/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
#CodeDescriptions
1<?php
2/**
3 * WordPress AJAX Process Execution.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/**
10 * Executing AJAX process.
11 *
12 * @since unknown
13 */
14define('DOING_AJAX', true);
15define('WP_ADMIN', true);
16
17require_once('../wp-load.php');
18
19if ( ! isset( $_REQUEST['action'] ) )
20 die('-1');
21
22require_once('./includes/admin.php');
23@header('Content-Type: text/html; charset=' . get_option('blog_charset'));
24send_nosniff_header();
25
26do_action('admin_init');
27
28if ( ! is_user_logged_in() ) {
29
30 if ( isset( $_POST['action'] ) && $_POST['action'] == 'autosave' ) {
31 $id = isset($_POST['post_ID'])? (int) $_POST['post_ID'] : 0;
32
33 if ( ! $id )
34 die('-1');
35
36 $message = sprintf( __('<strong>ALERT: You are logged out!</strong> Could not save draft. <a href="%s" target="_blank">Please log in again.</a>'), wp_login_url() );
37 $x = new WP_Ajax_Response( array(
38 'what' => 'autosave',
39 'id' => $id,
40 'data' => $message
41 ) );
42 $x->send();
43 }
44
45 if ( !empty( $_REQUEST['action'] ) )
46 do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );
47
48 die('-1');
49}
50
51if ( isset( $_GET['action'] ) ) :
52switch ( $action = $_GET['action'] ) :
53case 'ajax-tag-search' :
54 if ( !current_user_can( 'edit_posts' ) )
55 die('-1');
56
57 $s = $_GET['q']; // is this slashed already?
58
59 if ( isset($_GET['tax']) )
60 $taxonomy = sanitize_title($_GET['tax']);
61 else
62 die('0');
63
64 if ( false !== strpos( $s, ',' ) ) {
65 $s = explode( ',', $s );
66 $s = $s[count( $s ) - 1];
67 }
68 $s = trim( $s );
69 if ( strlen( $s ) < 2 )
70 die; // require 2 chars for matching
71
72 $results = $wpdb->get_col( "SELECT t.name FROM $wpdb->term_taxonomy AS tt INNER JOIN $wpdb->terms AS t ON tt.term_id = t.term_id WHERE tt.taxonomy = '$taxonomy' AND t.name LIKE ('%" . $s . "%')" );
73
74 echo join( $results, "\n" );
75 die;
76 break;
77case 'wp-compression-test' :
78 if ( !current_user_can( 'manage_options' ) )
79 die('-1');
80
81 if ( ini_get('zlib.output_compression') || 'ob_gzhandler' == ini_get('output_handler') ) {
82 update_site_option('can_compress_scripts', 0);
83 die('0');
84 }
85
86 if ( isset($_GET['test']) ) {
87 header( 'Expires: Wed, 11 Jan 1984 05:00:00 GMT' );
88 header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
89 header( 'Cache-Control: no-cache, must-revalidate, max-age=0' );
90 header( 'Pragma: no-cache' );
91 header('Content-Type: application/x-javascript; charset=UTF-8');
92 $force_gzip = ( defined('ENFORCE_GZIP') && ENFORCE_GZIP );
93 $test_str = '"wpCompressionTest Lorem ipsum dolor sit amet consectetuer mollis sapien urna ut a. Eu nonummy condimentum fringilla tempor pretium platea vel nibh netus Maecenas. Hac molestie amet justo quis pellentesque est ultrices interdum nibh Morbi. Cras mattis pretium Phasellus ante ipsum ipsum ut sociis Suspendisse Lorem. Ante et non molestie. Porta urna Vestibulum egestas id congue nibh eu risus gravida sit. Ac augue auctor Ut et non a elit massa id sodales. Elit eu Nulla at nibh adipiscing mattis lacus mauris at tempus. Netus nibh quis suscipit nec feugiat eget sed lorem et urna. Pellentesque lacus at ut massa consectetuer ligula ut auctor semper Pellentesque. Ut metus massa nibh quam Curabitur molestie nec mauris congue. Volutpat molestie elit justo facilisis neque ac risus Ut nascetur tristique. Vitae sit lorem tellus et quis Phasellus lacus tincidunt nunc Fusce. Pharetra wisi Suspendisse mus sagittis libero lacinia Integer consequat ac Phasellus. Et urna ac cursus tortor aliquam Aliquam amet tellus volutpat Vestibulum. Justo interdum condimentum In augue congue tellus sollicitudin Quisque quis nibh."';
94
95 if ( 1 == $_GET['test'] ) {
96 echo $test_str;//Cross Site Scripting
97 die;
98 } elseif ( 2 == $_GET['test'] ) {
99 if ( !isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
100 die('-1');
101 if ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'deflate') && function_exists('gzdeflate') && ! $force_gzip ) {
102 header('Content-Encoding: deflate');
103 $out = gzdeflate( $test_str, 1 );
104 } elseif ( false !== stripos( $_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') ) {
105 header('Content-Encoding: gzip');
106 $out = gzencode( $test_str, 1 );
107 } else {
108 die('-1');
109 }
110 echo $out;//Cross Site Scripting
