*/
/** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
if ( !current_user_can('edit_posts') )
wp_die(__('Cheatin’ uh?'));
check_admin_referer( 'bulk-comments' );
if ( 'delete_all' == $doaction && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
- $comment_status = $wpdb->escape( $_REQUEST['comment_status'] );
- $delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
- $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" );
+ $comment_status = wp_unslash( $_REQUEST['comment_status'] );
+ $delete_time = wp_unslash( $_REQUEST['pagegen_timestamp'] );
+ $comment_ids = $wpdb->get_col( $wpdb->prepare( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = %s AND %s > comment_date_gmt", $comment_status, $delete_time ) );
$doaction = 'delete';
} elseif ( isset( $_REQUEST['delete_comments'] ) ) {
$comment_ids = $_REQUEST['delete_comments'];
wp_safe_redirect( $redirect_to );
exit;
} elseif ( ! empty( $_GET['_wp_http_referer'] ) ) {
- wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), stripslashes( $_SERVER['REQUEST_URI'] ) ) );
+ wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
exit;
}
enqueue_comment_hotkeys_js();
if ( $post_id )
- $title = sprintf(__('Comments on “%s”'), wp_html_excerpt(_draft_or_post_title($post_id), 50));
+ $title = sprintf( __( 'Comments on “%s”' ), wp_html_excerpt( _draft_or_post_title( $post_id ), 50, '…' ) );
else
$title = __('Comments');
'<p>' . __( '<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>' ) . '</p>'
);
-require_once('./admin-header.php');
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
?>
<div class="wrap">
<?php screen_icon(); ?>
<h2><?php
if ( $post_id )
- echo sprintf(__('Comments on “%s”'),
- sprintf('<a href="%s">%s</a>',
- get_edit_post_link($post_id),
- wp_html_excerpt(_draft_or_post_title($post_id), 50)
+ echo sprintf( __( 'Comments on “%s”' ),
+ sprintf( '<a href="%s">%s</a>',
+ get_edit_post_link( $post_id ),
+ wp_html_excerpt( _draft_or_post_title( $post_id ), 50, '…' )
)
);
else
echo __('Comments');
if ( isset($_REQUEST['s']) && $_REQUEST['s'] )
- printf( '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( stripslashes( $_REQUEST['s'] ) ), 50 ) ) . '</span>' ); ?>
+ echo '<span class="subtitle">' . sprintf( __( 'Search results for “%s”' ), wp_html_excerpt( esc_html( wp_unslash( $_REQUEST['s'] ) ), 50, '…' ) ) . '</span>'; ?>
</h2>
<?php
<?php
wp_comment_reply('-1', true, 'detail');
wp_comment_trashnotice();
-include('./admin-footer.php'); ?>
+include( ABSPATH . 'wp-admin/admin-footer.php' ); ?>