/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
#CodeDescriptions
1<?php
2/**
3 * Media Library administration panel.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/** WordPress Administration Bootstrap */
10require_once('./admin.php');
11wp_enqueue_script( 'wp-ajax-response' );
12wp_enqueue_script( 'jquery-ui-draggable' );
13
14if ( !current_user_can('upload_files') )
15 wp_die(__('You do not have permission to upload files.'));
16
17if ( isset($_GET['find_detached']) ) {
18 check_admin_referer('bulk-media');
19
20 if ( !current_user_can('edit_posts') )
21 wp_die( __('You are not allowed to scan for lost attachments.') );
22
23 $lost = $wpdb->get_col("SELECT ID FROM $wpdb->posts WHERE post_type = 'attachment' AND post_parent > '0' and post_parent NOT IN ( SELECT ID FROM $wpdb->posts WHERE post_type NOT IN ('attachment', '" . join("', '", get_post_types( array( 'public' => false ) ) ) . "') )");
24
25 $_GET['detached'] = 1;
26
27} elseif ( isset($_GET['found_post_id']) && isset($_GET['media']) ) {
28 check_admin_referer('bulk-media');
29
30 if ( ! ( $parent_id = (int) $_GET['found_post_id'] ) )
31 return;
32
33 $parent = &get_post($parent_id);
34 if ( !current_user_can('edit_post', $parent_id) )
35 wp_die( __('You are not allowed to edit this post.') );
36
37 $attach = array();
38 foreach( (array) $_GET['media'] as $att_id ) {
39 $att_id = (int) $att_id;
40
41 if ( !current_user_can('edit_post', $att_id) )
42 continue;
43
44 $attach[] = $att_id;
45 clean_attachment_cache($att_id);
46 }
47
48 if ( ! empty($attach) ) {
49 $attach = implode(',', $attach);
50 $attached = $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = %d WHERE post_type = 'attachment' AND ID IN ($attach)", $parent_id) );
51 }
52
53 if ( isset($attached) ) {
54 $location = 'upload.php';
55 if ( $referer = wp_get_referer() ) {
56 if ( false !== strpos($referer, 'upload.php') )
57 $location = $referer;
58 }
59
60 $location = add_query_arg( array( 'attached' => $attached ) , $location );
61 wp_redirect($location);
62 exit;
63 }
64
65} elseif ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delete_all']) || isset($_GET['delete_all2']) ) {
66 check_admin_referer('bulk-media');
67
68 if ( isset($_GET['delete_all']) || isset($_GET['delete_all2']) ) {
69 $post_ids = $wpdb->get_col( "SELECT ID FROM $wpdb->posts WHERE post_type='attachment' AND post_status = 'trash'" );
70 $doaction = 'delete';
71 } elseif ( ( $_GET['action'] != -1 || $_GET['action2'] != -1 ) && ( isset($_GET['media']) || isset($_GET['ids']) ) ) {
72 $post_ids = isset($_GET['media']) ? $_GET['media'] : explode(',', $_GET['ids']);
73 $doaction = ($_GET['action'] != -1) ? $_GET['action'] : $_GET['action2'];
74 } else {
75 wp_redirect($_SERVER['HTTP_REFERER']);
76 }
77
78 $location = 'upload.php';
79 if ( $referer = wp_get_referer() ) {
80 if ( false !== strpos($referer, 'upload.php') )
81 $location = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'message', 'ids', 'posted'), $referer );
82 }
83
84 switch ( $doaction ) {
85 case 'trash':
86 foreach( (array) $post_ids as $post_id ) {
87 if ( !current_user_can('delete_post', $post_id) )
88 wp_die( __('You are not allowed to move this post to the trash.') );
89
90 if ( !wp_trash_post($post_id) )
91 wp_die( __('Error in moving to trash...') );
92 }
93 $location = add_query_arg( array( 'trashed' => count($post_ids), 'ids' => join(',', $post_ids) ), $location );
94 break;
95 case 'untrash':
96 foreach( (array) $post_ids as $post_id ) {
97 if ( !current_user_can('delete_post', $post_id) )
98 wp_die( __('You are not allowed to move this post out of the trash.') );
99
100 if ( !wp_untrash_post($post_id) )
101 wp_die( __('Error in restoring from trash...') );
102 }
103 $location = add_query_arg('untrashed', count($post_ids), $location);
