X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/61343b82c4f0da4c68e4c6373daafff4a81efdd1..e3ff8f35458a959c1879c0a4976701ed8dcfe651:/wp-admin/network/sites.php

diff --git a/wp-admin/network/sites.php b/wp-admin/network/sites.php
index 93341c35..96d708ac 100644
--- a/wp-admin/network/sites.php
+++ b/wp-admin/network/sites.php
@@ -8,13 +8,10 @@
  */
 
 /** Load WordPress Administration Bootstrap */
-require_once( './admin.php' );
-
-if ( ! is_multisite() )
-	wp_die( __( 'Multisite support is not enabled.' ) );
+require_once( dirname( __FILE__ ) . '/admin.php' );
 
 if ( ! current_user_can( 'manage_sites' ) )
-	wp_die( __( 'You do not have permission to access this page.' ) );
+	wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 );
 
 $wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' );
 $pagenum = $wp_list_table->get_pagenum();
@@ -22,7 +19,7 @@ $pagenum = $wp_list_table->get_pagenum();
 $title = __( 'Sites' );
 $parent_file = 'sites.php';
 
-add_screen_option( 'per_page', array( 'label' => _x( 'Sites', 'sites per page (screen options)' ) ) );
+add_screen_option( 'per_page' );
 
 get_current_screen()->add_help_tab( array(
 	'id'      => 'overview',
@@ -35,78 +32,101 @@ get_current_screen()->add_help_tab( array(
 		'<li>' . __('Dashboard leads to the Dashboard for that site.') . '</li>' .
 		'<li>' . __('Deactivate, Archive, and Spam which lead to confirmation screens. These actions can be reversed later.') . '</li>' .
 		'<li>' . __('Delete which is a permanent action after the confirmation screens.') . '</li>' .
-		'<li>' . __('Visit to go to the frontend site live.') . '</li></ul>' .
+		'<li>' . __('Visit to go to the front-end site live.') . '</li></ul>' .
 		'<p>' . __('The site ID is used internally, and is not shown on the front end of the site or to users/viewers.') . '</p>' .
 		'<p>' . __('Clicking on bold headings can re-sort this table.') . '</p>'
 ) );
 
 get_current_screen()->set_help_sidebar(
 	'<p><strong>' . __('For more information:') . '</strong></p>' .
-	'<p>' . __('<a href="http://codex.wordpress.org/Network_Admin_Sites_Screen" target="_blank">Documentation on Site Management</a>') . '</p>' .
-	'<p>' . __('<a href="http://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>'
+	'<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Sites_Screen">Documentation on Site Management</a>') . '</p>' .
+	'<p>' . __('<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>') . '</p>'
 );
 
+get_current_screen()->set_screen_reader_content( array(
+	'heading_pagination' => __( 'Sites list navigation' ),
+	'heading_list'       => __( 'Sites list' ),
+) );
+
 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0;
 
 if ( isset( $_GET['action'] ) ) {
-	do_action( 'wpmuadminedit' , '' );
+	/** This action is documented in wp-admin/network/edit.php */
+	do_action( 'wpmuadminedit' );
+
+	// A list of valid actions and their associated messaging for confirmation output.
+	$manage_actions = array(
+		'activateblog'   => __( 'You are about to activate the site %s.' ),
+		'deactivateblog' => __( 'You are about to deactivate the site %s.' ),
+		'unarchiveblog'  => __( 'You are about to unarchive the site %s.' ),
+		'archiveblog'    => __( 'You are about to archive the site %s.' ),
+		'unspamblog'     => __( 'You are about to unspam the site %s.' ),
+		'spamblog'       => __( 'You are about to mark the site %s as spam.' ),
+		'deleteblog'     => __( 'You are about to delete the site %s.' ),
+		'unmatureblog'   => __( 'You are about to mark the site %s as mature.' ),
+		'matureblog'     => __( 'You are about to mark the site %s as not mature.' ),
+	);
 
 	if ( 'confirm' === $_GET['action'] ) {
-		check_admin_referer( 'confirm' );
+		// The action2 parameter contains the action being taken on the site.
+		$site_action = $_GET['action2'];
+
+		if ( ! array_key_exists( $site_action, $manage_actions ) ) {
+			wp_die( __( 'The requested action is not valid.' ) );
+		}
+
+		// The mature/unmature UI exists only as external code. Check the "confirm" nonce for backward compatibility.
+		if ( 'matureblog' === $site_action || 'unmatureblog' === $site_action ) {
+			check_admin_referer( 'confirm' );
+		} else {
+			check_admin_referer( $site_action . '_' . $id );
+		}
 
