X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/11be8dc178e77d0b46189bbd8e33a216a9b90942..refs/tags/wordpress-2.9:/wp-admin/edit-comments.php

diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 43eecffc..ee23b3e3 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -9,45 +9,41 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin’ uh?'));
+
 wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();
 
 $post_id = isset($_REQUEST['p']) ? (int) $_REQUEST['p'] : 0;
 
-if ( ( isset( $_REQUEST['delete_all_spam'] ) || isset( $_REQUEST['delete_all_spam2'] ) ) && !empty( $_REQUEST['pagegen_timestamp'] ) ) {
-	check_admin_referer('bulk-spam-delete', '_spam_nonce');
+if ( isset($_REQUEST['doaction']) ||  isset($_REQUEST['doaction2']) || isset($_REQUEST['delete_all']) || isset($_REQUEST['delete_all2']) ) {
+	check_admin_referer('bulk-comments');
 
-	$delete_time = $wpdb->escape( $_REQUEST['pagegen_timestamp'] );
-	if ( current_user_can('moderate_comments')) {
-		$deleted_spam = $wpdb->query( "DELETE FROM $wpdb->comments WHERE comment_approved = 'spam' AND '$delete_time' > comment_date_gmt" );
+	if ( (isset($_REQUEST['delete_all']) || isset($_REQUEST['delete_all2'])) && !empty($_REQUEST['pagegen_timestamp']) ) {
+		$comment_status = $wpdb->escape($_REQUEST['comment_status']);
+		$delete_time = $wpdb->escape($_REQUEST['pagegen_timestamp']);
+		$comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" );
+		$doaction = 'delete';
+	} elseif ( ($_REQUEST['action'] != -1 || $_REQUEST['action2'] != -1) && isset($_REQUEST['delete_comments']) ) {
+		$comment_ids = $_REQUEST['delete_comments'];
+		$doaction = ($_REQUEST['action'] != -1) ? $_REQUEST['action'] : $_REQUEST['action2'];
+	} elseif ( $_REQUEST['doaction'] == 'undo' && isset($_REQUEST['ids']) ) {
+		$comment_ids = array_map( 'absint', explode(',', $_REQUEST['ids']) );
+		$doaction = $_REQUEST['action'];
 	} else {
-		$deleted_spam = 0;
+		wp_redirect($_SERVER['HTTP_REFERER']);
 	}
-	$redirect_to = 'edit-comments.php?comment_status=spam&deleted=' . (int) $deleted_spam;
-	if ( $post_id )
-		$redirect_to = add_query_arg( 'p', absint( $post_id ), $redirect_to );
-	wp_redirect( $redirect_to );
-} elseif ( isset($_REQUEST['delete_comments']) && isset($_REQUEST['action']) && ( -1 != $_REQUEST['action'] || -1 != $_REQUEST['action2'] ) ) {
-	check_admin_referer('bulk-comments');
-	$doaction = ( -1 != $_REQUEST['action'] ) ? $_REQUEST['action'] : $_REQUEST['action2'];
 
-	$deleted = $approved = $unapproved = $spammed = 0;
-	foreach ( (array) $_REQUEST['delete_comments'] as $comment_id) : // Check the permissions on each
-		$comment_id = (int) $comment_id;
+	$approved = $unapproved = $spammed = $unspammed = $trashed = $untrashed = $deleted = 0;
+
+	foreach ($comment_ids as $comment_id) { // Check the permissions on each
 		$_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) );
 
 		if ( !current_user_can('edit_post', $_post_id) )
 			continue;
 
