|
1 <?php |
|
2 /** |
|
3 * Comment Management Panel |
|
4 * |
|
5 * @package WordPress |
|
6 * @subpackage Administration |
|
7 */ |
|
8 |
|
9 /** Load WordPress Bootstrap */ |
|
10 require_once('admin.php'); |
|
11 |
|
12 $parent_file = 'edit-comments.php'; |
|
13 $submenu_file = 'edit-comments.php'; |
|
14 |
|
15 wp_reset_vars( array('action') ); |
|
16 |
|
17 if ( isset( $_POST['deletecomment'] ) ) |
|
18 $action = 'deletecomment'; |
|
19 |
|
20 if ( 'cdc' == $action ) |
|
21 $action = 'delete'; |
|
22 elseif ( 'mac' == $action ) |
|
23 $action = 'approve'; |
|
24 |
|
25 if ( isset( $_GET['dt'] ) ) { |
|
26 if ( 'spam' == $_GET['dt'] ) |
|
27 $action = 'spam'; |
|
28 elseif ( 'trash' == $_GET['dt'] ) |
|
29 $action = 'trash'; |
|
30 } |
|
31 |
|
32 /** |
|
33 * Display error message at bottom of comments. |
|
34 * |
|
35 * @param string $msg Error Message. Assumed to contain HTML and be sanitized. |
|
36 */ |
|
37 function comment_footer_die( $msg ) { |
|
38 echo "<div class='wrap'><p>$msg</p></div>"; |
|
39 include('admin-footer.php'); |
|
40 die; |
|
41 } |
|
42 |
|
43 switch( $action ) { |
|
44 |
|
45 case 'editcomment' : |
|
46 $title = __('Edit Comment'); |
|
47 |
|
48 wp_enqueue_script('comment'); |
|
49 require_once('admin-header.php'); |
|
50 |
|
51 $comment_id = absint( $_GET['c'] ); |
|
52 |
|
53 if ( !$comment = get_comment( $comment_id ) ) |
|
54 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') ); |
|
55 |
|
56 if ( !current_user_can('edit_post', $comment->comment_post_ID) ) |
|
57 comment_footer_die( __('You are not allowed to edit comments on this post.') ); |
|
58 |
|
59 if ( 'trash' == $comment->comment_approved ) |
|
60 comment_footer_die( __('This comment is in the Trash. Please move it out of the Trash if you want to edit it.') ); |
|
61 |
|
62 $comment = get_comment_to_edit( $comment_id ); |
|
63 |
|
64 include('edit-form-comment.php'); |
|
65 |
|
66 break; |
|
67 |
|
68 case 'delete' : |
|
69 case 'approve' : |
|
70 case 'trash' : |
|
71 case 'spam' : |
|
72 |
|
73 require_once('admin-header.php'); |
|
74 |
|
75 $comment_id = absint( $_GET['c'] ); |
|
76 $formaction = $action . 'comment'; |
|
77 $nonce_action = 'approve' == $action ? 'approve-comment_' : 'delete-comment_'; |
|
78 $nonce_action .= $comment_id; |
|
79 |
|
80 if ( !$comment = get_comment_to_edit( $comment_id ) ) |
|
81 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); |
|
82 |
|
83 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) |
|
84 comment_footer_die( 'approve' != $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); |
|
85 ?> |
|
86 <div class='wrap'> |
|
87 |
|
88 <div class="narrow"> |
|
89 <?php |
|
90 switch ( $action ) { |
|
91 case 'spam' : |
|
92 $caution_msg = __('You are about to mark the following comment as spam:'); |
|
93 $button = __('Spam Comment'); |
|
94 break; |
|
95 case 'trash' : |
|
96 $caution_msg = __('You are about to move the following comment to the Trash:'); |
|
97 $button = __('Trash Comment'); |
|
98 break; |
|
99 case 'delete' : |
|
100 $caution_msg = __('You are about to delete the following comment:'); |
|
101 $button = __('Permanently Delete Comment'); |
|
102 break; |
|
103 default : |
|
104 $caution_msg = __('You are about to approve the following comment:'); |
|
105 $button = __('Approve Comment'); |
|
106 break; |
|
107 } |
|
108 ?> |
|
109 |
|
110 <p><strong><?php _e('Caution:'); ?></strong> <?php echo $caution_msg; ?></p> |
|
111 |
|
112 <table class="form-table comment-ays"> |
|
113 <tr class="alt"> |
|
114 <th scope="row"><?php _e('Author'); ?></th> |
|
115 <td><?php echo $comment->comment_author; ?></td> |
|
116 </tr> |
|
117 <?php if ( $comment->comment_author_email ) { ?> |
|
118 <tr> |
|
119 <th scope="row"><?php _e('E-mail'); ?></th> |
|
120 <td><?php echo $comment->comment_author_email; ?></td> |
|
121 </tr> |
|
122 <?php } ?> |
|
123 <?php if ( $comment->comment_author_url ) { ?> |
|
124 <tr> |
|
125 <th scope="row"><?php _e('URL'); ?></th> |
|
126 <td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td> |
|
127 </tr> |
|
128 <?php } ?> |
|
129 <tr> |
|
130 <th scope="row" valign="top"><?php /* translators: field name in comment form */ echo _x('Comment', 'noun'); ?></th> |
|
131 <td><?php echo $comment->comment_content; ?></td> |
|
132 </tr> |
|
133 </table> |
|
134 |
|
135 <p><?php _e('Are you sure you want to do that?'); ?></p> |
|
136 |
|
137 <form action='comment.php' method='get'> |
|
138 |
|
139 <table width="100%"> |
|
140 <tr> |
|
141 <td><a class="button" href="<?php echo admin_url('edit-comments.php'); ?>"><?php esc_attr_e('No'); ?></a></td> |