111 die;
112 } elseif ( 'no' == $_GET['test'] ) {
113 update_site_option('can_compress_scripts', 0);
114 } elseif ( 'yes' == $_GET['test'] ) {
115 update_site_option('can_compress_scripts', 1);
116 }
117 }
118
119 die('0');
120 break;
121case 'imgedit-preview' :
122 $post_id = intval($_GET['postid']);
123 if ( empty($post_id) || !current_user_can('edit_post', $post_id) )
124 die('-1');
125
126 check_ajax_referer( "image_editor-$post_id" );
127
128 include_once( ABSPATH . 'wp-admin/includes/image-edit.php' );
129 if ( ! stream_preview_image($post_id) )
130 die('-1');
131
132 die();
133 break;
134case 'menu-quick-search':
135 if ( ! current_user_can( 'edit_theme_options' ) )
136 die('-1');
137
138 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
139
140 _wp_ajax_menu_quick_search( $_REQUEST );
141
142 exit;
143 break;
144case 'oembed-cache' :
145 $return = ( $wp_embed->cache_oembed( $_GET['post'] ) ) ? '1' : '0';
146 die( $return );
147 break;
148default :
149 do_action( 'wp_ajax_' . $_GET['action'] );
150 die('0');
151 break;
152endswitch;
153endif;
154
155/**
156 * Sends back current comment total and new page links if they need to be updated.
157 *
158 * Contrary to normal success AJAX response ("1"), die with time() on success.
159 *
160 * @since 2.7
161 *
162 * @param int $comment_id
163 * @return die
164 */
165function _wp_ajax_delete_comment_response( $comment_id ) {
166 $total = (int) @$_POST['_total'];
167 $per_page = (int) @$_POST['_per_page'];
168 $page = (int) @$_POST['_page'];
169 $url = esc_url_raw( @$_POST['_url'] );
170 // JS didn't send us everything we need to know. Just die with success message
171 if ( !$total || !$per_page || !$page || !$url )
172 die( (string) time() );
173
174 if ( --$total < 0 ) // Take the total from POST and decrement it (since we just deleted one)
175 $total = 0;
176
177 if ( 0 != $total % $per_page && 1 != mt_rand( 1, $per_page ) ) // Only do the expensive stuff on a page-break, and about 1 other time per page
178 die( (string) time() );
179
180 $post_id = 0;
181 $status = 'total_comments'; // What type of comment count are we looking for?
182 $parsed = parse_url( $url );
183 if ( isset( $parsed['query'] ) ) {
184 parse_str( $parsed['query'], $query_vars );
185 if ( !empty( $query_vars['comment_status'] ) )
186 $status = $query_vars['comment_status'];
187 if ( !empty( $query_vars['p'] ) )
188 $post_id = (int) $query_vars['p'];
189 }
190
191 $comment_count = wp_count_comments($post_id);
192 $time = time(); // The time since the last comment count
193
194 if ( isset( $comment_count->$status ) ) // We're looking for a known type of comment count
195 $total = $comment_count->$status;
196 // else use the decremented value from above
197
198 $page_links = paginate_links( array(
199 'base' => add_query_arg( 'apage', '%#%', $url ),
200 'format' => '',
201 'prev_text' => __('«'),
202 'next_text' => __('»'),
203 'total' => ceil($total / $per_page),
204 'current' => $page
205 ) );
206 $x = new WP_Ajax_Response( array(
207 'what' => 'comment',
208 'id' => $comment_id, // here for completeness - not used
209 'supplemental' => array(
210 'pageLinks' => $page_links,
211 'total' => $total,
212 'time' => $time
213 )
214 ) );
215 $x->send();
216}
217
218function _wp_ajax_add_hierarchical_term() {
219 $action = $_POST['action'];
220 $taxonomy = get_taxonomy(substr($action, 4));
221 check_ajax_referer( $action, '_ajax_nonce-add-' . $taxonomy->name );
222 if ( !current_user_can( $taxonomy->cap->edit_terms ) )
223 die('-1');
224 $names = explode(',', $_POST['new'.$taxonomy->name]);
225 $parent = isset($_POST['new'.$taxonomy->name.'_parent']) ? (int) $_POST['new'.$taxonomy->name.'_parent'] : 0;
226 if ( 0 > $parent )
227 $parent = 0;
228 if ( $taxonomy->name == 'category' )
229 $post_category = isset($_POST['post_category']) ? (array) $_POST['post_category'] : array();
230 else
231 $post_category = ( isset($_POST['tax_input']) && isset($_POST['tax_input'][$taxonomy->name]) ) ? (array) $_POST['tax_input'][$taxonomy->name] : array();
232 $checked_categories = array_map( 'absint', (array) $post_category );
233 $popular_ids = wp_popular_terms_checklist($taxonomy->name, 0, 10, false);
234
235 foreach ( $names as $cat_name ) {
236 $cat_name = trim($cat_name);
237 $category_nicename = sanitize_title($cat_name);
238 if ( '' === $category_nicename )
239 continue;