104 break;
105 case 'delete':
106 foreach( (array) $post_ids as $post_id_del ) {
107 if ( !current_user_can('delete_post', $post_id_del) )
108 wp_die( __('You are not allowed to delete this post.') );
109
110 if ( !wp_delete_attachment($post_id_del) )
111 wp_die( __('Error in deleting...') );
112 }
113 $location = add_query_arg('deleted', count($post_ids), $location);
114 break;
115 }
116
117 wp_redirect($location);
118 exit;
119} elseif ( ! empty($_GET['_wp_http_referer']) ) {
120 wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
121 exit;
122}
123
124$title = __('Media Library');
125$parent_file = 'upload.php';
126
127if ( ! isset( $_GET['paged'] ) || $_GET['paged'] < 1 )
128 $_GET['paged'] = 1;
129
130if ( isset($_GET['detached']) ) {
131
132 $media_per_page = (int) get_user_option( 'upload_per_page' );
133 if ( empty($media_per_page) || $media_per_page < 1 )
134 $media_per_page = 20;
135 $media_per_page = apply_filters( 'upload_per_page', $media_per_page );
136
137 if ( !empty($lost) ) {
138 $start = ( (int) $_GET['paged'] - 1 ) * $media_per_page;
139 $page_links_total = ceil(count($lost) / $media_per_page);
140 $lost = implode(',', $lost);
141
142 $orphans = $wpdb->get_results( $wpdb->prepare( "SELECT * FROM $wpdb->posts WHERE post_type = 'attachment' AND ID IN (%s) LIMIT %d, %d", $lost, $start, $media_per_page ) );
143 } else {
144 $start = ( (int) $_GET['paged'] - 1 ) * $media_per_page;
145 $orphans = $wpdb->get_results( $wpdb->prepare( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->posts WHERE post_type = 'attachment' AND post_status != 'trash' AND post_parent < 1 LIMIT %d, %d", $start, $media_per_page ) );
146 $total_orphans = $wpdb->get_var( "SELECT FOUND_ROWS()" );
147 $page_links_total = ceil( $total_orphans / $media_per_page );
148 $wp_query->found_posts = $total_orphans;
149 $wp_query->query_vars['posts_per_page'] = $media_per_page;
150 }
151
152 $post_mime_types = get_post_mime_types();
153 $avail_post_mime_types = get_available_post_mime_types('attachment');
154
155 if ( isset($_GET['post_mime_type']) && !array_intersect( (array) $_GET['post_mime_type'], array_keys($post_mime_types) ) )
156 unset($_GET['post_mime_type']);
157
158} else {
159 list($post_mime_types, $avail_post_mime_types) = wp_edit_attachments_query();
160}
161
162$is_trash = ( isset($_GET['status']) && $_GET['status'] == 'trash' );
163
164wp_enqueue_script('media');
165
166add_contextual_help( $current_screen,
167 '<p>' . __('All the files you’ve uploaded are listed in the Media Library, with the most recent uploads listed first. You can use the <em>Screen Options</em> tab to customize the display of this screen.') . '</p>' .
168 '<p>' . __('You can narrow the list by file type/status using the text link filters at the top of the screen. You also can refine the list by date using the dropdown menu above the media table.') . '</p>' .
169 '<p>' . __('Hovering over a row reveals action links: <em>Edit</em>, <em>Delete Permanently</em>, and <em>View</em>. Clicking <em>Edit</em> or on the media file’s name displays a simple screen to edit that individual file’s metadata. Clicking <em>Delete Permanently</em> will delete the file from the media library (as well as from any posts to which it is currently attached). <em>View</em> will take you to the display page for that file.') . '</p>' .
170 '<p>' . __('If a media file has not been attached to any post, you will see that in the <em>Attached To</em> column, and can click on <em>Attach File</em> to launch a small popup that will allow you to search for a post and attach the file.') . '</p>' .
171 '<p><strong>' . __('For more information:') . '</strong></p>' .
172 '<p>' . __('<a href="http://codex.wordpress.org/Media_Library_SubPanel" target="_blank">Media Library Documentation</a>') . '</p>' .
