Changeset 6371
- Timestamp:
- 12/10/2007 08:42:03 PM (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/comment.php
r5543 r6371 5 5 $submenu_file = 'edit-comments.php'; 6 6 7 wp_reset_vars( array('action'));7 wp_reset_vars( array('action') ); 8 8 9 9 if ( isset( $_POST['deletecomment'] ) ) 10 10 $action = 'deletecomment'; 11 11 12 switch($action) { 13 case 'editcomment': 12 function comment_footer_die( $msg ) { // $msg is assumed to contain HTML and be sanitized 13 echo "<div class='wrap'><p>$msg</p></div>"; 14 include('admin-footer.php'); 15 die; 16 } 17 18 switch( $action ) { 19 20 case 'editcomment' : 14 21 $title = __('Edit Comment'); 15 22 16 require_once 17 18 $comment = (int) $_GET['c'];19 20 if ( ! $comment = get_comment($comment) )21 wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)'));23 require_once('admin-header.php'); 24 25 $comment_id = absint( $_GET['c'] ); 26 27 if ( !$comment = get_comment( $comment_id ) ) 28 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') ); 22 29 23 30 if ( !current_user_can('edit_post', $comment->comment_post_ID) ) 24 wp_die( __('You are not allowed to edit comments on this post.') );25 26 $comment = get_comment_to_edit( $comment);31 comment_footer_die( __('You are not allowed to edit comments on this post.') ); 32 33 $comment = get_comment_to_edit( $comment_id ); 27 34 28 35 include('edit-form-comment.php'); … … 30 37 break; 31 38 32 case 'cdc' :33 case 'mac' :34 35 require_once(' ./admin-header.php');36 37 $comment = (int) $_GET['c'];39 case 'cdc' : 40 case 'mac' : 41 42 require_once('admin-header.php'); 43 44 $comment_id = absint( $_GET['c'] ); 38 45 $formaction = 'cdc' == $action ? 'deletecomment' : 'approvecomment'; 39 46 $nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_'; 40 $nonce_action .= $comment ;41 42 if ( ! $comment = get_comment_to_edit($comment) )43 wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));44 45 if ( !current_user_can( 'edit_post', $comment->comment_post_ID) )46 wp_die( 'cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.') );47 $nonce_action .= $comment_id; 48 49 if ( !$comment = get_comment_to_edit( $comment_id ) ) 50 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); 51 52 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 53 comment_footer_die( 'cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); 47 54 ?> 48 55 <div class='wrap'> 49 56 50 57 <div class="narrow"> 51 <?php if ( 'spam' == $_GET['dt'] ) { ?> 52 <p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to mark the following comment as spam:'); ?></p> 53 <?php } elseif ( 'cdc' == $action ) { ?> 54 <p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to delete the following comment:'); ?></p> 55 <?php } else { ?> 56 <p><?php echo '<strong>'.__('Caution:').'</strong> '.__('You are about to approve the following comment:'); ?></p> 57 <?php } ?> 58 <?php 59 if ( 'spam' == $_GET['dt'] ) { 60 $caution_msg = __('You are about to mark the following comment as spam:'); 61 $button = __('Spam Comment »'); 62 } elseif ( 'cdc' == $action ) { 63 $caution_msg = __('You are about to delete the following comment:'); 64 $button = __('Delete Comment »'); 65 } else { 66 $caution_msg = __('You are about to approve the following comment:'); 67 $button = __('Approve Comment »'); 68 } 69 ?> 70 71 <p><strong><?php _e('Caution:'); ?></strong> <?php echo $caution_msg; ?></p> 58 72 59 73 <p><?php _e('Are you sure you want to do that?'); ?></p> 60 74 61 <form action=' <?php echo get_option('siteurl'); ?>/wp-admin/comment.php' method='get'>75 <form action='comment.php' method='get'> 62 76 63 77 <table width="100%"> 64 78 <tr> 65 <td><input type='button' value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td>66 <td align="right"><input type='submit' value='<?php _e('Yes'); ?>' /></td>79 <td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td> 80 <td align="right"><input type='submit' class="button" value='<?php echo $button; ?>' /></td> 67 81 </tr> 68 82 </table> 69 83 70 <?php wp_nonce_field( $nonce_action); ?>84 <?php wp_nonce_field( $nonce_action ); ?> 71 85 <input type='hidden' name='action' value='<?php echo $formaction; ?>' /> 72 86 <?php if ( 'spam' == $_GET['dt'] ) { ?> … … 96 110 <?php } ?> 97 111 <tr> 98 <th scope="row" valign="top">< p><?php _e('Comment:'); ?></p></th>112 <th scope="row" valign="top"><?php _e('Comment:'); ?></th> 99 113 <td><?php echo $comment->comment_content; ?></td> 100 114 </tr> … … 106 120 break; 107 121 108 case 'deletecomment' :109 $comment = (int) $_REQUEST['c'];110 check_admin_referer( 'delete-comment_' . $comment);111 112 if ( isset( $_REQUEST['noredir']) ) {122 case 'deletecomment' : 123 $comment_id = absint( $_REQUEST['c'] ); 124 check_admin_referer( 'delete-comment_' . $comment_id ); 125 126 if ( isset( $_REQUEST['noredir'] ) ) 113 127 $noredir = true; 114 } else {128 else 115 129 $noredir = false; 116 } 117 118 if ( ! $comment = get_comment($comment) ) 119 wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php')); 130 131 if ( !