that can be used in your theme. <a href="http://codex.wordpress.org/Excerpt" target="_blank">Learn more about manual excerpts.</a>'); ?></p>
361	<?php
362	}
363
364
365	/**
366	* Display trackback links form fields.
367	*
368	* @since 2.6.0
369	*
370	* @param object $post
371	*/
372	function post_trackback_meta_box($post) {
373	$form_trackback = '<input type="text" name="trackback_url" id="trackback_url" class="code" tabindex="7" value="'. esc_attr( str_replace("\n", ' ', $post->to_ping) ) .'" />';
374	if ('' != $post->pinged) {
375	$pings = '<p>'. __('Already pinged:') . '</p><ul>';
376	$already_pinged = explode("\n", trim($post->pinged));
377	foreach ($already_pinged as $pinged_url) {
378	$pings .= "\n\t<li>" . esc_html($pinged_url) . "</li>";
379	}
380	$pings .= '</ul>';
381	}
382
383	?>
384	<p><label for="trackback_url"><?php _e('Send trackbacks to:'); ?></label> <?php echo $form_trackback; ?><br /> (<?php _e('Separate multiple URLs with spaces'); ?>)</p>	//Cross Site Scripting
385	<p><?php _e('Trackbacks are a way to notify legacy blog systems that you’ve linked to them. If you link other WordPress sites they’ll be notified automatically using <a href="http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments" target="_blank">pingbacks</a>, no other action necessary.'); ?></p>
386	<?php
387	if ( ! empty($pings) )
388	echo $pings;	//Cross Site Scripting
389	}
390
391
392	/**
393	* Display custom fields form fields.
394	*
395	* @since 2.6.0
396	*
397	* @param object $post
398	*/
399	function post_custom_meta_box($post) {
400	?>
401	<div id="postcustomstuff">
402	<div id="ajax-response"></div>
403	<?php
404	$metadata = has_meta($post->ID);
405	list_meta($metadata);
406	meta_form(); ?>
407	</div>
408	<p><?php _e('Custom fields can be used to add extra metadata to a post that you can <a href="http://codex.wordpress.org/Using_Custom_Fields" target="_blank">use in your theme</a>.'); ?></p>
409	<?php
410	}
411
412
413	/**
414	* Display comments status form fields.
415	*
416	* @since 2.6.0
417	*
418	* @param object $post
419	*/
420	function post_comment_status_meta_box($post) {
421	?>
422	<input name="advanced_view" type="hidden" value="1" />
423	<p class="meta-options">
424	<label for="comment_status" class="selectit"><input name="comment_status" type="checkbox" id="comment_status" value="open" <?php checked($post->comment_status, 'open'); ?> /> <?php _e( 'Allow comments.' ) ?></label><br />
425	<label for="ping_status" class="selectit"><input name="ping_status" type="checkbox" id="ping_status" value="open" <?php checked($post->ping_status, 'open'); ?> /> <?php printf( __( 'Allow <a href="%s" target="_blank">trackbacks and pingbacks</a> on this page.' ), __( 'http://codex.wordpress.org/Introduction_to_Blogging#Managing_Comments' ) ); ?></label>
426	</p>
427	<?php
428	}
429
430	/**
431	* Display comments for post table header
432	*
433	* @since 3.0.0
434	*
435	* @param $result table header rows
436	* @return
437	*/
438	function post_comment_meta_box_thead($result) {
439	unset($result['cb'], $result['response']);
440	return $result;
441	}
442
443	/**
444	* Display comments for post.