240 if ( !($cat_id = term_exists($cat_name, $taxonomy->name, $parent)) ) {
241 $new_term = wp_insert_term($cat_name, $taxonomy->name, array('parent' => $parent));
242 $cat_id = $new_term['term_id'];
243 }
244 $checked_categories[] = $cat_id;
245 if ( $parent ) // Do these all at once in a second
246 continue;
247 $category = get_term( $cat_id, $taxonomy->name );
248 ob_start();
249 wp_terms_checklist( 0, array( 'taxonomy' => $taxonomy->name, 'descendants_and_self' => $cat_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids ));
250 $data = ob_get_contents();
251 ob_end_clean();
252 $add = array(
253 'what' => $taxonomy->name,
254 'id' => $cat_id,
255 'data' => str_replace( array("\n", "\t"), '', $data),
256 'position' => -1
257 );
258 }
259
260 if ( $parent ) { // Foncy - replace the parent and all its children
261 $parent = get_term( $parent, $taxonomy->name );
262 $term_id = $parent->term_id;
263
264 while ( $parent->parent ) { // get the top parent
265 $parent = &get_term( $parent->parent, $taxonomy->name );
266 if ( is_wp_error( $parent ) )
267 break;
268 $term_id = $parent->term_id;
269 }
270
271 ob_start();
272 wp_terms_checklist( 0, array('taxonomy' => $taxonomy->name, 'descendants_and_self' => $term_id, 'selected_cats' => $checked_categories, 'popular_cats' => $popular_ids));
273 $data = ob_get_contents();
274 ob_end_clean();
275 $add = array(
276 'what' => $taxonomy->name,
277 'id' => $term_id,
278 'data' => str_replace( array("\n", "\t"), '', $data),
279 'position' => -1
280 );
281 }
282
283 ob_start();
284 wp_dropdown_categories( array(
285 'taxonomy' => $taxonomy->name, 'hide_empty' => 0, 'name' => 'new'.$taxonomy->name.'_parent', 'orderby' => 'name',
286 'hierarchical' => 1, 'show_option_none' => '— '.$taxonomy->labels->parent_item.' —'
287 ) );
288 $sup = ob_get_contents();
289 ob_end_clean();
290 $add['supplemental'] = array( 'newcat_parent' => $sup );
291
292 $x = new WP_Ajax_Response( $add );
293 $x->send();
294}
295
296$id = isset($_POST['id'])? (int) $_POST['id'] : 0;
297switch ( $action = $_POST['action'] ) :
298case 'delete-comment' : // On success, die with time() instead of 1
299 if ( !$comment = get_comment( $id ) )
300 die( (string) time() );
301 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) )
302 die('-1');
303
304 check_ajax_referer( "delete-comment_$id" );
305 $status = wp_get_comment_status( $comment->comment_ID );
306
307 if ( isset($_POST['trash']) && 1 == $_POST['trash'] ) {
308 if ( 'trash' == $status )
309 die( (string) time() );
310 $r = wp_trash_comment( $comment->comment_ID );
311 } elseif ( isset($_POST['untrash']) && 1 == $_POST['untrash'] ) {
312 if ( 'trash' != $status )
313 die( (string) time() );
314 $r = wp_untrash_comment( $comment->comment_ID );
315 } elseif ( isset($_POST['spam']) && 1 == $_POST['spam'] ) {
316 if ( 'spam' == $status )
317 die( (string) time() );
318 $r = wp_spam_comment( $comment->comment_ID );
319 } elseif ( isset($_POST['unspam']) && 1 == $_POST['unspam'] ) {
320 if ( 'spam' != $status )
321 die( (string) time() );
322 $r = wp_unspam_comment( $comment->comment_ID );
323 } elseif ( isset($_POST['delete']) && 1 == $_POST['delete'] ) {
324 $r = wp_delete_comment( $comment->comment_ID );
325 } else {
326 die('-1');
327 }
328
329 if ( $r ) // Decide if we need to send back '1' or a more complicated response including page links and comment counts
330 _wp_ajax_delete_comment_response( $comment->comment_ID );
331 die( '0' );
332 break;
333case 'delete-tag' :
334 $tag_id = (int) $_POST['tag_ID'];
335 check_ajax_referer( "delete-tag_$tag_id" );
336
337 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
338 $tax = get_taxonomy($taxonomy);
339
340 if ( !current_user_can( $tax->cap->delete_terms ) )
341 die('-1');
342
343 $tag = get_term( $tag_id, $taxonomy );
344 if ( !$tag || is_wp_error( $tag ) )
345 die('1');
346
347 if ( wp_delete_term($tag_id, $taxonomy))
348 die('1');
349 else
350 die('0');
351 break;
352case 'delete-link-cat' :
353 check_ajax_referer( "delete-link-category_$id" );
354 if ( !current_user_can( 'manage_categories' ) )
355 die('-1');
356
357 $cat = get_term( $id, 'link_category' );
358 if ( !$cat || is_wp_error( $cat ) )
359 die('1');
360
361 $cat_name = get_term_field('name', $id, 'link_category');
362
363 $default = get_option('default_link_category');
364
365 // Don't delete the default cats.
