1 | <?php |
2 | /** |
3 | * Revisions administration panel. |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | /** WordPress Administration Bootstrap */ |
10 | require_once('./admin.php'); |
11 | |
12 | wp_enqueue_script('list-revisions'); |
13 | |
14 | wp_reset_vars(array('revision', 'left', 'right', 'action')); |
15 | |
16 | $revision_id = absint($revision); |
17 | $left = absint($left); |
18 | $right = absint($right); |
19 | |
20 | $redirect = 'edit.php'; |
21 | |
22 | switch ( $action ) : |
23 | case 'restore' : |
24 | if ( !$revision = wp_get_post_revision( $revision_id ) ) |
25 | break; |
26 | if ( !current_user_can( 'edit_post', $revision->post_parent ) ) |
27 | break; |
28 | if ( !$post = get_post( $revision->post_parent ) ) |
29 | break; |
30 | |
31 | // Revisions disabled and we're not looking at an autosave |
32 | if ( ( ! WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions') ) && !wp_is_post_autosave( $revision ) ) { |
33 | $redirect = 'edit.php?post_type=' . $post->post_type; |
34 | break; |
35 | } |
36 | |
37 | check_admin_referer( "restore-post_$post->ID|$revision->ID" ); |
38 | |
39 | wp_restore_post_revision( $revision->ID ); |
40 | $redirect = add_query_arg( array( 'message' => 5, 'revision' => $revision->ID ), get_edit_post_link( $post->ID, 'url' ) ); |
41 | break; |
42 | case 'diff' : |
43 | if ( !$left_revision = get_post( $left ) ) |
44 | break; |
45 | if ( !$right_revision = get_post( $right ) ) |
46 | break; |
47 | |
48 | if ( !current_user_can( 'read_post', $left_revision->ID ) || !current_user_can( 'read_post', $right_revision->ID ) ) |
49 | break; |
50 | |
51 | // If we're comparing a revision to itself, redirect to the 'view' page for that revision or the edit page for that post |
52 | if ( $left_revision->ID == $right_revision->ID ) { |
53 | $redirect = get_edit_post_link( $left_revision->ID ); |
54 | include( './js/revisions-js.php' ); |
55 | break; |
56 | } |
57 | |
58 | // Don't allow reverse diffs? |
59 | if ( strtotime($right_revision->post_modified_gmt) < strtotime($left_revision->post_modified_gmt) ) { |
60 | $redirect = add_query_arg( array( 'left' => $right, 'right' => $left ) ); |
61 | break; |
62 | } |
63 | |
64 | if ( $left_revision->ID == $right_revision->post_parent ) // right is a revision of left |
65 | $post =& $left_revision; |
66 | elseif ( $left_revision->post_parent == $right_revision->ID ) // left is a revision of right |
67 | $post =& $right_revision; |
68 | elseif ( $left_revision->post_parent == $right_revision->post_parent ) // both are revisions of common parent |
69 | $post = get_post( $left_revision->post_parent ); |
70 | else |
71 | break; // Don't diff two unrelated revisions |
72 | |
73 | if ( ! WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions') ) { // Revisions disabled |
74 | if ( |
75 | // we're not looking at an autosave |
76 | ( !wp_is_post_autosave( $left_revision ) && !wp_is_post_autosave( $right_revision ) ) |
77 | || |
78 | // we're not comparing an autosave to the current post |
79 | ( $post->ID !== $left_revision->ID && $post->ID !== $right_revision->ID ) |
80 | ) { |
81 | $redirect = 'edit.php?post_type=' . $post->post_type; |
82 | break; |
83 | } |
84 | } |
85 | |
86 | if ( |
87 | // They're the same |
88 | $left_revision->ID == $right_revision->ID |
89 | || |
90 | // Neither is a revision |
91 | ( !wp_get_post_revision( $left_revision->ID ) && !wp_get_post_revision( $right_revision->ID ) ) |
92 | ) |
93 | break; |
94 | |
95 | $post_title = '<a href="' . get_edit_post_link() . '">' . get_the_title() . '</a>'; |
96 | $h2 = sprintf( __( 'Compare Revisions of “%1$s”' ), $post_title ); |
97 | $title = __( 'Revisions' ); |
98 | |
99 | $left = $left_revision->ID; |
100 | $right = $right_revision->ID; |
101 | |
102 | $redirect = false; |
103 | break; |
104 | case 'view' : |
105 | default : |
106 | if ( !$revision = wp_get_post_revision( $revision_id ) ) |
107 | break; |
108 | if ( !$post = get_post( $revision->post_parent ) ) |
109 | break; |
110 | |
111 | if ( !current_user_can( 'read_post', $revision->ID ) || !current_user_can( 'read_post', $post->ID ) ) |