445	*
446	* @since 2.8.0
447	*
448	* @param object $post
449	*/
450	function post_comment_meta_box($post) {
451	global $wpdb, $post_ID;
452
453	$total = $wpdb->get_var($wpdb->prepare("SELECT count(1) FROM $wpdb->comments WHERE comment_post_ID = '%d' AND ( comment_approved = '0' OR comment_approved = '1')", $post_ID));
454
455	if ( 1 > $total ) {
456	echo '<p>' . __('No comments yet.') . '</p>';
457	return;
458	}
459
460	wp_nonce_field( 'get-comments', 'add_comment_nonce', false );
461	add_filter('manage_edit-comments_columns', 'post_comment_meta_box_thead', 8, 1);
462	?>
463
464	<table class="widefat comments-box fixed" cellspacing="0" style="display:none;">
465	<thead><tr>
466	<?php print_column_headers('edit-comments'); ?>
467	</tr></thead>
468	<tbody id="the-comment-list" class="list:comment"></tbody>
469	</table>
470	<p class="hide-if-no-js"><a href="#commentstatusdiv" id="show-comments" onclick="commentsBox.get(<?php echo $total; ?>);return false;"><?php _e('Show comments'); ?></a> <img class="waiting" style="display:none;" src="<?php echo esc_url( admin_url( 'images/wpspin_light.gif' ) ); ?>" alt="" /></p>	//Cross Site Scripting
471	<?php
472	$hidden = get_hidden_meta_boxes('post');
473	if ( ! in_array('commentsdiv', $hidden) ) { ?>
474	<script type="text/javascript">jQuery(document).ready(function(){commentsBox.get(<?php echo $total; ?>, 10);});</script>	//Cross Site Scripting
475	<?php
476	}
477	remove_filter('manage_edit-comments_columns', 'post_comment_meta_box_thead');
478	wp_comment_trashnotice();
479	}
480
481
482	/**
483	* Display slug form fields.
484	*
485	* @since 2.6.0
486	*
487	* @param object $post
488	*/
489	function post_slug_meta_box($post) {
490	?>
491	<label class="screen-reader-text" for="post_name"><?php _e('Slug') ?></label><input name="post_name" type="text" size="13" id="post_name" value="<?php echo esc_attr( $post->post_name ); ?>" />
492	<?php
493	}
494
495
496	/**
497	* Display form field with list of authors.
498	*
499	* @since 2.6.0
500	*
501	* @param object $post
502	*/
503	function post_author_meta_box($post) {
504	global $user_ID;
505	$authors = get_editable_user_ids( get_current_user_id(), true, $post->post_type ); // TODO: ROLE SYSTEM
506	if ( $post->post_author && !in_array($post->post_author, $authors) )
507	$authors[] = $post->post_author;
508	?>
509	<label class="screen-reader-text" for="post_author_override"><?php _e('Author'); ?></label><?php wp_dropdown_users( array('include' => $authors, 'name' => 'post_author_override', 'selected' => empty($post->ID) ? $user_ID : $post->post_author) ); ?>	//Arbitrary code inclusion
510	<?php
511	}
512
513
514	/**
515	* Display list of revisions.
516	*
517	* @since 2.6.0
518	*
519	* @param object $post
520	*/
521	function post_revisions_meta_box($post) {
522	wp_list_post_revisions();
523	}
524
525
526	// -- Page related Meta Boxes
527
528	/**
529	* Display page attributes form fields.
530	*
531	* @since 2.7.0
532	*
533	* @param object $post
534	*/
535	function page_attributes_meta_box($post) {
536	$post_type_object = get_post_type_object($post->post_type);
537	if ( $post_type_object->hierarchical ) {
538	$pages = wp_dropdown_pages(array('post_type' => $post->post_type, 'exclude_tree' => $post->ID, 'selected' => $post->post_parent, 'name' => 'parent_id', 'show_option_none' => __('(no parent)'), 'sort_column'=> 'menu_order, post_title', 'echo' => 0));
539	if ( ! empty($pages) ) {
540	?>
541	<p><strong><?php _e('Parent') ?></strong></p>
542	<label class="screen-reader-text" for="parent_id"><?php _e('Parent') ?></label>
543	<?php echo $pages; ?>	//Cross Site Scripting
544	<?php
545	} // end empty pages check
546	} // end hierarchical check.