366 if ( $id == $default ) {
367 $x = new WP_AJAX_Response( array(
368 'what' => 'link-cat',
369 'id' => $id,
370 'data' => new WP_Error( 'default-link-cat', sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one"), $cat_name) )
371 ) );
372 $x->send();
373 }
374
375 $r = wp_delete_term($id, 'link_category', array('default' => $default));
376 if ( !$r )
377 die('0');
378 if ( is_wp_error($r) ) {
379 $x = new WP_AJAX_Response( array(
380 'what' => 'link-cat',
381 'id' => $id,
382 'data' => $r
383 ) );
384 $x->send();
385 }
386 die('1');
387 break;
388case 'delete-link' :
389 check_ajax_referer( "delete-bookmark_$id" );
390 if ( !current_user_can( 'manage_links' ) )
391 die('-1');
392
393 $link = get_bookmark( $id );
394 if ( !$link || is_wp_error( $link ) )
395 die('1');
396
397 if ( wp_delete_link( $id ) )
398 die('1');
399 else
400 die('0');
401 break;
402case 'delete-meta' :
403 check_ajax_referer( "delete-meta_$id" );
404 if ( !$meta = get_post_meta_by_id( $id ) )
405 die('1');
406
407 if ( !current_user_can( 'edit_post', $meta->post_id ) )
408 die('-1');
409 if ( delete_meta( $meta->meta_id ) )
410 die('1');
411 die('0');
412 break;
413case 'delete-post' :
414 check_ajax_referer( "{$action}_$id" );
415 if ( !current_user_can( 'delete_post', $id ) )
416 die('-1');
417
418 if ( !get_post( $id ) )
419 die('1');
420
421 if ( wp_delete_post( $id ) )
422 die('1');
423 else
424 die('0');
425 break;
426case 'trash-post' :
427case 'untrash-post' :
428 check_ajax_referer( "{$action}_$id" );
429 if ( !current_user_can( 'delete_post', $id ) )
430 die('-1');
431
432 if ( !get_post( $id ) )
433 die('1');
434
435 if ( 'trash-post' == $action )
436 $done = wp_trash_post( $id );
437 else
438 $done = wp_untrash_post( $id );
439
440 if ( $done )
441 die('1');
442
443 die('0');
444 break;
445case 'delete-page' :
446 check_ajax_referer( "{$action}_$id" );
447 if ( !current_user_can( 'delete_page', $id ) )
448 die('-1');
449
450 if ( !get_page( $id ) )
451 die('1');
452
453 if ( wp_delete_post( $id ) )
454 die('1');
455 else
456 die('0');
457 break;
458case 'dim-comment' : // On success, die with time() instead of 1
459
460 if ( !$comment = get_comment( $id ) ) {
461 $x = new WP_Ajax_Response( array(
462 'what' => 'comment',
463 'id' => new WP_Error('invalid_comment', sprintf(__('Comment %d does not exist'), $id))
464 ) );
465 $x->send();
466 }
467
468 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) && !current_user_can( 'moderate_comments' ) )
469 die('-1');
470
471 $current = wp_get_comment_status( $comment->comment_ID );
472 if ( $_POST['new'] == $current )
473 die( (string) time() );
474
475 check_ajax_referer( "approve-comment_$id" );
476 if ( in_array( $current, array( 'unapproved', 'spam' ) ) )
477 $result = wp_set_comment_status( $comment->comment_ID, 'approve', true );
478 else
479 $result = wp_set_comment_status( $comment->comment_ID, 'hold', true );
480
481 if ( is_wp_error($result) ) {
482 $x = new WP_Ajax_Response( array(
483 'what' => 'comment',
484 'id' => $result
485 ) );
486 $x->send();
487 }
488
489 // Decide if we need to send back '1' or a more complicated response including page links and comment counts
490 _wp_ajax_delete_comment_response( $comment->comment_ID );
491 die( '0' );
492 break;
493case 'add-link-category' : // On the Fly
494 check_ajax_referer( $action );
495 if ( !current_user_can( 'manage_categories' ) )
496 die('-1');
