X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/ff81ee6e8304a1982a3ec4f5b134764a29d502cf..69ac90aac5f1f0c980444b182c6d03659fbc7e7a:/wp-admin/edit-comments.php?mode=edit;s=%3C%3Fphp%20comment_author_IP%28%29%20%3F%3E

diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index e74ebb49..ab1bdbce 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -2,12 +2,12 @@
 require_once('admin.php');
 
 $title = __('Edit Comments');
-$parent_file = 'edit.php';
-$list_js = true;
+$parent_file = 'edit-comments.php';
+wp_enqueue_script( 'admin-comments' );
 
 require_once('admin-header.php');
 if (empty($_GET['mode'])) $mode = 'view';
-else $mode = wp_specialchars($_GET['mode'], 1);
+else $mode = attribute_escape($_GET['mode']);
 ?>
 
 <script type="text/javascript">
@@ -23,139 +23,166 @@ function checkAll(form)
 		}
 	}
 }
+
+function getNumChecked(form)
+{
+	var num = 0;
+	for (i = 0, n = form.elements.length; i < n; i++) {
+		if(form.elements[i].type == "checkbox") {
+			if(form.elements[i].checked == true)
+				num++;
+		}
+	}
+	return num;
+}
 //-->
 </script>
 <div class="wrap">
 <h2><?php _e('Comments'); ?></h2>
-<form name="searchform" action="" method="get"> 
-  <fieldset> 
-  <legend><?php _e('Show Comments That Contain...') ?></legend> 
-  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo wp_specialchars($_GET['s'], 1); ?>" size="17" /> 
-  <input type="submit" name="submit" value="<?php _e('Search') ?>"  />  
+<form name="searchform" action="" method="get" id="editcomments">
+  <fieldset>
+  <legend><?php _e('Show Comments That Contain...') ?></legend>
+  <input type="text" name="s" value="<?php if (isset($_GET['s'])) echo attribute_escape($_GET['s']); ?>" size="17" />
+  <input type="submit" name="submit" value="<?php _e('Search') ?>"  />
   <input type="hidden" name="mode" value="<?php echo $mode; ?>" />
-  <?php _e('(Searches within comment text, e-mail, URI, and IP address.)') ?>
-  </fieldset> 
+  <?php _e('(Searches within comment text, e-mail, URL, and IP address.)') ?>
+  </fieldset>
 </form>
 <p><a href="?mode=view"><?php _e('View Mode') ?></a> | <a href="?mode=edit"><?php _e('Mass Edit Mode') ?></a></p>
 <?php
 if ( !empty( $_POST['delete_comments'] ) ) :
+	check_admin_referer('bulk-comments');
+
 	$i = 0;
 	foreach ($_POST['delete_comments'] as $comment) : // Check the permissions on each
 		$comment = (int) $comment;
-		$post_id = $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
-		$authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
-		if ( current_user_can('edit_post', $post_id) ) :
-			wp_set_comment_status($comment, "delete");
+		$post_id = (int) $wpdb->get_var("SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = $comment");
+		// $authordata = get_userdata( $wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $post_id") );
+		if ( current_user_can('edit_post', $post_id) ) {
+			if ( !empty( $_POST['spam_button'] ) )
+				wp_set_comment_status($comment, 'spam');
+			else
+				wp_set_comment_status($comment, 'delete');
 			++$i;
-		endif;
+		}
 	endforeach;
-	echo "<div class='wrap'><p>" . sprintf(__('%s comments deleted.'), $i) . "</p></div>";
+	echo '<div style="background-color: rgb(207, 235, 247);" id="message" class="updated fade"><p>';
+	if ( !empty( $_POST['spam_button'] ) ) {
+		printf(__ngettext('%s comment marked as spam', '%s comments marked as spam.', $i), $i);
+	} else {
+		printf(__ngettext('%s comment deleted.', '%s comments deleted.', $i), $i);
+	}
+	echo '</p></div>';
 endif;
 
-if (isset($_GET['s'])) {
-	$s = $wpdb->escape($_GET['s']);
-	$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments  WHERE
-		(comment_author LIKE '%$s%' OR
-		comment_author_email LIKE '%$s%' OR
-		comment_author_url LIKE ('%$s%') OR
-		comment_author_IP LIKE ('%$s%') OR
-		comment_content LIKE ('%$s%') ) AND
-		comment_approved != 'spam'
-		ORDER BY comment_date DESC");
-} else {
-	if ( isset($_GET['offset']) )
-		$offset = (int) $_GET['offset'] * 20;
-	else
-		$offset = 0;
-
-	$comments = $wpdb->get_results("SELECT * FROM $wpdb->comments WHERE comment_approved = '0' OR comment_approved = '1' ORDER BY comment_date DESC LIMIT $offset,20");
-}
+if ( isset( $_GET['apage'] ) )
+	$page = abs( (int) $_GET['apage'] );
+else
+	$page = 1;
+
+$start = $offset = ( $page - 1 ) * 20;
+
+list($_comments, $total) = _wp_get_comment_list( isset($_GET['s']) ? $_GET['s'] : false, $start, 25 ); // Grab a few extra
+
+$comments = array_slice($_comments, 0, 20);
+$extra_comments = array_slice($_comments, 20);
+
+$page_links = paginate_links( array(
+	'base' => add_query_arg( 'apage', '%#%' ),
+	'format' => '',
+	'total' => ceil($total / 20),
+	'current' => $page
+));
+
+if ( $page_links )
+	echo "<p class='pagenav'>$page_links</p>";
+
 if ('view' == $mode) {
 	if ($comments) {
-		if ($offset)
-			$start = " start='$offset'";
-		else
-			$start = '';
+		$offset = $offset + 1;
+		$start = " start='$offset'";
 
