Changeset 13918 for trunk/wp-admin/ms-edit.php
- Timestamp:
- 04/01/2010 09:21:27 PM (16 years ago)
- File:
-
- 1 edited
-
trunk/wp-admin/ms-edit.php (modified) (20 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/ms-edit.php
r13796 r13918 1 1 <?php 2 require_once( 'admin.php');2 require_once( './admin.php' ); 3 3 4 4 if ( !is_multisite() ) 5 wp_die( __('Multisite support is not enabled.') ); 6 7 do_action('wpmuadminedit', ''); 8 9 if ( isset($_GET[ 'id' ]) ) 10 $id = intval( $_GET[ 'id' ] ); 11 elseif ( isset($_POST[ 'id' ]) ) 12 $id = intval( $_POST[ 'id' ] ); 13 14 if ( isset( $_POST['ref'] ) == false && !empty($_SERVER['HTTP_REFERER']) ) 15 $_POST['ref'] = $_SERVER['HTTP_REFERER']; 5 wp_die( __( 'Multisite support is not enabled.' ) ); 6 7 do_action( 'wpmuadminedit' , ''); 8 9 if ( isset( $_GET['id' ]) ) 10 $id = intval( $_GET['id'] ); 11 elseif ( isset( $_POST['id'] ) ) 12 $id = intval( $_POST['id'] ); 16 13 17 14 switch ( $_GET['action'] ) { 18 case "siteoptions":19 check_admin_referer( 'siteoptions');15 case 'siteoptions': 16 check_admin_referer( 'siteoptions' ); 20 17 if ( ! current_user_can( 'manage_network_options' ) ) 21 wp_die( __( 'You do not have permission to access this page.') );18 wp_die( __( 'You do not have permission to access this page.' ) ); 22 19 23 20 if ( empty( $_POST ) ) 24 wp_die( __("You probably need to go back to the <a href='ms-options.php'>options page</a>") );25 26 if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages()) ) )27 update_site_option( "WPLANG", $_POST['WPLANG'] );21 wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">options page</a>.', esc_url( admin_url( 'ms-options.php' ) ) ) ) ); 22 23 if ( isset($_POST['WPLANG']) && ( '' === $_POST['WPLANG'] || in_array( $_POST['WPLANG'], get_available_languages() ) ) ) 24 update_site_option( 'WPLANG', $_POST['WPLANG'] ); 28 25 29 26 if ( is_email( $_POST['admin_email'] ) ) 30 update_site_option( "admin_email", $_POST['admin_email'] );27 update_site_option( 'admin_email', $_POST['admin_email'] ); 31 28 32 29 $illegal_names = split( ' ', $_POST['illegal_names'] ); … … 36 33 $names[] = trim( $name ); 37 34 } 38 update_site_option( "illegal_names", $names );35 update_site_option( 'illegal_names', $names ); 39 36 40 37 if ( $_POST['limited_email_domains'] != '' ) { 41 $limited_email_domains = str_replace( ' ', "\n", $_POST[ 'limited_email_domains'] );38 $limited_email_domains = str_replace( ' ', "\n", $_POST['limited_email_domains'] ); 42 39 $limited_email_domains = split( "\n", stripslashes( $limited_email_domains ) ); 43 40 $limited_email = array(); … … 47 44 $limited_email[] = trim( $domain ); 48 45 } 49 update_site_option( "limited_email_domains", $limited_email );50 } else { 51 update_site_option( "limited_email_domains", '' );46 update_site_option( 'limited_email_domains', $limited_email ); 47 } else { 48 update_site_option( 'limited_email_domains', '' ); 52 49 } 53 50 54 51 if ( $_POST['banned_email_domains'] != '' ) { 55 $banned_email_domains = split( "\n", stripslashes( $_POST[ 'banned_email_domains'] ) );52 $banned_email_domains = split( "\n", stripslashes( $_POST['banned_email_domains'] ) ); 56 53 $banned = array(); 57 54 foreach ( (array) $banned_email_domains as $domain ) { … … 60 57 $banned[] = trim( $domain ); 61 58 } 62 update_site_option( "banned_email_domains", $banned );63 } else { 64 update_site_option( "banned_email_domains", '' );65 } 66 update_site_option( 'default_user_role', $_POST[ 'default_user_role'] );67 if ( trim( $_POST[ 'dashboard_blog_orig'] ) == '' )68 $_POST[ 'dashboard_blog_orig'] = $current_site->blog_id;69 if ( trim( $_POST[ 'dashboard_blog'] ) == '' ) {70 $_POST[ 'dashboard_blog'] = $current_site->blog_id;59 update_site_option( 'banned_email_domains', $banned ); 60 } else { 61 update_site_option( 'banned_email_domains', '' ); 62 } 63 update_site_option( 'default_user_role', $_POST['default_user_role'] ); 64 if ( trim( $_POST['dashboard_blog_orig'] ) == '' ) 65 $_POST['dashboard_blog_orig'] = $current_site->blog_id; 66 if ( trim( $_POST['dashboard_blog'] ) == '' ) { 67 $_POST['dashboard_blog'] = $current_site->blog_id; 71 68 $dashboard_blog_id = $current_site->blog_id; 72 69 } else { 73 $dashboard_blog = untrailingslashit( sanitize_user( str_replace( '.', '', str_replace( $current_site->domain . $current_site->path, '', $_POST[ 'dashboard_blog'] ) ) ) );70 $dashboard_blog = untrailingslashit( sanitize_user( str_replace( '.', '', str_replace( $current_site->domain . $current_site->path, '', $_POST['dashboard_blog'] ) ) ) ); 74 71 $blog_details = get_blog_details( $dashboard_blog ); 75 72 if ( false === $blog_details ) { … … 84 81 } 85 82 $wpdb->hide_errors(); 86 $dashboard_blog_id = wpmu_create_blog( $domain, $path, __( 'My Dashboard' ), $current_user->id , array( "public"=> 0 ), $current_site->id );83 $dashboard_blog_id = wpmu_create_blog( $domain, $path, __( 