' . $title . '
-
' . $post->post_name . '
+
' . apply_filters('editable_slug', $post->post_name) . '
' . $post->post_author . '
' . $post->ping_status . '
' . $post->post_status . '
-
' . mysql2date( 'd', $post->post_date ) . '
-
' . mysql2date( 'm', $post->post_date ) . '
-
' . mysql2date( 'Y', $post->post_date ) . '
-
' . mysql2date( 'H', $post->post_date ) . '
-
' . mysql2date( 'i', $post->post_date ) . '
-
' . mysql2date( 's', $post->post_date ) . '
-
' . wp_specialchars($post->post_password, 1) . '
';
-
- if( $post->post_type == 'page' )
- echo '
-
' . $post->post_parent . '
-
' . wp_specialchars(get_post_meta( $post->ID, '_wp_page_template', true ), 1) . '
- ';
+
' . mysql2date( 'd', $post->post_date, false ) . '
+
' . mysql2date( 'm', $post->post_date, false ) . '
+
' . mysql2date( 'Y', $post->post_date, false ) . '
+
' . mysql2date( 'H', $post->post_date, false ) . '
+
' . mysql2date( 'i', $post->post_date, false ) . '
+
' . mysql2date( 's', $post->post_date, false ) . '
+
' . esc_html( $post->post_password ) . '
';
+
+ if ( $post_type_object->hierarchical )
+ echo '
' . $post->post_parent . '
';
+
+ if ( $post->post_type == 'page' )
+ echo '
' . esc_html( get_post_meta( $post->ID, '_wp_page_template', true ) ) . '
';
+
+ if ( $post_type_object->hierarchical )
+ echo '';
+
+ $taxonomy_names = get_object_taxonomies( $post->post_type );
+ foreach ( $taxonomy_names as $taxonomy_name) {
+ $taxonomy = get_taxonomy( $taxonomy_name );
+
+ if ( $taxonomy->hierarchical && $taxonomy->show_ui )
+ echo '
' . implode( ',', wp_get_object_terms( $post->ID, $taxonomy_name, array('fields'=>'ids')) ) . '
';
+ elseif ( $taxonomy->show_ui )
+ echo '
' . esc_html( str_replace( ',', ', ', get_terms_to_edit($post->ID, $taxonomy_name) ) ) . '
';
+ }
- if( $post->post_type == 'post' )
- echo '
-
' . wp_specialchars( str_replace( ',', ', ', get_tags_to_edit($post->ID) ), 1) . '
-
' . implode( ',', wp_get_post_categories( $post->ID ) ) . '
-
' . (is_sticky($post->ID) ? 'sticky' : '') . '
';
+ if ( !$post_type_object->hierarchical )
+ echo '
' . (is_sticky($post->ID) ? 'sticky' : '') . '
';
echo '
';
}
@@ -1262,7 +1238,7 @@ function get_inline_data($post) {
function post_rows( $posts = array() ) {
global $wp_query, $post, $mode;
- add_filter('the_title','wp_specialchars');
+ add_filter('the_title','esc_html');
// Create array of post IDs.
