Projects : mp-wp : mp-wp_genesis
1 | <?php |
2 | /** |
3 | * Comment Management Panel |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | /** Load WordPress Bootstrap */ |
10 | require_once('admin.php'); |
11 | |
12 | $parent_file = 'edit-comments.php'; |
13 | $submenu_file = 'edit-comments.php'; |
14 | |
15 | wp_reset_vars( array('action') ); |
16 | |
17 | if ( isset( $_POST['deletecomment'] ) ) |
18 | $action = 'deletecomment'; |
19 | |
20 | /** |
21 | * Display error message at bottom of comments. |
22 | * |
23 | * @param string $msg Error Message. Assumed to contain HTML and be sanitized. |
24 | */ |
25 | function comment_footer_die( $msg ) { // |
26 | echo "<div class='wrap'><p>$msg</p></div>"; |
27 | include('admin-footer.php'); |
28 | die; |
29 | } |
30 | |
31 | switch( $action ) { |
32 | |
33 | case 'editcomment' : |
34 | $title = __('Edit Comment'); |
35 | |
36 | wp_enqueue_script('comment'); |
37 | require_once('admin-header.php'); |
38 | |
39 | $comment_id = absint( $_GET['c'] ); |
40 | |
41 | if ( !$comment = get_comment( $comment_id ) ) |
42 | comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'javascript:history.go(-1)') ); |
43 | |
44 | if ( !current_user_can('edit_post', $comment->comment_post_ID) ) |
45 | comment_footer_die( __('You are not allowed to edit comments on this post.') ); |
46 | |
47 | $comment = get_comment_to_edit( $comment_id ); |
48 | |
49 | include('edit-form-comment.php'); |
50 | |
51 | break; |
52 | |
53 | case 'cdc' : |
54 | case 'mac' : |
55 | |
56 | require_once('admin-header.php'); |
57 | |
58 | $comment_id = absint( $_GET['c'] ); |
59 | $formaction = 'cdc' == $action ? 'deletecomment' : 'approvecomment'; |
60 | $nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_'; |
61 | $nonce_action .= $comment_id; |
62 | |
63 | if ( !$comment = get_comment_to_edit( $comment_id ) ) |
64 | comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); |
65 | |
66 | if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) |
67 | comment_footer_die( 'cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); |
68 | ?> |
69 | <div class='wrap'> |
70 | |
71 | <div class="narrow"> |
72 | <?php |
73 | if ( 'spam' == $_GET['dt'] ) { |
74 | $caution_msg = __('You are about to mark the following comment as spam:'); |
75 | $button = __('Spam Comment'); |
76 | } elseif ( 'cdc' == $action ) { |
77 | $caution_msg = __('You are about to delete the following comment:'); |
78 | $button = __('Delete Comment'); |
79 | } else { |
80 | $caution_msg = __('You are about to approve the following comment:'); |
81 | $button = __('Approve Comment'); |
82 | } |
83 | ?> |
84 | |
85 | <p><strong><?php _e('Caution:'); ?></strong> <?php echo $caution_msg; ?></p> |
86 | |
87 | <p><?php _e('Are you sure you want to do that?'); ?></p> |
88 | |
89 | <form action='comment.php' method='get'> |
90 | |
91 | <table width="100%"> |
92 | <tr> |
93 | <td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td> |
94 | <td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td> |
95 | </tr> |
96 | </table> |
97 | |
98 | <?php wp_nonce_field( $nonce_action ); ?> |
99 | <input type='hidden' name='action' value='<?php echo $formaction; ?>' /> |
100 | <?php if ( 'spam' == $_GET['dt'] ) { ?> |
101 | <input type='hidden' name='dt' value='spam' /> |
102 | <?php } ?> |
103 | <input type='hidden' name='p' value='<?php echo $comment->comment_post_ID; ?>' /> |
104 | <input type='hidden' name='c' value='<?php echo $comment->comment_ID; ?>' /> |
105 | <input type='hidden' name='noredir' value='1' /> |
106 | </form> |
107 | |
108 | <table class="form-table" cellpadding="5"> |
109 | <tr class="alt"> |
110 | <th scope="row"><?php _e('Author'); ?></th> |
111 | <td><?php echo $comment->comment_author; ?></td> |
112 | </tr> |
113 | <?php if ( $comment->comment_author_email ) { ?> |
114 | <tr> |
115 | <th scope="row"><?php _e('E-mail'); ?></th> |
116 | <td><?php echo $comment->comment_author_email; ?></td> |
117 | </tr> |
118 | <?php } ?> |
119 | <?php if ( $comment->comment_author_url ) { ?> |
120 | <tr> |
121 | <th scope="row"><?php _e('URL'); ?></th> |
