case 'editcomment':
	$title = __('Edit Comment');
	$parent_file = 'edit.php';
	require_once ('admin-header.php');

	get_currentuserinfo();

	$comment = (int) $_GET['comment'];

	if ( ! $comment = get_comment($comment) )
		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)'));

	if ( !current_user_can('edit_post', $comment->comment_post_ID) )	
		die( __('You are not allowed to edit comments on this post.') );

	$comment = get_comment_to_edit($comment);

	include('edit-form-comment.php');

	break;

case 'confirmdeletecomment':

	require_once('./admin-header.php');

	$comment = (int) $_GET['comment'];
	$p = (int) $_GET['p'];

	if ( ! $comment = get_comment($comment) )
		die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
Example #2
0
	$comment = get_comment_to_edit( $comment_id );

	include( ABSPATH . 'wp-admin/edit-form-comment.php' );

	break;

case 'delete'  :
case 'approve' :
case 'trash'   :
case 'spam'    :

	$title = __('Moderate Comment');

	$comment_id = absint( $_GET['c'] );

	if ( !$comment = get_comment_to_edit( $comment_id ) ) {
		wp_redirect( admin_url('edit-comments.php?error=1') );
		die();
	}

	if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) {
		wp_redirect( admin_url('edit-comments.php?error=2') );
		die();
	}