'My Dashboard' ), $current_user->id , array( 'public' => 0 ), $current_site->id ); 87 84 $wpdb->show_errors(); 88 85 } else { … … 92 89 if ( is_wp_error( $dashboard_blog_id ) ) 93 90 wp_die( __( 'Problem creating dashboard blog: ' ) . $dashboard_blog_id->get_error_message() ); 94 if ( $_POST[ 'dashboard_blog_orig' ] != $_POST[ 'dashboard_blog'] ) {91 if ( $_POST['dashboard_blog_orig'] != $_POST['dashboard_blog'] ) { 95 92 $users = get_users_of_blog( get_site_option( 'dashboard_blog' ) ); 96 93 $move_users = array(); … … 107 104 } 108 105 } 109 update_site_option( "dashboard_blog", $dashboard_blog_id );106 update_site_option( 'dashboard_blog', $dashboard_blog_id ); 110 107 // global terms 111 if ( !global_terms_enabled() && ! empty( $_POST[ 'global_terms_enabled'] ) ) {108 if ( !global_terms_enabled() && ! empty( $_POST['global_terms_enabled'] ) ) { 112 109 require_once( ABSPATH . 'wp-admin/includes/upgrade.php' ); 113 110 // create global terms table … … 115 112 } 116 113 $options = array( 'registrationnotification', 'registration', 'add_new_users', 'menu_items', 'mu_media_buttons', 'upload_space_check_disabled', 'blog_upload_space', 'upload_filetypes', 'site_name', 'first_post', 'first_page', 'first_comment', 'first_comment_url', 'first_comment_author', 'welcome_email', 'welcome_user_email', 'fileupload_maxk', 'admin_notice_feed', 'global_terms_enabled' ); 117 $checked_options = array( 'mu_media_buttons' => array(), 'menu_items' => array(), 'registrationnotification' => 'no', 'upload_space_check_disabled' => 1 );114 $checked_options = array( 'mu_media_buttons' => array(), 'menu_items' => array(), 'registrationnotification' => 'no', 'upload_space_check_disabled' => 1 ); 118 115 foreach ( $checked_options as $option_name => $option_unchecked_value ) { 119 if ( ! isset( $_POST[ $option_name ]) )120 $_POST[ $option_name] = $option_unchecked_value;116 if ( ! isset( $_POST[$option_name] ) ) 117 $_POST[$option_name] = $option_unchecked_value; 121 118 } 122 119 foreach ( $options as $option_name ) { 123 if ( ! isset($_POST[ $option_name]) )120 if ( ! isset($_POST[$option_name]) ) 124 121 continue; 125 $value = stripslashes_deep( $_POST[ $option_name] );122 $value = stripslashes_deep( $_POST[$option_name] ); 126 123 update_site_option( $option_name, $value ); 127 124 } … … 130 127 do_action( 'update_wpmu_options' ); 131 128 132 wp_redirect( add_query_arg( "updated", "true", 'ms-options.php') );133 exit(); 134 break; 135 case "addblog":136 check_admin_referer( 'add-blog');137 138 if ( ! current_user_can( 'manage_sites' ) ) 139 wp_die( __( 'You do not have permission to access this page.') );140 141 if ( is_array( $_POST[ 'blog'] ) == false )142 wp_die( "Can't create an empty site.");129 wp_redirect( add_query_arg( 'updated', 'true', admin_url( 'ms-options.php' ) ) ); 130 exit(); 131 break; 132 case 'addblog': 133 check_admin_referer( 'add-blog' ); 134 135 if ( ! current_user_can( 'manage_sites' ) ) 136 wp_die( __( 'You do not have permission to access this page.' ) ); 137 138 if ( is_array( $_POST['blog'] ) == false ) 139 wp_die( __( "Can't create an empty site." ) ); 143 140 $blog = $_POST['blog']; 144 141 $domain = ''; 145 if ( ! preg_match( '/(--)/', $blog[ 'domain' ] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog[ 'domain'] ) )146 $domain = strtolower( $blog[ 'domain'] );147 $email = sanitize_email( $blog[ 'email'] );148 $title = $blog[ 'title'];142 if ( ! preg_match( '/(--)/', $blog['domain'] ) && preg_match( '|^([a-zA-Z0-9-])+$|', $blog['domain'] ) ) 143 $domain = strtolower( $blog['domain'] ); 144 $email = sanitize_email( $blog['email'] ); 145 $title = $blog['title']; 149 146 150 147 if ( empty( $domain ) ) … … 153 150 wp_die( __( 'Missing email address.' ) ); 154 151 if ( !is_email( $email ) ) 155 wp_die( __( 'Invalid email address ' ) );152 wp_die( __( 'Invalid email address.' ) ); 156 153 157 154 if ( is_subdomain_install() ) { 158 $newdomain = $domain .".".$current_site->domain;155 $newdomain = $domain . '.' . $current_site->domain; 159 156 $path = $base; 160 157 } else { 161 158 $newdomain = $current_site->domain; 162 $path = $base .$domain.'/';159 $path = $base . $domain . '/'; 163 160 } 164 161 … … 169 166 $user_id = wpmu_create_user( $domain, $password, $email ); 170 167 if ( false == $user_id ) 171 wp_die( __( 'There was an error creating the user') );168 wp_die( __( 'There was an error creating the user.' ) ); 172 169 else 173 wp_new_user_notification( $user_id, $password);170 wp_new_user_notification( $user_id, $password ); 174 171 } 175 172 176 173 $wpdb->hide_errors(); 177 $id = wpmu_create_blog( $newdomain, $path, $title, $user_id , array( "public" => 1 ), $current_site->id);174 $id = wpmu_create_blog( $newdomain, $path, $title, $user_id , array( 'public' => 1 ), $current_site->id ); 178 175 $wpdb->show_errors(); 179 if ( !is_wp_error( $id) ) {176 if ( !is_wp_error( $id ) ) { 180 177 $dashboard_blog = get_dashboard_blog(); 181 178 if ( get_user_option( 'primary_blog', $user_id ) == $dashboard_blog->blog_id ) 182 179 update_user_option( $user_id, 'primary_blog', $id, true ); 183 $content_mail = sprintf( __( "New site created by %1s\n\nAddress: http://%2s\nName: %3s"), $current_user->user_login , $newdomain .