 		switch( $doaction ) {
-			case 'markspam' :
-				wp_set_comment_status($comment_id, 'spam');
-				$spammed++;
-				break;
-			case 'delete' :
-				wp_set_comment_status($comment_id, 'delete');
-				$deleted++;
-				break;
 			case 'approve' :
 				wp_set_comment_status($comment_id, 'approve');
 				$approved++;
@@ -56,10 +52,48 @@ if ( ( isset( $_REQUEST['delete_all_spam'] ) || isset( $_REQUEST['delete_all_spa
 				wp_set_comment_status($comment_id, 'hold');
 				$unapproved++;
 				break;
+			case 'spam' :
+				wp_spam_comment($comment_id);
+				$spammed++;
+				break;
+			case 'unspam' :
+				wp_unspam_comment($comment_id);
+				$unspammed++;
+				break;
+			case 'trash' :
+				wp_trash_comment($comment_id);
+				$trashed++;
+				break;
+			case 'untrash' :
+				wp_untrash_comment($comment_id);
+				$untrashed++;
+				break;
+			case 'delete' :
+				wp_delete_comment($comment_id);
+				$deleted++;
+				break;
 		}
-	endforeach;
+	}
+
+	$redirect_to = 'edit-comments.php';
+
+	if ( $approved )
+		$redirect_to = add_query_arg( 'approved', $approved, $redirect_to );
+	if ( $unapproved )
+		$redirect_to = add_query_arg( 'unapproved', $unapproved, $redirect_to );
+	if ( $spammed )
+		$redirect_to = add_query_arg( 'spammed', $spammed, $redirect_to );
+	if ( $unspammed )
+		$redirect_to = add_query_arg( 'unspammed', $unspammed, $redirect_to );
+	if ( $trashed )
+		$redirect_to = add_query_arg( 'trashed', $trashed, $redirect_to );
+	if ( $untrashed )
+		$redirect_to = add_query_arg( 'untrashed', $untrashed, $redirect_to );
+	if ( $deleted )
+		$redirect_to = add_query_arg( 'deleted', $deleted, $redirect_to );
+	if ( $trashed || $spammed )
+		$redirect_to = add_query_arg( 'ids', join(',', $comment_ids), $redirect_to );
 
-	$redirect_to = 'edit-comments.php?deleted=' . $deleted . '&approved=' . $approved . '&spam=' . $spammed . '&unapproved=' . $unapproved;
 	if ( $post_id )
 		$redirect_to = add_query_arg( 'p', absint( $post_id ), $redirect_to );
 	if ( isset($_REQUEST['apage']) )
@@ -83,43 +117,60 @@ else
 
 require_once('admin-header.php');
 
-$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : attribute_escape($_GET['mode']);
+$mode = ( ! isset($_GET['mode']) || empty($_GET['mode']) ) ? 'detail' : esc_attr($_GET['mode']);
 
-$comment_status = !empty($_GET['comment_status']) ? attribute_escape($_GET['comment_status']) : '';
+$comment_status = isset($_REQUEST['comment_status']) ? $_REQUEST['comment_status'] : 'all';
+if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam', 'trash')) )
+	$comment_status = 'all';
 
-$comment_type = !empty($_GET['comment_type']) ? attribute_escape($_GET['comment_type']) : '';
+$comment_type = !empty($_GET['comment_type']) ? esc_attr($_GET['comment_type']) : '';
 
 $search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : '';
-$search = attribute_escape( $search_dirty ); ?>
+$search = esc_attr( $search_dirty ); ?>
 
 <div class="wrap">
 <?php screen_icon(); ?>
-<h2><?php echo wp_specialchars( $title );
+<h2><?php echo esc_html( $title );
 if ( isset($_GET['s']) && $_GET['s'] )
-	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( wp_specialchars( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
+	printf( '<span class="subtitle">' . sprintf( __( 'Search results for &#8220;%s&#8221;' ), wp_html_excerpt( esc_html( stripslashes( $_GET['s'] ) ), 50 ) ) . '</span>' ); ?>
 </h2>
 
 <?php
-if ( isset( $_GET['approved'] ) || isset( $_GET['deleted'] ) || isset( $_GET['spam'] ) ) {
-	$approved = isset( $_GET['approved'] ) ? (int) $_GET['approved'] : 0;
-	$deleted = isset( $_GET['deleted'] ) ? (int) $_GET['deleted'] : 0;
-	$spam = isset( $_GET['spam'] ) ? (int) $_GET['spam'] : 0;
-
-	if ( $approved > 0 || $deleted > 0 || $spam > 0 ) {
+if ( isset($_GET['approved']) || isset($_GET['deleted']) || isset($_GET['trashed']) || isset($_GET['untrashed']) || isset($_GET['spammed']) || isset($_GET['unspammed']) ) {
+	$approved = isset($_GET['approved']) ? (int) $_GET['approved'] : 0;
+	$deleted = isset($_GET['deleted']) ? (int) $_GET['deleted'] : 0;
+	$trashed = isset($_GET['trashed']) ? (int) $_GET['trashed'] : 0;
+	$untrashed = isset($_GET['untrashed']) ? (int) $_GET['untrashed'] : 0;
+	$spammed = isset($_GET['spammed']) ? (int) $_GET['spammed'] : 0;
+	$unspammed = isset($_GET['unspammed']) ? (int) $_GET['unspammed'] : 0;
+
+	if ( $approved > 0 || $deleted > 0 || $trashed > 0 || $untrashed > 0 || $spammed > 0 || $unspammed > 0 ) {
 		echo '<div id="moderated" class="updated fade"><p>';
 
