public function ajax_update_posts($handler_vars) { Utils::check_request_method(array('POST')); $response = new AjaxResponse(); $wsse = Utils::WSSE($_POST['nonce'], $_POST['timestamp']); if ($_POST['digest'] != $wsse['digest']) { $response->message = _t('WSSE authentication failed.'); $response->out(); return; } $ids = $_POST['selected']; if (count($ids) == 0) { $posts = new Posts(); } else { $posts = Posts::get(array('id' => $ids, 'nolimit' => true)); } Plugins::act('admin_update_posts', $_POST['action'], $posts, $this); $status_msg = _t('Unknown action "%s"', array($_POST['action'])); switch ($_POST['action']) { case 'delete': $deleted = 0; foreach ($posts as $post) { if (ACL::access_check($post->get_access(), 'delete')) { $post->delete(); $deleted++; } } if ($deleted != count($posts)) { $response->message = _t('You did not have permission to delete some posts.'); } else { $response->message = sprintf(_n('Deleted %d post', 'Deleted %d posts', count($ids)), count($ids)); } break; default: // Specific plugin-supplied action Plugins::act('admin_posts_action', $response, $_POST['action'], $posts); break; } $response->out(); exit; }