$path, stripslashes( $title ) );184 wp_mail( get_site_option('admin_email'), sprintf( __('[%s] New Site Created'), $current_site->site_name), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' );185 wpmu_welcome_notification( $id, $user_id, $password, $title, array( "public"=> 1 ) );186 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'add-blog'), $_SERVER['HTTP_REFERER']) );180 $content_mail = sprintf( __( "New site created by %1s\n\nAddress: http://%2s\nName: %3s"), $current_user->user_login , $newdomain . $path, stripslashes( $title ) ); 181 wp_mail( get_site_option('admin_email'), sprintf( __( '[%s] New Site Created' ), $current_site->site_name ), $content_mail, 'From: "Site Admin" <' . get_site_option( 'admin_email' ) . '>' ); 182 wpmu_welcome_notification( $id, $user_id, $password, $title, array( 'public' => 1 ) ); 183 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'add-blog' ), wp_get_referer() ) ); 187 184 exit(); 188 185 } else { … … 191 188 break; 192 189 193 case "updateblog":194 check_admin_referer( 'editblog');195 if ( ! current_user_can( 'manage_sites' ) ) 196 wp_die( __( 'You do not have permission to access this page.') );190 case 'updateblog': 191 check_admin_referer( 'editblog' ); 192 if ( ! current_user_can( 'manage_sites' ) ) 193 wp_die( __( 'You do not have permission to access this page.' ) ); 197 194 198 195 if ( empty( $_POST ) ) 199 wp_die( __('You probably need to go back to the <a href="ms-sites.php">sites page</a>') ); 196 wp_die( sprintf( __( 'You probably need to go back to the <a href="%s">sites page</a>', esc_url( admin_url( 'ms-sites.php' ) ) ) ) ); 197 198 switch_to_blog( $id ); 200 199 201 200 // themes 202 if ( isset($_POST[ 'theme' ]) && is_array( $_POST[ 'theme' ] ) ) 203 $_POST[ 'option' ][ 'allowedthemes' ] = $_POST[ 'theme' ]; 204 else 205 $_POST[ 'option' ][ 'allowedthemes' ] = ''; 206 207 switch_to_blog( $id ); 208 if ( is_array( $_POST[ 'option' ] ) ) { 201 $allowedthemes = array(); 202 if ( isset($_POST['theme']) && is_array( $_POST['theme'] ) ) { 203 foreach ( $_POST['theme'] as $theme => $val ) { 204 if ( 'on' == $val ) 205 $allowedthemes[$theme] = true; 206 } 207 } 208 update_option( 'allowedthemes', $allowedthemes ); 209 210 // options 211 if ( is_array( $_POST['option'] ) ) { 209 212 $c = 1; 210 $count = count( $_POST[ 'option'] );213 $count = count( $_POST['option'] ); 211 214 foreach ( (array) $_POST['option'] as $key => $val ) { 212 215 if ( $key === 0 || is_array( $val ) ) … … 220 223 } 221 224 225 // home and siteurl 222 226 if ( isset( $_POST['update_home_url'] ) && $_POST['update_home_url'] == 'update' ) { 223 $blog_address = get_blogaddress_by_domain( $_POST['blog']['domain'], $_POST['blog']['path']);227 $blog_address = get_blogaddress_by_domain( $_POST['blog']['domain'], $_POST['blog']['path'] ); 224 228 if ( get_option( 'siteurl' ) != $blog_address ) 225 update_option( 'siteurl', $blog_address );229 update_option( 'siteurl', $blog_address ); 226 230 227 231 if ( get_option( 'home' ) != $blog_address ) … … 232 236 delete_option( 'rewrite_rules' ); 233 237 234 // update blogs count235 delete_site_transient( "blog_count" );236 237 238 // update blogs table 238 $blog_data = stripslashes_deep( $_POST[ 'blog' ]);239 update_blog_details( $id, $blog_data);239 $blog_data = stripslashes_deep( $_POST['blog'] ); 240 update_blog_details( $id, $blog_data ); 240 241 241 242 // get blog prefix … … 243 244 244 245 // user roles 245 if ( isset( $_POST[ 'role' ] ) && is_array( $_POST[ 'role' ] ) == true ) { 246 $newroles = $_POST[ 'role' ]; 246 if ( isset( $_POST['role'] ) && is_array( $_POST['role'] ) == true ) { 247 $newroles = $_POST['role']; 248 247 249 reset( $newroles ); 248 250 foreach ( (array) $newroles as $userid => $role ) { 249 $user = new WP_User( $userid);251 $user = new WP_User( $userid ); 250 252 if ( ! $user ) 251 253 continue; 252 $user->for_blog( $id);253 $user->set_role( $role);254 $user->for_blog( $id ); 255 $user->set_role( $role ); 254 256 } 255 257 } 256 258 257 259 // remove user 258 if ( isset( $_POST[ 'blogusers' ] ) && is_array( $_POST[ 'blogusers'] ) ) {259 reset( $_POST[ 'blogusers'] );260 foreach ( (array) $_POST[ 'blogusers'] as $key => $val )260 if ( isset( $_POST['blogusers'] ) && is_array( $_POST['blogusers'] ) ) { 261 reset( $_POST['blogusers'] ); 262 foreach ( (array) $_POST['blogusers'] as $key => $val ) 261 263 remove_user_from_blog( $key, $id ); 262 264 } 263 265 264 266 // change password 265 if ( isset( $_POST[ 'user_password' ] ) && is_array( $_POST[ 