 		if ( $approved > 0 ) {
-			printf( __ngettext( '%s comment approved', '%s comments approved', $approved ), $approved );
+			printf( _n( '%s comment approved', '%s comments approved', $approved ), $approved );
 			echo '<br />';
 		}
-
-		if ( $deleted > 0 ) {
-			printf( __ngettext( '%s comment deleted', '%s comments deleted', $deleted ), $deleted );
+		if ( $spammed > 0 ) {
+			printf( _n( '%s comment marked as spam.', '%s comments marked as spam.', $spammed ), $spammed );
+			$ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
+			echo ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=unspam&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />';
+		}
+		if ( $unspammed > 0 ) {
+			printf( _n( '%s comment restored from the spam', '%s comments restored from the spam', $unspammed ), $unspammed );
 			echo '<br />';
 		}
-
-		if ( $spam > 0 ) {
-			printf( __ngettext( '%s comment marked as spam', '%s comments marked as spam', $spam ), $spam );
+		if ( $trashed > 0 ) {
+			printf( _n( '%s comment moved to the trash.', '%s comments moved to the trash.', $trashed ), $trashed );
+			$ids = isset($_GET['ids']) ? $_GET['ids'] : 0;
+			echo ' <a href="' . esc_url( wp_nonce_url( "edit-comments.php?doaction=undo&action=untrash&ids=$ids", "bulk-comments" ) ) . '">' . __('Undo') . '</a><br />';
+		}
+		if ( $untrashed > 0 ) {
+			printf( _n( '%s comment restored from the trash', '%s comments restored from the trash', $untrashed ), $untrashed );
+			echo '<br />';
+		}
+		if ( $deleted > 0 ) {
+			printf( _n( '%s comment permanently deleted', '%s comments permanently deleted', $deleted ), $deleted );
 			echo '<br />';
 		}
 
@@ -136,34 +187,37 @@ $num_comments = ( $post_id ) ? wp_count_comments( $post_id ) : wp_count_comments
 //, number_format_i18n($num_comments->moderated) ), "<span class='comment-count'>" . number_format_i18n($num_comments->moderated) . "</span>"),
 //, number_format_i18n($num_comments->spam) ), "<span class='spam-comment-count'>" . number_format_i18n($num_comments->spam) . "</span>")
 $stati = array(
-		'all' => __ngettext_noop('All', 'All'), // singular not used
-		'moderated' => __ngettext_noop('Pending (<span class="pending-count">%s</span>)', 'Pending (<span class="pending-count">%s</span>)'),
-		'approved' => __ngettext_noop('Approved', 'Approved'), // singular not used
-		'spam' => __ngettext_noop('Spam (<span class="spam-count">%s</span>)', 'Spam (<span class="spam-count">%s</span>)')
+		'all' => _n_noop('All', 'All'), // singular not used
+		'moderated' => _n_noop('Pending <span class="count">(<span class="pending-count">%s</span>)</span>', 'Pending <span class="count">(<span class="pending-count">%s</span>)</span>'),
+		'approved' => _n_noop('Approved', 'Approved'), // singular not used
+		'spam' => _n_noop('Spam <span class="count">(<span class="spam-count">%s</span>)</span>', 'Spam <span class="count">(<span class="spam-count">%s</span>)</span>'),
+		'trash' => _n_noop('Trash <span class="count">(<span class="trash-count">%s</span>)</span>', 'Trash <span class="count">(<span class="trash-count">%s</span>)</span>')
 	);
-$class = ( '' === $comment_status ) ? ' class="current"' : '';
-// $status_links[] = "<li><a href='edit-comments.php'$class>" . __( 'All' ) . '</a>';
+
+if ( !EMPTY_TRASH_DAYS )
+	unset($stati['trash']);
+
 $link = 'edit-comments.php';
 if ( !empty($comment_type) && 'all' != $comment_type )
 	$link = add_query_arg( 'comment_type', $comment_type, $link );
+
 foreach ( $stati as $status => $label ) {
 	$class = '';
 
