Overhaul of some multisite files

[Denis-de-Bernardy]

the site address input takes up the entire width of the table cell, instead of aligning it with the base address.

[ocean90]

use class="regular-text"; same on add user

[ocean90]

Use this ticket for more UI improvements (especially network)

[ocean90]

The patch includes some fixes, for example search by ID doesn't worked. There are also some improvments like the bulk actions or list/extended view. Screenshot: ​http://grab.by/2PFw

Todo:

• Screen Options doesn't work (per page number is not saved)
  

• build a filter for the site status (Spam, Deleted, Archived)
  

• Big Todo: Do the same for ms-users.php, I'm at it.

[ocean90]

fix screen options, props ryan

[ryan]

Looking good. Note that the WP style is to uses tabs instead of spaces for indentation.

[ocean90]

fix indentation, add filter for status (needs #12531); Screen: ​http://grab.by/2SfJ

[ryan]

(In [13609]) Update ms-sites UI. Props ocean90. see #12460

[nacin]

(In [13654]) Fix typo, trim whitespace. see #12460

[ocean90]

Some improvments on ms-sites.php

• remove filter (can't use it, see #12531)
  

• add action links for mature
  

• add checks for mature
  

• fix some strings
  

• change the colors for site statuses, see ​http://grab.by/3jrW
  

• clean up of my-sites.php
  

• clean up of ms.css, in my opinion we didn't need the styles for #all-my-blogs anymore.

[ocean90]

Please ignore the last patch, there are some bugs in it.

I will upload today or tomorrow a new one

[ocean90]

Here is it.

I fixed a lot of bugs, improved the ui and cleaned up the code. Here in detail:

• ms-load.php
  • add the site status 'mature' to ms_site_check()

• ms.dev.css
  • removed unused code
  • replaced mu with ms
  • added some style for ms-sites.php
  • changed/added background colors for site status
  • code clean up

• ms.php
  • improved the confirm_delete_users() function
    • add option to delete the posts & links
  • improved the output of dashboard_quota(), its now in a line with the table above
  • used get_admin_url() instead of $blog->domain . $blog->path
  • used admin_url(), selected() and esc_url()
  • code clean up

• ms-edit.php
  • reworked the HTTP_REFERER things, it uses now wp_get_referer(), it eliminates the confusing $_POSTref?
  • used admin_url(), selected() and esc_url()
  • fixed the allowed themes saving
  • fixed the adding of an existing user to a site
  • reworked case 'allblogs' , because we use now bulk actions
  • added current_user_can() check to mature functions
  • improved case 'confirm'
  • reactivated case 'deleteuser' (was a @todo on ms-users.php)
  • reworked case 'allusers' , because we use now bulk actions
  • added case 'dodelete' , because of the reworked user_delete_confirm() on ms.php
  • code clean up

• ms-options.php
  • used include( 'admin-footer.php' ) instead include('./admin-footer.php');
  • code clean up

• ms-sites.php
  • removed the exclamation marks, because we use full stops
  • code clean up
  • used checked(), esc_attr_e() instead echo esc_attr(),
  • used some css classes from core (.disabled for textareas/inputs)
  • sat 'Update Options' button in the center without fix marign
  • add description to themes box
  • reworked case 'list'
    • built the bulk actions
    • added site navigation like on all other sites
    • removed the filter, because we can't used it at the moment, see #12531
    • some other little things, to match the edit.php for posts and pages
    • added action links for mature site status
      • removed the action links for the current site
    • use an em-dash instead of a wrong registered date (#12747)

• ms-themes.php
  • code clean up
  • use checked()

• ms-users.php
  • more or less the same as ms-sites.php :)

• my-sites.php
  • added function to validate the primary site (was a @todo)
  • improved the display for 4 columns
  • fixed strings
  • code clean up

[ocean90]

Forget to mention ms-delete-site.php in the changelog:

• ms-delete-sites.php
  • fixed wrong variable ($switched is $switch)
  • code clean up
  • added the success and error message to wp_die(), because we didn't need the hole page
  • added a filter for delete_site_email_content()
  • replaced blog with site

[ocean90]

thx to nacin, ryan, andreasnrb

[ocean90]

some improvements after chat with nacin

[markjaquith]

(In [13918]) Huge MS refactoring and code cleanup. see #12460. props ocean90.

[nacin]

(In [13941]) Move add/remove super admin out of bulk edit and into user-edit.php. Introduce grant_super_admin() and revoke_super_admin(). Link to profile.php in ms-users user row for current user. Add defensive check by forcing IS_PROFILE_PAGE on user-edit if trying to edit your own user_id. see #12460

[ryan]

Note that super/site admins can also be a hard-coded global array -- $site_admins. If this is present then the grant/revoke functions should noop.

[wpmuguru]

In my opinion, moving granting the super admin role out of the network admin pages is a significant security risk in the event of a vulnerability.

[ocean90]

wp_die() over include('admin_header.php'); overhauled ms-admin.php, don't allow to change the status of the main site

[nacin]

Replying to wpmuguru:

In my opinion, moving granting the super admin role out of the network admin pages is a significant security risk in the event of a vulnerability.

I thought about this, but I strongly disagree. The sitemeta value could just as easily be updated via any "vulnerability."

[nacin]

(In [13953]) More MS cleanups. props ocean90. see #12460

[wpmuguru]

Replying to nacin:

I thought about this, but I strongly disagree. The sitemeta value could just as easily be updated via any "vulnerability."

If someone can get access to the database through a hack or vulnerability, nothing can be done in the UI to prevent a knowledgeable hacker from gaining access. IMO, the fact that it can be done another way doesn't justify creating a second potential opportunity.

[nacin]

I'm not talking about db access, I'm just referring to:

update_site_option( 'site_admins', array( 'nacin' ) );

Or, instead of replacing the current value:

update_site_option( 'site_admins', array_merge( get_site_option( 'site_admins' ), array( 'nacin' ) ) );

[nacin]

(In [13965]) Some more MS cleanups. see #12460

[wpmuguru]

Replying to nacin:

I'm not talking about db access, I'm just referring to:

update_site_option( 'site_admins', array( 'nacin' ) );

I'm not sure how that is different than $wpdb->query(... but I'll digress. [14003] allows my main concern to be blocked via a plugin. That's an acceptable alternative.

[nacin]

I'm not sure how that is different than $wpdb->query(... but I'll digress.

Ah, I thought you meant actual access to the database, not a wpdb query. [14003] works for me.

Anyway, marking this one as fixed. Any more cleanups should be small, manageable patches. They can go in a new ticket.

[wpmuguru]

@Ryan with [14011] you can block access to the functions via map_meta_cap.

[nacin]

(In [14040]) Revert [14011]. Add some actions. fixes #12109, see #12460.