alleyinteractive · ethitter · Mar 30, 2018 · Mar 31, 2018 · Apr 4, 2018
diff --git a/js/fieldmanager-quickedit.js b/js/fieldmanager-quickedit.js
@@ -4,8 +4,8 @@
 		if ( typeof( inlineEditPost ) == 'undefined' ) {
 			return;
 		}
-		var wp_inline_edit = inlineEditPost.edit;
 
+		var wp_inline_edit = inlineEditPost.edit;
 		inlineEditPost.edit = function( id ) {
 			wp_inline_edit.apply( this, arguments );
 
@@ -16,7 +16,7 @@
 			}
 
 			if ( post_id > 0 ) {
-				$( '.fm-quickedit' ).each( function() {
+				$( '.inline-edit-row .fm-quickedit' ).each( function() {
 					var self = this;
 					var id = $( this ).attr( 'id' );
 					if ( id.substring( 0, 12 ) != 'fm-quickedit' ) {
@@ -28,7 +28,34 @@
 					} );
 				} );
 			}
-		}
+		};
+
+		var wp_inline_bulk_edit = inlineEditPost.setBulk;
+		inlineEditPost.setBulk = function() {
+			wp_inline_bulk_edit.apply( this );
+
+			$( '#bulk-edit .fm-quickedit' ).each( function() {
+				var self = this;
+				var id = $( this ).attr( 'id' );
+				if ( id.substring( 0, 12 ) != 'fm-quickedit' ) {
+					return;
+				}
+				var column_name = id.substring( 13 );
+				$.get( ajaxurl, { action: 'fm_quickedit_render', 'column_name': column_name, 'post_id': 'bulk_edit', 'post_type': $( self ).data( 'fm-post-type' ) }, function( resp ) {
+					var temp = $( resp );
+					$( 'input[name=_wp_http_referer]', temp ).remove();
+
+					var dest = $( 'select', temp );
+					if ( dest ) {
+						var label = '&mdash; ' + window.fm_quickedit_opts.i18n.no_change + ' &mdash;';
+						var noChange = $('<option />').val( id ).html( label ).attr( 'selected', 'selected' );
+						dest.prepend(noChange);
+					}
+
+					$( self ).replaceWith( temp );
+				} );
+			} );
+		};
 	} );
 
-} )( jQuery );
+} )( jQuery );
diff --git a/php/context/class-fieldmanager-context-quickedit.php b/php/context/class-fieldmanager-context-quickedit.php
@@ -90,10 +90,17 @@ public function __construct( $title, $post_types, $column_display_callback, $col
 		add_action( 'save_post', array( $this, 'save_fields_for_quickedit' ) );
 		add_action( 'wp_ajax_fm_quickedit_render', array( $this, 'render_ajax_form' ), 10, 2 );
 
+		add_action( 'bulk_edit_custom_box', array( $this, 'add_quickedit_box' ), 10, 2 );
+		add_action( 'save_post', array( $this, 'save_fields_for_bulk_edit' ), 10, 2 );
+
 		$post_type = ! isset( $_GET['post_type'] ) ? 'post' : sanitize_text_field( wp_unslash( $_GET['post_type'] ) ); // WPCS: input var okay.
 
 		if ( in_array( $post_type, $this->post_types ) ) {
-			fm_add_script( 'quickedit-js', 'js/fieldmanager-quickedit.js' );
+			fm_add_script( 'quickedit-js', 'js/fieldmanager-quickedit.js', array(), false, false, 'fm_quickedit_opts', array(
+				'i18n' => array(
+					'no_change' => __( 'No Change', 'fieldmanager' ),
+				)
+			) );
 		}
 	}
 
@@ -134,14 +141,17 @@ public function manage_custom_columns( $column_name, $post_id ) {
 	 * @param array  $values      The current values.
 	 */
 	public function add_quickedit_box( $column_name, $post_type, $values = array() ) {
-		if ( $column_name != $this->fm->name ) {
+		if ( $column_name !== $this->fm->name ) {
 			return;
 		}
 		?>
 		<fieldset class="inline-edit-col-left fm-quickedit" id="fm-quickedit-<?php echo esc_attr( $column_name ); ?>" data-fm-post-type="<?php echo esc_attr( $post_type ); ?>">
+			<?php if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) : ?>
 			<div class="inline-edit-col">
 				<?php if ( ! empty( $this->title ) ) : ?>
-					<h4><?php echo esc_html( $this->title ); ?></h4>
+				<span class="title">
+					<?php echo esc_html( $this->title ); ?>
+				</span>
 				<?php endif ?>
 
 				<?php
@@ -150,6 +160,7 @@ public function add_quickedit_box( $column_name, $post_type, $values = array() )
 				) );
 				?>
 			</div>
+			<?php endif; ?>
 		</fieldset>
 		<?php
 	}
@@ -159,24 +170,42 @@ public function add_quickedit_box( $column_name, $post_type, $values = array() )
 	 * Renders a form with pre-filled values to replace the one generated by $this->add_quickedit_box().
 	 */
 	public function render_ajax_form() {
-		if ( ! isset( $_GET['action'], $_GET['post_id'], $_GET['column_name'] ) ) { // WPCS: input var okay.
+		// TODO: nonce!!!!!!
+
+		if ( ! isset( $_GET['action'], $_GET['post_id'], $_GET['column_name'] ) ) { // WPCS: input var ok, CSRF ok.
 			return;
 		}
 