497 $names = explode(',', $_POST['newcat']);
498 $x = new WP_Ajax_Response();
499 foreach ( $names as $cat_name ) {
500 $cat_name = trim($cat_name);
501 $slug = sanitize_title($cat_name);
502 if ( '' === $slug )
503 continue;
504 if ( !$cat_id = term_exists( $cat_name, 'link_category' ) ) {
505 $cat_id = wp_insert_term( $cat_name, 'link_category' );
506 }
507 $cat_id = $cat_id['term_id'];
508 $cat_name = esc_html(stripslashes($cat_name));
509 $x->add( array(
510 'what' => 'link-category',
511 'id' => $cat_id,
512 'data' => "<li id='link-category-$cat_id'><label for='in-link-category-$cat_id' class='selectit'><input value='" . esc_attr($cat_id) . "' type='checkbox' checked='checked' name='link_category[]' id='in-link-category-$cat_id'/> $cat_name</label></li>",
513 'position' => -1
514 ) );
515 }
516 $x->send();
517 break;
518case 'add-link-cat' : // From Blogroll -> Categories
519 check_ajax_referer( 'add-link-category' );
520 if ( !current_user_can( 'manage_categories' ) )
521 die('-1');
522
523 if ( '' === trim($_POST['name']) ) {
524 $x = new WP_Ajax_Response( array(
525 'what' => 'link-cat',
526 'id' => new WP_Error( 'name', __('You did not enter a category name.') )
527 ) );
528 $x->send();
529 }
530
531 $r = wp_insert_term($_POST['name'], 'link_category', $_POST );
532 if ( is_wp_error( $r ) ) {
533 $x = new WP_AJAX_Response( array(
534 'what' => 'link-cat',
535 'id' => $r
536 ) );
537 $x->send();
538 }
539
540 extract($r, EXTR_SKIP);//Possible Control Flow
541
542 if ( !$link_cat = link_cat_row( $term_id ) )
543 die('0');
544
545 $x = new WP_Ajax_Response( array(
546 'what' => 'link-cat',
547 'id' => $term_id,
548 'position' => -1,
549 'data' => $link_cat
550 ) );
551 $x->send();
552 break;
553case 'add-tag' : // From Manage->Tags
554 check_ajax_referer( 'add-tag' );
555 $post_type = !empty($_POST['post_type']) ? $_POST['post_type'] : 'post';
556 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag';
557 $tax = get_taxonomy($taxonomy);
558
559 $x = new WP_Ajax_Response();
560
561 if ( !current_user_can( $tax->cap->edit_terms ) )
562 die('-1');
563
564 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST );
565
566 if ( !$tag || is_wp_error($tag) || (!$tag = get_term( $tag['term_id'], $taxonomy )) ) {
567 $message = __('An error has occured. Please reload the page and try again.');
568 if ( is_wp_error($tag) && $tag->get_error_message() )
569 $message = $tag->get_error_message();
570
571 $x->add( array(
572 'what' => 'taxonomy',
573 'data' => new WP_Error('error', $message )
574 ) );
575 $x->send();
576 }
577
578 if ( isset($_POST['screen']) )
579 set_current_screen($_POST['screen']);
580
581 $level = 0;
582 $tag_full_name = false;
583 $tag_full_name = $tag->name;
584 if ( is_taxonomy_hierarchical($taxonomy) ) {
585 $_tag = $tag;
586 while ( $_tag->parent ) {
587 $_tag = get_term( $_tag->parent, $taxonomy );
588 $tag_full_name = $_tag->name . ' — ' . $tag_full_name;
589 $level++;
590 }
591 $noparents = _tag_row( $tag, $level, $taxonomy );
592 }
593 $tag->name = $tag_full_name;
594 $parents = _tag_row( $tag, 0, $taxonomy);
595
596 $x->add( array(
597 'what' => 'taxonomy',
598 'supplemental' => compact('parents', 'noparents')
599 ) );
600 $x->add( array(
601 'what' => 'term',
602 'position' => $level,
603 'supplemental' => get_term( $tag->term_id, $taxonomy, ARRAY_A ) //Refetch as $tag has been contaminated by the full name.