$comment = get_comment( $comment_id ) ) 132 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') ); 133 134 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 135 comment_footer_die( __('You are not allowed to edit comments on this post.') ); 136 137 if ( 'spam' == $_REQUEST['dt'] ) 138 wp_set_comment_status( $comment->comment_ID, 'spam' ); 139 else 140 wp_delete_comment( $comment->comment_ID ); 141 142 if ( '' != wp_get_referer() && false == $noredir ) 143 wp_redirect( wp_get_referer() ); 144 else 145 wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' ); 146 147 die; 148 break; 149 150 case 'unapprovecomment' : 151 $comment_id = absint( $_GET['c'] ); 152 check_admin_referer( 'unapprove-comment_' . $comment_id ); 153 154 if ( isset( $_GET['noredir'] ) ) 155 $noredir = true; 156 else 157 $noredir = false; 158 159 if ( !$comment = get_comment( $comment_id ) ) 160 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); 161 162 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) 163 comment_footer_die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') ); 164 165 wp_set_comment_status( $comment->comment_ID, 'hold' ); 166 167 if ( '' != wp_get_referer() && false == $noredir ) 168 wp_redirect( wp_get_referer() ); 169 else 170 wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '&c=1#comments' ); 171 172 exit(); 173 break; 174 175 case 'approvecomment' : 176 $comment_id = absint( $_GET['c'] ); 177 check_admin_referer( 'approve-comment_' . $comment_id ); 178 179 if ( isset( $_GET['noredir'] ) ) 180 $noredir = true; 181 else 182 $noredir = false; 183 184 if ( !$comment = get_comment( $comment_id ) ) 185 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); 120 186 121 187 if ( !current_user_can('edit_post', $comment->comment_post_ID) ) 122 wp_die( __('You are not allowed to edit comments on this post.') ); 123 124 if ( 'spam' == $_REQUEST['dt'] ) 125 wp_set_comment_status($comment->comment_ID, 'spam'); 126 else 127 wp_delete_comment($comment->comment_ID); 128 129 if ((wp_get_referer() != '') && (false == $noredir)) { 130 wp_redirect(wp_get_referer()); 131 } else { 132 wp_redirect(get_option('siteurl') .'/wp-admin/edit-comments.php'); 133 } 188 comment_footer_die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); 189 190 wp_set_comment_status( $comment->comment_ID, 'approve' ); 191 192 if ( true == get_option('comments_notify') ) 193 wp_notify_postauthor( $comment->comment_ID ); 194 195 196 if ( '' != wp_get_referer() && false == $noredir ) 197 wp_redirect( wp_get_referer() ); 198 else 199 wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '&c=1#comments' ); 200 134 201 exit(); 135 202 break; 136 203 137 case 'unapprovecomment': 138 $comment = (int) $_GET['c']; 139 check_admin_referer('unapprove-comment_' . $comment); 140 141 if (isset($_GET['noredir'])) { 142 $noredir = true; 143 } else { 144 $noredir = false; 145 } 146 147 if ( ! $comment = get_comment($comment) ) 148 wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php')); 149 150 if ( !current_user_can('edit_post', $comment->comment_post_ID) ) 151 wp_die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') ); 152 153 wp_set_comment_status($comment->comment_ID, "hold"); 154 155 if ((wp_get_referer() != "") && (false == $noredir)) { 156 wp_redirect(wp_get_referer()); 157 } else { 158 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' . (int) $comment->comment_post_ID.'&c=1#comments'); 159 } 204 case 'editedcomment' : 205 206 $comment_id = absint( $_POST['comment_ID'] ); 207 $comment_post_id = absint( $_POST['comment_post_id'] ); 208 209 check_admin_referer( 'update-comment_' . $comment_id ); 210 211 edit_comment(); 212 213 $location = ( empty( $_POST['referredby'] ) ? "edit.php?p=$comment_post_id&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_id; 214 $location = apply_filters( 'comment_edit_redirect', $location, $comment_id ); 215 wp_redirect( $location ); 216 160 217 exit(); 161 218 break; 162 219 163 case 'approvecomment':164 $comment = (int) $_GET['c'];165 check_admin_referer('approve-comment_' . $comment);166 167 if (isset($_GET['noredir'])) {168 $noredir = true;169 } else {170 $noredir = false;171 }172 173 if ( ! $comment = get_comment($comment) )174 wp_die(__('Oops, no comment with this ID.').sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php'));175 176 if ( !current_user_can('edit_post', $comment->comment_post_ID) )177 wp_die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') );178 179 wp_set_comment_status($comment->comment_ID, "approve");180 if (get_option("comments_notify") == true) {181 wp_notify_postauthor($comment->comment_ID);182 }183 184 185 if ((wp_get_referer() != "") && (false == $noredir)) {186 wp_redirect(wp_get_referer());187 } else {188 wp_redirect(get_option('siteurl') .'/wp-admin/edit.php?p=' . (int) $comment->comment_post_ID.'&c=1#comments');189 }190 exit();191 break;192 193 case 'editedcomment':194 195 $comment_ID = (int) $_POST['comment_ID'];196 $comment_post_ID = (int) $_POST['comment_post_id'];197 198 check_admin_referer('update-comment_' . $comment_ID);199 200 edit_comment();201 202 $location = ( empty($_POST['referredby']) ? "edit.php?p=$comment_post_ID&c=1" : $_POST['referredby'] ) . '#comment-' . $comment_ID;203 $location = apply_filters('comment_edit_redirect', $location, $comment_ID);204 wp_redirect($location);205 exit();206 break;207 220 default: 208 break; 221 wp_die( __('Unknown action.') ); 222 break; 223 209 224 } // end switch 210 225
Note: See TracChangeset
for help on using the changeset viewer.