WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 5 years ago

Last modified 5 years ago

#12460 closed defect (bug) (fixed)

Overhaul of some multisite files

Reported by: Denis-de-Bernardy Owned by:
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: Multisite Keywords: has-patch
Focuses: Cc:

Description

the site address input takes up the entire width of the table cell, instead of aligning it with the base address.

Attachments (9)

12460.diff (1008 bytes) - added by Denis-de-Bernardy 6 years ago.
12460.2.diff (3.4 KB) - added by ocean90 6 years ago.
use class="regular-text"; same on add user
ms-sites.php.1.diff (20.5 KB) - added by ocean90 6 years ago.
ms-sites.php.2.diff (21.0 KB) - added by ocean90 6 years ago.
fix screen options, props ryan
ms-sites.php.3.diff (23.4 KB) - added by ocean90 5 years ago.
fix indentation, add filter for status (needs #12531); Screen: http://grab.by/2SfJ
12460.patch (16.8 KB) - added by ocean90 5 years ago.
codeispoetry.patch (193.0 KB) - added by ocean90 5 years ago.
thx to nacin, ryan, andreasnrb
codeispoetry.anc.patch (191.9 KB) - added by ocean90 5 years ago.
some improvements after chat with nacin
12460_small.patch (12.8 KB) - added by ocean90 5 years ago.
wp_die() over include('admin_header.php'); overhauled ms-admin.php, don't allow to change the status of the main site

Download all attachments as: .zip

Change History (32)

@Denis-de-Bernardy6 years ago

comment:1 @Denis-de-Bernardy6 years ago

  • Keywords has-patch added

@ocean906 years ago

use class="regular-text"; same on add user

comment:2 @ocean906 years ago

  • Summary changed from ugly UI under network / add sites to ugly UI under network

Use this ticket for more UI improvements (especially network)

@ocean906 years ago

comment:3 @ocean906 years ago

The patch includes some fixes, for example search by ID doesn't worked. There are also some improvments like the bulk actions or list/extended view. Screenshot: http://grab.by/2PFw

Todo:

  • Screen Options doesn't work (per page number is not saved)
  • build a filter for the site status (Spam, Deleted, Archived)
  • Big Todo: Do the same for ms-users.php, I'm at it.

@ocean906 years ago

fix screen options, props ryan

comment:4 @ryan6 years ago

Looking good. Note that the WP style is to uses tabs instead of spaces for indentation.

@ocean905 years ago

fix indentation, add filter for status (needs #12531); Screen: http://grab.by/2SfJ

comment:5 @ryan5 years ago

(In [13609]) Update ms-sites UI. Props ocean90. see #12460

comment:6 @nacin5 years ago

(In [13654]) Fix typo, trim whitespace. see #12460

comment:7 @ocean905 years ago

Some improvments on ms-sites.php

  • remove filter (can't use it, see #12531)
  • add action links for mature
  • add checks for mature
  • fix some strings
  • clean up of my-sites.php
  • clean up of ms.css, in my opinion we didn't need the styles for #all-my-blogs anymore.

@ocean905 years ago

comment:8 @ocean905 years ago

Please ignore the last patch, there are some bugs in it.

I will upload today or tomorrow a new one

comment:9 @ocean905 years ago

  • Summary changed from ugly UI under network to Overhaul of some multisite files

Here is it.

I fixed a lot of bugs, improved the ui and cleaned up the code. Here in detail:

  • ms-load.php
    • add the site status 'mature' to ms_site_check()
  • ms.dev.css
    • removed unused code
    • replaced mu with ms
    • added some style for ms-sites.php
    • changed/added background colors for site status
    • code clean up
  • ms.php
    • improved the confirm_delete_users() function
      • add option to delete the posts & links
    • improved the output of dashboard_quota(), its now in a line with the table above
    • used get_admin_url() instead of $blog->domain . $blog->path
    • used admin_url(), selected() and esc_url()
    • code clean up
  • ms-edit.php
    • reworked the HTTP_REFERER things, it uses now wp_get_referer(), it eliminates the confusing $_POSTref?
    • used admin_url(), selected() and esc_url()
    • fixed the allowed themes saving
    • fixed the adding of an existing user to a site
    • reworked case 'allblogs' , because we use now bulk actions
    • added current_user_can() check to mature functions
    • improved case 'confirm'
    • reactivated case 'deleteuser' (was a @todo on ms-users.php)
    • reworked case 'allusers' , because we use now bulk actions
    • added case 'dodelete' , because of the reworked user_delete_confirm() on ms.php
    • code clean up
  • ms-options.php
    • used include( 'admin-footer.php' ) instead include('./admin-footer.php');
    • code clean up
  • ms-sites.php
    • removed the exclamation marks, because we use full stops
    • code clean up
    • used checked(), esc_attr_e() instead echo esc_attr(),
    • used some css classes from core (.disabled for textareas/inputs)
    • sat 'Update Options' button in the center without fix marign
    • add description to themes box
    • reworked case 'list'
      • built the bulk actions
      • added site navigation like on all other sites
      • removed the filter, because we can't used it at the moment, see #12531
      • some other little things, to match the edit.php for posts and pages
      • added action links for mature site status
        • removed the action links for the current site
      • use an em-dash instead of a wrong registered date (#12747)
  • ms-themes.php
    • code clean up
    • use checked()
  • ms-users.php
    • more or less the same as ms-sites.php :)
  • my-sites.php
    • added function to validate the primary site (was a @todo)
    • improved the display for 4 columns
    • fixed strings
    • code clean up

