1 | <?php |
2 | /** |
3 | * Edit attachments table for inclusion in administration panels. |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | // don't load directly |
10 | if ( !defined('ABSPATH') ) |
11 | die('-1'); |
12 | |
13 | if ( have_posts() ) { ?> |
14 | <table class="widefat fixed" cellspacing="0"> |
15 | <thead> |
16 | <tr> |
17 | <?php print_column_headers('upload'); ?> |
18 | </tr> |
19 | </thead> |
20 | |
21 | <tfoot> |
22 | <tr> |
23 | <?php print_column_headers('upload', false); ?> |
24 | </tr> |
25 | </tfoot> |
26 | |
27 | <tbody id="the-list" class="list:post"> |
28 | <?php |
29 | add_filter('the_title','esc_html'); |
30 | $alt = ''; |
31 | $posts_columns = get_column_headers('upload'); |
32 | $hidden = get_hidden_columns('upload'); |
33 | |
34 | while ( have_posts() ) : the_post(); |
35 | |
36 | if ( $is_trash && $post->post_status != 'trash' ) |
37 | continue; |
38 | elseif ( !$is_trash && $post->post_status == 'trash' ) |
39 | continue; |
40 | |
41 | $alt = ( 'alternate' == $alt ) ? '' : 'alternate'; |
42 | |
43 | $post_owner = ( get_current_user_id() == $post->post_author ? 'self' : 'other' ); |
44 | $att_title = _draft_or_post_title(); |
45 | ?> |
46 | <tr id='post-<?php echo $id; ?>' class='<?php echo trim( $alt . ' author-' . $post_owner . ' status-' . $post->post_status ); ?>' valign="top"> | //Cross Site Scripting
|
47 | |
48 | <?php |
49 | foreach ($posts_columns as $column_name => $column_display_name ) { |
50 | $class = "class=\"$column_name column-$column_name\""; |
51 | |
52 | $style = ''; |
53 | if ( in_array($column_name, $hidden) ) |
54 | $style = ' style="display:none;"'; |
55 | |
56 | $attributes = "$class$style"; |
57 | |
58 | switch($column_name) { |
59 | |
60 | case 'cb': |
61 | ?> |
62 | <th scope="row" class="check-column"><?php if ( current_user_can('edit_post', $post->ID) ) { ?><input type="checkbox" name="media[]" value="<?php the_ID(); ?>" /><?php } ?></th> |
63 | <?php |
64 | break; |
65 | |
66 | case 'icon': |
67 | $attributes = 'class="column-icon media-icon"' . $style; |
68 | ?> |
69 | <td <?php echo $attributes ?>><?php |
70 | if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { |
71 | if ( $is_trash ) echo $thumb; | //Cross Site Scripting
|
72 | else { |
73 | ?> |
74 | <a href="<?php echo get_edit_post_link( $post->ID, true ); ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $att_title)); ?>"> |
75 | <?php echo $thumb; ?> | //Cross Site Scripting
|
76 | </a> |
77 | |
78 | <?php } |
79 | } |
80 | ?></td> |
81 | <?php |
82 | // TODO |
83 | break; |
84 | |
85 | case 'media': |
86 | ?> |
87 | <td <?php echo $attributes ?>><strong><?php if ( $is_trash ) echo $att_title; else { ?><a href="<?php echo get_edit_post_link( $post->ID, true ); ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $att_title)); ?>"><?php echo $att_title; ?></a><?php } ?></strong> | //Cross Site Scripting
|
88 | <p> |
89 | <?php |
90 | if ( preg_match( '/^.*?\.(\w+)$/', get_attached_file( $post->ID ), $matches ) ) |
91 | echo esc_html( strtoupper( $matches[1] ) ); |
92 | else |
93 | echo strtoupper( str_replace( 'image/', '', get_post_mime_type() ) ); |
94 | ?> |
95 | </p> |
96 | <?php |
97 | $actions = array(); |
98 | if ( current_user_can('edit_post', $post->ID) && !$is_trash ) |
99 | $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>'; |
100 | if ( current_user_can('delete_post', $post->ID) ) { |
101 | if ( $is_trash ) |
102 | $actions['untrash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=untrash&post=$post->ID", 'untrash-attachment_' . $post->ID) . "'>" . __('Restore') . "</a>"; |
103 | elseif ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) |
104 | $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=trash&post=$post->ID", 'trash-attachment_' . $post->ID) . "'>" . __('Trash') . "</a>"; |
105 | if ( $is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) { |
106 | $delete_ays = (!$is_trash && !MEDIA_TRASH) ? " onclick='return showNotice.warn();'" : ''; |
107 | $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-attachment_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>"; |
108 | } |
109 | } |
110 | if ( !$is_trash ) { |
111 | $title =_draft_or_post_title($post->post_parent); |
112 | $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View “%s”'), $title)) . '" rel="permalink">' . __('View') . '</a>'; |
113 | } |
114 | $actions = apply_filters( 'media_row_actions', $actions, $post ); |
115 | $action_count = count($actions); |