-	if ( str_replace( 'all', '', $status ) == $comment_status )
+	if ( $status == $comment_status )
 		$class = ' class="current"';
 	if ( !isset( $num_comments->$status ) )
 		$num_comments->$status = 10;
-	if ( 'all' != $status )
-		$link = add_query_arg( 'comment_status', $status, $link );
+	$link = add_query_arg( 'comment_status', $status, $link );
 	if ( $post_id )
 		$link = add_query_arg( 'p', absint( $post_id ), $link );
 	/*
 	// I toyed with this, but decided against it. Leaving it in here in case anyone thinks it is a good idea. ~ Mark
 	if ( !empty( $_GET['s'] ) )
-		$link = add_query_arg( 's', attribute_escape( stripslashes( $_GET['s'] ) ), $link );
+		$link = add_query_arg( 's', esc_attr( stripslashes( $_GET['s'] ) ), $link );
 	*/
 	$status_links[] = "<li class='$status'><a href='$link'$class>" . sprintf(
-		__ngettext( $label[0], $label[1], $num_comments->$status ),
+		_n( $label[0], $label[1], $num_comments->$status ),
 		number_format_i18n( $num_comments->$status )
 	) . '</a>';
 }
@@ -176,13 +230,16 @@ unset($status_links);
 </ul>
 
 <p class="search-box">
-	<label class="hidden" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label>
-	<input type="text" class="search-input" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" />
-	<input type="submit" value="<?php _e( 'Search Comments' ); ?>" class="button" />
+	<label class="screen-reader-text" for="comment-search-input"><?php _e( 'Search Comments' ); ?>:</label>
+	<input type="text" id="comment-search-input" name="s" value="<?php _admin_search_query(); ?>" />
+	<input type="submit" value="<?php esc_attr_e( 'Search Comments' ); ?>" class="button" />
 </p>
 
 <?php
-$comments_per_page = apply_filters('comments_per_page', 20, $comment_status);
+$comments_per_page = (int) get_user_option( 'edit_comments_per_page', 0, false );
+if ( empty( $comments_per_page ) || $comments_per_page < 1 )
+	$comments_per_page = 20;
+$comments_per_page = apply_filters( 'comments_per_page', $comments_per_page, $comment_status );
 
 if ( isset( $_GET['apage'] ) )
 	$page = abs( (int) $_GET['apage'] );
@@ -191,7 +248,7 @@ else
 
 $start = $offset = ( $page - 1 ) * $comments_per_page;
 
-list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 5, $post_id, $comment_type ); // Grab a few extra
+list($_comments, $total) = _wp_get_comment_list( $comment_status, $search_dirty, $start, $comments_per_page + 8, $post_id, $comment_type ); // Grab a few extra
 
 $_comment_post_ids = array();
 foreach ( $_comments as $_c ) {
@@ -217,12 +274,12 @@ $page_links = paginate_links( array(
 
 ?>
 
-<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
+<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
 <?php if ( $post_id ) : ?>
-<input type="hidden" name="p" value="<?php echo intval( $post_id ); ?>" />
+<input type="hidden" name="p" value="<?php echo esc_attr( intval( $post_id ) ); ?>" />
 <?php endif; ?>
-<input type="hidden" name="comment_status" value="<?php echo $comment_status; ?>" />
-<input type="hidden" name="pagegen_timestamp" value="<?php echo current_time('mysql', 1); ?>" />
+<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
+<input type="hidden" name="pagegen_timestamp" value="<?php echo esc_attr(current_time('mysql', 1)); ?>" />
 
 <div class="tablenav">
 
@@ -230,29 +287,40 @@ $page_links = paginate_links( array(
 <div class="tablenav-pages"><?php $page_links_text = sprintf( '<span class="displaying-num">' . __( 'Displaying %s&#8211;%s of %s' ) . '</span>%s',
 	number_format_i18n( $start + 1 ),
 	number_format_i18n( min( $page * $comments_per_page, $total ) ),
-	number_format_i18n( $total ),
+	'<span class="total-type-count">' . number_format_i18n( $total ) . '</span>',
 	$page_links
 ); echo $page_links_text; ?></div>
+<input type="hidden" name="_total" value="<?php echo esc_attr($total); ?>" />
+<input type="hidden" name="_per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
+<input type="hidden" name="_page" value="<?php echo esc_attr($page); ?>" />
 <?php endif; ?>
 