$post_ids = array();
@@ -1274,8 +1250,6 @@ function post_rows( $posts = array() ) {
$post_ids[] = $a_post->ID;
$comment_pending_count = get_pending_comments_num($post_ids);
- if ( empty($comment_pending_count) )
- $comment_pending_count = array();
foreach ( $posts as $post ) {
if ( empty($comment_pending_count[$post->ID]) )
@@ -1295,7 +1269,7 @@ function post_rows( $posts = array() ) {
* @param unknown_type $mode
*/
function _post_row($a_post, $pending_comments, $mode) {
- global $post;
+ global $post, $current_user, $current_screen;
static $rowclass;
$global_post = $post;
@@ -1303,15 +1277,15 @@ function _post_row($a_post, $pending_comments, $mode) {
setup_postdata($post);
$rowclass = 'alternate' == $rowclass ? '' : 'alternate';
- global $current_user;
$post_owner = ( $current_user->ID == $post->post_author ? 'self' : 'other' );
$edit_link = get_edit_post_link( $post->ID );
$title = _draft_or_post_title();
+ $post_type_object = get_post_type_object($post->post_type);
?>
post_status ); ?> iedit' valign="top">
$column_display_name ) {
$class = "class=\"$column_name column-$column_name\"";
@@ -1325,13 +1299,14 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'cb':
?>
- ID ) ) { ?> |
+ cap->edit_post, $post->ID ) ) { ?> |
post_date && 'date' == $column_name ) {
$t_time = $h_time = __('Unpublished');
+ $time_diff = 0;
} else {
$t_time = get_the_time(__('Y/m/d g:i:s A'));
$m_time = $post->post_date;
@@ -1339,20 +1314,10 @@ function _post_row($a_post, $pending_comments, $mode) {
$time_diff = time() - $time;
- if ( ( 'future' == $post->post_status) ) {
- if ( $time_diff <= 0 ) {
- $h_time = sprintf( __('%s from now'), human_time_diff( $time ) );
- } else {
- $h_time = $t_time;
- $missed = true;
- }
- } else {
-
- if ( $time_diff > 0 && $time_diff < 24*60*60 )
- $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
- else
- $h_time = mysql2date(__('Y/m/d'), $m_time);
- }
+ if ( $time_diff > 0 && $time_diff < 24*60*60 )
+ $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
+ else
+ $h_time = mysql2date(__('Y/m/d'), $m_time);
}
echo '';
@@ -1364,7 +1329,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( 'publish' == $post->post_status ) {
_e('Published');
} elseif ( 'future' == $post->post_status ) {
- if ( isset($missed) )
+ if ( $time_diff > 0 )
echo '' . __('Missed schedule') . '';
else
_e('Scheduled');
@@ -1377,23 +1342,31 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'title':
$attributes = 'class="post-title column-title"' . $style;
?>
- | >ID ) ) { ?>">
+ | >cap->edit_post, $post->ID) && $post->post_status != 'trash' ) { ?>
ID) ) {
- $actions['edit'] = '' . __('Edit') . '';
- $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . '';
- $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $post->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this post '%s'\n 'Cancel' to stop, 'OK' to delete."), $post->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "";
+ if ( current_user_can($post_type_object->cap->edit_post, $post->ID) && 'trash' != $post->post_status ) {
+ $actions['edit'] = '' . __('Edit') . '';
+ $actions['inline hide-if-no-js'] = '' . __('Quick Edit') . '';
+ }
+ if ( current_user_can($post_type_object->cap->delete_post, $post->ID) ) {
+ if ( 'trash' == $post->post_status )
+ $actions['untrash'] = "ID) ), 'untrash-' . $post->post_type . '_' . $post->ID ) . "'>" . __('Restore') . "";
+ elseif ( EMPTY_TRASH_DAYS )
+ $actions['trash'] = "" . __('Trash') . "";
+ if ( 'trash' == $post->post_status || !EMPTY_TRASH_DAYS )
+ $actions['delete'] = "" . __('Delete Permanently') . "";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
- if ( current_user_can('edit_post', $post->ID) )
- $actions['view'] = '' . __('Preview') . '';
- } else {