547	if ( 'page' == $post->post_type && 0 != count( get_page_templates() ) ) {
548	$template = !empty($post->page_template) ? $post->page_template : false;
549	?>
550	<p><strong><?php _e('Template') ?></strong></p>
551	<label class="screen-reader-text" for="page_template"><?php _e('Page Template') ?></label><select name="page_template" id="page_template">
552	<option value='default'><?php _e('Default Template'); ?></option>
553	<?php page_template_dropdown($template); ?>
554	</select>
555	<?php
556	} ?>
557	<p><strong><?php _e('Order') ?></strong></p>
558	<p><label class="screen-reader-text" for="menu_order"><?php _e('Order') ?></label><input name="menu_order" type="text" size="4" id="menu_order" value="<?php echo esc_attr($post->menu_order) ?>" /></p>
559	<p><?php if ( 'page' == $post->post_type ) _e( 'Need help? Use the Help tab in the upper right of your screen.' ); ?></p>
560	<?php
561	}
562
563
564	// -- Link related Meta Boxes
565
566	/**
567	* Display link create form fields.
568	*
569	* @since 2.7.0
570	*
571	* @param object $link
572	*/
573	function link_submit_meta_box($link) {
574	?>
575	<div class="submitbox" id="submitlink">
576
577	<div id="minor-publishing">
578
579	<?php // Hidden submit button early on so that the browser chooses the right button when form is submitted with Return key ?>
580	<div style="display:none;">
581	<input type="submit" name="save" value="<?php esc_attr_e('Save'); ?>" />
582	</div>
583
584	<div id="minor-publishing-actions">
585	<div id="preview-action">
586	<?php if ( !empty($link->link_id) ) { ?>
587	<a class="preview button" href="<?php echo $link->link_url; ?>" target="_blank" tabindex="4"><?php _e('Visit Link'); ?></a>	//Cross Site Scripting
588	<?php } ?>
589	</div>
590	<div class="clear"></div>
591	</div>
592
593	<div id="misc-publishing-actions">
594	<div class="misc-pub-section misc-pub-section-last">
595	<label for="link_private" class="selectit"><input id="link_private" name="link_visible" type="checkbox" value="N" <?php checked($link->link_visible, 'N'); ?> /> <?php _e('Keep this link private') ?></label>
596	</div>
597	</div>
598
599	</div>
600
601	<div id="major-publishing-actions">
602	<?php do_action('post_submitbox_start'); ?>
603	<div id="delete-action">
604	<?php
605	if ( !empty($_GET['action']) && 'edit' == $_GET['action'] && current_user_can('manage_links') ) { ?>
606	<a class="submitdelete deletion" href="<?php echo wp_nonce_url("link.php?action=delete&link_id=$link->link_id", 'delete-bookmark_' . $link->link_id); ?>" onclick="if ( confirm('<?php echo esc_js(sprintf(__("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )); ?>') ) {return true;}return false;"><?php _e('Delete'); ?></a>
607	<?php } ?>
608	</div>
609
610	<div id="publishing-action">
611	<?php if ( !empty($link->link_id) ) { ?>
612	<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Update Link') ?>" />
613	<?php } else { ?>
614	<input name="save" type="submit" class="button-primary" id="publish" tabindex="4" accesskey="p" value="<?php esc_attr_e('Add Link') ?>" />
615	<?php } ?>
616	</div>
617	<div class="clear"></div>
618	</div>
619	<?php do_action('submitlink_box'); ?>
620	<div class="clear"></div>
621	</div>
622	<?php
623	}
624
625
626	/**
627	* Display link categories form fields.
628	*
629	* @since 2.6.0
630	*
631	* @param object $link
632	*/
633	function link_categories_meta_box($link) { ?>
634	<ul id="category-tabs" class="category-tabs">
635	<li class="tabs"><a href="#categories-all"><?php _e( 'All Categories' ); ?></a></li>
636	<li class="hide-if-no-js"><a href="#categories-pop"><?php _e( 'Most Used' ); ?></a></li>
637	</ul>
638
639	<div id="categories-all" class="tabs-panel">
640	<ul id="categorychecklist" class="list:category categorychecklist form-no-clear">
641	<?php
642	if ( isset($link->link_id) )
643	wp_link_category_checklist($link->link_id);
644	else
645	wp_link_category_checklist();
646	?>
647	</ul>
648	</div>
649
650	<div id="categories-pop" class="tabs-panel" style="display: none;">
651	<ul id="categorychecklist-pop" class="categorychecklist form-no-clear">
652	<?php wp_popular_terms_checklist('link_category'); ?>
653	</ul>
654	</div>
655
656	<div id="category-adder" class="wp-hidden-children">
657	<h4><a id="category-add-toggle" href="#category-add"><?php _e( '+ Add New Category' ); ?></a></h4>
658	<p id="link-category-add" class="wp-hidden-child">
659	<label class="screen-reader-text" for="newcat"><?php _e( '+ Add New Category' ); ?></label>
660	<input type="text" name="newcat" id="newcat" class="form-required form-input-tip" value="<?php esc_attr_e( 'New category name' ); ?>" aria-required="true" />
661	<input type="button" id="category-add-submit" class="add:categorychecklist:linkcategorydiv button" value="<?php esc_attr_e( 'Add' ); ?>" />
662	<?php wp_nonce_field( 'add-link-category', '_ajax_nonce', false ); ?>
663	<span id="category-ajax-response"></span>
664	</p>
665	</div>
666	<?php
667	}
668
669
670	/**
671	* Display form fields for changing link target.