 <div class="alignleft actions">
 <select name="action">
 <option value="-1" selected="selected"><?php _e('Bulk Actions') ?></option>
-<?php if ( empty($comment_status) || 'approved' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'approved' == $comment_status ): ?>
 <option value="unapprove"><?php _e('Unapprove'); ?></option>
 <?php endif; ?>
-<?php if ( empty($comment_status) || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
 <option value="approve"><?php _e('Approve'); ?></option>
 <?php endif; ?>
-<?php if ( 'spam' != $comment_status ): ?>
-<option value="markspam"><?php _e('Mark as Spam'); ?></option>
+<?php if ( 'all' == $comment_status || 'approved' == $comment_status || 'moderated' == $comment_status ): ?>
+<option value="spam"><?php _e('Mark as Spam'); ?></option>
+<?php endif; ?>
+<?php if ( 'trash' == $comment_status ): ?>
+<option value="untrash"><?php _e('Restore'); ?></option>
+<?php elseif ( 'spam' == $comment_status ): ?>
+<option value="unspam"><?php _e('Not Spam'); ?></option>
+<?php endif; ?>
+<?php if ( 'trash' == $comment_status || 'spam' == $comment_status || !EMPTY_TRASH_DAYS ): ?>
+<option value="delete"><?php _e('Delete Permanently'); ?></option>
+<?php else: ?>
+<option value="trash"><?php _e('Move to Trash'); ?></option>
 <?php endif; ?>
-<option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" name="doaction" id="doaction" value="<?php _e('Apply'); ?>" class="button-secondary apply" />
+<input type="submit" name="doaction" id="doaction" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
 <?php wp_nonce_field('bulk-comments'); ?>
 
-<?php if ( $comment_status ) echo "<input type='hidden' name='comment_status' value='$comment_status' />\n"; ?>
 <select name="comment_type">
 	<option value="all"><?php _e('Show all comment types'); ?></option>
 <?php
@@ -262,23 +330,25 @@ $page_links = paginate_links( array(
 	) );
 
 	foreach ( $comment_types as $type => $label ) {
-		echo "	<option value='$type'";
+		echo "	<option value='" . esc_attr($type) . "'";
 		selected( $comment_type, $type );
 		echo ">$label</option>\n";
 	}
 ?>
 </select>
-<input type="submit" id="post-query-submit" value="<?php _e('Filter'); ?>" class="button-secondary" />
+<input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" />
 
 <?php if ( isset($_GET['apage']) ) { ?>
-	<input type="hidden" name="apage" value="<?php echo absint( $_GET['apage'] ); ?>" />
+	<input type="hidden" name="apage" value="<?php echo esc_attr( absint( $_GET['apage'] ) ); ?>" />
 <?php }
 
-if ( 'spam' == $comment_status ) {
-	wp_nonce_field('bulk-spam-delete', '_spam_nonce'); 
-        if ( current_user_can ('moderate_comments')) { ?>
-		<input type="submit" name="delete_all_spam" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
-<?php	}
+if ( ( 'spam' == $comment_status || 'trash' == $comment_status) && current_user_can ('moderate_comments') ) {
+	wp_nonce_field('bulk-destroy', '_destroy_nonce');
+    if ( 'spam' == $comment_status && current_user_can('moderate_comments') ) { ?>
+		<input type="submit" name="delete_all" id="delete_all" value="<?php esc_attr_e('Empty Spam'); ?>" class="button-secondary apply" />
+<?php } elseif ( 'trash' == $comment_status && current_user_can('moderate_comments') ) { ?>
+		<input type="submit" name="delete_all" id="delete_all" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
+<?php }
 } ?>
 <?php do_action('manage_comments_nav', $comment_status); ?>
 </div>
@@ -326,21 +396,32 @@ if ( $page_links )
 <div class="alignleft actions">
 <select name="action2">
 <option value="-1" selected="selected"><?php _e('Bulk Actions') ?></option>
-<?php if ( empty($comment_status) || 'approved' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'approved' == $comment_status ): ?>
 <option value="unapprove"><?php _e('Unapprove'); ?></option>
 <?php endif; ?>
-<?php if ( empty($comment_status) || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
+<?php if ( 'all' == $comment_status || 'moderated' == $comment_status || 'spam' == $comment_status ): ?>
 <option value="approve"><?php _e('Approve'); ?></option>
 <?php endif; ?>
-<?php if ( 'spam' != $comment_status ): ?>
-<option value="markspam"><?php _e('Mark as Spam'); ?></option>
+<?php if ( 'all' == $comment_status || 'approved' == $comment_status || 'moderated' == $comment_status ): ?>
+<option value="spam"><?php _e('Mark as Spam'); ?></option>
+<?php endif; ?>
+<?php if ( 'trash' == $comment_status ): ?>
+<option value="untrash"><?php _e('Restore'); ?></option>
+<?php endif; ?>
+<?php if ( 'trash' == $comment_status || 'spam' == $comment_status || !EMPTY_TRASH_DAYS ): ?>
+<option value="delete"><?php _e('Delete Permanently'); ?></option>
+<?php elseif ( 'spam' == $comment_status ): ?>
+<option value="unspam"><?php _e('Not Spam'); ?></option>
+<?php else: ?>
+<option value="trash"><?php _e('Move to Trash'); ?></option>
 <?php endif; ?>
-<option value="delete"><?php _e('Delete'); ?></option>
 </select>
-<input type="submit" name="doaction2" id="doaction2" value="<?php _e('Apply'); ?>" class="button-secondary apply" />
+<input type="submit" name="doaction2" id="doaction2" value="<?php esc_attr_e('Apply'); ?>" class="button-secondary apply" />
 