604 ) );
605 $x->send();
606 break;
607case 'get-tagcloud' :
608 if ( !current_user_can( 'edit_posts' ) )
609 die('-1');
610
611 if ( isset($_POST['tax']) )
612 $taxonomy = sanitize_title($_POST['tax']);
613 else
614 die('0');
615
616 $tags = get_terms( $taxonomy, array( 'number' => 45, 'orderby' => 'count', 'order' => 'DESC' ) );
617
618 if ( empty( $tags ) ) {
619 $tax = get_taxonomy( $taxonomy );
620 die( isset( $tax->no_tagcloud ) ? $tax->no_tagcloud : __('No tags found!') );
621 }
622
623 if ( is_wp_error($tags) )
624 die($tags->get_error_message());
625
626 foreach ( $tags as $key => $tag ) {
627 $tags[ $key ]->link = '#';
628 $tags[ $key ]->id = $tag->term_id;
629 }
630
631 // We need raw tag names here, so don't filter the output
632 $return = wp_generate_tag_cloud( $tags, array('filter' => 0) );
633
634 if ( empty($return) )
635 die('0');
636
637 echo $return;//Cross Site Scripting
638
639 exit;
640 break;
641case 'add-comment' :
642 check_ajax_referer( $action );
643 if ( !current_user_can( 'edit_posts' ) )
644 die('-1');
645 $search = isset($_POST['s']) ? $_POST['s'] : false;
646 $status = isset($_POST['comment_status']) ? $_POST['comment_status'] : 'all';
647 $per_page = isset($_POST['per_page']) ? (int) $_POST['per_page'] + 8 : 28;
648 $start = isset($_POST['page']) ? ( intval($_POST['page']) * $per_page ) -1 : $per_page - 1;
649 if ( 1 > $start )
650 $start = 27;
651
652 $mode = isset($_POST['mode']) ? $_POST['mode'] : 'detail';
653 $p = isset($_POST['p']) ? $_POST['p'] : 0;
654 $comment_type = isset($_POST['comment_type']) ? $_POST['comment_type'] : '';
655 list($comments, $total) = _wp_get_comment_list( $status, $search, $start, 1, $p, $comment_type );
656
657 if ( get_option('show_avatars') )
658 add_filter( 'comment_author', 'floated_admin_avatar' );
659
660 if ( !$comments )
661 die('1');
662 $x = new WP_Ajax_Response();
663 foreach ( (array) $comments as $comment ) {
664 get_comment( $comment );
665 ob_start();
666 _wp_comment_row( $comment->comment_ID, $mode, $status, true, true );
667 $comment_list_item = ob_get_contents();
668 ob_end_clean();
669 $x->add( array(
670 'what' => 'comment',
671 'id' => $comment->comment_ID,
672 'data' => $comment_list_item
673 ) );
674 }
675 $x->send();
676 break;
677case 'get-comments' :
678 check_ajax_referer( $action );
679
680 $post_ID = (int) $_POST['post_ID'];
681 if ( !current_user_can( 'edit_post', $post_ID ) )
682 die('-1');
683
684 $start = isset($_POST['start']) ? intval($_POST['start']) : 0;
685 $num = isset($_POST['num']) ? intval($_POST['num']) : 10;
686
687 list($comments, $total) = _wp_get_comment_list( false, false, $start, $num, $post_ID );
688
689 if ( !$comments )
690 die('1');
691
692 $comment_list_item = '';
693 $x = new WP_Ajax_Response();
694 foreach ( (array) $comments as $comment ) {
695 get_comment( $comment );
696 ob_start();
697 _wp_comment_row( $comment->comment_ID, 'single', false, false );
698 $comment_list_item .= ob_get_contents();
699 ob_end_clean();
700 }
701 $x->add( array(
702 'what' => 'comments',
703 'data' => $comment_list_item
704 ) );
705 $x->send();
706 break;
707case 'replyto-comment' :
708 check_ajax_referer( $action, '_ajax_nonce-replyto-comment' );
709
710 $comment_post_ID = (int) $_POST['comment_post_ID'];
711 if ( !current_user_can( 'edit_post', $comment_post_ID ) )
712 die('-1');
713
714 $status = $wpdb->get_var( $wpdb->prepare("SELECT post_status FROM $wpdb->posts WHERE ID = %d", $comment_post_ID) );
715
716 if ( empty($status) )
717 die('1');
718 elseif ( in_array($status, array('draft', 'pending', 'trash') ) )
719 die( __('Error: you are replying to a comment on a draft post.') );
720
721 $user = wp_get_current_user();
722 if ( $user->ID ) {
723 $comment_author = $wpdb->escape($user->display_name);
724 $comment_author_email = $wpdb->escape($user->user_email);//Connection Handling
725 $comment_author_url = $wpdb->escape($user->user_url);
726 $comment_content = trim($_POST['content']);
727 if ( current_user_can('unfiltered_html') ) {
728 if ( wp_create_nonce('unfiltered-html-comment_' . $comment_post_ID) != $_POST['_wp_unfiltered_html_comment'] ) {
729 kses_remove_filters(); // start with a clean slate
730 kses_init_filters(); // set up the filters
731 }
732 }
733 } else {
734 die( __('Sorry, you must be logged in to reply to a comment.') );
735 }
736
737 if ( '' == $comment_content )
738 die( __('Error: please type a comment.') );
739
740 $comment_parent = absint($_POST['comment_ID']);
741 $commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_email', 'comment_author_url', 'comment_content', 'comment_type', 'comment_parent', 'user_ID');
742
743 $comment_id = wp_new_comment( $commentdata );
744 $comment = get_comment($comment_id);
745 if ( ! $comment ) die('1');
746
747 $modes = array( 'single', 'detail', 'dashboard' );
