/**
* Update/Install Plugin/Theme administration panel.
*
* @package WordPress
* @subpackage Administration
*/
if (!defined('IFRAME_REQUEST') && isset($_GET['action']) && in_array($_GET['action'], array('update-selected', 'activate-plugin', 'update-selected-themes'))) {
define('IFRAME_REQUEST', true);
}
/** WordPress Administration Bootstrap */
require_once dirname(__FILE__) . '/admin.php';
include_once ABSPATH . 'wp-admin/includes/class-wp-upgrader.php';
if (isset($_GET['action'])) {
$plugin = isset($_REQUEST['plugin']) ? trim($_REQUEST['plugin']) : '';
$theme = isset($_REQUEST['theme']) ? urldecode($_REQUEST['theme']) : '';
$action = wp_validate_action();
if ('update-selected' == $action) {
if (!current_user_can('update_plugins')) {
wp_die(__('You do not have sufficient permissions to update plugins for this site.'));
}
check_admin_referer('bulk-update-plugins');
if (isset($_GET['plugins'])) {
$plugins = explode(',', stripslashes($_GET['plugins']));
} elseif (isset($_POST['checked'])) {
$plugins = (array) $_POST['checked'];
} else {
$plugins = array();
}
$plugins = array_map('urldecode', $plugins);
$url = 'update.php?action=update-selected&plugins=' . urlencode(implode(',', $plugins));
$nonce = 'bulk-update-plugins';
* @subpackage Multisite
* @since 3.1.0
*/
/** Load WordPress Administration Bootstrap */
require_once dirname(__FILE__) . '/admin.php';
/** WordPress Translation Install API */
require_once ABSPATH . 'wp-admin/includes/translation-install.php';
if (!is_multisite()) {
wp_die(__('Multisite support is not enabled.'));
}
if (!current_user_can('manage_sites')) {
wp_die(__('You do not have sufficient permissions to add sites to this network.'));
}
get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('This screen is for Super Admins to add new sites to the network. This is not affected by the registration settings.') . '</p>' . '<p>' . __('If the admin email for the new site does not exist in the database, a new user will also be created.') . '</p>'));
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Sites_Screen" target="_blank">Documentation on Site Management</a>') . '</p>' . '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>');
if (wp_validate_action('add-site')) {
check_admin_referer('add-blog', '_wpnonce_add-blog');
if (!is_array($_POST['blog'])) {
wp_die(__('Can’t create an empty site.'));
}
$blog = $_POST['blog'];
$domain = '';
if (preg_match('|^([a-zA-Z0-9-])+$|', $blog['domain'])) {
$domain = strtolower($blog['domain']);
}
// If not a subdomain install, make sure the domain isn't a reserved word
if (!is_subdomain_install()) {
/** This filter is documented in wp-includes/ms-functions.php */
$subdirectory_reserved_names = apply_filters('subdirectory_reserved_names', array('page', 'comments', 'blog', 'files', 'feed', 'wp-admin', 'wp-content', 'wp-includes'));
if (in_array($domain, $subdirectory_reserved_names)) {
wp_die(sprintf(__('The following words are reserved for use by WordPress functions and cannot be used as blog names: <code>%s</code>'), implode('</code>, <code>', $subdirectory_reserved_names)));
*
* @package WordPress
* @subpackage Multisite
* @since 3.1.0
*/
/** Load WordPress Administration Bootstrap */
require_once dirname(__FILE__) . '/admin.php';
if (!is_multisite()) {
wp_die(__('Multisite support is not enabled.'));
}
if (!current_user_can('create_users')) {
wp_die(__('You do not have sufficient permissions to add users to this network.'));
}
get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('Add User will set up a new user account on the network and send that person an email with username and password.') . '</p>' . '<p>' . __('Users who are signed up to the network without a site are added as subscribers to the main or primary dashboard site, giving them profile pages to manage their accounts. These users will only see Dashboard and My Sites in the main navigation until a site is created for them.') . '</p>'));
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Users_Screen" target="_blank">Documentation on Network Users</a>') . '</p>' . '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>');
if (wp_validate_action('add-user')) {
check_admin_referer('add-user', '_wpnonce_add-user');
if (!current_user_can('manage_network_users')) {
wp_die(__('You do not have permission to access this page.'), 403);
}
if (!is_array($_POST['user'])) {
wp_die(__('Cannot create an empty user.'));
}
$user = wp_unslash($_POST['user']);
$user_details = wpmu_validate_user_signup($user['username'], $user['email']);
if (is_wp_error($user_details['errors']) && !empty($user_details['errors']->errors)) {
$add_user_errors = $user_details['errors'];
} else {
$password = wp_generate_password(12, false);
$user_id = wpmu_create_user(esc_html(strtolower($user['username'])), $password, sanitize_email($user['email']));
if (!$user_id) {
do_action('invite_user', $user_id, $role, $newuser_key);
/* translators: 1: Site name, 2: site URL, 3: role, 4: activation URL */
$message = __('Hi,
You\'ve been invited to join \'%1$s\' at
%2$s with the role of %3$s.