 		if ( ! headers_sent() ) {
 			nocache_headers();
 			header( 'Content-Type: text/html; charset=utf-8' );
 		}
-		if ( $current_site->blog_id == $id )
-			wp_die( __( 'You are not allowed to change the current site.' ) );
+
+		if ( get_network()->site_id == $id ) {
+			wp_die( __( 'Sorry, you are not allowed to change the current site.' ) );
+		}
+
+		$site_details = get_site( $id );
+		$site_address = untrailingslashit( $site_details->domain . $site_details->path );
+
+		require_once( ABSPATH . 'wp-admin/admin-header.php' );
 		?>
-		<!DOCTYPE html>
-		<html xmlns="http://www.w3.org/1999/xhtml" <?php language_attributes(); ?>>
-			<head>
-				<title><?php _e( 'WordPress &rsaquo; Confirm your action' ); ?></title>
-
-				<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-				<?php
-				wp_admin_css( 'install', true );
-				wp_admin_css( 'ie', true );
-				?>
-			</head>
-			<body class="wp-core-ui">
-				<h1 id="logo"><a href="<?php echo esc_url( __( 'http://wordpress.org/' ) ); ?>"><?php _e( 'WordPress' ); ?></a></h1>
-				<form action="sites.php?action=<?php echo esc_attr( $_GET['action2'] ) ?>" method="post">
-					<input type="hidden" name="action" value="<?php echo esc_attr( $_GET['action2'] ) ?>" />
+			<div class="wrap">
+				<h1><?php _e( 'Confirm your action' ); ?></h1>
+				<form action="sites.php?action=<?php echo esc_attr( $site_action ); ?>" method="post">
+					<input type="hidden" name="action" value="<?php echo esc_attr( $site_action ); ?>" />
 					<input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" />
 					<input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" />
-					<?php wp_nonce_field( $_GET['action2'], '_wpnonce', false ); ?>
-					<p><?php echo esc_html( wp_unslash( $_GET['msg'] ) ); ?></p>
-					<?php submit_button( __('Confirm'), 'button' ); ?>
+					<?php wp_nonce_field( $site_action . '_' . $id, '_wpnonce', false ); ?>
+					<p><?php echo sprintf( $manage_actions[ $site_action ], $site_address ); ?></p>
+					<?php submit_button( __( 'Confirm' ), 'primary' ); ?>
 				</form>
-			</body>
-		</html>
+			</div>
 		<?php
+		require_once( ABSPATH . 'wp-admin/admin-footer.php' );
 		exit();
+	} elseif ( array_key_exists( $_GET['action'], $manage_actions ) ) {
+		$action = $_GET['action'];
+		check_admin_referer( $action . '_' . $id );
+	} elseif ( 'allblogs' === $_GET['action'] ) {
+		check_admin_referer( 'bulk-sites' );
 	}
 
 	$updated_action = '';
 
-	$manage_actions = array( 'deleteblog', 'allblogs', 'archiveblog', 'unarchiveblog', 'activateblog', 'deactivateblog', 'unspamblog', 'spamblog', 'unmatureblog', 'matureblog' );
-	if ( in_array( $_GET['action'], $manage_actions ) ) {
-		$action = $_GET['action'];
-		if ( 'allblogs' === $action )
-			$action = 'bulk-sites';
-
-		check_admin_referer( $action );
-	}
-
 	switch ( $_GET['action'] ) {
 
 		case 'deleteblog':
 			if ( ! current_user_can( 'delete_sites' ) )
-				wp_die( __( 'You do not have permission to access this page.' ) );
+				wp_die( __( 'Sorry, you are not allowed to access this page.' ), '', array( 'response' => 403 ) );
 
 			$updated_action = 'not_deleted';
-			if ( $id != '0' && $id != $current_site->blog_id && current_user_can( 'delete_site', $id ) ) {
+			if ( $id != '0' && $id != get_network()->site_id && current_user_can( 'delete_site', $id ) ) {
 				wpmu_delete_blog( $id, true );
 				$updated_action = 'delete';
 			}
@@ -117,11 +137,11 @@ if ( isset( $_GET['action'] ) ) {
 				$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
 
 				foreach ( (array) $_POST['allblogs'] as $key => $val ) {
-					if ( $val != '0' && $val != $current_site->blog_id ) {
+					if ( $val != '0' && $val != get_network()->site_id ) {
 						switch ( $doaction ) {
 							case 'delete':
 								if ( ! current_user_can( 'delete_site', $val ) )
-									wp_die( __( 'You are not allowed to delete the site.' ) );
+									wp_die( __( 'Sorry, you are not allowed to delete the site.' ) );
 