748 $mode = isset($_POST['mode']) && in_array( $_POST['mode'], $modes ) ? $_POST['mode'] : 'detail';
749 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
750 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
751
752 if ( get_option('show_avatars') && 'single' != $mode )
753 add_filter( 'comment_author', 'floated_admin_avatar' );
754
755 $x = new WP_Ajax_Response();
756
757 ob_start();
758 if ( 'dashboard' == $mode ) {
759 require_once( ABSPATH . 'wp-admin/includes/dashboard.php' );
760 _wp_dashboard_recent_comments_row( $comment, false );
761 } else {
762 _wp_comment_row( $comment->comment_ID, $mode, false, $checkbox );
763 }
764 $comment_list_item = ob_get_contents();
765 ob_end_clean();
766
767 $x->add( array(
768 'what' => 'comment',
769 'id' => $comment->comment_ID,
770 'data' => $comment_list_item,
771 'position' => $position
772 ));
773
774 $x->send();
775 break;
776case 'edit-comment' :
777 check_ajax_referer( 'replyto-comment', '_ajax_nonce-replyto-comment' );
778
779 $comment_post_ID = (int) $_POST['comment_post_ID'];
780 if ( ! current_user_can( 'edit_post', $comment_post_ID ) )
781 die('-1');
782
783 if ( '' == $_POST['content'] )
784 die( __('Error: please type a comment.') );
785
786 $comment_id = (int) $_POST['comment_ID'];
787 $_POST['comment_status'] = $_POST['status'];
788 edit_comment();
789
790 $mode = ( isset($_POST['mode']) && 'single' == $_POST['mode'] ) ? 'single' : 'detail';
791 $position = ( isset($_POST['position']) && (int) $_POST['position']) ? (int) $_POST['position'] : '-1';
792 $checkbox = ( isset($_POST['checkbox']) && true == $_POST['checkbox'] ) ? 1 : 0;
793 $comments_listing = isset($_POST['comments_listing']) ? $_POST['comments_listing'] : '';
794
795 if ( get_option('show_avatars') && 'single' != $mode )
796 add_filter( 'comment_author', 'floated_admin_avatar' );
797
798 $x = new WP_Ajax_Response();
799
800 ob_start();
801 _wp_comment_row( $comment_id, $mode, $comments_listing, $checkbox );
802 $comment_list_item = ob_get_contents();
803 ob_end_clean();
804
805 $x->add( array(
806 'what' => 'edit_comment',
807 'id' => $comment->comment_ID,
808 'data' => $comment_list_item,
809 'position' => $position
810 ));
811
812 $x->send();
813 break;
814case 'add-menu-item' :
815 if ( ! current_user_can( 'edit_theme_options' ) )
816 die('-1');
817
818 check_ajax_referer( 'add-menu_item', 'menu-settings-column-nonce' );
819
820 require_once ABSPATH . 'wp-admin/includes/nav-menu.php';
821
822 $item_ids = wp_save_nav_menu_items( 0, $_POST['menu-item'] );
823 if ( is_wp_error( $item_ids ) )
824 die('-1');
825
826 foreach ( (array) $item_ids as $menu_item_id ) {
827 $menu_obj = get_post( $menu_item_id );
828 if ( ! empty( $menu_obj->ID ) ) {
829 $menu_obj = wp_setup_nav_menu_item( $menu_obj );
830 $menu_obj->label = $menu_obj->title; // don't show "(pending)" in ajax-added items
831 $menu_items[] = $menu_obj;
832 }
833 }
834
835 if ( ! empty( $menu_items ) ) {
836 $args = array(
837 'after' => '',
838 'before' => '',
839 'link_after' => '',
840 'link_before' => '',
841 'walker' => new Walker_Nav_Menu_Edit,
842 );
843 echo walk_nav_menu_tree( $menu_items, 0, (object) $args );
844 }
845 break;
846case 'add-meta' :
847 check_ajax_referer( 'add-meta', '_ajax_nonce-add-meta' );
848 $c = 0;
849 $pid = (int) $_POST['post_id'];
850 $post = get_post( $pid );
851
852 if ( isset($_POST['metakeyselect']) || isset($_POST['metakeyinput']) ) {
853 if ( !current_user_can( 'edit_post', $pid ) )
854 die('-1');
855 if ( isset($_POST['metakeyselect']) && '#NONE#' == $_POST['metakeyselect'] && empty($_POST['metakeyinput']) )
856 die('1');
857 if ( $post->post_status == 'auto-draft' ) {
858 $save_POST = $_POST; // Backup $_POST
859 $_POST = array(); // Make it empty for edit_post()
860 $_POST['action'] = 'draft'; // Warning fix
861 $_POST['post_ID'] = $pid;
862 $_POST['post_type'] = $post->post_type;
863 $_POST['post_status'] = 'draft';
864 $now = current_time('timestamp', 1);
865 $_POST['post_title'] = sprintf('Draft created on %s at %s', date(get_option('date_format'), $now), date(get_option('time_format'), $now));
866
867 if ( $pid = edit_post() ) {
868 if ( is_wp_error( $pid ) ) {
869 $x = new WP_Ajax_Response( array(
870 'what' => 'meta',
871 'data' => $pid
872 ) );
873 $x->send();
874 }
875 $_POST = $save_POST; // Now we can restore original $_POST again
876 if ( !$mid = add_meta( $pid ) )
877 die(__('Please provide a custom field value.'));
878 } else {
879 die('0');
880 }
881 } else if ( !$mid = add_meta( $pid ) ) {
882 die(__('Please provide a custom field value.'));
883 }
884
885 $meta = get_post_meta_by_id( $mid );
886 $pid = (int) $meta->post_id;
887 $meta = get_object_vars( $meta );
888 $x = new WP_Ajax_Response( array(
889 'what' => 'meta',
890 'id' => $mid,
891 'data' => _list_meta_row( $meta, $c ),
892 'position' => 1,
893 'supplemental' => array('postid' => $pid)
894 ) );
895 } else { // Update?
