<?php
+/**
+ * Comment Management Panel
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
+
+/** Load WordPress Bootstrap */
require_once('admin.php');
$parent_file = 'edit-comments.php';
if ( isset( $_POST['deletecomment'] ) )
$action = 'deletecomment';
-function comment_footer_die( $msg ) { // $msg is assumed to contain HTML and be sanitized
+/**
+ * Display error message at bottom of comments.
+ *
+ * @param string $msg Error Message. Assumed to contain HTML and be sanitized.
+ */
+function comment_footer_die( $msg ) {
echo "<div class='wrap'><p>$msg</p></div>";
include('admin-footer.php');
die;
$title = __('Edit Comment');
wp_enqueue_script('comment');
- //wp_enqueue_script('thickbox');
require_once('admin-header.php');
$comment_id = absint( $_GET['c'] );
<table width="100%">
<tr>
-<td><input type='button' class="button" value='<?php _e('No'); ?>' onclick="self.location='<?php echo get_option('siteurl'); ?>/wp-admin/edit-comments.php';" /></td>
-<td class="textright"><input type='submit' class="button" value='<?php echo $button; ?>' /></td>
+<td><input type='button' class="button" value='<?php esc_attr_e('No'); ?>' onclick="self.location='<?php echo admin_url('edit-comments.php'); ?>" /></td>
+<td class="textright"><input type='submit' class="button" value='<?php echo esc_attr($button); ?>' /></td>
</tr>
</table>
<?php wp_nonce_field( $nonce_action ); ?>
-<input type='hidden' name='action' value='<?php echo $formaction; ?>' />
+<input type='hidden' name='action' value='<?php echo esc_attr($formaction); ?>' />
<?php if ( 'spam' == $_GET['dt'] ) { ?>
<input type='hidden' name='dt' value='spam' />
<?php } ?>
-<input type='hidden' name='p' value='<?php echo $comment->comment_post_ID; ?>' />
-<input type='hidden' name='c' value='<?php echo $comment->comment_ID; ?>' />
+<input type='hidden' name='p' value='<?php echo esc_attr($comment->comment_post_ID); ?>' />
+<input type='hidden' name='c' value='<?php echo esc_attr($comment->comment_ID); ?>' />
<input type='hidden' name='noredir' value='1' />
</form>
<?php if ( $comment->comment_author_url ) { ?>
<tr>
<th scope="row"><?php _e('URL'); ?></th>
-<td><a href='<?php echo $comment->comment_author_url; ?>'><?php echo $comment->comment_author_url; ?></a></td>
+<td><a href="<?php echo $comment->comment_author_url; ?>"><?php echo $comment->comment_author_url; ?></a></td>
</tr>
<?php } ?>
<tr>
-<th scope="row" valign="top"><?php _e('Comment'); ?></th>
+<th scope="row" valign="top"><?php /* translators: field name in comment form */ echo _x('Comment', 'noun'); ?></th>
<td><?php echo $comment->comment_content; ?></td>
</tr>
</table>
else if ( '' != wp_get_original_referer() && false == $noredir )
wp_redirect( wp_get_original_referer() );
else
- wp_redirect( get_option('siteurl') . '/wp-admin/edit-comments.php' );
+ wp_redirect( admin_url('edit-comments.php') );
die;
break;
if ( '' != wp_get_referer() && false == $noredir )
wp_redirect( wp_get_referer() );
else
- wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
+ wp_redirect( admin_url('edit-comments.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
exit();
break;
wp_set_comment_status( $comment->comment_ID, 'approve' );
- if ( true == get_option('comments_notify') )
- wp_notify_postauthor( $comment->comment_ID );
-
-
if ( '' != wp_get_referer() && false == $noredir )
wp_redirect( wp_get_referer() );
else
- wp_redirect( get_option('siteurl') . '/wp-admin/edit.php?p=' . absint( $comment->comment_post_ID ) . '#comments' );
+ wp_redirect( admin_url('edit-comments.php?p=' . absint( $comment->comment_post_ID ) . '#comments') );
exit();
break;
case 'editedcomment' :
$comment_id = absint( $_POST['comment_ID'] );
- $comment_post_id = absint( $_POST['comment_post_id'] );
+ $comment_post_id = absint( $_POST['comment_post_ID'] );
check_admin_referer( 'update-comment_' . $comment_id );
edit_comment();
- $location = ( empty( $_POST['referredby'] ) ? "edit.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id;
+ $location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id;
$location = apply_filters( 'comment_edit_redirect', $location, $comment_id );
wp_redirect( $location );