WordPress Version: 6.4
/**
* WordPress Post Administration API.
*
* @package WordPress
* @subpackage Administration
*/
/**
* Renames `$_POST` data from form names to DB post columns.
*
* Manipulates `$_POST` directly.
*
* @since 2.6.0
*
* @param bool $update Whether the post already exists.
* @param array|null $post_data Optional. The array of post data to process.
* Defaults to the `$_POST` superglobal.
* @return array|WP_Error Array of post data on success, WP_Error on failure.
*/
function _wp_translate_postdata($update = false, $post_data = null)
{
if (empty($post_data)) {
$post_data =& $_POST;
}
if ($update) {
$post_data['ID'] = (int) $post_data['post_ID'];
}
$ptype = get_post_type_object($post_data['post_type']);
if ($update && !current_user_can('edit_post', $post_data['ID'])) {
if ('page' === $post_data['post_type']) {
return new WP_Error('edit_others_pages', __('Sorry, you are not allowed to edit pages as this user.'));
} else {
return new WP_Error('edit_others_posts', __('Sorry, you are not allowed to edit posts as this user.'));
}
} elseif (!$update && !current_user_can($ptype->cap->create_posts)) {
if ('page' === $post_data['post_type']) {
return new WP_Error('edit_others_pages', __('Sorry, you are not allowed to create pages as this user.'));
} else {
return new WP_Error('edit_others_posts', __('Sorry, you are not allowed to create posts as this user.'));
}
}
if (isset($post_data['content'])) {
$post_data['post_content'] = $post_data['content'];
}
if (isset($post_data['excerpt'])) {
$post_data['post_excerpt'] = $post_data['excerpt'];
}
if (isset($post_data['parent_id'])) {
$post_data['post_parent'] = (int) $post_data['parent_id'];
}
if (isset($post_data['trackback_url'])) {
$post_data['to_ping'] = $post_data['trackback_url'];
}
$post_data['user_ID'] = get_current_user_id();
if (!empty($post_data['post_author_override'])) {
$post_data['post_author'] = (int) $post_data['post_author_override'];
} else if (!empty($post_data['post_author'])) {
$post_data['post_author'] = (int) $post_data['post_author'];
} else {
$post_data['post_author'] = (int) $post_data['user_ID'];
}
if (isset($post_data['user_ID']) && $post_data['post_author'] != $post_data['user_ID'] && !current_user_can($ptype->cap->edit_others_posts)) {
if ($update) {
if ('page' === $post_data['post_type']) {
return new WP_Error('edit_others_pages', __('Sorry, you are not allowed to edit pages as this user.'));
} else {
return new WP_Error('edit_others_posts', __('Sorry, you are not allowed to edit posts as this user.'));
}
} else if ('page' === $post_data['post_type']) {
return new WP_Error('edit_others_pages', __('Sorry, you are not allowed to create pages as this user.'));
} else {
return new WP_Error('edit_others_posts', __('Sorry, you are not allowed to create posts as this user.'));
}
}
if (!empty($post_data['post_status'])) {
$post_data['post_status'] = sanitize_key($post_data['post_status']);
// No longer an auto-draft.
if ('auto-draft' === $post_data['post_status']) {
$post_data['post_status'] = 'draft';
}
if (!get_post_status_object($post_data['post_status'])) {
unset($post_data['post_status']);
}
}
// What to do based on which button they pressed.
if (isset($post_data['saveasdraft']) && '' !== $post_data['saveasdraft']) {
$post_data['post_status'] = 'draft';
}
if (isset($post_data['saveasprivate']) && '' !== $post_data['saveasprivate']) {
$post_data['post_status'] = 'private';
}
if (isset($post_data['publish']) && '' !== $post_data['publish'] && (!isset($post_data['post_status']) || 'private' !== $post_data['post_status'])) {
$post_data['post_status'] = 'publish';
}
if (isset($post_data['advanced']) && '' !== $post_data['advanced']) {
$post_data['post_status'] = 'draft';
}
if (isset($post_data['pending']) && '' !== $post_data['pending']) {
$post_data['post_status'] = 'pending';
}
if (isset($post_data['ID'])) {
$post_id = $post_data['ID'];
} else {
$post_id = false;
}
$previous_status = $post_id ? get_post_field('post_status', $post_id) : false;
if (isset($post_data['post_status']) && 'private' === $post_data['post_status'] && !current_user_can($ptype->cap->publish_posts)) {
$post_data['post_status'] = $previous_status ? $previous_status : 'pending';
}
$published_statuses = array('publish', 'future');
/*
* Posts 'submitted for approval' are submitted to $_POST the same as if they were being published.
* Change status from 'publish' to 'pending' if user lacks permissions to publish or to resave published posts.
*/
if (isset($post_data['post_status']) && (in_array($post_data['post_status'], $published_statuses, true) && !current_user_can($ptype->cap->publish_posts))) {
if (!in_array($previous_status, $published_statuses, true) || !current_user_can('edit_post', $post_id)) {
$post_data['post_status'] = 'pending';
}
}
if (!isset($post_data['post_status'])) {
$post_data['post_status'] = ('auto-draft' === $previous_status) ? 'draft' : $previous_status;
}
if (isset($post_data['post_password']) && !current_user_can($ptype->cap->publish_posts)) {
unset($post_data['post_password']);
}
if (!isset($post_data['comment_status'])) {
$post_data['comment_status'] = 'closed';
}
if (!isset($post_data['ping_status'])) {
$post_data['ping_status'] = 'closed';
}
foreach (array('aa', 'mm', 'jj', 'hh', 'mn') as $timeunit) {
if (!empty($post_data['hidden_' . $timeunit]) && $post_data['hidden_' . $timeunit] != $post_data[$timeunit]) {
$post_data['edit_date'] = '1';
break;
}
}
if (!empty($post_data['edit_date'])) {
$aa = $post_data['aa'];
$mm = $post_data['mm'];
$jj = $post_data['jj'];
$hh = $post_data['hh'];
$mn = $post_data['mn'];
$ss = $post_data['ss'];
$aa = ($aa <= 0) ? gmdate('Y') : $aa;
$mm = ($mm <= 0) ? gmdate('n') : $mm;
$jj = ($jj > 31) ? 31 : $jj;
$jj = ($jj <= 0) ? gmdate('j') : $jj;
$hh = ($hh > 23) ? $hh - 24 : $hh;
$mn = ($mn > 59) ? $mn - 60 : $mn;
$ss = ($ss > 59) ? $ss - 60 : $ss;
$post_data['post_date'] = sprintf('%04d-%02d-%02d %02d:%02d:%02d', $aa, $mm, $jj, $hh, $mn, $ss);
$valid_date = wp_checkdate($mm, $jj, $aa, $post_data['post_date']);
if (!$valid_date) {
return new WP_Error('invalid_date', __('Invalid date.'));
}
/*
* Only assign a post date if the user has explicitly set a new value.
* See #59125 and #19907.
*/
$previous_date = $post_id ? get_post_field('post_date', $post_id) : false;
if ($previous_date && $previous_date !== $post_data['post_date']) {
$post_data['edit_date'] = true;
$post_data['post_date_gmt'] = get_gmt_from_date($post_data['post_date']);
} else {
$post_data['edit_date'] = false;
unset($post_data['post_date']);
unset($post_data['post_date_gmt']);
}
}
if (isset($post_data['post_category'])) {
$category_object = get_taxonomy('category');
if (!current_user_can($category_object->cap->assign_terms)) {
unset($post_data['post_category']);
}
}
return $post_data;
}