API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 27th, 2015
247
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.62 KB | None | 0 0
raw download clone embed print report
  1. <?php
  2.  
  3. /**
  4. * Post Previews
  5. *
  6. * Allows previewing unpublished posts while logged out using a token
  7. */
  8. class Jetpack_Post_Previews {
  9.  
  10. /**
  11. * Temporary holder of post object if it can be previewed.
  12. */
  13. public $shared_post;
  14.  
  15. /**
  16. * Name for the preview URL paramenter.
  17. */
  18. const QUERY_VAR_NAME = 'jppreview';
  19.  
  20. /**
  21. * If the post is already published and we need to preview the latest autosave.
  22. */
  23. var $is_autosave_preview = false;
  24.  
  25. static function create_nonce( $post_id ) {
  26. $i = wp_nonce_tick();
  27. return substr( wp_hash( $i . '|' . $post_id, 'nonce' ), -12, 10 );
  28. }
  29.  
  30. static function verify_nonce( $nonce, $post_id ) {
  31. $i = wp_nonce_tick();
  32.  
  33. // Nonce generated 0-12 hours ago
  34. $expected = substr( wp_hash( $i . '|' . $post_id, 'nonce' ), -12, 10 );
  35. return hash_equals( $expected, $nonce );
  36. }
  37.  
  38. static function get_preview_link( $post ) {
  39. $link = get_permalink( $post->ID );
  40.  
  41. $query_args = array(
  42. 'preview' => 'true',
  43. self::QUERY_VAR_NAME => self::create_nonce( $post->ID ),
  44. );
  45. return add_query_arg( $query_args, $link );
  46. }
  47.  
  48. function query_vars( $qvars ) {
  49. $qvars[] = self::QUERY_VAR_NAME;
  50. return $qvars;
  51. }
  52.  
  53. function can_view( $post_id ) {
  54. $preview_nonce = $_GET[ self::QUERY_VAR_NAME ];
  55. if ( '' != $preview_nonce && self::verify_nonce( $preview_nonce, $post_id ) ) {
  56. return true;
  57. }
  58. return false;
  59. }
  60.  
  61. function capture_preview_vars() {
  62. if ( isset( $_GET[ 'preview_id' ] ) && isset( $_GET[ 'preview_nonce' ] ) ) {
  63. $post_id = intval( $_GET[ 'preview_id' ] );
  64. if ( $this->can_view( $post_id ) ) {
  65. $this->is_autosave_preview = true;
  66. unset( $_GET[ 'preview_id' ] );
  67. unset( $_GET[ 'preview_nonce' ] );
  68. }
  69. }
  70. }
  71.  
  72. function posts_results_intercept( $posts ) {
  73. if ( 1 != count( $posts ) ) {
  74. return $posts;
  75. }
  76. $post = & $posts[ 0 ];
  77. $status = $post->post_status;
  78. if ( 'publish' != $status && $this->can_view( $post->ID ) ) {
  79. $this->shared_post = & $post;
  80. } else if ( $this->is_autosave_preview && $this->can_view( $post->ID ) ) {
  81. $autosave = wp_get_post_autosave( $post->ID );
  82. $this->shared_post = & $autosave;
  83. }
  84. return $posts;
  85. }
  86.  
  87. function the_posts_intercept( $posts ) {
  88. if ( !is_null( $this->shared_post ) ) {
  89. return array( & $this->shared_post );
  90. }
  91. return $posts;
  92. }
  93.  
  94. function __construct() {
  95. add_filter( 'query_vars', array( $this, 'query_vars' ) );
  96. if ( isset( $_REQUEST[ self::QUERY_VAR_NAME ] ) ) {
  97. add_action( 'init', array( $this, 'capture_preview_vars' ), 9 );
  98. add_filter( 'posts_results', array( $this, 'posts_results_intercept' ) );
  99. add_filter( 'the_posts', array( $this, 'the_posts_intercept' ) );
  100. }
  101. }
  102.  
  103. }
  104.  
  105. new Jetpack_Post_Previews();
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!