-<?php if ( 'spam' == $comment_status ) { ?>
-<input type="submit" name="delete_all_spam2" value="<?php _e('Delete All Spam'); ?>" class="button-secondary apply" />
+<?php if ( 'spam' == $comment_status && current_user_can('moderate_comments') ) { ?>
+<input type="submit" name="delete_all2" id="delete_all2" value="<?php esc_attr_e('Empty Spam'); ?>" class="button-secondary apply" />
+<?php } elseif ( 'trash' == $comment_status && current_user_can('moderate_comments') ) { ?>
+<input type="submit" name="delete_all2" id="delete_all2" value="<?php esc_attr_e('Empty Trash'); ?>" class="button-secondary apply" />
 <?php } ?>
 <?php do_action('manage_comments_nav', $comment_status); ?>
 </div>
@@ -351,18 +432,19 @@ if ( $page_links )
 </form>
 
 <form id="get-extra-comments" method="post" action="" class="add:the-extra-comment-list:" style="display: none;">
-	<input type="hidden" name="s" value="<?php echo $search; ?>" />
-	<input type="hidden" name="mode" value="<?php echo $mode; ?>" />
-	<input type="hidden" name="comment_status" value="<?php echo $comment_status; ?>" />
-	<input type="hidden" name="page" value="<?php echo isset($_REQUEST['page']) ? absint( $_REQUEST['page'] ) : 1; ?>" />
-	<input type="hidden" name="p" value="<?php echo attribute_escape( $post_id ); ?>" />
-	<input type="hidden" name="comment_type" value="<?php echo attribute_escape( $comment_type ); ?>" />
+	<input type="hidden" name="s" value="<?php echo esc_attr($search); ?>" />
+	<input type="hidden" name="mode" value="<?php echo esc_attr($mode); ?>" />
+	<input type="hidden" name="comment_status" value="<?php echo esc_attr($comment_status); ?>" />
+	<input type="hidden" name="page" value="<?php echo esc_attr($page); ?>" />
+	<input type="hidden" name="per_page" value="<?php echo esc_attr($comments_per_page); ?>" />
+	<input type="hidden" name="p" value="<?php echo esc_attr( $post_id ); ?>" />
+	<input type="hidden" name="comment_type" value="<?php echo esc_attr( $comment_type ); ?>" />
 	<?php wp_nonce_field( 'add-comment', '_ajax_nonce', false ); ?>
 </form>
 
 <div id="ajax-response"></div>
 
-<?php } elseif ( 'moderated' == $_GET['comment_status'] ) { ?>
+<?php } elseif ( 'moderated' == $comment_status ) { ?>
 <p><?php _e('No comments awaiting moderation&hellip; yet.') ?></p>
 </form>
 
@@ -373,21 +455,7 @@ if ( $page_links )
 <?php } ?>
 </div>
 
-<script type="text/javascript">
-/* <![CDATA[ */
-(function($){
-	$(document).ready(function(){
-		$('#doaction, #doaction2').click(function(){
-			if ( $('select[name^="action"]').val() == 'delete' ) {
-				var m = '<?php echo js_escape(__("You are about to delete the selected comments.\n  'Cancel' to stop, 'OK' to delete.")); ?>';
-				return showNotice.warn(m);
-			}
-		});
-	});
-})(jQuery);
-/* ]]> */
-</script>
-
 <?php
 wp_comment_reply('-1', true, 'detail');
+wp_comment_trashnotice();
 include('admin-footer.php'); ?>