'user_password'] ) ) {266 reset( $_POST[ 'user_password'] );267 $newroles = $_POST[ 'role'];268 foreach ( (array) $_POST[ 'user_password'] as $userid => $pass ) {269 unset( $_POST[ 'role'] );270 $_POST[ 'role'] = $newroles[ $userid ];267 if ( isset( $_POST['user_password'] ) && is_array( $_POST['user_password'] ) ) { 268 reset( $_POST['user_password'] ); 269 $newroles = $_POST['role']; 270 foreach ( (array) $_POST['user_password'] as $userid => $pass ) { 271 unset( $_POST['role'] ); 272 $_POST['role'] = $newroles[ $userid ]; 271 273 if ( $pass != '' ) { 272 274 $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$userid}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" ); 273 275 $userdata = get_userdata($userid); 274 $_POST[ 'pass1' ] = $_POST[ 'pass2'] = $pass;275 $_POST[ 'email'] = $userdata->user_email;276 $_POST[ 'rich_editing'] = $userdata->rich_editing;276 $_POST['pass1'] = $_POST['pass2'] = $pass; 277 $_POST['email'] = $userdata->user_email; 278 $_POST['rich_editing'] = $userdata->rich_editing; 277 279 edit_user( $userid ); 278 280 if ( $cap == null ) … … 280 282 } 281 283 } 282 unset( $_POST[ 'role'] );283 $_POST[ 'role'] = $newroles;284 } 285 286 // add user ?287 if ( isset( $_POST[ 'user_password' ] ) && !empty( $_POST[ 'newuser'] ) ) {288 $newuser = $_POST[ 'newuser'];284 unset( $_POST['role'] ); 285 $_POST['role'] = $newroles; 286 } 287 288 // add user 289 if ( !empty( $_POST['newuser'] ) ) { 290 $newuser = $_POST['newuser']; 289 291 $userid = $wpdb->get_var( $wpdb->prepare( "SELECT ID FROM " . $wpdb->users . " WHERE user_login = %s", $newuser ) ); 290 292 if ( $userid ) { 291 $user = $wpdb->get_var( "SELECT user_id FROM " . $wpdb->usermeta . " WHERE user_id='$userid' AND meta_key=' wp_" . $id . "_capabilities'" );293 $user = $wpdb->get_var( "SELECT user_id FROM " . $wpdb->usermeta . " WHERE user_id='$userid' AND meta_key='{$blog_prefix}capabilities'" ); 292 294 if ( $user == false ) 293 add_user_to_blog( $id, $userid, $_POST[ 'new_role' ]);295 add_user_to_blog( $id, $userid, $_POST['new_role'] ); 294 296 } 295 297 } 296 298 do_action( 'wpmu_update_blog_options' ); 297 299 restore_current_blog(); 298 wp mu_admin_do_redirect( "ms-sites.php?action=editblog&updated=true&id=".$id);299 break; 300 301 case "deleteblog":300 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'editblog', 'id' => $id ), wp_get_referer() ) ); 301 break; 302 303 case 'deleteblog': 302 304 check_admin_referer('deleteblog'); 303 305 if ( ! current_user_can( 'manage_sites' ) ) 304 wp_die( __( 'You do not have permission to access this page.') );306 wp_die( __( 'You do not have permission to access this page.' ) ); 305 307 306 308 if ( $id != '0' && $id != $current_site->blog_id ) 307 309 wpmu_delete_blog( $id, true ); 308 310 309 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete'), $_POST[ 'ref' ]) );310 exit(); 311 break; 312 313 case "allblogs":314 if ( isset( $_POST['doaction']) || isset($_POST['doaction2']) ) {315 check_admin_referer( 'bulk-sites');316 317 if ( ! current_user_can( 'manage_sites' ) )318 wp_die( __('You do not have permission to access this page.') );319 320 if ( $_GET['action'] != -1 || $_POST['action2'] != -1 )321 $doaction = $doaction = ($_POST['action'] != -1)? $_POST['action'] : $_POST['action2'];322 323 324 foreach ( (array) $_POST[ 'allblogs'] as $key => $val ) {325 if ( $val != '0' && $val != $current_site->blog_id ) {326 switch ( $doaction ) {327 case 'delete':328 $blogfunction = 'all_delete';329 wpmu_delete_blog( $val, true );311 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'delete' ), wp_get_referer() ) ); 312 exit(); 313 break; 314 315 case 'allblogs': 316 if ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) { 317 check_admin_referer( 'bulk-ms-sites' ); 318 319 if ( ! current_user_can( 'manage_sites' ) ) 320 wp_die( __( 'You do not have permission to access this page.' ) ); 321 322 if ( $_GET['action'] != -1 || $_POST['action2'] != -1 ) 323 $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; 324 325 326 foreach ( (array) $_POST['allblogs'] as $key => $val ) { 327 if ( $val != '0' && $val != $current_site->blog_id ) { 328 switch ( $doaction ) { 329 case 'delete': 330 $blogfunction = 'all_delete'; 331 wpmu_delete_blog( $val, true ); 330 332 break; 331 case 'spam': 332 $blogfunction = 'all_spam'; 333 update_blog_status( $val, "spam", '1', 0 ); 334 set_time_limit(60); 333 334 case 'spam': 335 $blogfunction = 'all_spam'; 336 update_blog_status( $val, 'spam', '1', 0 ); 337 set_time_limit( 60 ); 335 338 break; 336 case 'notspam': 337 $blogfunction = 'all_notspam'; 338 update_blog_status( $val, "spam", '0', 0 ); 339 set_time_limit(60); 339 340 case 'notspam': 341 $blogfunction = 'all_notspam'; 342 update_blog_status( $val, 'spam', '0', 0 ); 343 set_time_limit( 60 ); 340 344 break; 345 } 346 } else { 347 wp_die( __( 'You are not allowed to change the current