116 | $i = 0; |
117 | echo '<div class="row-actions">'; |
118 | foreach ( $actions as $action => $link ) { |
119 | ++$i; |
120 | ( $i == $action_count ) ? $sep = '' : $sep = ' | '; |
121 | echo "<span class='$action'>$link$sep</span>"; |
122 | } |
123 | echo '</div>'; |
124 | ?></td> |
125 | <?php |
126 | break; |
127 | |
128 | case 'author': |
129 | ?> |
130 | <td <?php echo $attributes ?>><?php the_author() ?></td> |
131 | <?php |
132 | break; |
133 | |
134 | case 'tags': |
135 | ?> |
136 | <td <?php echo $attributes ?>><?php |
137 | $tags = get_the_tags(); |
138 | if ( !empty( $tags ) ) { |
139 | $out = array(); |
140 | foreach ( $tags as $c ) |
141 | $out[] = "<a href='edit.php?tag=$c->slug'> " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "</a>"; |
142 | echo join( ', ', $out ); |
143 | } else { |
144 | _e('No Tags'); |
145 | } |
146 | ?></td> |
147 | <?php |
148 | break; |
149 | |
150 | case 'desc': |
151 | ?> |
152 | <td <?php echo $attributes ?>><?php echo has_excerpt() ? $post->post_excerpt : ''; ?></td> | //Cross Site Scripting
|
153 | <?php |
154 | break; |
155 | |
156 | case 'date': |
157 | if ( '0000-00-00 00:00:00' == $post->post_date && 'date' == $column_name ) { |
158 | $t_time = $h_time = __('Unpublished'); |
159 | } else { |
160 | $t_time = get_the_time(__('Y/m/d g:i:s A')); |
161 | $m_time = $post->post_date; |
162 | $time = get_post_time( 'G', true, $post, false ); |
163 | if ( ( abs($t_diff = time() - $time) ) < 86400 ) { |
164 | if ( $t_diff < 0 ) |
165 | $h_time = sprintf( __('%s from now'), human_time_diff( $time ) ); |
166 | else |
167 | $h_time = sprintf( __('%s ago'), human_time_diff( $time ) ); |
168 | } else { |
169 | $h_time = mysql2date(__('Y/m/d'), $m_time); |
170 | } |
171 | } |
172 | ?> |
173 | <td <?php echo $attributes ?>><?php echo $h_time ?></td> |
174 | <?php |
175 | break; |
176 | |
177 | case 'parent': |
178 | if ( $post->post_parent > 0 ) { |
179 | if ( get_post($post->post_parent) ) { |
180 | $title =_draft_or_post_title($post->post_parent); |
181 | } |
182 | ?> |
183 | <td <?php echo $attributes ?>><strong><a href="<?php echo get_edit_post_link( $post->post_parent ); ?>"><?php echo $title ?></a></strong>, <?php echo get_the_time(__('Y/m/d')); ?></td> | //Cross Site Scripting
|
184 | <?php |
185 | } else { |
186 | ?> |
187 | <td <?php echo $attributes ?>><?php _e('(Unattached)'); ?><br /> | //Cross Site Scripting
|
188 | <a class="hide-if-no-js" onclick="findPosts.open('media[]','<?php echo $post->ID ?>');return false;" href="#the-list"><?php _e('Attach'); ?></a></td> | //Cross Site Scripting
|
189 | <?php |
190 | } |
191 | |
192 | break; |
193 | |
194 | case 'comments': |
195 | $attributes = 'class="comments column-comments num"' . $style; |
196 | ?> |
197 | <td <?php echo $attributes ?>><div class="post-com-count-wrapper"> |
198 | <?php |
199 | $left = get_pending_comments_num( $post->ID ); |
200 | $pending_phrase = sprintf( __('%s pending'), number_format( $left ) ); |
201 | if ( $left ) |
202 | echo '<strong>'; |
203 | comments_number("<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link */ _x('0', 'comment count') . '</span></a>', "<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link */ _x('1', 'comment count') . '</span></a>', "<a href='edit-comments.php?p=$id' title='$pending_phrase' class='post-com-count'><span class='comment-count'>" . /* translators: comment count link: % will be substituted by comment count */ _x('%', 'comment count') . '</span></a>'); |
204 | if ( $left ) |
205 | echo '</strong>'; |
206 | ?> |
207 | </div></td> |
208 | <?php |
209 | break; |
210 | |
211 | case 'actions': |
212 | ?> |
213 | <td <?php echo $attributes ?>> |
214 | <a href="media.php?action=edit&attachment_id=<?php the_ID(); ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $att_title)); ?>"><?php _e('Edit'); ?></a> | |
215 | <a href="<?php the_permalink(); ?>"><?php _e('Get permalink'); ?></a> |
216 | </td> |
217 | <?php |
218 | break; |
219 | |
220 | default: |
221 | ?> |
222 | <td <?php echo $attributes ?>><?php do_action('manage_media_custom_column', $column_name, $id); ?></td> | //Cross Site Scripting
|
223 | <?php |
224 | break; |
225 | } |
226 | } |
227 | ?> |
228 | </tr> |
229 | <?php endwhile; ?> |
230 | </tbody> |
231 | </table> |
232 | <?php } else { ?> |
233 | |
234 | <p><?php _e('No media attachments found.') ?></p> |
235 | |
236 | <?php |
237 | } // end if ( have_posts() ) |
238 | ?> |
239 | |
240 | |