- $actions['view'] = '' . __('View') . '';
+ if ( current_user_can($post_type_object->cap->edit_post, $post->ID) )
+ $actions['view'] = '' . __('Preview') . '';
+ } elseif ( 'trash' != $post->post_status ) {
+ $actions['view'] = '' . __('View') . '';
}
+ $actions = apply_filters('post_row_actions', $actions, $post);
$action_count = count($actions);
$i = 0;
echo '';
@@ -1417,7 +1390,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( !empty( $categories ) ) {
$out = array();
foreach ( $categories as $c )
- $out[] = " " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "";
+ $out[] = " " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'category', 'display')) . "";
echo join( ', ', $out );
} else {
_e('Uncategorized');
@@ -1433,7 +1406,7 @@ function _post_row($a_post, $pending_comments, $mode) {
if ( !empty( $tags ) ) {
$out = array();
foreach ( $tags as $c )
- $out[] = " " . wp_specialchars(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "";
+ $out[] = " " . esc_html(sanitize_term_field('name', $c->name, $c->term_id, 'post_tag', 'display')) . "";
echo join( ', ', $out );
} else {
_e('No Tags');
@@ -1449,7 +1422,7 @@ function _post_row($a_post, $pending_comments, $mode) {
$pending_phrase = sprintf( __('%s pending'), number_format( $pending_comments ) );
if ( $pending_comments )
echo ' ';
- comments_number("', "', "');
+ comments_number("', "', "');
if ( $pending_comments )
echo '';
?>
@@ -1459,7 +1432,7 @@ function _post_row($a_post, $pending_comments, $mode) {
case 'author':
?>
- > |
+ > |
- ID) ) { echo "" . __('Edit') . ""; } ?> |
+ cap->edit_post, $post->ID) ) { echo "" . __('Edit') . ""; } ?> |
- ID) ) { echo "ID) . "' class='delete'>" . __('Delete') . ""; } ?> |
+ cap->delete_post, $post->ID) ) { echo "ID) . "' class='delete'>" . __('Delete') . ""; } ?> |
post_title = wp_specialchars( $page->post_title );
+ if ( 0 == $level && (int)$page->post_parent > 0 ) {
+ //sent level 0 by accident, by default, or because we don't know the actual level
+ $find_main_page = (int)$page->post_parent;
+ while ( $find_main_page > 0 ) {
+ $parent = get_page($find_main_page);
+
+ if ( is_null($parent) )
+ break;
+
+ $level++;
+ $find_main_page = (int)$parent->post_parent;
+
+ if ( !isset($parent_name) )
+ $parent_name = $parent->post_title;
+ }
+ }
+
+ $page->post_title = esc_html( $page->post_title );
$pad = str_repeat( '— ', $level );
$id = (int) $page->ID;
$rowclass = 'alternate' == $rowclass ? '' : 'alternate';
- $posts_columns = get_column_headers('edit-pages');
- $hidden = get_hidden_columns('edit-pages');
+ $posts_columns = get_column_headers( $current_screen );
+ $hidden = get_hidden_columns( $current_screen );
$title = _draft_or_post_title();
+ $post_type = $page->post_type;
+ $post_type_object = get_post_type_object($post_type);
?>
$column_display_name) {
+foreach ( $posts_columns as $column_name => $column_display_name ) {
$class = "class=\"$column_name column-$column_name\"";
$style = '';
@@ -1537,53 +1529,66 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
case 'cb':
?>
- |
+ cap->edit_post, $page->ID ) ) { ?> |
post_date && 'date' == $column_name ) {
$t_time = $h_time = __('Unpublished');
+ $time_diff = 0;
} else {
$t_time = get_the_time(__('Y/m/d g:i:s A'));
$m_time = $page->post_date;
$time = get_post_time('G', true);
- if ( ( abs(time() - $time) ) < 86400 ) {
- if ( ( 'future' == $page->post_status) )
- $h_time = sprintf( __('%s from now'), human_time_diff( $time ) );
- else
- $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
- } else {
+ $time_diff = time() - $time;
+
+ if ( $time_diff > 0 && $time_diff < 24*60*60 )
+ $h_time = sprintf( __('%s ago'), human_time_diff( $time ) );
+ else
$h_time = mysql2date(__('Y/m/d'), $m_time);
- }
}
echo '';