672	*
673	* @since 2.6.0
674	*
675	* @param object $link
676	*/
677	function link_target_meta_box($link) { ?>
678	<fieldset><legend class="screen-reader-text"><span><?php _e('Target') ?></span></legend>
679	<p><label for="link_target_blank" class="selectit">
680	<input id="link_target_blank" type="radio" name="link_target" value="_blank" <?php echo ( isset( $link->link_target ) && ($link->link_target == '_blank') ? 'checked="checked"' : ''); ?> />
681	<?php _e('<code>_blank</code> — new window or tab.'); ?></label></p>
682	<p><label for="link_target_top" class="selectit">
683	<input id="link_target_top" type="radio" name="link_target" value="_top" <?php echo ( isset( $link->link_target ) && ($link->link_target == '_top') ? 'checked="checked"' : ''); ?> />
684	<?php _e('<code>_top</code> — current window or tab, with no frames.'); ?></label></p>
685	<p><label for="link_target_none" class="selectit">
686	<input id="link_target_none" type="radio" name="link_target" value="" <?php echo ( isset( $link->link_target ) && ($link->link_target == '') ? 'checked="checked"' : ''); ?> />
687	<?php _e('<code>_none</code> — same window or tab.'); ?></label></p>
688	</fieldset>
689	<p><?php _e('Choose the target frame for your link.'); ?></p>
690	<?php
691	}
692
693
694	/**
695	* Display checked checkboxes attribute for xfn microformat options.
696	*
697	* @since 1.0.1
698	*
699	* @param string $class
700	* @param string $value
701	* @param mixed $deprecated Never used.
702	*/
703	function xfn_check( $class, $value = '', $deprecated = '' ) {
704	global $link;
705
706	if ( !empty( $deprecated ) )
707	_deprecated_argument( __FUNCTION__, '0.0' ); // Never implemented
708
709	$link_rel = isset( $link->link_rel ) ? $link->link_rel : ''; // In PHP 5.3: $link_rel = $link->link_rel ?: '';
710	$rels = preg_split('/\s+/', $link_rel);
711
712	if ('' != $value && in_array($value, $rels) ) {
713	echo ' checked="checked"';
714	}
715
716	if ('' == $value) {
717	if ('family' == $class && strpos($link_rel, 'child') === false && strpos($link_rel, 'parent') === false && strpos($link_rel, 'sibling') === false && strpos($link_rel, 'spouse') === false && strpos($link_rel, 'kin') === false) echo ' checked="checked"';
718	if ('friendship' == $class && strpos($link_rel, 'friend') === false && strpos($link_rel, 'acquaintance') === false && strpos($link_rel, 'contact') === false) echo ' checked="checked"';
719	if ('geographical' == $class && strpos($link_rel, 'co-resident') === false && strpos($link_rel, 'neighbor') === false) echo ' checked="checked"';
720	if ('identity' == $class && in_array('me', $rels) ) echo ' checked="checked"';
721	}
722	}
723
724
725	/**
726	* Display xfn form fields.