-		echo "<ol id='the-list' class='commentlist' $start>";
+		echo "<ol id='the-comment-list' class='commentlist' $start>\n";
 		$i = 0;
-		foreach ($comments as $comment) {
-		++$i; $class = '';
-		$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
-			$comment_status = wp_get_comment_status($comment->comment_ID);
-			if ('unapproved' == $comment_status) 
-				$class .= ' unapproved';
-			if ($i % 2)
-				$class .= ' alternate';
-			echo "<li id='comment-$comment->comment_ID' class='$class'>";
-?>		
-        <p><strong><?php _e('Name:') ?></strong> <?php comment_author() ?> <?php if ($comment->comment_author_email) { ?>| <strong><?php _e('E-mail:') ?></strong> <?php comment_author_email_link() ?> <?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url ) { ?> | <strong><?php _e('URI:') ?></strong> <?php comment_author_url_link() ?> <?php } ?>| <strong><?php _e('IP:') ?></strong> <a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></p>
-		
-		<?php comment_text() ?>
-
-        <p><?php _e('Posted'); echo ' '; comment_date('M j, g:i A');  
-			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-				echo " | <a href=\"post.php?action=editcomment&amp;comment=".$comment->comment_ID."\">" . __('Edit Comment') . "</a>";
-				echo " | <a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . sprintf(__("You are about to delete this comment by &quot;%s&quot;.\\n&quot;Cancel&quot; to stop, &quot;OK&quot; to delete."), wp_specialchars( $comment->comment_author, 1 ))  . "' );\">" . __('Delete Comment') . "</a> &#8212; ";
-			} // end if any comments to show
-			// Get post title
-			if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-				$post_title = $wpdb->get_var("SELECT post_title FROM $wpdb->posts WHERE ID = $comment->comment_post_ID");
-				$post_title = ('' == $post_title) ? "# $comment->comment_post_ID" : $post_title;
-				?> <a href="post.php?action=edit&amp;post=<?php echo $comment->comment_post_ID; ?>"><?php printf(__('Edit Post &#8220;%s&#8221;'), stripslashes($post_title)); ?></a>
-				<?php } ?>
-			 | <a href="<?php echo get_permalink($comment->comment_post_ID); ?>"><?php _e('View Post') ?></a></p>
-		</li>
-
-<?php } // end foreach ?>
-</ol>
+		foreach ( $comments as $comment ) {
+			get_comment( $comment ); // Cache it
+			_wp_comment_list_item( $comment->comment_ID, ++$i );
+		}
+		echo "</ol>\n\n";
+
+if ( $extra_comments ) : ?>
+<div id="extra-comments" style="display:none">
+<ul id="the-extra-comment-list" class="commentlist">
+<?php
+	foreach ( $extra_comments as $comment ) {
+		get_comment( $comment ); // Cache it
+		_wp_comment_list_item( $comment->comment_ID, ++$i );
+	}
+?>
+</ul>
+</div>
+<?php endif; // $extra_comments ?>
 
 <div id="ajax-response"></div>
 
 <?php
-	} else {
+	} else { //no comments to show
 
 		?>
 		<p>
-        <strong><?php _e('No comments found.') ?></strong></p>
-		
+			<strong><?php _e('No comments found.') ?></strong></p>
+
 		<?php
 	} // end if ($comments)
 } elseif ('edit' == $mode) {
 