122 | <td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td> |
123 | </tr> |
124 | <?php } ?> |
125 | <tr> |
126 | <th scope="row" valign="top"><?php echo _c('Comment|noun'); ?></th> |
127 | <td><?php echo $comment->comment_content; ?></td> |
128 | </tr> |
129 | </table> |
130 | |
131 | </div> |
132 | </div> |
133 | <?php |
134 | break; |
135 | |
136 | case 'deletecomment' : |
137 | $comment_id = absint( $_REQUEST['c'] ); |
138 | check_admin_referer( 'delete-comment_' . $comment_id ); |
139 | |
140 | if ( isset( $_REQUEST['noredir'] ) ) |
141 | $noredir = true; |
142 | else |
143 | $noredir = false; |
144 | |
145 | if ( !$comment = get_comment( $comment_id ) ) |
146 | comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit-comments.php') ); |
147 | |
148 | if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) |
149 | comment_footer_die( __('You are not allowed to edit comments on this post.') ); |
150 | |
151 | if ( 'spam' == $_REQUEST['dt'] ) |
152 | wp_set_comment_status( $comment->comment_ID, 'spam' ); |
153 | else |
154 | wp_delete_comment( $comment->comment_ID ); |
155 | |
156 | if ( '' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php' ) ) |
157 | wp_redirect( wp_get_referer() ); |
158 | else if ( '' != wp_get_original_referer() && false == $noredir ) |
159 | wp_redirect( wp_get_original_referer() ); |
160 | else |
161 | wp_redirect( admin_url('edit-comments.php') ); |
162 | |
163 | die; |
164 | break; |
165 | |
166 | case 'unapprovecomment' : |
167 | $comment_id = absint( $_GET['c'] ); |
168 | check_admin_referer( 'unapprove-comment_' . $comment_id ); |
169 | |
170 | if ( isset( $_GET['noredir'] ) ) |
171 | $noredir = true; |
172 | else |
173 | $noredir = false; |
174 | |
175 | if ( !$comment = get_comment( $comment_id ) ) |
176 | comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); |
177 | |
178 | if ( !current_user_can( 'edit_post', $comment->comment_post_ID ) ) |
179 | comment_footer_die( __('You are not allowed to edit comments on this post, so you cannot disapprove this comment.') ); |
180 | |
181 | wp_set_comment_status( $comment->comment_ID, 'hold' ); |
182 | |
183 | if ( '' != wp_get_referer() && false == $noredir ) |
184 | wp_redirect( wp_get_referer() ); |
185 | else |
186 | wp_redirect( admin_url('edit-comments.php?p=' . absint( $comment->comment_post_ID ) . '#comments') ); |
187 | |
188 | exit(); |
189 | break; |
190 | |
191 | case 'approvecomment' : |
192 | $comment_id = absint( $_GET['c'] ); |
193 | check_admin_referer( 'approve-comment_' . $comment_id ); |
194 | |
195 | if ( isset( $_GET['noredir'] ) ) |
196 | $noredir = true; |
197 | else |
198 | $noredir = false; |
199 | |
200 | if ( !$comment = get_comment( $comment_id ) ) |
201 | comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">'.__('Go back').'</a>!', 'edit.php') ); |
202 | |
203 | if ( !current_user_can('edit_post', $comment->comment_post_ID) ) |
204 | comment_footer_die( __('You are not allowed to edit comments on this post, so you cannot approve this comment.') ); |
205 | |
206 | wp_set_comment_status( $comment->comment_ID, 'approve' ); |
207 | |
208 | if ( '' != wp_get_referer() && false == $noredir ) |
209 | wp_redirect( wp_get_referer() ); |
210 | else |
211 | wp_redirect( admin_url('edit-comments.php?p=' . absint( $comment->comment_post_ID ) . '#comments') ); |
212 | |
213 | exit(); |
214 | break; |
215 | |
216 | case 'editedcomment' : |
217 | |
218 | $comment_id = absint( $_POST['comment_ID'] ); |
219 | $comment_post_id = absint( $_POST['comment_post_id'] ); |
220 | |
221 | check_admin_referer( 'update-comment_' . $comment_id ); |
222 | |
223 | edit_comment(); |
224 | |
225 | $location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id; |
226 | $location = apply_filters( 'comment_edit_redirect', $location, $comment_id ); |
227 | wp_redirect( $location ); |
228 | |
229 | exit(); |
230 | break; |
231 | |
232 | default: |
233 | wp_die( __('Unknown action.') ); |
234 | break; |
235 | |
236 | } // end switch |
237 | |
238 | include('admin-footer.php'); |
239 | |
240 | ?> |