site.' ) ); 341 348 } 342 } else { 343 wp_die( __('You are not allowed to change one of these sites.') ); 344 exit(); 345 }; 346 }; 347 348 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => $blogfunction), $_SERVER['HTTP_REFERER'] ) ); 349 exit(); 350 351 } else { 352 wp_redirect( admin_url("ms-sites.php") ); 353 } 354 break; 355 356 case "archiveblog": 357 check_admin_referer('archiveblog'); 358 if ( ! current_user_can( 'manage_sites' ) ) 359 wp_die( __('You do not have permission to access this page.') ); 360 361 update_blog_status( $id, "archived", '1' ); 362 do_action( "archive_blog", $id ); 363 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'archive'), $_POST['ref'] ) ); 364 exit(); 365 break; 366 367 case "unarchiveblog": 368 check_admin_referer('unarchiveblog'); 369 if ( ! current_user_can( 'manage_sites' ) ) 370 wp_die( __('You do not have permission to access this page.') ); 371 372 do_action( "unarchive_blog", $id ); 373 update_blog_status( $id, "archived", '0' ); 374 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unarchive'), $_POST['ref'] ) ); 375 exit(); 376 break; 377 378 case "activateblog": 379 check_admin_referer('activateblog'); 380 if ( ! current_user_can( 'manage_sites' ) ) 381 wp_die( __('You do not have permission to access this page.') ); 382 383 update_blog_status( $id, "deleted", '0' ); 384 do_action( "activate_blog", $id ); 385 wp_redirect( add_query_arg( "updated", array('updated' => 'true', 'action' => 'activate'), $_POST['ref'] ) ); 386 exit(); 387 break; 388 389 case "deactivateblog": 390 check_admin_referer('deactivateblog'); 391 if ( ! current_user_can( 'manage_sites' ) ) 392 wp_die( __('You do not have permission to access this page.') ); 393 394 do_action( "deactivate_blog", $id ); 395 update_blog_status( $id, "deleted", '1' ); 396 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'deactivate'), $_POST['ref'] ) ); 397 exit(); 398 break; 399 400 case "unspamblog": 401 check_admin_referer('unspamblog'); 402 if ( ! current_user_can( 'manage_sites' ) ) 403 wp_die( __('You do not have permission to access this page.') ); 404 405 update_blog_status( $id, "spam", '0' ); 406 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'unspam'), $_POST['ref'] ) ); 407 exit(); 408 break; 409 410 case "spamblog": 411 check_admin_referer('spamblog'); 412 if ( ! current_user_can( 'manage_sites' ) ) 413 wp_die( __('You do not have permission to access this page.') ); 414 415 update_blog_status( $id, "spam", '1' ); 416 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'spam'), $_POST['ref'] ) ); 417 exit(); 418 break; 419 420 case "mature": 349 } 350 351 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $blogfunction ), wp_get_referer() ) ); 352 exit(); 353 } else { 354 wp_redirect( admin_url( 'ms-sites.php' ) ); 355 } 356 break; 357 358 case 'archiveblog': 359 check_admin_referer( 'archiveblog' ); 360 if ( ! current_user_can( 'manage_sites' ) ) 361 wp_die( __( 'You do not have permission to access this page.' ) ); 362 363 update_blog_status( $id, 'archived', '1' ); 364 do_action( 'archive_blog', $id ); 365 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'archive' ), wp_get_referer() ) ); 366 exit(); 367 break; 368 369 case 'unarchiveblog': 370 check_admin_referer( 'unarchiveblog' ); 371 if ( ! current_user_can( 'manage_sites' ) ) 372 wp_die( __( 'You do not have permission to access this page.' ) ); 373 374 do_action( 'unarchive_blog', $id ); 375 update_blog_status( $id, 'archived', '0' ); 376 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unarchive' ), wp_get_referer() ) ); 377 exit(); 378 break; 379 380 case 'activateblog': 381 check_admin_referer( 'activateblog' ); 382 if ( ! current_user_can( 'manage_sites' ) ) 383 wp_die( __( 'You do not have permission to access this page.' ) ); 384 385 update_blog_status( $id, 'deleted', '0' ); 386 do_action( 'activate_blog', $id ); 387 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'activate' ), wp_get_referer() ) ); 388 exit(); 389 break; 390 391 case 'deactivateblog': 392 check_admin_referer( 'deactivateblog' ); 393 if ( ! current_user_can( 'manage_sites' ) ) 394 wp_die( __( 'You do not have permission to access this page.' ) ); 395 396 do_action( 'deactivate_blog', $id ); 397 update_blog_status( $id, 'deleted', '1' ); 398 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'deactivate' ), wp_get_referer() ) ); 399 exit(); 400 break; 401 402 case 'unspamblog': 403 check_admin_referer( 'unspamblog' ); 404 if ( ! current_user_can( 'manage_sites' ) ) 405 wp_die( __( 'You do not have permission to access this page.' ) ); 406 407 update_blog_status( $id, 'spam', '0' ); 408 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unspam' ), wp_get_referer() ) ); 409 exit(); 410 break; 411 412 case 'spamblog': 413 check_admin_referer( 'spamblog' ); 414 if ( ! current_user_can( 'manage_sites' ) ) 