 	if ($comments) {
-		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> 
-		<table width="100%" cellpadding="3" cellspacing="3">
+		echo '<form name="deletecomments" id="deletecomments" action="" method="post"> ';
+		wp_nonce_field('bulk-comments');
+		echo '<table class="widefat">
+<thead>
   <tr>
-    <th scope="col">*</th>
+    <th scope="col" style="text-align: center"><input type="checkbox" onclick="checkAll(document.getElementById(\'deletecomments\'));" /></th>
     <th scope="col">' .  __('Name') . '</th>
     <th scope="col">' .  __('E-mail') . '</th>
     <th scope="col">' . __('IP') . '</th>
     <th scope="col">' . __('Comment Excerpt') . '</th>
-	<th scope="col" colspan="3">' .  __('Actions') . '</th>
-  </tr>';
+	<th scope="col" colspan="3" style="text-align: center">' .  __('Actions') . '</th>
+  </tr>
+</thead>';
 		foreach ($comments as $comment) {
-		$authordata = get_userdata($wpdb->get_var("SELECT post_author FROM $wpdb->posts WHERE ID = $comment->comment_post_ID"));
+		$post = get_post($comment->comment_post_ID);
+		$authordata = get_userdata($post->post_author);
+		$comment_status = wp_get_comment_status($comment->comment_ID);
 		$class = ('alternate' == $class) ? '' : 'alternate';
+		$class .= ('unapproved' == $comment_status) ? ' unapproved' : '';
 ?>
-  <tr class='<?php echo $class; ?>'>
-    <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
+  <tr id="comment-<?php echo $comment->comment_ID; ?>" class='<?php echo $class; ?>'>
+    <td style="text-align: center"><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) { ?><input type="checkbox" name="delete_comments[]" value="<?php echo $comment->comment_ID; ?>" /><?php } ?></td>
     <td><?php comment_author_link() ?></td>
     <td><?php comment_author_email_link() ?></td>
-    <td><a href="http://ws.arin.net/cgi-bin/whois.pl?queryinput=<?php comment_author_IP() ?>"><?php comment_author_IP() ?></a></td>
+    <td><a href="edit-comments.php?s=<?php comment_author_IP() ?>&amp;mode=edit"><?php comment_author_IP() ?></a></td>
     <td><?php comment_excerpt(); ?></td>
-    <td><a href="<?php echo get_permalink($comment->comment_post_ID); ?>#comment-<?php comment_ID() ?>" class="edit"><?php _e('View') ?></a></td>
+    <td>
+    	<?php if ('unapproved' == $comment_status) {
+    		_e('Unapproved');
+    	} else { ?>
+    		<a href="<?php echo get_permalink($comment->comment_post_ID); ?>#comment-<?php comment_ID() ?>" class="edit"><?php _e('View') ?></a>
+    	<?php } ?>
+    </td>
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-	echo "<a href='post.php?action=editcomment&amp;comment=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
+	echo "<a href='comment.php?action=editcomment&amp;c=$comment->comment_ID' class='edit'>" .  __('Edit') . "</a>"; } ?></td>
     <td><?php if ( current_user_can('edit_post', $comment->comment_post_ID) ) {
-            echo "<a href=\"post.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n  \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\"    class='delete'>" . __('Delete') . "</a>"; } ?></td>
+		echo "<a href=\"comment.php?action=deletecomment&amp;p=".$comment->comment_post_ID."&amp;c=".$comment->comment_ID."\" onclick=\"return deleteSomething( 'comment', $comment->comment_ID, '" . js_escape(sprintf(__("You are about to delete this comment by '%s'. \n  'Cancel' to stop, 'OK' to delete."), $comment->comment_author ))  . "', theCommentList );\" class='delete'>" . __('Delete') . "</a> ";
+		} ?></td>
   </tr>
-		<?php 
+		<?php
 		} // end foreach
 	?></table>
-    <p><a href="javascript:;" onclick="checkAll(document.getElementById('deletecomments')); return false; "><?php _e('Invert Checkbox Selection') ?></a></p>
-            <p class="submit"><input type="submit" name="Submit" value="<?php _e('Delete Checked Comments') ?> &raquo;" onclick="return confirm('<?php _e("You are about to delete these comments permanently \\n  \'Cancel\' to stop, \'OK\' to delete.") ?>')" />	</p>
+<p class="submit"><input type="submit" name="delete_button" class="delete" value="<?php _e('Delete Checked Comments &raquo;') ?>" onclick="var numchecked = getNumChecked(document.getElementById('deletecomments')); if(numchecked < 1) { alert('<?php echo js_escape(__("Please select some comments to delete")); ?>'); return false } return confirm('<?php echo sprintf(js_escape(__("You are about to delete %s comments permanently \n  'Cancel' to stop, 'OK' to delete.")), "' + numchecked + '"); ?>')" />
+			<input type="submit" name="spam_button" value="<?php _e('Mark Checked Comments as Spam &raquo;') ?>" onclick="var numchecked = getNumChecked(document.getElementById('deletecomments')); if(numchecked < 1) { alert('<?php echo js_escape(__("Please select some comments to mark as spam")); ?>'); return false } return confirm('<?php echo sprintf(js_escape(__("You are about to mark %s comments as spam \n  'Cancel' to stop, 'OK' to mark as spam.")), "' + numchecked + '"); ?>')" /></p>
   </form>
+<div id="ajax-response"></div>
 <?php
 	} else {
 ?>
@@ -165,7 +192,11 @@ if ('view' == $mode) {
 <?php
 	} // end if ($comments)
 }
-	?>
+
+if ( $page_links )
+	echo "<p class='pagenav'>$page_links</p>";
+
+?>
 
 </div>
 

*
' . __('Actions') . '
comment_post_ID) ) { ?>
comment_post_ID) ) { ?>	+ + + +	comment_post_ID) ) { - echo "" . __('Edit') . ""; } ?>	comment_post_ID) ) { - echo "comment_post_ID."&comment=".$comment->comment_ID."\" onclick=\"return confirm('" . sprintf(__("You are about to delete this comment by \'%s\'\\n \'Cancel\' to stop, \'OK\' to delete."), $comment->comment_author) . "')\" class='delete'>" . __('Delete') . ""; } ?>