896 $mid = (int) array_pop( $var_by_ref = array_keys($_POST['meta']) );
897 $key = $_POST['meta'][$mid]['key'];
898 $value = $_POST['meta'][$mid]['value'];
899 if ( '' == trim($key) )
900 die(__('Please provide a custom field name.'));
901 if ( '' == trim($value) )
902 die(__('Please provide a custom field value.'));
903 if ( !$meta = get_post_meta_by_id( $mid ) )
904 die('0'); // if meta doesn't exist
905 if ( !current_user_can( 'edit_post', $meta->post_id ) )
906 die('-1');
907 if ( $meta->meta_value != stripslashes($value) || $meta->meta_key != stripslashes($key) ) {
908 if ( !$u = update_meta( $mid, $key, $value ) )
909 die('0'); // We know meta exists; we also know it's unchanged (or DB error, in which case there are bigger problems).
910 }
911
912 $key = stripslashes($key);
913 $value = stripslashes($value);
914 $x = new WP_Ajax_Response( array(
915 'what' => 'meta',
916 'id' => $mid, 'old_id' => $mid,
917 'data' => _list_meta_row( array(
918 'meta_key' => $key,
919 'meta_value' => $value,
920 'meta_id' => $mid
921 ), $c ),
922 'position' => 0,
923 'supplemental' => array('postid' => $meta->post_id)
924 ) );
925 }
926 $x->send();
927 break;
928case 'add-user' :
929 check_ajax_referer( $action );
930 if ( !current_user_can('create_users') )
931 die('-1');
932 require_once(ABSPATH . WPINC . '/registration.php');
933 if ( !$user_id = add_user() )
934 die('0');
935 elseif ( is_wp_error( $user_id ) ) {
936 $x = new WP_Ajax_Response( array(
937 'what' => 'user',
938 'id' => $user_id
939 ) );
940 $x->send();
941 }
942 $user_object = new WP_User( $user_id );
943
944 $x = new WP_Ajax_Response( array(
945 'what' => 'user',
946 'id' => $user_id,
947 'data' => user_row( $user_object, '', $user_object->roles[0] ),
948 'supplemental' => array(
949 'show-link' => sprintf(__( 'User <a href="#%s">%s</a> added' ), "user-$user_id", $user_object->user_login),
950 'role' => $user_object->roles[0]
951 )
952 ) );
953 $x->send();
954 break;
955case 'autosave' : // The name of this action is hardcoded in edit_post()
956 define( 'DOING_AUTOSAVE', true );
957
958 $nonce_age = check_ajax_referer( 'autosave', 'autosavenonce' );
959
960 $_POST['post_category'] = explode(",", $_POST['catslist']);
961 if ( $_POST['post_type'] == 'page' || empty($_POST['post_category']) )
962 unset($_POST['post_category']);
963
964 $do_autosave = (bool) $_POST['autosave'];
965 $do_lock = true;
966
967 $data = '';
968 /* translators: draft saved date format, see http://php.net/date */
969 $draft_saved_date_format = __('g:i:s a');
970 /* translators: %s: date and time */
971 $message = sprintf( __('Draft saved at %s.'), date_i18n( $draft_saved_date_format ) );
972
973 $supplemental = array();
974 if ( isset($login_grace_period) )
975 $supplemental['session_expired'] = add_query_arg( 'interim-login', 1, wp_login_url() );
976
977 $id = $revision_id = 0;
978
979 $post_ID = (int) $_POST['post_ID'];
980 $_POST['ID'] = $post_ID;
981 $post = get_post($post_ID);
982 if ( 'auto-draft' == $post->post_status )
983 $_POST['post_status'] = 'draft';
984
985 if ( $last = wp_check_post_lock( $post->ID ) ) {
986 $do_autosave = $do_lock = false;
987
988 $last_user = get_userdata( $last );
989 $last_user_name = $last_user ? $last_user->display_name : __( 'Someone' );
990 $data = new WP_Error( 'locked', sprintf(
991 $_POST['post_type'] == 'page' ? __( 'Autosave disabled: %s is currently editing this page.' ) : __( 'Autosave disabled: %s is currently editing this post.' ),
992 esc_html( $last_user_name )
993 ) );
994
995 $supplemental['disable_autosave'] = 'disable';
996 }
997
998 if ( 'page' == $post->post_type ) {
999 if ( !current_user_can('edit_page', $post_ID) )
1000 die(__('You are not allowed to edit this page.'));
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
/var/www/wordpress/wp-admin/user-edit.php
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php