415 wp_die( __( 'You do not have permission to access this page.' ) ); 416 417 update_blog_status( $id, 'spam', '1' ); 418 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'spam' ), wp_get_referer() ) ); 419 exit(); 420 break; 421 422 case 'matureblog': 423 check_admin_referer( 'matureblog' ); 424 if ( ! current_user_can( 'manage_sites' ) ) 425 wp_die( __( 'You do not have permission to access this page.' ) ); 426 421 427 update_blog_status( $id, 'mature', '1' ); 422 428 do_action( 'mature_blog', $id ); 423 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'mature'), $_POST['ref'] ) ); 424 exit(); 425 break; 426 427 case "unmature": 429 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'mature' ), wp_get_referer() ) ); 430 exit(); 431 break; 432 433 case 'unmatureblog': 434 check_admin_referer( 'unmatureblog' ); 435 if ( ! current_user_can( 'manage_sites' ) ) 436 wp_die( __( 'You do not have permission to access this page.' ) ); 437 428 438 update_blog_status( $id, 'mature', '0' ); 429 439 do_action( 'unmature_blog', $id ); 430 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'umature'), $_POST['ref']) );440 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'unmature' ), wp_get_referer() ) ); 431 441 exit(); 432 442 break; 433 443 434 444 // Themes 435 case "updatethemes":445 case 'updatethemes': 436 446 if ( ! current_user_can( 'manage_network_themes' ) ) 437 wp_die( __( 'You do not have permission to access this page.') );447 wp_die( __( 'You do not have permission to access this page.' ) ); 438 448 439 449 if ( is_array( $_POST['theme'] ) ) { … … 446 456 update_site_option( 'allowedthemes', $allowed_themes ); 447 457 } 448 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'themes'), $_SERVER['HTTP_REFERER']) );458 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'themes' ), wp_get_referer() ) ); 449 459 exit(); 450 460 break; 451 461 452 462 // Common 453 case "confirm": 454 $referrer = ( isset($_GET['ref']) ) ? stripslashes($_GET['ref']) : $_SERVER['HTTP_REFERER']; 455 $referrer = esc_url($referrer); 463 case 'confirm': 456 464 if ( !headers_sent() ) { 457 465 nocache_headers(); 458 466 header( 'Content-Type: text/html; charset=utf-8' ); 459 467 } 468 if ( $current_site->blog_id == $id ) 469 wp_die( __( 'You are not allowed to change the current site.' ) ); 460 470 ?> 461 471 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 462 <html xmlns="http://www.w3.org/1999/xhtml" <?php if ( function_exists( 'language_attributes') ) language_attributes(); ?>>472 <html xmlns="http://www.w3.org/1999/xhtml" <?php if ( function_exists( 'language_attributes' ) ) language_attributes(); ?>> 463 473 <head> 464 <title><?php _e( "WordPress › Confirm your action"); ?></title>474 <title><?php _e( 'WordPress › Confirm your action' ); ?></title> 465 475 466 476 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> … … 468 478 </head> 469 479 <body id="error-page"> 470 <h1 id="logo"><img alt="WordPress" src="<?php echo esc_ url( admin_url( 'images/wordpress-logo.png' ) ); ?>" /></h1>471 <form action= 'ms-edit.php?action=<?php echo esc_attr( $_GET[ 'action2' ] ) ?>' method='post'>472 <input type= 'hidden' name='action' value='<?php echo esc_attr( $_GET['action2'] ) ?>'/>473 <input type= 'hidden' name='id' value='<?php echo esc_attr( $id ); ?>'/>474 <input type= 'hidden' name='ref' value='<?php echo $referrer; ?>'/>475 <?php wp_nonce_field( $_GET['action2'] )?>476 <p><?php e cho esc_html( stripslashes($_GET['msg']) ); ?></p>477 <p class="submit"><input class="button" type= 'submit' value='<?php _e("Confirm"); ?>'/></p>480 <h1 id="logo"><img alt="WordPress" src="<?php echo esc_attr( admin_url( 'images/wordpress-logo.png' ) ); ?>" /></h1> 481 <form action="ms-edit.php?action=<?php echo esc_attr( $_GET['action2'] ) ?>" method="post"> 482 <input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" /> 483 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 484 <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" /> 485 <?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?> 486 <p><?php esc_html_e( stripslashes( $_GET['msg'] ) ); ?></p> 487 <p class="submit"><input class="button" type="submit" value="<?php _e( 'Confirm' ); ?