echo '' . apply_filters('post_date_column_time', $h_time, $page, $column_name, '') . '';
echo ' ';
- if ( 'publish' == $page->post_status || 'future' == $page->post_status )
+ if ( 'publish' == $page->post_status ) {
_e('Published');
- else
+ } elseif ( 'future' == $page->post_status ) {
+ if ( $time_diff > 0 )
+ echo '' . __('Missed schedule') . '';
+ else
+ _e('Scheduled');
+ } else {
_e('Last Modified');
+ }
echo ' | ';
break;
case 'title':
$attributes = 'class="post-title page-title column-title"' . $style;
$edit_link = get_edit_post_link( $page->ID );
?>
- >ID ) ) { ?>">
+ | >cap->edit_post, $page->ID) && $post->post_status != 'trash' ) { ?>labels->parent_item_colon . ' ' . esc_html($parent_name) : ''; ?>
ID) ) {
- $actions['edit'] = '' . __('Edit') . '';
+ if ( current_user_can($post_type_object->cap->edit_post, $page->ID) && $post->post_status != 'trash' ) {
+ $actions['edit'] = '' . __('Edit') . '';
$actions['inline'] = '' . __('Quick Edit') . '';
- $actions['delete'] = "ID) . "' onclick=\"if ( confirm('" . js_escape(sprintf( ('draft' == $page->post_status) ? __("You are about to delete this draft '%s'\n 'Cancel' to stop, 'OK' to delete.") : __("You are about to delete this page '%s'\n 'Cancel' to stop, 'OK' to delete."), $page->post_title )) . "') ) { return true;}return false;\">" . __('Delete') . "";
+ }
+ if ( current_user_can($post_type_object->cap->delete_post, $page->ID) ) {
+ if ( $post->post_status == 'trash' )
+ $actions['untrash'] = "post_type . '_' . $page->ID) . "'>" . __('Restore') . "";
+ elseif ( EMPTY_TRASH_DAYS )
+ $actions['trash'] = "" . __('Trash') . "";
+ if ( $post->post_status == 'trash' || !EMPTY_TRASH_DAYS )
+ $actions['delete'] = "post_type . '_' . $page->ID) . "'>" . __('Delete Permanently') . "";
}
if ( in_array($post->post_status, array('pending', 'draft')) ) {
- if ( current_user_can('edit_page', $page->ID) )
- $actions['view'] = '' . __('Preview') . '';
- } else {
- $actions['view'] = '' . __('View') . '';
+ if ( current_user_can($post_type_object->cap->edit_post, $page->ID) )
+ $actions['view'] = '' . __('Preview') . '';
+ } elseif ( $post->post_status != 'trash' ) {
+ $actions['view'] = '' . __('View') . '';
}
+ $actions = apply_filters('page_row_actions', $actions, $page);
$action_count = count($actions);
$i = 0;
@@ -1607,7 +1612,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
$pending_phrase = sprintf( __('%s pending'), number_format( $left ) );
if ( $left )
echo '';
- comments_number("', "', "');
+ comments_number("', "', "');
if ( $left )
echo '';
?>
@@ -1617,7 +1622,7 @@ foreach ($posts_columns as $column_name=>$column_display_name) {
case 'author':
?>
- | > |
+ > |
post_parent == $page->ID ) {
$page->post_parent = 0;
- $wpdb->query( $wpdb->prepare("UPDATE $wpdb->posts SET post_parent = '0' WHERE ID = %d", $page->ID) );
+ $wpdb->update($wpdb->posts, array('post_parent' => 0), array('ID' => $page->ID));
clean_page_cache( $page->ID );
}
@@ -1721,12 +1726,9 @@ function page_rows($pages, $pagenum = 1, $per_page = 20) {
}
}
-/*
+/**
* Given a top level page ID, display the nested hierarchy of sub-pages
* together with paging support
- */
-/**
- * {@internal Missing Short Description}}
*
* @since unknown
*
@@ -1780,22 +1782,24 @@ function _page_rows( &$children_pages, &$count, $parent, $level, $pagenum, $per_
}
/**
- * {@internal Missing Short Description}}
+ * Generate HTML for a single row on the users.php admin panel.
*
- * @since unknown
+ * @since 2.1.0
*
- * @param unknown_type $user_object
- * @param unknown_type $style
- * @param unknown_type $role
- * @return unknown
+ * @param object $user_object
+ * @param string $style Optional. Attributes added to the TR element. Must be sanitized.
+ * @param string $role Key for the $wp_roles array.