727	*
728	* @since 2.6.0
729	*
730	* @param object $link
731	*/
732	function link_xfn_meta_box($link) {
733	?>
734	<table class="editform" style="width: 100%;" cellspacing="2" cellpadding="5">
735	<tr>
736	<th style="width: 20%;" scope="row"><label for="link_rel"><?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('rel:') ?></label></th>
737	<td style="width: 80%;"><input type="text" name="link_rel" id="link_rel" size="50" value="<?php echo ( isset( $link->link_rel ) ? esc_attr($link->link_rel) : ''); ?>" /></td>
738	</tr>
739	<tr>
740	<td colspan="2">
741	<table cellpadding="3" cellspacing="5" class="form-table">
742	<tr>
743	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('identity') ?> </th>
744	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('identity') ?> </span></legend>
745	<label for="me">
746	<input type="checkbox" name="identity" value="me" id="me" <?php xfn_check('identity', 'me'); ?> />
747	<?php _e('another web address of mine') ?></label>
748	</fieldset></td>
749	</tr>
750	<tr>
751	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('friendship') ?> </th>
752	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('friendship') ?> </span></legend>
753	<label for="contact">
754	<input class="valinp" type="radio" name="friendship" value="contact" id="contact" <?php xfn_check('friendship', 'contact'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('contact') ?></label>
755	<label for="acquaintance">
756	<input class="valinp" type="radio" name="friendship" value="acquaintance" id="acquaintance" <?php xfn_check('friendship', 'acquaintance'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('acquaintance') ?></label>
757	<label for="friend">
758	<input class="valinp" type="radio" name="friendship" value="friend" id="friend" <?php xfn_check('friendship', 'friend'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('friend') ?></label>
759	<label for="friendship">
760	<input name="friendship" type="radio" class="valinp" value="" id="friendship" <?php xfn_check('friendship'); ?> /> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('none') ?></label>
761	</fieldset></td>
762	</tr>
763	<tr>
764	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('physical') ?> </th>
765	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('physical') ?> </span></legend>
766	<label for="met">
767	<input class="valinp" type="checkbox" name="physical" value="met" id="met" <?php xfn_check('physical', 'met'); ?> />
768	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('met') ?></label>
769	</fieldset></td>
770	</tr>
771	<tr>
772	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('professional') ?> </th>
773	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('professional') ?> </span></legend>
774	<label for="co-worker">
775	<input class="valinp" type="checkbox" name="professional" value="co-worker" id="co-worker" <?php xfn_check('professional', 'co-worker'); ?> />
776	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('co-worker') ?></label>
777	<label for="colleague">
778	<input class="valinp" type="checkbox" name="professional" value="colleague" id="colleague" <?php xfn_check('professional', 'colleague'); ?> />
779	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('colleague') ?></label>
780	</fieldset></td>
781	</tr>
782	<tr>
783	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('geographical') ?> </th>
784	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('geographical') ?> </span></legend>
785	<label for="co-resident">
786	<input class="valinp" type="radio" name="geographical" value="co-resident" id="co-resident" <?php xfn_check('geographical', 'co-resident'); ?> />
787	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('co-resident') ?></label>
788	<label for="neighbor">
789	<input class="valinp" type="radio" name="geographical" value="neighbor" id="neighbor" <?php xfn_check('geographical', 'neighbor'); ?> />
790	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('neighbor') ?></label>
791	<label for="geographical">
792	<input class="valinp" type="radio" name="geographical" value="" id="geographical" <?php xfn_check('geographical'); ?> />
793	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('none') ?></label>
794	</fieldset></td>
795	</tr>
796	<tr>
797	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('family') ?> </th>
798	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('family') ?> </span></legend>
799	<label for="child">
800	<input class="valinp" type="radio" name="family" value="child" id="child" <?php xfn_check('family', 'child'); ?> />
801	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('child') ?></label>