>" /></p> 478 488 </form> 479 489 </body> … … 482 492 break; 483 493 484 // Users (not used any more) 485 case "deleteuser": 486 check_admin_referer('deleteuser'); 487 if ( $id != '0' && $id != '1' ) 488 wpmu_delete_user($id); 489 490 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'delete'), $_POST['ref'] ) ); 491 exit(); 492 break; 493 494 case "allusers": 495 check_admin_referer('allusers'); 494 // Users 495 case 'deleteuser': 496 496 if ( ! current_user_can( 'manage_network_users' ) ) 497 wp_die( __('You do not have permission to access this page.') ); 498 499 if ( isset($_POST['alluser_delete']) ) { 500 require_once('admin-header.php'); 501 echo '<div class="wrap" style="position:relative;">'; 497 wp_die( __( 'You do not have permission to access this page.' ) ); 498 499 check_admin_referer( 'deleteuser' ); 500 501 if ( $id != '0' && $id != '1' ) { 502 $_POST['allusers'] = array( $id ); // confirm_delete_users() can only handle with arrays 503 $title = __( 'Users' ); 504 $parent_file = 'ms-admin.php'; 505 require_once( 'admin-header.php' ); 506 echo '<div class="wrap">'; 502 507 confirm_delete_users( $_POST['allusers'] ); 503 508 echo '</div>'; 504 require_once('admin-footer.php'); 505 } elseif ( isset( $_POST[ 'alluser_transfer_delete' ] ) ) { 506 if ( is_array( $_POST[ 'blog' ] ) && !empty( $_POST[ 'blog' ] ) ) { 507 foreach ( $_POST[ 'blog' ] as $id => $users ) { 508 foreach ( $users as $blogid => $user_id ) { 509 require_once( 'admin-footer.php' ); 510 exit(); 511 } else { 512 wp_redirect( admin_url( 'ms-users.php' ) ); 513 } 514 break; 515 516 case 'allusers': 517 if ( ! current_user_can( 'manage_network_users' ) ) 518 wp_die( __( 'You do not have permission to access this page.' ) ); 519 520 if ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) { 521 check_admin_referer( 'bulk-ms-users' ); 522 523 if ( $_GET['action'] != -1 || $_POST['action2'] != -1 ) 524 $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; 525 526 foreach ( (array) $_POST['allusers'] as $key => $val ) { 527 if ( $val != '' || $val != '0' ) { 528 switch ( $doaction ) { 529 case 'delete': 530 $title = __( 'Users' ); 531 $parent_file = 'ms-admin.php'; 532 require_once( 'admin-header.php' ); 533 echo '<div class="wrap">'; 534 confirm_delete_users( $_POST['allusers'] ); 535 echo '</div>'; 536 require_once( 'admin-footer.php' ); 537 exit(); 538 break; 539 540 case 'superadmin': 541 $userfunction = 'add_superadmin'; 542 $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); 543 544 $user = new WP_User( $val ); 545 if ( ! in_array( $user->user_login, $super_admins ) ) { 546 if ( $current_site->blog_id ) 547 add_user_to_blog( $current_site->blog_id, $user->ID, 'administrator' ); 548 549 $super_admins[] = $user->user_login; 550 update_site_option( 'site_admins' , $super_admins ); 551 } 552 break; 553 554 case 'notsuperadmin': 555 $userfunction = 'remove_superadmin'; 556 $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); 557 $admin_email = get_site_option( 'admin_email' ); 558 559 $user = new WP_User( $val ); 560 if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) { 561 foreach ( $super_admins as $key => $username ) { 562 if ( $username == $user->user_login ) { 563 unset( $super_admins[$key] ); 564 break; 565 } 566 } 567 } 568 569 update_site_option( 'site_admins' , $super_admins ); 570 break; 571 572 case 'spam': 573 $user = new WP_User( $val ); 574 if ( in_array( $user->user_login, get_site_option( 'site_admins', array( 'admin' ) ) ) ) 575 wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network admnistrator.' ), esc_html( $user->user_login ) ) ); 576 577 $userfunction = 'all_spam'; 578 $blogs = get_blogs_of_user( $val, true ); 579 foreach ( (array) $blogs as $key => $details ) { 580 if ( $details->userblog_id != $current_site->blog_id ) // main blog not a spam ! 581 update_blog_status( $details->userblog_id, 'spam', '1' ); 582 } 583 update_user_status( $val, 'spam', '1', 1 ); 584 break; 585 586 case 'notspam': 587 $userfunction = 'all_notspam'; 588 $blogs = get_blogs_of_user( $val, true ); 589 foreach ( (array) $blogs as $key => $details ) 590 update_blog_status( $details->userblog_id, 'spam', '0' ); 591 592 update_user_status( $val, 'spam', '0', 1 ); 593 break; 594 } 595 } 596 } 597 598 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) ); 599 exit(); 600 } else { 601 wp_redirect( admin_url( 'ms-users.php' ) ); 602 } 603 break; 604 605 case 'dodelete': 606 check_admin_referer( 'ms-users-delete' ); 607 if ( ! current_user_can( 'manage_network_users' ) ) 608 wp_die( __( 'You do not have permission to access this page.' ) ); 609 610 if ( is_array( $_POST['blog'] ) && ! empty( $_POST['blog'] ) ) { 611 foreach ( $_POST['blog'] as $id => $users ) { 612 foreach ( $users as $blogid => $user_id ) { 613 if ( ! empty( $_POST['delete'] ) && 'reassign' == $_POST['delete'][$blogid][$id] ) 509 614 remove_user_from_blog( $id, $blogid, $user_id ); 510 } 615 else 616 remove_user_from_blog( $id, $blogid ); 511 617 } 512 618 } 513 if ( is_array( $_POST[ 'user' ] ) && !empty( $_POST[ 'user' ] ) ) 514 foreach( $_POST[ 'user' ] as $id ) 515 wpmu_delete_user( $id ); 516 517 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => 'all_delete'), 'ms-users.php' ) ); 518 } elseif ( isset( $_POST[ 'add_superadmin' ] ) ) { 519 $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); 520 $mainblog_id = $wpdb->get_var( "SELECT blog_id FROM {$wpdb->blogs} WHERE domain='{$current_site->domain}' AND path='{$current_site->path}'" ); 521 foreach ( (array) $_POST['allusers'] as $key => $val ) { 522 if ( $val == '' || $val == '0' ) 523 continue; 524 $user = new WP_User( $val ); 525 if ( in_array( $user->user_login, $super_admins ) ) 526 continue; 527 if ( $mainblog_id ) 528 add_user_to_blog( $mainblog_id, $user->ID, 'administrator' ); 529 $super_admins[] = $user->user_login; 530 } 531 update_site_option( 'site_admins' , $super_admins ); 532 533 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'add_superadmin' ), $_SERVER['HTTP_REFERER'] ) ); 534 } elseif ( isset( $_POST[ 'remove_superadmin' ] ) ) { 535 $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); 536 $admin_email = get_site_option( 'admin_email' ); 537 foreach ( (array) $_POST['allusers'] as $key => $val ) { 538 if ( $val == '' || $val == '0' ) 539 continue; 540 $user = new WP_User( $val ); 541 if ( $user->ID == $current_user->ID || $user->user_email == $admin_email ) 542 continue; 543 foreach ( $super_admins as $key => $username ) { 544 if ( $username == $user->user_login ) { 545 unset( $super_admins[ $key ] ); 546 break; 547 } 548 } 549 } 550 update_site_option( 'site_admins' , $super_admins ); 551 552 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'remove_superadmin' ), $_SERVER['HTTP_REFERER'] ) ); 553 } else { 554 foreach ( (array) $_POST['allusers'] as $key => $val ) { 555 if ( $val == '' || $val == '0' ) 556 continue; 557 $user = new WP_User( $val ); 558 if ( in_array( $user->user_login, get_site_option( 'site_admins', array( 'admin' ) ) ) ) 559 wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network admnistrator.' ), $user->user_login ) ); 560 if ( isset($_POST['alluser_spam']) ) { 561 $userfunction = 'all_spam'; 562 $blogs = get_blogs_of_user( $val, true ); 563 foreach ( (array) $blogs as $key => $details ) { 564 if ( $details->userblog_id == $current_site->blog_id ) { continue; } // main blog not a spam ! 565 update_blog_status( $details->userblog_id, "spam", '1' ); 566 } 567 update_user_status( $val, "spam", '1', 1 ); 568 } elseif ( isset($_POST['alluser_notspam']) ) { 569 $userfunction = 'all_notspam'; 570 $blogs = get_blogs_of_user( $val, true ); 571 foreach ( (array) $blogs as $key => $details ) { 572 update_blog_status( $details->userblog_id, "spam", '0' ); 573 } 574 update_user_status( $val, "spam", '0', 1 ); 575 } 576 } 577 wp_redirect( add_query_arg( array('updated' => 'true', 'action' => $userfunction), $_SERVER['HTTP_REFERER'] ) ); 578 } 579 exit(); 580 break; 581 582 case "adduser": 583 check_admin_referer('add-user'); 619 } 620 $i = 0; 621 if ( is_array( $_POST['user'] ) && ! empty( $_POST['user'] ) ) 622 foreach( $_POST['user'] as $id ) { 623 wpmu_delete_user( $id ); 624 $i++; 625 } 626 627 if ( $i == 1 ) 628 $deletefunction = 'delete'; 629 else 630 $deletefunction = 'all_delete'; 631 632 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $deletefunction ), admin_url( 'ms-users.php' ) ) ); 633 break; 634 635 case 'adduser': 636 check_admin_referer( 'add-user' ); 584 637 if ( ! current_user_can( 'manage_network_users' ) ) 585 wp_die( __( 'You do not have permission to access this page.') );586 587 if ( is_array( $_POST[ 'user'] ) == false )588 wp_die( __( "Cannot create an empty user.") );638 wp_die( __( 'You do not have permission to access this page.' ) ); 639 640 if ( is_array( $_POST['user'] ) == false ) 641 wp_die( __( 'Cannot create an empty user.' ) ); 589 642 $user = $_POST['user']; 590 643 if ( empty($user['username']) && empty($user['email']) ) 591 wp_die( __( 'Missing username and email.') );644 wp_die( __( 'Missing username and email.' ) ); 592 645 elseif ( empty($user['username']) ) 593 wp_die( __( 'Missing username.') );646 wp_die( __( 'Missing username.' ) ); 594 647 elseif ( empty($user['email']) ) 595 wp_die( __( 'Missing email.') );648 wp_die( __( 'Missing email.' ) ); 596 649 597 650 $password = wp_generate_password(); 598 $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) );651 $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) ); 599 652 600 653 if ( false == $user_id ) 601 wp_die( __( 'Duplicated username or email address.') );654 wp_die( __( 'Duplicated username or email address.' ) ); 602 655 else 603 wp_new_user_notification( $user_id, $password);656 wp_new_user_notification( $user_id, $password ); 604 657 605 658 if ( get_site_option( 'dashboard_blog' ) == false ) … … 608 661 add_user_to_blog( get_site_option( 'dashboard_blog' ), $user_id, get_site_option( 'default_user_role', 'subscriber' ) ); 609 662 610 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'add'), $_SERVER['HTTP_REFERER']) );663 wp_redirect( add_query_arg( array( 'updated' => 'true', 'action' => 'add' ), wp_get_referer() ) ); 611 664 exit(); 612 665 break; 613 666 614 667 default: 615 wp mu_admin_do_redirect( "ms-admin.php");668 wp_redirect( admin_url( 'ms-admin.php' ) ); 616 669 break; 617 670 }
Note: See TracChangeset
for help on using the changeset viewer.