	// No need to re-approve/re-trash/re-spam a comment.
	if ( $action == str_replace( '1', 'approve', $comment->comment_approved ) ) {
		wp_redirect( admin_url( 'edit-comments.php?same=' . $comment_id ) );
		die();
 	}
    private function confirm($action)
    {
        global $comment;
        $comment_id = intval($_GET['c']);
        $formaction = $action . 'comment';
        $nonce_action = 'approve' == $action ? 'approve-comment_' : 'delete-comment_';
        $nonce_action .= $comment_id;
        if (!($comment = get_comment_to_edit($comment_id))) {
            $this->base->ks_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>', 'edit-comments.php'), '', false);
        }
        if (!current_user_can('edit_post', $comment->comment_post_ID)) {
            $this->base->ks_die('delete' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.'));
        }
        include dirname(__FILE__) . '/admin-header.php';
        switch ($action) {
            case 'spam':
                $message = __('You are about to mark the following comment as spam:');
                break;
            case 'trash':
                $message = __('You are about to move the following comment to the Trash:', 'ktai_style');
                break;
            case 'delete':
                $message = __('You are about to delete the following comment:');
                break;
            default:
                $message = __('You are about to approve the following comment:');
                break;
        }
        echo '<p><img localsrc="1" alt="" /><font color="red">' . $message . '</font><br />' . __('Are you sure you want to do this?') . '</p>';
        ?>
<form action="edit-comments.php" method="get">
<?php 
        $this->admin->sid_field();
        ?>
<div><input type="submit" value="<?php 
        _e('No');
        ?>
" /></div></form>
<form action="comment.php" method="get">
<?php 
        $this->admin->sid_field();
        wp_nonce_field($nonce_action);
        ?>
<input type="hidden" name="action" value="<?php 
        echo esc_attr($formaction);
        ?>
" />
<input type="hidden" name="p" value="<?php 
        echo intval($comment->comment_post_ID);
        ?>
" />
<input type="hidden" name="c" value="<?php 
        echo intval($comment->comment_ID);
        ?>
" />
<input type="hidden" name="noredir" value="1" />
<div><input type="submit" value="<?php 
        _e('Yes');
        ?>
" /></div>
</form>
<dl><dt><img localsrc="<?php 
        comment_type(68, 112, 112);
        ?>
" alt="[<?php 
        comment_type(__('Comment', 'ktai_style'), __('Trackback'), __('Pingback'));
        ?>
] " /><?php 
        comment_author();
        ?>
<img localsrc="46" alt=" @ " /><font color="<?php 
        echo ks_option('ks_date_color');
        ?>
"><?php 
        ks_comment_datetime();
        ?>
</font></dt><dd><?php 
        if ($comment->comment_author_email) {
            ?>
<img localsrc="108" alt="" /><font color="olive"><?php 
            comment_author_email();
            ?>
</font><br /><?php 
        }
        if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) {
            ?>
<img localsrc="112" alt="" /><font color="olive"><?php 
            comment_author_url();
            ?>
</font><br /><?php 
        }
        comment_excerpt();
        ?>
</dd></dl><?php 
        include dirname(__FILE__) . '/admin-footer.php';
    }
 function get_comment($comment_id, $context)
 {
     global $blog_id;
     $comment = get_comment($comment_id);
     if (!$comment || is_wp_error($comment)) {
         return new WP_Error('unknown_comment', 'Unknown comment', 404);
     }
     $types = array('', 'comment', 'pingback', 'trackback');
     if (!in_array($comment->comment_type, $types)) {
         return new WP_Error('unknown_comment', 'Unknown comment', 404);
     }
     $post = get_post($comment->comment_post_ID);
     if (!$post || is_wp_error($post)) {
         return new WP_Error('unknown_post', 'Unknown post', 404);
     }
     $status = wp_get_comment_status($comment->comment_ID);
     // Permissions
     switch ($context) {
         case 'edit':
             if (!current_user_can('edit_comment', $comment->comment_ID)) {
                 return new WP_Error('unauthorized', 'User cannot edit comment', 403);
             }
             $GLOBALS['post'] = $post;
             $comment = get_comment_to_edit($comment->comment_ID);
             foreach (array('comment_author', 'comment_author_email', 'comment_author_url') as $field) {
                 $comment->{$field} = htmlspecialchars_decode($comment->{$field}, ENT_QUOTES);
             }
             break;
         case 'display':
             if ('approved' !== $status) {
                 $current_user_id = get_current_user_id();
                 $user_can_read_coment = false;
                 if ($current_user_id && $comment->user_id && $current_user_id == $comment->user_id) {
                     $user_can_read_coment = true;
                 } elseif ($comment->comment_author_email && $comment->comment_author && isset($this->api->token_details['user']) && isset($this->api->token_details['user']['user_email']) && $this->api->token_details['user']['user_email'] === $comment->comment_author_email && $this->api->token_details['user']['display_name'] === $comment->comment_author) {
                     $user_can_read_coment = true;
                 } else {
                     $user_can_read_coment = current_user_can('edit_comment', $comment->comment_ID);
                 }
                 if (!$user_can_read_coment) {
                     return new WP_Error('unauthorized', 'User cannot read unapproved comment', 403);
                 }
             }
             $GLOBALS['post'] = $post;
             setup_postdata($post);
             break;
         default:
             return new WP_Error('invalid_context', 'Invalid API CONTEXT', 400);
     }
     $can_view = $this->user_can_view_post($post->ID);
     if (!$can_view || is_wp_error($can_view)) {
         return $can_view;
     }
     $GLOBALS['comment'] = $comment;
     $response = array();
     foreach (array_keys($this->comment_object_format) as $key) {
         switch ($key) {
             case 'ID':
                 // explicitly cast all output
                 $response[$key] = (int) $comment->comment_ID;
                 break;
             case 'post':
                 $response[$key] = (object) array('ID' => (int) $post->ID, 'title' => (string) get_the_title($post->ID), 'type' => (string) $post->post_type, 'link' => (string) $this->links->get_post_link($this->api->get_blog_id_for_output(), $post->ID));
                 break;
             case 'author':
                 $response[$key] = (object) $this->get_author($comment, 'edit' === $context && current_user_can('edit_comment', $comment->comment_ID));
                 break;
             case 'date':
                 $response[$key] = (string) $this->format_date($comment->comment_date_gmt, $comment->comment_date);
                 break;
             case 'URL':
                 $response[$key] = (string) esc_url_raw(get_comment_link($comment->comment_ID));
                 break;
             case 'short_URL':
                 // @todo - pagination
                 $response[$key] = (string) esc_url_raw(wp_get_shortlink($post->ID) . "%23comment-{$comment->comment_ID}");
                 break;
             case 'content':
                 if ('display' === $context) {
                     ob_start();
                     comment_text();
                     $response[$key] = (string) ob_get_clean();
                 } else {
                     $response[$key] = (string) $comment->comment_content;
                 }
                 break;
             case 'status':
                 $response[$key] = (string) $status;
                 break;
             case 'parent':
                 // (object|false)
                 if ($comment->comment_parent) {
                     $parent = get_comment($comment->comment_parent);
                     $response[$key] = (object) array('ID' => (int) $parent->comment_ID, 'type' => (string) ($parent->comment_type ? $parent->comment_type : 'comment'), 'link' => (string) $this->links->get_comment_link($blog_id, $parent->comment_ID));
                 } else {
                     $response[$key] = false;
                 }
                 break;
             case 'type':
                 $response[$key] = (string) ($comment->comment_type ? $comment->comment_type : 'comment');
                 break;
             case 'like_count':
                 if (defined('IS_WPCOM') && IS_WPCOM) {
                     $response[$key] = (int) $this->api->comment_like_count($blog_id, $post->ID, $comment->comment_ID);
                 }
                 break;
             case 'i_like':
                 if (defined('IS_WPCOM') && IS_WPCOM) {
                     $response[$key] = (bool) Likes::comment_like_current_user_likes($blog_id, $comment->comment_ID);
                 }
                 break;
             case 'meta':
                 $response[$key] = (object) array('links' => (object) array('self' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID), 'help' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID, 'help'), 'site' => (string) $this->links->get_site_link($this->api->get_blog_id_for_output()), 'post' => (string) $this->links->get_post_link($this->api->get_blog_id_for_output(), $comment->comment_post_ID), 'replies' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/'), 'likes' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/')));
                 break;
         }
     }
     unset($GLOBALS['comment'], $GLOBALS['post']);
     return $response;
 }
Example #5
0
            wp_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>!', 'javascript:history.go(-1)'));
        }
        if (!current_user_can('edit_post', $comment->comment_post_ID)) {
            wp_die(__('You are not allowed to edit comments on this post.'));
        }
        $comment = get_comment_to_edit($comment);
        include 'edit-form-comment.php';
        break;
    case 'cdc':
    case 'mac':
        require_once './admin-header.php';
        $comment = (int) $_GET['c'];
        $formaction = 'cdc' == $action ? 'deletecomment' : 'approvecomment';
        $nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_';
        $nonce_action .= $comment;
        if (!($comment = get_comment_to_edit($comment))) {
            wp_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>!', 'edit.php'));
        }
        if (!current_user_can('edit_post', $comment->comment_post_ID)) {
            wp_die('cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.'));
        }
        ?>
<div class='wrap'>

<div class="narrow">
<?php 
        if ('spam' == $_GET['dt']) {
            ?>
<p><?php 
            echo '<strong>' . __('Caution:') . '</strong> ' . __('You are about to mark the following comment as spam:');
            ?>