-		if ( 'fm_quickedit_render' != $_GET['action'] ) { // WPCS: input var okay.
+		if ( 'fm_quickedit_render' !== $_GET['action'] ) { // WPCS: input var ok, CSRF ok.
 			return;
 		}
 
-		$column_name = sanitize_text_field( wp_unslash( $_GET['column_name'] ) ); // WPCS: input var okay.
-		$post_id = intval( $_GET['post_id'] ); // WPCS: input var okay.
+		$column_name = sanitize_text_field( wp_unslash( $_GET['column_name'] ) ); // WPCS: input var ok, CSRF ok.
 
-		if ( ! $post_id || $column_name != $this->fm->name ) {
+		if ( $column_name !== $this->fm->name ) {
 			return;
 		}
 
-		$this->fm->data_type = 'post';
-		$this->fm->data_id = $post_id;
-		$post_type = get_post_type( $post_id );
+		if ( 'bulk_edit' === sanitize_text_field( wp_unslash( $_GET['post_id'] ) ) ) { // WPCS: input var ok, CSRF ok.
+			$this->fm->data_type = 'post';
+			$this->fm->data_id = 0;
+
+			if ( isset( $_GET['post_type'] ) ) {
+				$post_type = sanitize_text_field( wp_unslash( $_GET['post_type' ] ) );
+			} else {
+				$post_type = '';
+			}
+		} else {
+			$post_id = intval( $_GET['post_id'] ); // WPCS: input var okay.
+
+			if ( ! $post_id ) {
+				return;
+			}
+
+			$this->fm->data_type = 'post';
+			$this->fm->data_id   = $post_id;
+			$post_type           = get_post_type( $post_id );
+		}
 
 		$this->add_quickedit_box( $column_name, $post_type, $this->load() );
 		if ( defined( 'DOING_AJAX' ) && DOING_AJAX ) {
@@ -195,7 +224,7 @@ public function save_fields_for_quickedit( $post_id ) {
 		if (
 			! isset( $_POST['post_type'] ) // WPCS: input var okay. CSRF okay.
 			|| ( defined( 'DOING_AUTOSAVE' ) && DOING_AUTOSAVE )
-			|| ( isset( $_POST['action'] ) && 'inline-save' != $_POST['action'] ) // WPCS: input var okay. CSRF okay.
+			|| ( isset( $_POST['action'] ) && 'inline-save' !== $_POST['action'] ) // WPCS: input var okay. CSRF okay.
 		) {
 			return;
 		}
@@ -227,6 +256,66 @@ public function save_fields_for_quickedit( $post_id ) {
 		$this->save_to_post_meta( $post_id );
 	}
 
+	/**
+	 * Handle saving bulk edit
+	 *
+	 * @param int     $post_id Post ID.
+	 * @param WP_Post $post Post object.
+	 * @throws FM_Exception User cannot edit post
+	 */
+	public function save_fields_for_bulk_edit( $post_id, $post ) {
+		$post_type = get_post_type( $post );
+
+		if (
+			! isset( $_REQUEST['bulk_edit'] ) ||
+			'Update' !== $_REQUEST['bulk_edit'] ||
+			! isset( $_REQUEST['post_type'] ) ||
+			$_REQUEST['post_type'] !== $post_type ||
+			! isset( $_REQUEST['post_view'] ) ||
+			'list' !== $_REQUEST['post_view']
+		) {
+			return;
+		}
+
+		if ( ! in_array( $post_type, $this->post_types, true ) ) {
+			return;
+		}
+
+		$type_object = get_post_type_object( $post_type );
+
+		if ( ! $type_object instanceof WP_Post_Type ) {
+			return;
+		}
+
+		if ( ! current_user_can( $type_object->cap->edit_posts, $post_id ) ) {
+			$this->fm->_unauthorized_access( __( 'User cannot edit this post', 'fieldmanager' ) );
+			return;
+		}
+
+		if ( isset( $_REQUEST[ 'fieldmanager-' . $this->fm->name . '-nonce' ] ) ) {
+			$_POST[ 'fieldmanager-' . $this->fm->name . '-nonce' ] = $_REQUEST[ 'fieldmanager-' . $this->fm->name . '-nonce' ];
+		}
+
+		if ( ! $this->is_valid_nonce() ) {
+			return;
+		}
+
+		if ( ! isset( $_REQUEST[ $this->fm->name ] ) ) {
+			return;
+		}
+
+		$value = sanitize_text_field( wp_unslash( $_REQUEST[ $this->fm->name ] ) );
+		$no_change = 'fieldmanager-quickedit-' . $this->fm->name;
+
+		if ( $no_change === $value ) {
+			return;
+		}
+
+		$this->save_to_post_meta( $post_id, array(
+			$this->fm->name = $value,
+		) );
+	}
+
 	/**
 	 * Helper to save an array of data to post meta.
 	 *