802	<label for="kin">
803	<input class="valinp" type="radio" name="family" value="kin" id="kin" <?php xfn_check('family', 'kin'); ?> />
804	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('kin') ?></label>
805	<label for="parent">
806	<input class="valinp" type="radio" name="family" value="parent" id="parent" <?php xfn_check('family', 'parent'); ?> />
807	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('parent') ?></label>
808	<label for="sibling">
809	<input class="valinp" type="radio" name="family" value="sibling" id="sibling" <?php xfn_check('family', 'sibling'); ?> />
810	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('sibling') ?></label>
811	<label for="spouse">
812	<input class="valinp" type="radio" name="family" value="spouse" id="spouse" <?php xfn_check('family', 'spouse'); ?> />
813	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('spouse') ?></label>
814	<label for="family">
815	<input class="valinp" type="radio" name="family" value="" id="family" <?php xfn_check('family'); ?> />
816	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('none') ?></label>
817	</fieldset></td>
818	</tr>
819	<tr>
820	<th scope="row"> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('romantic') ?> </th>
821	<td><fieldset><legend class="screen-reader-text"><span> <?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('romantic') ?> </span></legend>
822	<label for="muse">
823	<input class="valinp" type="checkbox" name="romantic" value="muse" id="muse" <?php xfn_check('romantic', 'muse'); ?> />
824	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('muse') ?></label>
825	<label for="crush">
826	<input class="valinp" type="checkbox" name="romantic" value="crush" id="crush" <?php xfn_check('romantic', 'crush'); ?> />
827	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('crush') ?></label>
828	<label for="date">
829	<input class="valinp" type="checkbox" name="romantic" value="date" id="date" <?php xfn_check('romantic', 'date'); ?> />
830	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('date') ?></label>
831	<label for="romantic">
832	<input class="valinp" type="checkbox" name="romantic" value="sweetheart" id="romantic" <?php xfn_check('romantic', 'sweetheart'); ?> />
833	<?php /* translators: xfn: http://gmpg.org/xfn/ */ _e('sweetheart') ?></label>
834	</fieldset></td>
835	</tr>
836	</table>
837	</td>
838	</tr>
839	</table>
840	<p><?php _e('If the link is to a person, you can specify your relationship with them using the above form. If you would like to learn more about the idea check out <a href="http://gmpg.org/xfn/">XFN</a>.'); ?></p>
841	<?php
842	}
843
844
845	/**
846	* Display advanced link options form fields.
847	*
848	* @since 2.6.0
849	*
850	* @param object $link
851	*/
852	function link_advanced_meta_box($link) {
853	?>
854	<table class="form-table" style="width: 100%;" cellspacing="2" cellpadding="5">
855	<tr class="form-field">
856	<th valign="top" scope="row"><label for="link_image"><?php _e('Image Address') ?></label></th>
857	<td><input type="text" name="link_image" class="code" id="link_image" size="50" value="<?php echo ( isset( $link->link_image ) ? esc_attr($link->link_image) : ''); ?>" style="width: 95%" /></td>
858	</tr>
859	<tr class="form-field">
860	<th valign="top" scope="row"><label for="rss_uri"><?php _e('RSS Address') ?></label></th>
861	<td><input name="link_rss" class="code" type="text" id="rss_uri" value="<?php echo ( isset( $link->link_rss ) ? esc_attr($link->link_rss) : ''); ?>" size="50" style="width: 95%" /></td>
862	</tr>
863	<tr class="form-field">
864	<th valign="top" scope="row"><label for="link_notes"><?php _e('Notes') ?></label></th>
865	<td><textarea name="link_notes" id="link_notes" cols="50" rows="10" style="width: 95%"><?php echo ( isset( $link->link_notes ) ? $link->link_notes : ''); ?></textarea></td>
866	</tr>
867	<tr class="form-field">
868	<th valign="top" scope="row"><label for="link_rating"><?php _e('Rating') ?></label></th>
869	<td><select name="link_rating" id="link_rating" size="1">
870	<?php
871	for ($r = 0; $r <= 10; $r++) {
872	echo(' <option value="'. esc_attr($r) .'" ');
873	if ( isset($link->link_rating) && $link->link_rating == $r)
874	echo 'selected="selected"';
875	echo('>'.$r.'</option>');	//Cross Site Scripting
876	}
877	?></select> <?php _e('(Leave at 0 for no rating.)') ?>
878	</td>
879	</tr>
880	</table>
881	<?php
882	}
883
884	/**
885	* Display post thumbnail meta box.
886	*
887	* @since 2.9.0
888	*/
889	function post_thumbnail_meta_box() {
890	global $post;
891	$thumbnail_id = get_post_meta( $post->ID, '_thumbnail_id', true );
892	echo _wp_post_thumbnail_html( $thumbnail_id );
893	}
894