+ * @param int $numposts Optional. Post count to display for this user. Defaults to zero, as in, a new user has made zero posts.
+ * @return string
*/
-function user_row( $user_object, $style = '', $role = '' ) {
+function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) {
global $wp_roles;
$current_user = wp_get_current_user();
if ( !( is_object( $user_object) && is_a( $user_object, 'WP_User' ) ) )
$user_object = new WP_User( (int) $user_object );
+ $user_object = sanitize_user_object($user_object, 'display');
$email = $user_object->user_email;
$url = $user_object->user_url;
$short_url = str_replace( 'http://', '', $url );
@@ -1804,18 +1808,33 @@ function user_row( $user_object, $style = '', $role = '' ) {
$short_url = substr( $short_url, 0, -1 );
if ( strlen( $short_url ) > 35 )
$short_url = substr( $short_url, 0, 32 ).'...';
- $numposts = get_usernumposts( $user_object->ID );
- if ( current_user_can( 'edit_user', $user_object->ID ) ) {
+ $checkbox = '';
+ // Check if the user for this row is editable
+ if ( current_user_can( 'list_users' ) ) {
+ // Set up the user editing link
+ // TODO: make profile/user-edit determination a separate function
if ($current_user->ID == $user_object->ID) {
$edit_link = 'profile.php';
} else {
- $edit_link = clean_url( add_query_arg( 'wp_http_referer', urlencode( clean_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
+ $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( esc_url( stripslashes( $_SERVER['REQUEST_URI'] ) ) ), "user-edit.php?user_id=$user_object->ID" ) );
}
$edit = "$user_object->user_login ";
+
+ // Set up the hover actions for this user
$actions = array();
- $actions['edit'] = '' . __('Edit') . '';
- if ( $current_user->ID != $user_object->ID )
+
+ if ( current_user_can('edit_user', $user_object->ID) ) {
+ $edit = "$user_object->user_login ";
+ $actions['edit'] = '' . __('Edit') . '';
+ } else {
+ $edit = "$user_object->user_login ";
+ }
+
+ if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
$actions['delete'] = "" . __('Delete') . "";
+ if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )
+ $actions['remove'] = "" . __('Remove') . "";
+ $actions = apply_filters('user_row_actions', $actions, $user_object);
$action_count = count($actions);
$i = 0;
$edit .= '';
@@ -1825,14 +1844,18 @@ function user_row( $user_object, $style = '', $role = '' ) {
$edit .= "$link$sep";
}
$edit .= ' ';
+
+ // Set up the checkbox (because the user is editable, otherwise its empty)
+ $checkbox = "";
+
} else {
$edit = '' . $user_object->user_login . '';
}
- $role_name = isset($wp_roles->role_names[$role]) ? translate_with_context($wp_roles->role_names[$role]) : __('None');
+ $role_name = isset($wp_roles->role_names[$role]) ? translate_user_role($wp_roles->role_names[$role] ) : __('None');
$r = " ";
$columns = get_column_headers('users');
$hidden = get_hidden_columns('users');
- $avatar = get_avatar( $user_object->user_email, 32 );
+ $avatar = get_avatar( $user_object->ID, 32 );
foreach ( $columns as $column_name => $column_display_name ) {
$class = "class=\"$column_name column-$column_name\"";
@@ -1844,7 +1867,7 @@ function user_row( $user_object, $style = '', $role = '' ) {
switch ($column_name) {
case 'cb':
- $r .= " | ";
+ $r .= "$checkbox | ";
break;
case 'username':
$r .= "$avatar $edit | ";
@@ -1853,7 +1876,7 @@ function user_row( $user_object, $style = '', $role = '' ) {
$r .= "$user_object->first_name $user_object->last_name | ";
break;
case 'email':
- $r .= "$email | ";
+ $r .= "$email | ";
break;
case 'role':
$r .= "$role_name | ";
