X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/699231ae09f7057a4d0000cdf32e50a3df6a04ca..febc815b2c9d85be5717da9e8d164bd2daa97e31:/wp-admin/ms-delete-site.php
diff --git a/wp-admin/ms-delete-site.php b/wp-admin/ms-delete-site.php
index 62f5b803..9424ae19 100644
--- a/wp-admin/ms-delete-site.php
+++ b/wp-admin/ms-delete-site.php
@@ -7,17 +7,16 @@
* @since 3.0.0
*/
-require_once( './admin.php' );
+require_once( dirname( __FILE__ ) . '/admin.php' );
if ( !is_multisite() )
wp_die( __( 'Multisite support is not enabled.' ) );
-// @todo Create a delete blog cap.
-if ( ! current_user_can( 'manage_options' ) )
- wp_die(__( 'You do not have sufficient permissions to delete this site.'));
+if ( ! current_user_can( 'delete_site' ) )
+ wp_die(__( 'Sorry, you are not allowed to delete this site.'));
if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) {
- if ( get_option( 'delete_blog_hash' ) == $_GET['h'] ) {
+ if ( hash_equals( get_option( 'delete_blog_hash' ), $_GET['h'] ) ) {
wpmu_delete_blog( $wpdb->blogid );
wp_die( sprintf( __( 'Thank you for using %s, your site has been deleted. Happy trails to you until we meet again.' ), $current_site->site_name ) );
} else {
@@ -25,23 +24,30 @@ if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' )
}
}
+$blog = get_blog_details();
+$user = wp_get_current_user();
+
$title = __( 'Delete Site' );
$parent_file = 'tools.php';
-require_once( './admin-header.php' );
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
echo '
';
-screen_icon();
-echo '
' . esc_html( $title ) . '
';
+echo '
' . esc_html( $title ) . '
';
if ( isset( $_POST['action'] ) && $_POST['action'] == 'deleteblog' && isset( $_POST['confirmdelete'] ) && $_POST['confirmdelete'] == '1' ) {
+ check_admin_referer( 'delete-blog' );
+
$hash = wp_generate_password( 20, false );
update_option( 'delete_blog_hash', $hash );
$url_delete = esc_url( admin_url( 'ms-delete-site.php?h=' . $hash ) );
- $content = apply_filters( 'delete_site_email_content', __( "Dear User,
+ /* translators: Do not translate USERNAME, URL_DELETE, SITE_NAME: those are placeholders. */
+ $content = __( "Howdy ###USERNAME###,
+
You recently clicked the 'Delete Site' link on your site and filled in a
form on that page.
+
If you really want to delete your site, click the link below. You will not
be asked to confirm again so only click this link if you are absolutely certain:
###URL_DELETE###
@@ -52,15 +58,24 @@ are gone forever.)
Thanks for using the site,
Webmaster
-###SITE_NAME###" ) );
-
+###SITE_NAME###" );
+ /**
+ * Filters the email content sent when a site in a Multisite network is deleted.
+ *
+ * @since 3.0.0
+ *
+ * @param string $content The email content that will be sent to the user who deleted a site in a Multisite network.
+ */
+ $content = apply_filters( 'delete_site_email_content', $content );
+
+ $content = str_replace( '###USERNAME###', $user->user_login, $content );
$content = str_replace( '###URL_DELETE###', $url_delete, $content );
$content = str_replace( '###SITE_NAME###', $current_site->site_name, $content );
- wp_mail( get_option( 'admin_email' ), "[ " . get_option( 'blogname' ) . " ] ".__( 'Delete My Site' ), $content );
+ wp_mail( get_option( 'admin_email' ), "[ " . wp_specialchars_decode( get_option( 'blogname' ) ) . " ] ".__( 'Delete My Site' ), $content );
?>
-
+
@@ -68,13 +83,13 @@ Webmaster
- ';
-include( './admin-footer.php' );
-?>
+include( ABSPATH . 'wp-admin/admin-footer.php' );