173 '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
174);
175
176require_once('./admin-header.php');
177?>
178
179<div class="wrap">
180<?php screen_icon(); ?>
181<h2><?php echo esc_html( $title ); ?> <a href="media-new.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'file'); ?></a> <?php
182if ( isset($_GET['s']) && $_GET['s'] )
183 printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', get_search_query() ); ?>
184</h2>
185
186<?php
187$message = '';
188if ( isset($_GET['posted']) && (int) $_GET['posted'] ) {
189 $message = __('Media attachment updated.');
190 $_SERVER['REQUEST_URI'] = remove_query_arg(array('posted'), $_SERVER['REQUEST_URI']);
191}
192
193if ( isset($_GET['attached']) && (int) $_GET['attached'] ) {
194 $attached = (int) $_GET['attached'];
195 $message = sprintf( _n('Reattached %d attachment.', 'Reattached %d attachments.', $attached), $attached );
196 $_SERVER['REQUEST_URI'] = remove_query_arg(array('attached'), $_SERVER['REQUEST_URI']);
197}
198
199if ( isset($_GET['deleted']) && (int) $_GET['deleted'] ) {
200 $message = sprintf( _n( 'Media attachment permanently deleted.', '%d media attachments permanently deleted.', $_GET['deleted'] ), number_format_i18n( $_GET['deleted'] ) );
201 $_SERVER['REQUEST_URI'] = remove_query_arg(array('deleted'), $_SERVER['REQUEST_URI']);
202}
203
204if ( isset($_GET['trashed']) && (int) $_GET['trashed'] ) {
205 $message = sprintf( _n( 'Media attachment moved to the trash.', '%d media attachments moved to the trash.', $_GET['trashed'] ), number_format_i18n( $_GET['trashed'] ) );
206 $message .= ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
207 $_SERVER['REQUEST_URI'] = remove_query_arg(array('trashed'), $_SERVER['REQUEST_URI']);
208}
209
210if ( isset($_GET['untrashed']) && (int) $_GET['untrashed'] ) {
211 $message = sprintf( _n( 'Media attachment restored from the trash.', '%d media attachments restored from the trash.', $_GET['untrashed'] ), number_format_i18n( $_GET['untrashed'] ) );
212 $_SERVER['REQUEST_URI'] = remove_query_arg(array('untrashed'), $_SERVER['REQUEST_URI']);
213}
214
215$messages[1] = __('Media attachment updated.');
216$messages[2] = __('Media permanently deleted.');
217$messages[3] = __('Error saving media attachment.');
218$messages[4] = __('Media moved to the trash.') . ' <a href="' . esc_url( wp_nonce_url( 'upload.php?doaction=undo&action=untrash&ids='.(isset($_GET['ids']) ? $_GET['ids'] : ''), "bulk-media" ) ) . '">' . __('Undo') . '</a>';
219$messages[5] = __('Media restored from the trash.');
220
221if ( isset($_GET['message']) && (int) $_GET['message'] ) {
222 $message = $messages[$_GET['message']];
223 $_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
224}
225
226if ( !empty($message) ) { ?>
227<div id="message" class="updated"><p><?php echo $message; ?></p></div>//Cross Site Scripting
228<?php } ?>
229
230<ul class="subsubsub">
231<?php
232$type_links = array();
233$_num_posts = (array) wp_count_attachments();
234$_total_posts = array_sum($_num_posts) - $_num_posts['trash'];
235if ( !isset( $total_orphans ) )
236 $total_orphans = $wpdb->get_var( "SELECT COUNT( * ) FROM $wpdb->posts WHERE post_type = 'attachment' AND post_status != 'trash' AND post_parent < 1" );
237$matches = wp_match_mime_types(array_keys($post_mime_types), array_keys($_num_posts));
238foreach ( $matches as $type => $reals )
239 foreach ( $reals as $real )
240 $num_posts[$type] = ( isset( $num_posts[$type] ) ) ? $num_posts[$type] + $_num_posts[$real] : $_num_posts[$real];
241
242$class = ( empty($_GET['post_mime_type']) && !isset($_GET['detached']) && !isset($_GET['status']) ) ? ' class="current"' : '';
243$type_links[] = "<li><a href='upload.php'$class>" . sprintf( _nx( 'All <span class="count">(%s)</span>', 'All <span class="count">(%s)</span>', $_total_posts, 'uploaded files' ), number_format_i18n( $_total_posts ) ) . '</a>';