@@ -1869,6 +1892,11 @@ function user_row( $user_object, $style = '', $role = '' ) {
$r .= 0;
}
$r .= "";
+ break;
+ default:
+ $r .= "";
+ $r .= apply_filters('manage_users_custom_column', '', $column_name, $user_object->ID);
+ $r .= " | ";
}
}
$r .= ' ';
@@ -1881,13 +1909,13 @@ function user_row( $user_object, $style = '', $role = '' ) {
*
* @since unknown
*
- * @param unknown_type $status
- * @param unknown_type $s
- * @param unknown_type $start
- * @param unknown_type $num
- * @param unknown_type $post
- * @param unknown_type $type
- * @return unknown
+ * @param string $status Comment status (approved, spam, trash, etc)
+ * @param string $s Term to search for
+ * @param int $start Offset to start at for pagination
+ * @param int $num Maximum number of comments to return
+ * @param int $post Post ID or 0 to return all comments
+ * @param string $type Comment type (comment, trackback, pingback, etc)
+ * @return array [0] contains the comments and [1] contains the total number of comments that match (ignoring $start and $num)
*/
function _wp_get_comment_list( $status = '', $s = false, $start, $num, $post = 0, $type = '' ) {
global $wpdb;
@@ -1895,53 +1923,71 @@ function _wp_get_comment_list( $status = '', $s = false, $start, $num, $post = 0
$start = abs( (int) $start );
$num = (int) $num;
$post = (int) $post;
-
- if ( 'moderated' == $status )
- $approved = "comment_approved = '0'";
- elseif ( 'approved' == $status )
- $approved = "comment_approved = '1'";
- elseif ( 'spam' == $status )
- $approved = "comment_approved = 'spam'";
- else
- $approved = "( comment_approved = '0' OR comment_approved = '1' )";
+ $count = wp_count_comments();
+ $index = '';
+
+ if ( 'moderated' == $status ) {
+ $approved = "c.comment_approved = '0'";
+ $total = $count->moderated;
+ } elseif ( 'approved' == $status ) {
+ $approved = "c.comment_approved = '1'";
+ $total = $count->approved;
+ } elseif ( 'spam' == $status ) {
+ $approved = "c.comment_approved = 'spam'";
+ $total = $count->spam;
+ } elseif ( 'trash' == $status ) {
+ $approved = "c.comment_approved = 'trash'";
+ $total = $count->trash;
+ } else {
+ $approved = "( c.comment_approved = '0' OR c.comment_approved = '1' )";
+ $total = $count->moderated + $count->approved;
+ $index = 'USE INDEX (c.comment_date_gmt)';
+ }
if ( $post ) {
- $post = " AND comment_post_ID = '$post'";
- $orderby = "ORDER BY comment_date_gmt ASC LIMIT $start, $num";
+ $total = '';
+ $post = " AND c.comment_post_ID = '$post'";
} else {
$post = '';
- $orderby = "ORDER BY comment_date_gmt DESC LIMIT $start, $num";
}
+ $orderby = "ORDER BY c.comment_date_gmt DESC LIMIT $start, $num";
+
if ( 'comment' == $type )
- $typesql = "AND comment_type = ''";
- elseif ( 'pingback' == $type )
- $typesql = "AND comment_type = 'pingback'";
- elseif ( 'trackback' == $type )
- $typesql = "AND comment_type = 'trackback'";
+ $typesql = "AND c.comment_type = ''";
elseif ( 'pings' == $type )
- $typesql = "AND ( comment_type = 'pingback' OR comment_type = 'trackback' )";
+ $typesql = "AND ( c.comment_type = 'pingback' OR c.comment_type = 'trackback' )";
+ elseif ( 'all' == $type )
+ $typesql = '';
+ elseif ( !empty($type) )
+ $typesql = $wpdb->prepare("AND c.comment_type = %s", $type);
else
$typesql = '';
+ if ( !empty($type) )
+ $total = '';
+
+ $query = "FROM $wpdb->comments c LEFT JOIN $wpdb->posts p ON c.comment_post_ID = p.ID WHERE p.post_status != 'trash' ";
if ( $s ) {
+ $total = '';
$s = $wpdb->escape($s);
- $comments = $wpdb->get_results("SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE
- (comment_author LIKE '%$s%' OR