|
142 <td class="textright"><input type='submit' class="button" value='<?php echo esc_attr($button); ?>' /></td> |
|
143 </tr> |
|
144 </table> |
|
145 |
|
146 <?php wp_nonce_field( $nonce_action ); ?> |
|
147 <input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' /> |
|
148 <input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' /> |
|
149 <input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' /> |
|
150 <input type='hidden' name='noredir' value='1' /> |
|
151 </form> |
|
152 |
|
153 </div> |
|
154 </div> |
|
155 <?php |
|
156 break; |
|
157 |
|
158 case 'deletecomment' : |
|
159 case 'trashcomment' : |
|
160 case 'untrashcomment' : |
|
161 case 'spamcomment' : |
|
162 case 'unspamcomment' : |
|
163 $comment_id = absint( $_REQUEST['c'] ); |
|
164 check_admin_referer( 'delete-comment_' . $comment_id ); |
|
165 |
|
166 $noredir = isset($_REQUEST['noredir']); |
|
167 |
|
168 if ( !$comment = get_comment($comment_id) ) |
|
169 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') ); |
|
170 if ( !current_user_can('edit_post', $comment->comment_post_ID ) ) |
|
171 comment_footer_die( __('You are not allowed to edit comments on this post.') ); |
|
172 |
|
173 if ( '' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php') ) |
|
174 $redir = wp_get_referer(); |
|
175 elseif ( '' != wp_get_original_referer() && false == $noredir ) |
|
176 $redir = wp_get_original_referer(); |
|
177 else |
|
178 $redir = admin_url('edit-comments.php'); |
|
179 |
|
180 $redir = remove_query_arg( array('spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids'), $redir ); |
|
181 |
|
182 switch ( $action ) { |
|
183 case 'deletecomment' : |
|
184 wp_delete_comment( $comment_id ); |
|
185 $redir = add_query_arg( array('deleted' => '1'), $redir ); |
|
186 break; |
|
187 case 'trashcomment' : |
|
188 wp_trash_comment($comment_id); |
|
189 $redir = add_query_arg( array('trashed' => '1', 'ids' => $comment_id), $redir ); |
|
190 break; |
|
191 case 'untrashcomment' : |
|
192 wp_untrash_comment($comment_id); |
|
193 $redir = add_query_arg( array('untrashed' => '1'), $redir ); |
|
194 break; |
|
195 case 'spamcomment' : |
|
196 wp_spam_comment($comment_id); |
|
197 $redir = add_query_arg( array('spammed' => '1', 'ids' => $comment_id), $redir ); |
|
198 break; |
|
199 case 'unspamcomment' : |
|
200 wp_unspam_comment($comment_id); |
|
201 $redir = add_query_arg( array('unspammed' => '1'), $redir ); |
|
202 break; |
|
203 } |
|
204 |
|
205 wp_redirect( $redir ); |
|
206 |
|
207 die; |
|
208 break; |
|
209 |
|
210 case 'approvecomment' : |
|
211 case 'unapprovecomment' : |
|
212 $comment_id = absint( $_GET['c'] ); |
|
213 check_admin_referer( 'approve-comment_' . $comment_id ); |
|
214 |
|
215 $noredir = isset( $_GET['noredir'] ); |
|
216 |
|
217 if ( !$comment = get_comment( $comment_id ) ) |
|
218 comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); |
|
219 |
|
220 if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) { |
|
221 if ( 'approvecomment' == $action ) |
|
222 comment_footer_die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); |
|
223 else |
|
224 comment_footer_die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') ); |
|
225 } |
|
226 |
|
227 if ( '' != wp_get_referer() && false == $noredir ) |
|
228 $redir = remove_query_arg( array('approved', 'unapproved'), wp_get_referer() ); |
|
229 else |
|
230 $redir = admin_url('edit-comments.php?p=' . absint( $comment->comment_post_ID ) ); |
|
231 |
|
232 if ( 'approvecomment' == $action ) { |
|
233 wp_set_comment_status( $comment_id, 'approve' ); |
|
234 $redir = add_query_arg( array( 'approved' => 1 ), $redir ); |
|
235 } else { |
|
236 wp_set_comment_status( $comment_id, 'hold' ); |
|
237 $redir = add_query_arg( array( 'unapproved' => 1 ), $redir ); |
|
238 } |
|
239 |
|
240 wp_redirect( $redir ); |
|
241 |
|
242 exit(); |
|
243 break; |
|
244 |
|
245 case 'editedcomment' : |
|
246 |
|
247 $comment_id = absint( $_POST['comment_ID'] ); |
|
248 $comment_post_id = absint( $_POST['comment_post_ID'] ); |
|
249 |
|
250 check_admin_referer( 'update-comment_' . $comment_id ); |
|
251 |
|
252 edit_comment(); |
|
253 |
|
254 $location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id; |
|
255 $location = apply_filters( 'comment_edit_redirect', $location, $comment_id ); |
|
256 wp_redirect( $location ); |
|
257 |
|
258 exit(); |
|
259 break; |
|
260 |
|
261 default: |
|
262 wp_die( __('Unknown action.') ); |
|
263 break; |
|
264 |
|
265 } // end switch |
|
266 |
|
267 include('admin-footer.php'); |
|
268 |
|
269 ?> |