244foreach ( $post_mime_types as $mime_type => $label ) {
245 $class = '';
246
247 if ( !wp_match_mime_types($mime_type, $avail_post_mime_types) )
248 continue;
249
250 if ( !empty($_GET['post_mime_type']) && wp_match_mime_types($mime_type, $_GET['post_mime_type']) )
251 $class = ' class="current"';
252 if ( !empty( $num_posts[$mime_type] ) )
253 $type_links[] = "<li><a href='upload.php?post_mime_type=$mime_type'$class>" . sprintf( _n( $label[2][0], $label[2][1], $num_posts[$mime_type] ), number_format_i18n( $num_posts[$mime_type] )) . '</a>';
254}
255$type_links[] = '<li><a href="upload.php?detached=1"' . ( isset($_GET['detached']) ? ' class="current"' : '' ) . '>' . sprintf( _nx( 'Unattached <span class="count">(%s)</span>', 'Unattached <span class="count">(%s)</span>', $total_orphans, 'detached files' ), number_format_i18n( $total_orphans ) ) . '</a>';
256
257if ( !empty($_num_posts['trash']) )
258 $type_links[] = '<li><a href="upload.php?status=trash"' . ( (isset($_GET['status']) && $_GET['status'] == 'trash' ) ? ' class="current"' : '') . '>' . sprintf( _nx( 'Trash <span class="count">(%s)</span>', 'Trash <span class="count">(%s)</span>', $_num_posts['trash'], 'uploaded files' ), number_format_i18n( $_num_posts['trash'] ) ) . '</a>';
259
260echo implode( " |</li>\n", $type_links) . '</li>';
261unset($type_links);
262?>
263</ul>
264
265<form class="search-form" action="" method="get">
266<p class="search-box">
267 <label class="screen-reader-text" for="media-search-input"><?php _e( 'Search Media' ); ?>:</label>
268 <input type="text" id="media-search-input" name="s" value="<?php the_search_query(); ?>" />
269 <input type="submit" value="<?php esc_attr_e( 'Search Media' ); ?>" class="button" />
270</p>
271</form>
272
273<form id="posts-filter" action="" method="get">
274<?php wp_nonce_field('bulk-media'); ?>
275<?php if ( have_posts() || isset( $orphans ) ) { ?>
276<div class="tablenav">
277<?php
278if ( ! isset($page_links_total) )
279 $page_links_total = $wp_query->max_num_pages;
280
281$page_links = paginate_links( array(
282 'base' => add_query_arg( 'paged', '%#%' ),
283 'format' => '',
284 'prev_text' => __('«'),
285 'next_text' => __('»'),
286 'total' => $page_links_total,
287 'current' => $_GET['paged']
288));
289
290if ( $page_links ) : ?>
291<div class="tablenav-pages"><?php $page_links_text = sprintf( '<span class="displaying-num">' . __( 'Displaying %s–%s of %s' ) . '</span>%s',
292 number_format_i18n( ( $_GET['paged'] - 1 ) * $wp_query->query_vars['posts_per_page'] + 1 ),
293 number_format_i18n( min( $_GET['paged'] * $wp_query->query_vars['posts_per_page'], $wp_query->found_posts ) ),
294 number_format_i18n( $wp_query->found_posts ),
295 $page_links
296); echo $page_links_text; ?></div>//Cross Site Scripting
297<?php endif; ?>
298
299<div class="alignleft actions">
300<?php if ( ! isset( $orphans ) || ! empty( $orphans ) ) { ?>
301<select name="action" class="select-action">
302<option value="-1" selected="selected"><?php _e('Bulk Actions'); ?></option>
303<?php if ( $is_trash ) { ?>
304<option value="untrash"><?php _e('Restore'); ?></option>
305<?php } if ( $is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) { ?>
306<option value="delete"><?php _e('Delete Permanently'); ?></option>
307<?php } else { ?>
308<option value="trash"><?php _e('Move to Trash'); ?></option>
309<?php } if ( isset($orphans) ) { ?>
310<option value="attach"><?php _e('Attach to a post'); ?></option>
311<?php } ?>
312</select>
313<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" />
314
315<?php
316if ( !is_singular() && !isset($_GET['detached']) && !$is_trash ) {
317 $arc_query = "SELECT DISTINCT YEAR(post_date) AS yyear, MONTH(post_date) AS mmonth FROM $wpdb->posts WHERE post_type = 'attachment' ORDER BY post_date DESC";
318
319 $arc_result = $wpdb->get_results( $arc_query );
320
