Ticket #1438: co-author-plus.php.diff

co-authors-plus/co-authors-plus.php

@@ -86 +86 @@
                 // Action to set users when a post is saved
                 add_action( 'save_post', array( $this, 'coauthors_update_post' ), 10, 2 );
                 // Filter to set the post_author field when wp_insert_post is called
-                add_filter( 'wp_insert_post_data', array( $this, 'coauthors_set_post_author_field' ) );
+                add_filter( 'wp_insert_post_data', array( $this, 'coauthors_set_post_author_field' ), 10, 2 );
+                // Filter to ensure authors are retrieved basedo n their term order when a post is saved in bulk-edit mode.
+                add_filter( 'wp_get_object_terms', array( $this, 'coauthors_stop_bulk_edit' ), 10, 4 );
                 
                 // Action to reassign posts when a user is deleted
                 add_action( 'delete_user',  array( $this, 'delete_user_action' ) );
@@ -323 +325 @@
                         $count = 1;
                         foreach( $authors as $author ) :
                                 ?>
-                                <a href="edit.php?author=<?php echo $author->ID; ?>"><?php echo $author->display_name ?></a><?php echo ( $count < count( $authors ) ) ? ',' : ''; ?>
+                                <a href="<?php echo esc_url( get_admin_url( null, 'edit.php?author=' . $author->ID ) ); ?>"><?php echo esc_html( $author->display_name ); ?></a><?php echo ( $count < count( $authors ) ) ? ',' : ''; ?>
                                 <?php
                                 $count++;
                         endforeach;
@@ -385 +387 @@
         /**
          * Filters post data before saving to db to set post_author
          */
-        function coauthors_set_post_author_field( $data ) {
+        function coauthors_set_post_author_field( $data, $postarr ) {
                 
                 // Bail on autosave
                 if ( defined( 'DOING_AUTOSAVE' ) && !DOING_AUTOSAVE )
@@ -396 +398 @@
                         return $data;
                 
                 if( isset( $_REQUEST['coauthors-nonce'] ) && is_array( $_POST['coauthors'] ) ) {
-                        $author = $_POST['coauthors'][0];
+                        $author = sanitize_key( $_POST['coauthors'][0] );
                         if( $author ) {
                                 $author_data = get_user_by( 'login', $author );
                                 $data['post_author'] = $author_data->ID;
@@ -409 +411 @@
                         }
                 }
                 
+                global $postarr;
+                unset($postarr['tax_input']['author']);
+                
                 return $data;
         }
         
@@ -420 +425 @@
         function coauthors_update_post( $post_id, $post ) {
                 $post_type = $post->post_type;
                 
-                if ( defined( 'DOING_AUTOSAVE' ) && !DOING_AUTOSAVE || $_REQUEST['bulk_edit'])
+                if ( defined( 'DOING_AUTOSAVE' ) && !DOING_AUTOSAVE )
                         return;
                         
                 if( isset( $_POST['coauthors-nonce'] ) && isset( $_POST['coauthors'] ) ) {
@@ -428 +433 @@
                         
                         if( $this->current_user_can_set_authors() ){
                                 $coauthors = (array) $_POST['coauthors'];
-                                $coauthors = array_map( 'esc_html', $coauthors );
+                                $coauthors = array_map( 'sanitize_key', $coauthors );
                                 return $this->add_coauthors( $post_id, $coauthors );
                         }
                 }
         }
         
         /**
+         * Saving a post in Bulk Edit mode flushes the order of the co-authors without this filter. 
+         */
+        function coauthors_stop_bulk_edit( $terms, $object_ids, $taxonomies, $args ) {
+                if( $_REQUEST['bulk_edit'] && $taxonomies == "'author'" ) {
+                        global $wpdb;
+                        $orderby = 'ORDER BY tr.term_order';
+                        $order = 'ASC';
+                        $query = "SELECT t.slug, t.term_id FROM $wpdb->terms AS t INNER JOIN $wpdb->term_taxonomy AS tt ON tt.term_id = t.term_id INNER JOIN $wpdb->term_relationships AS tr ON tr.term_taxonomy_id = tt.term_taxonomy_id WHERE tt.taxonomy IN ($taxonomies) AND tr.object_id IN ($object_ids) $orderby $order";
+                        $raw_coauthors = $wpdb->get_results($query);
+                        $terms = array();
+                        foreach( $raw_coauthors as $author ) {
+                                $terms[] = (int) $author->term_id;
+                        }
+                }
+                
+                return $terms;
+        }
+        
+        /**
          * Add a user as coauthor for a post
          */
         function add_coauthors( $post_id, $coauthors, $append = false ) {
@@ -574 +598 @@
                 if( ! $this->current_user_can_set_authors() )
                         die();
                 
-                $search = esc_html( strtolower( $_REQUEST['q'] ) );
+                $search = sanitize_text_field( strtolower( $_REQUEST['q'] ) );
                 
                 $authors = $this->search_authors( $search );