112 | break; |
113 | |
114 | // Revisions disabled and we're not looking at an autosave |
115 | if ( ( ! WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions') ) && !wp_is_post_autosave( $revision ) ) { |
116 | $redirect = 'edit.php?post_type=' . $post->post_type; |
117 | break; |
118 | } |
119 | |
120 | $post_title = '<a href="' . get_edit_post_link() . '">' . get_the_title() . '</a>'; |
121 | $revision_title = wp_post_revision_title( $revision, false ); |
122 | $h2 = sprintf( __( 'Revision for “%1$s” created on %2$s' ), $post_title, $revision_title ); |
123 | $title = __( 'Revisions' ); |
124 | |
125 | // Sets up the diff radio buttons |
126 | $left = $revision->ID; |
127 | $right = $post->ID; |
128 | |
129 | $redirect = false; |
130 | break; |
131 | endswitch; |
132 | |
133 | // Empty post_type means either malformed object found, or no valid parent was found. |
134 | if ( !$redirect && empty($post->post_type) ) |
135 | $redirect = 'edit.php'; |
136 | |
137 | if ( !empty($redirect) ) { |
138 | wp_redirect( $redirect ); |
139 | exit; |
140 | } |
141 | |
142 | // This is so that the correct "Edit" menu item is selected. |
143 | if ( !empty($post->post_type) && 'post' != $post->post_type ) |
144 | $parent_file = $submenu_file = 'edit.php?post_type=' . $post->post_type; | //Arbitrary file disclosing
|
145 | else |
146 | $parent_file = $submenu_file = 'edit.php'; | //Arbitrary file disclosing
|
147 | |
148 | require_once( './admin-header.php' ); |
149 | |
150 | ?> |
151 | |
152 | <div class="wrap"> |
153 | |
154 | <h2 class="long-header"><?php echo $h2; ?></h2> | //Cross Site Scripting
|
155 | |
156 | <table class="form-table ie-fixed"> |
157 | <col class="th" /> |
158 | <?php if ( 'diff' == $action ) : ?> |
159 | <tr id="revision"> |
160 | <th scope="row"></th> |
161 | <th scope="col" class="th-full"> |
162 | <span class="alignleft"><?php printf( __('Older: %s'), wp_post_revision_title( $left_revision ) ); ?></span> |
163 | <span class="alignright"><?php printf( __('Newer: %s'), wp_post_revision_title( $right_revision ) ); ?></span> |
164 | </th> |
165 | </tr> |
166 | <?php endif; |
167 | |
168 | // use get_post_to_edit filters? |
169 | $identical = true; |
170 | foreach ( _wp_post_revision_fields() as $field => $field_title ) : |
171 | if ( 'diff' == $action ) { |
172 | $left_content = apply_filters( "_wp_post_revision_field_$field", $left_revision->$field, $field ); |
173 | $right_content = apply_filters( "_wp_post_revision_field_$field", $right_revision->$field, $field ); |
174 | if ( !$content = wp_text_diff( $left_content, $right_content ) ) |
175 | continue; // There is no difference between left and right |
176 | $identical = false; |
177 | } else { |
178 | add_filter( "_wp_post_revision_field_$field", 'htmlspecialchars' ); |
179 | $content = apply_filters( "_wp_post_revision_field_$field", $revision->$field, $field ); |
180 | } |
181 | ?> |
182 | |
183 | <tr id="revision-field-<?php echo $field; ?>"> | //Cross Site Scripting
|
184 | <th scope="row"><?php echo esc_html( $field_title ); ?></th> |
185 | <td><div class="pre"><?php echo $content; ?></div></td> | //Cross Site Scripting
|
186 | </tr> |
187 | |
188 | <?php |
189 | |
190 | endforeach; |
191 | |
192 | if ( 'diff' == $action && $identical ) : |
193 | |
194 | ?> |
195 | |
196 | <tr><td colspan="2"><div class="updated"><p><?php _e( 'These revisions are identical.' ); ?></p></div></td></tr> |
197 | |
198 | <?php |
199 | |
200 | endif; |
201 | |
202 | ?> |
203 | |
204 | </table> |
205 | |
206 | <br class="clear" /> |
207 | |
208 | <h2><?php echo $title; ?></h2> | //Cross Site Scripting
|
209 | |
210 | <?php |
211 | |
212 | $args = array( 'format' => 'form-table', 'parent' => true, 'right' => $right, 'left' => $left ); |
213 | if ( ! WP_POST_REVISIONS || !post_type_supports($post->post_type, 'revisions') ) |
214 | $args['type'] = 'autosave'; |
215 | |
216 | wp_list_post_revisions( $post, $args ); |
217 | |
218 | ?> |
219 | |
220 | </div> |
221 | |
222 | <?php |
223 | require_once( './admin-footer.php' ); |
224 | |