321 $month_count = count($arc_result);
322
323 if ( $month_count && !( 1 == $month_count && 0 == $arc_result[0]->mmonth ) ) : ?>
324<select name='m'>
325<option value='0'><?php _e('Show all dates'); ?></option>
326<?php
327foreach ($arc_result as $arc_row) {
328 if ( $arc_row->yyear == 0 )
329 continue;
330 $arc_row->mmonth = zeroise( $arc_row->mmonth, 2 );
331
332 if ( isset($_GET['m']) && ( $arc_row->yyear . $arc_row->mmonth == $_GET['m'] ) )
333 $default = ' selected="selected"';
334 else
335 $default = '';
336
337 echo "<option$default value='" . esc_attr("$arc_row->yyear$arc_row->mmonth") . "'>";
338 echo $wp_locale->get_month($arc_row->mmonth) . " $arc_row->yyear";//Cross Site Scripting
339 echo "</option>\n";
340}
341?>
342</select>
343<?php endif; // month_count ?>
344
345<?php do_action('restrict_manage_posts'); ?>
346
347<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
348
349<?php } // ! is_singular ?>
350
351<?php
352
353} // ! empty( $orphans )
354
355if ( isset($_GET['detached']) ) { ?>
356 <input type="submit" id="find_detached" name="find_detached" value="<?php esc_attr_e('Scan for lost attachments'); ?>" class="button-secondary" />
357<?php } elseif ( isset($_GET['status']) && $_GET['status'] == 'trash' && current_user_can('edit_others_posts') ) { ?>
358 <input type="submit" id="delete_all" name="delete_all" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
359<?php } ?>
360
361</div>
362
363<br class="clear" />
364</div>
365
366<?php } // have_posts() || !empty( $orphans ) ?>
367
368<div class="clear"></div>
369
370<?php if ( ! empty( $orphans ) ) { ?>
371<table class="widefat" cellspacing="0">
372<thead>
373<tr>
374 <th scope="col" class="check-column"><input type="checkbox" /></th>
375 <th scope="col"></th>
376 <th scope="col"><?php /* translators: column name in media */ _ex('Media', 'media column name'); ?></th>
377 <th scope="col"><?php /* translators: column name in media */ _ex('Author', 'media column name'); ?></th>
378 <th scope="col"><?php /* translators: column name in media */ _ex('Date Added', 'media column name'); ?></th>
379</tr>
380</thead>
381
382<tfoot>
383<tr>
384 <th scope="col" class="check-column"><input type="checkbox" /></th>
385 <th scope="col"></th>
386 <th scope="col"><?php /* translators: column name in media */ _ex('Media', 'media column name'); ?></th>
387 <th scope="col"><?php /* translators: column name in media */ _ex('Author', 'media column name'); ?></th>
388 <th scope="col"><?php /* translators: column name in media */ _ex('Date Added', 'media column name'); ?></th>
389</tr>
390</tfoot>
391
392<tbody id="the-list" class="list:post">
393<?php
394 foreach ( $orphans as $post ) {
395 $class = 'alternate' == $class ? '' : 'alternate';
396 $att_title = esc_html( _draft_or_post_title($post->ID) );
397?>
398 <tr id='post-<?php echo $post->ID; ?>' class='<?php echo $class; ?>' valign="top">//Cross Site Scripting
399 <th scope="row" class="check-column"><?php if ( current_user_can('edit_post', $post->ID) ) { ?><input type="checkbox" name="media[]" value="<?php echo esc_attr($post->ID); ?>" /><?php } ?></th>
400
401 <td class="media-icon"><?php
402 if ( $thumb = wp_get_attachment_image( $post->ID, array(80, 60), true ) ) { ?>
403 <a href="media.php?action=edit&attachment_id=<?php echo $post->ID; ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $att_title)); ?>"><?php echo $thumb; ?></a>//Cross Site Scripting
404<?php } ?></td>
405
406 <td class="media column-media"><strong><a href="<?php echo get_edit_post_link( $post->ID ); ?>" title="<?php echo esc_attr(sprintf(__('Edit “%s”'), $att_title)); ?>"><?php echo $att_title; ?></a></strong><br />//Cross Site Scripting
407 <?php
408 if ( preg_match( '/^.*?\.(\w+)$/', get_attached_file( $post->ID ), $matches ) )
409 echo esc_html( strtoupper( $matches[1] ) );
410 else