comment:10 @ocean905 years ago

Forget to mention ms-delete-site.php in the changelog:

  • ms-delete-sites.php
    • fixed wrong variable ($switched is $switch)
    • code clean up
    • added the success and error message to wp_die(), because we didn't need the hole page
    • added a filter for delete_site_email_content()
    • replaced blog with site

@ocean905 years ago

thx to nacin, ryan, andreasnrb

@ocean905 years ago

some improvements after chat with nacin

comment:11 @markjaquith5 years ago

(In [13918]) Huge MS refactoring and code cleanup. see #12460. props ocean90.

comment:12 @nacin5 years ago

(In [13941]) Move add/remove super admin out of bulk edit and into user-edit.php. Introduce grant_super_admin() and revoke_super_admin(). Link to profile.php in ms-users user row for current user. Add defensive check by forcing IS_PROFILE_PAGE on user-edit if trying to edit your own user_id. see #12460

comment:13 @ryan5 years ago

Note that super/site admins can also be a hard-coded global array -- $site_admins. If this is present then the grant/revoke functions should noop.

comment:14 follow-up: @wpmuguru5 years ago

In my opinion, moving granting the super admin role out of the network admin pages is a significant security risk in the event of a vulnerability.

@ocean905 years ago

wp_die() over include('admin_header.php'); overhauled ms-admin.php, don't allow to change the status of the main site

comment:15 in reply to: ↑ 14 ; follow-up: @nacin5 years ago

Replying to wpmuguru:

In my opinion, moving granting the super admin role out of the network admin pages is a significant security risk in the event of a vulnerability.

I thought about this, but I strongly disagree. The sitemeta value could just as easily be updated via any "vulnerability."

comment:16 @nacin5 years ago

(In [13953]) More MS cleanups. props ocean90. see #12460

comment:17 in reply to: ↑ 15 @wpmuguru5 years ago

Replying to nacin:

I thought about this, but I strongly disagree. The sitemeta value could just as easily be updated via any "vulnerability."

If someone can get access to the database through a hack or vulnerability, nothing can be done in the UI to prevent a knowledgeable hacker from gaining access. IMO, the fact that it can be done another way doesn't justify creating a second potential opportunity.

comment:18 follow-up: @nacin5 years ago

I'm not talking about db access, I'm just referring to:

update_site_option( 'site_admins', array( 'nacin' ) );

Or, instead of replacing the current value:

update_site_option( 'site_admins', array_merge( get_site_option( 'site_admins' ), array( 'nacin' ) ) );

comment:19 @nacin5 years ago

(In [13965]) Some more MS cleanups. see #12460

comment:20 in reply to: ↑ 18 @wpmuguru5 years ago

Replying to nacin:

I'm not talking about db access, I'm just referring to:

update_site_option( 'site_admins', array( 'nacin' ) );

I'm not sure how that is different than $wpdb->query(... but I'll digress. [14003] allows my main concern to be blocked via a plugin. That's an acceptable alternative.

comment:21 @nacin5 years ago

  • Resolution set to fixed
  • Status changed from new to closed

I'm not sure how that is different than $wpdb->query(... but I'll digress.

Ah, I thought you meant actual access to the database, not a wpdb query. [14003] works for me.

Anyway, marking this one as fixed. Any more cleanups should be small, manageable patches. They can go in a new ticket.

comment:22 @wpmuguru5 years ago

@Ryan with [14011] you can block access to the functions via map_meta_cap.

comment:23 @nacin5 years ago

(In [14040]) Revert [14011]. Add some actions. fixes #12109, see #12460.

Note: See TracTickets for help on using tickets.