 								$updated_action = 'all_delete';
 								wpmu_delete_blog( $val, true );
@@ -134,11 +154,23 @@ if ( isset( $_GET['action'] ) ) {
 							break;
 						}
 					} else {
-						wp_die( __( 'You are not allowed to change the current site.' ) );
+						wp_die( __( 'Sorry, you are not allowed to change the current site.' ) );
 					}
 				}
+				if ( ! in_array( $doaction, array( 'delete', 'spam', 'notspam' ), true ) ) {
+					$redirect_to = wp_get_referer();
+					$blogs = (array) $_POST['allblogs'];
+					/** This action is documented in wp-admin/network/site-themes.php */
+					$redirect_to = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $redirect_to, $doaction, $blogs, $id );
+					wp_safe_redirect( $redirect_to );
+					exit();
+				}
 			} else {
-				wp_redirect( network_admin_url( 'sites.php' ) );
+				$location = network_admin_url( 'sites.php' );
+				if ( ! empty( $_REQUEST['paged'] ) ) {
+					$location = add_query_arg( 'paged', (int) $_REQUEST['paged'], $location );
+				}
+				wp_redirect( $location );
 				exit();
 			}
 		break;
@@ -150,10 +182,25 @@ if ( isset( $_GET['action'] ) ) {
 
 		case 'activateblog':
 			update_blog_status( $id, 'deleted', '0' );
+
+			/**
+			 * Fires after a network site is activated.
+			 *
+			 * @since MU
+			 *
+			 * @param string $id The ID of the activated site.
+			 */
 			do_action( 'activate_blog', $id );
 		break;
 
 		case 'deactivateblog':
+			/**
+			 * Fires before a network site is deactivated.
+			 *
+			 * @since MU
+			 *
+			 * @param string $id The ID of the site being deactivated.
+			 */
 			do_action( 'deactivate_blog', $id );
 			update_blog_status( $id, 'deleted', '1' );
 		break;
@@ -169,8 +216,9 @@ if ( isset( $_GET['action'] ) ) {
 		break;
 	}
 
-	if ( empty( $updated_action ) && in_array( $_GET['action'], $manage_actions ) )
+	if ( empty( $updated_action ) && array_key_exists( $_GET['action'], $manage_actions ) ) {
 		$updated_action = $_GET['action'];
+	}
 
 	if ( ! empty( $updated_action ) ) {
 		wp_safe_redirect( add_query_arg( array( 'updated' => $updated_action ), wp_get_referer() ) );
@@ -194,7 +242,7 @@ if ( isset( $_GET['updated'] ) ) {
 			$msg = __( 'Site deleted.' );
 		break;
 		case 'not_deleted':
-			$msg = __( 'You do not have permission to delete that site.' );
+			$msg = __( 'Sorry, you are not allowed to delete that site.' );
 		break;
 		case 'archiveblog':
 			$msg = __( 'Site archived.' );
@@ -215,35 +263,46 @@ if ( isset( $_GET['updated'] ) ) {
 			$msg = __( 'Site marked as spam.' );
 		break;
 		default:
+			/**
+			 * Filters a specific, non-default site-updated message in the Network admin.
+			 *
+			 * The dynamic portion of the hook name, `$_GET['updated']`, refers to the
+			 * non-default site update action.
+			 *
+			 * @since 3.1.0
+			 *
+			 * @param string $msg The update message. Default 'Settings saved'.
+			 */
 			$msg = apply_filters( 'network_sites_updated_message_' . $_GET['updated'], __( 'Settings saved.' ) );
 		break;
 	}
 
 	if ( ! empty( $msg ) )
-		$msg = '<div class="updated" id="message"><p>' . $msg . '</p></div>';
+		$msg = '<div id="message" class="updated notice is-dismissible"><p>' . $msg . '</p></div>';
 }
 
 $wp_list_table->prepare_items();
 
-require_once( '../admin-header.php' );
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
 ?>
 
 <div class="wrap">
-<?php screen_icon( 'ms-admin' ); ?>
-<h2><?php _e( 'Sites' ) ?>
+<h1><?php _e( 'Sites' ); ?>
 
 <?php if ( current_user_can( 'create_sites') ) : ?>
-	<a href="<?php echo network_admin_url('site-new.php'); ?>" class="add-new-h2"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
+	<a href="<?php echo network_admin_url('site-new.php'); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a>
 <?php endif; ?>
 
-<?php if ( isset( $_REQUEST['s'] ) && $_REQUEST['s'] ) {
+<?php
+if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) {
+	/* translators: %s: search keywords */
 	printf( '<span class="subtitle">' . __( 'Search results for &#8220;%s&#8221;' ) . '</span>', esc_html( $s ) );
 } ?>
-</h2>
+</h1>
 
 <?php echo $msg; ?>
 
-<form action="" method="get" id="ms-search">
+<form method="get" id="ms-search">
 <?php $wp_list_table->search_box( __( 'Search Sites' ), 'site' ); ?>
 <input type="hidden" name="action" value="blogs" />
 </form>
@@ -254,4 +313,4 @@ require_once( '../admin-header.php' );
 </div>
 <?php
 
-require_once( '../admin-footer.php' ); ?>
+require_once( ABSPATH . 'wp-admin/admin-footer.php' ); ?>