411 echo strtoupper( str_replace( 'image/', '', get_post_mime_type() ) );
412 ?>
413
414 <div class="row-actions">
415 <?php
416 $actions = array();
417 if ( current_user_can('edit_post', $post->ID) )
418 $actions['edit'] = '<a href="' . get_edit_post_link($post->ID, true) . '">' . __('Edit') . '</a>';
419 if ( current_user_can('delete_post', $post->ID) )
420 if ( EMPTY_TRASH_DAYS && MEDIA_TRASH ) {
421 $actions['trash'] = "<a class='submitdelete' href='" . wp_nonce_url("post.php?action=trash&post=$post->ID", 'trash-attachment_' . $post->ID) . "'>" . __('Trash') . "</a>";
422 } else {
423 $delete_ays = !MEDIA_TRASH ? " onclick='return showNotice.warn();'" : '';
424 $actions['delete'] = "<a class='submitdelete'$delete_ays href='" . wp_nonce_url("post.php?action=delete&post=$post->ID", 'delete-attachment_' . $post->ID) . "'>" . __('Delete Permanently') . "</a>";
425 }
426 $actions['view'] = '<a href="' . get_permalink($post->ID) . '" title="' . esc_attr(sprintf(__('View “%s”'), $title)) . '" rel="permalink">' . __('View') . '</a>';
427 if ( current_user_can('edit_post', $post->ID) )
428 $actions['attach'] = '<a href="#the-list" onclick="findPosts.open(\'media[]\',\''.$post->ID.'\');return false;" class="hide-if-no-js">'.__('Attach').'</a>';
429 $actions = apply_filters( 'media_row_actions', $actions, $post );
430 $action_count = count($actions);
431 $i = 0;
432 foreach ( $actions as $action => $link ) {
433 ++$i;
434 ( $i == $action_count ) ? $sep = '' : $sep = ' | ';
435 echo "<span class='$action'>$link$sep</span>";
436 } ?>
437 </div></td>
438 <td class="author column-author"><?php $author = get_userdata($post->post_author); echo $author->display_name; ?></td>//Cross Site Scripting
439<?php if ( '0000-00-00 00:00:00' == $post->post_date && 'date' == $column_name ) {
440 $t_time = $h_time = __('Unpublished');
441 } else {
442 $t_time = get_the_time(__('Y/m/d g:i:s A'));
443 $m_time = $post->post_date;
444 $time = get_post_time( 'G', true );
445 if ( ( abs($t_diff = time() - $time) ) < 86400 ) {
446 if ( $t_diff < 0 )
447 $h_time = sprintf( __('%s from now'), human_time_diff( $time ) );
448 else
449 $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
450 } else {
451 $h_time = mysql2date(__('Y/m/d'), $m_time);
452 }
453 } ?>
454 <td class="date column-date"><?php echo $h_time ?></td>
455 </tr>
456<?php } ?>
457</tbody>
458</table>
459
460<?php
461
462} else {
463 include( './edit-attachment-rows.php' );
464} ?>
465
466<div id="ajax-response"></div>
467
468<div class="tablenav">
469
470<?php
471if ( have_posts() || ! empty( $orphans ) ) {
472
473if ( $page_links )
474 echo "<div class='tablenav-pages'>$page_links_text</div>";
475?>
476
477<div class="alignleft actions">
478<select name="action2" class="select-action">
479<option value="-1" selected="selected"><?php _e('Bulk Actions'); ?></option>
480<?php if ($is_trash) { ?>
481<option value="untrash"><?php _e('Restore'); ?></option>
482<?php } if ( $is_trash || !EMPTY_TRASH_DAYS || !MEDIA_TRASH ) { ?>
483<option value="delete"><?php _e('Delete Permanently'); ?></option>
484<?php } else { ?>
485<option value="trash"><?php _e('Move to Trash'); ?></option>
486<?php } if (isset($orphans)) { ?>
487<option value="attach"><?php _e('Attach to a post'); ?></option>
488<?php } ?>
489</select>
490<input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" />
491
492<?php if ( isset($_GET['status']) && $_GET['status'] == 'trash' && current_user_can('edit_others_posts') ) { ?>
493 <input type="submit" id="delete_all2" name="delete_all2" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
494<?php } ?>
495</div>
496
497<?php } ?>
498<br class="clear" />
499</div>
500<?php find_posts_div(); ?>
501</form>
502<br class="clear" />
503
504</div>
505
506<?php
507include('./admin-footer.php');
508
/var/www/wordpress/wp-admin/user-edit.php
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php