- comment_author_email LIKE '%$s%' OR
- comment_author_url LIKE ('%$s%') OR
- comment_author_IP LIKE ('%$s%') OR
- comment_content LIKE ('%$s%') ) AND
+ $query .= "AND
+ (c.comment_author LIKE '%$s%' OR
+ c.comment_author_email LIKE '%$s%' OR
+ c.comment_author_url LIKE ('%$s%') OR
+ c.comment_author_IP LIKE ('%$s%') OR
+ c.comment_content LIKE ('%$s%') ) AND
$approved
- $typesql
- $orderby");
+ $typesql";
} else {
- $comments = $wpdb->get_results( "SELECT SQL_CALC_FOUND_ROWS * FROM $wpdb->comments WHERE $approved $post $typesql $orderby" );
+ $query .= "AND $approved $post $typesql";
}
- update_comment_cache($comments);
+ $comments = $wpdb->get_results("SELECT * $query $orderby");
+ if ( '' === $total )
+ $total = $wpdb->get_var("SELECT COUNT(c.comment_ID) $query");
- $total = $wpdb->get_var( "SELECT FOUND_ROWS()" );
+ update_comment_cache($comments);
return array($comments, $total);
}
@@ -1961,13 +2007,14 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
$comment = get_comment( $comment_id );
$post = get_post($comment->comment_post_ID);
$the_comment_status = wp_get_comment_status($comment->comment_ID);
+ $post_type_object = get_post_type_object($post->post_type);
+ $user_can = current_user_can($post_type_object->cap->edit_post, $post->ID);
+ $comment_url = esc_url(get_comment_link($comment->comment_ID));
$author_url = get_comment_author_url();
if ( 'http://' == $author_url )
$author_url = '';
- $author_url_display = $author_url;
- $author_url_display = str_replace('http://www.', '', $author_url_display);
- $author_url_display = str_replace('http://', '', $author_url_display);
+ $author_url_display = preg_replace('|http://(www\.)?|i', '', $author_url);
if ( strlen($author_url_display) > 50 )
$author_url_display = substr($author_url_display, 0, 49) . '...';
@@ -1977,10 +2024,18 @@ function _wp_comment_row( $comment_id, $mode, $comment_status, $checkbox = true,
else
$ptime = mysql2date(__('Y/m/d \a\t g:i A'), $comment->comment_date );
- $delete_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
- $approve_url = clean_url( wp_nonce_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID", "approve-comment_$comment->comment_ID" ) );
- $unapprove_url = clean_url( wp_nonce_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID", "unapprove-comment_$comment->comment_ID" ) );
- $spam_url = clean_url( wp_nonce_url( "comment.php?action=deletecomment&dt=spam&p=$post->ID&c=$comment->comment_ID", "delete-comment_$comment->comment_ID" ) );
+ if ( $user_can ) {
+ $del_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "delete-comment_$comment->comment_ID" ) );
+ $approve_nonce = esc_html( '_wpnonce=' . wp_create_nonce( "approve-comment_$comment->comment_ID" ) );
+
+ $approve_url = esc_url( "comment.php?action=approvecomment&p=$post->ID&c=$comment->comment_ID&$approve_nonce" );
+ $unapprove_url = esc_url( "comment.php?action=unapprovecomment&p=$post->ID&c=$comment->comment_ID&$approve_nonce" );
+ $spam_url = esc_url( "comment.php?action=spamcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
+ $unspam_url = esc_url( "comment.php?action=unspamcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
+ $trash_url = esc_url( "comment.php?action=trashcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
+ $untrash_url = esc_url( "comment.php?action=untrashcomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
+ $delete_url = esc_url( "comment.php?action=deletecomment&p=$post->ID&c=$comment->comment_ID&$del_nonce" );
+ }
echo "\n";
@@ -2139,9 +2242,9 @@ function wp_comment_reply($position = '1', $checkbox = false, $mode = 'single',
?>
|