Please click the following link to confirm the invite:
%4$s');
wp_mail($new_user_email, sprintf(__('[%s] Joining confirmation'), wp_specialchars_decode(get_option('blogname'))), sprintf($message, get_option('blogname'), home_url(), wp_specialchars_decode(translate_user_role($role['name'])), home_url("/newbloguser/{$newuser_key}/")));
$redirect = add_query_arg(array('update' => 'add'), 'user-new.php');
}
}
wp_redirect($redirect);
die;
} elseif (wp_validate_action('createuser')) {
check_admin_referer('create-user', '_wpnonce_create-user');
if (!current_user_can('create_users')) {
wp_die('<h1>' . __('Cheatin’ uh?') . '</h1>' . '<p>' . __('You are not allowed to create users.') . '</p>', 403);
}
if (!is_multisite()) {
$user_id = edit_user();
if (is_wp_error($user_id)) {
$add_user_errors = $user_id;
} else {
if (current_user_can('list_users')) {
$redirect = 'users.php?update=add&id=' . $user_id;
} else {
$redirect = add_query_arg('update', 'add', 'user-new.php');
}
wp_redirect($redirect);
}
if (!wp_validate_action('upload-attachment')) {
// Flash often fails to send cookies with the POST or upload, so we need to pass it in GET or POST instead
if (is_ssl() && empty($_COOKIE[SECURE_AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[SECURE_AUTH_COOKIE] = $_REQUEST['auth_cookie'];
} elseif (empty($_COOKIE[AUTH_COOKIE]) && !empty($_REQUEST['auth_cookie'])) {
$_COOKIE[AUTH_COOKIE] = $_REQUEST['auth_cookie'];
}
if (empty($_COOKIE[LOGGED_IN_COOKIE]) && !empty($_REQUEST['logged_in_cookie'])) {
$_COOKIE[LOGGED_IN_COOKIE] = $_REQUEST['logged_in_cookie'];
}
unset($current_user);
}
require_once ABSPATH . 'wp-admin/admin.php';
header('Content-Type: text/html; charset=' . get_option('blog_charset'));
if (wp_validate_action('upload-attachment')) {
include ABSPATH . 'wp-admin/includes/ajax-actions.php';
send_nosniff_header();
nocache_headers();
wp_ajax_upload_attachment();
die('0');
}
if (!current_user_can('upload_files')) {
wp_die(__('You do not have permission to upload files.'));
}
// just fetch the detail form for that attachment
if (isset($_REQUEST['attachment_id']) && ($id = intval($_REQUEST['attachment_id'])) && $_REQUEST['fetch']) {
$post = get_post($id);
if ('attachment' != $post->post_type) {
wp_die(__('Unknown post type.'));
}
}
get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('The menu is for editing information specific to individual sites, particularly if the admin area of a site is unavailable.') . '</p>' . '<p>' . __('<strong>Info</strong> — The site URL is rarely edited as this can cause the site to not work properly. The Registered date and Last Updated date are displayed. Network admins can mark a site as archived, spam, deleted and mature, to remove from public listings or disable.') . '</p>' . '<p>' . __('<strong>Users</strong> — This displays the users associated with this site. You can also change their role, reset their password, or remove them from the site. Removing the user from the site does not remove the user from the network.') . '</p>' . '<p>' . sprintf(__('<strong>Themes</strong> — This area shows themes that are not already enabled across the network. Enabling a theme in this menu makes it accessible to this site. It does not activate the theme, but allows it to show in the site’s Appearance menu. To enable a theme for the entire network, see the <a href="%s">Network Themes</a> screen.'), network_admin_url('themes.php')) . '</p>' . '<p>' . __('<strong>Settings</strong> — This page shows a list of all settings associated with this site. Some are created by WordPress and others are created by plugins you activate. Note that some fields are grayed out and say Serialized Data. You cannot modify these values due to the way the setting is stored in the database.') . '</p>'));
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Sites_Screen" target="_blank">Documentation on Site Management</a>') . '</p>' . '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>');
$id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
if (!$id) {
wp_die(__('Invalid site ID.'));
}
$details = get_blog_details($id);
if (!$details) {
wp_die(__('The requested site does not exist.'));
}
if (!can_edit_network($details->site_id)) {
wp_die(__('You do not have permission to access this page.'), 403);
}
$is_main_site = is_main_site($id);
if (wp_validate_action('update-site') && is_array($_POST['option'])) {
check_admin_referer('edit-site');
switch_to_blog($id);
$skip_options = array('allowedthemes');
// Don't update these options since they are handled elsewhere in the form.
foreach ((array) $_POST['option'] as $key => $val) {
$key = wp_unslash($key);
$val = wp_unslash($val);
if ($key === 0 || is_array($val) || in_array($key, $skip_options)) {
continue;
}
// Avoids "0 is a protected WP option and may not be modified" error when edit blog options
update_option($key, $val);
}
/**
* Fires after the site options are updated.
/**
*
* @return string
*/
public function current_action()
{
$action = wp_validate_action();
if ($action && isset($_REQUEST['delete_tags']) && ('delete' == $action || 'delete' == $_REQUEST['action2'])) {
return 'bulk-delete';
}
return parent::current_action();
}
get_current_screen()->add_help_tab(array('id' => 'overview', 'title' => __('Overview'), 'content' => '<p>' . __('The menu is for editing information specific to individual sites, particularly if the admin area of a site is unavailable.') . '</p>' . '<p>' . __('<strong>Info</strong> — The site URL is rarely edited as this can cause the site to not work properly. The Registered date and Last Updated date are displayed. Network admins can mark a site as archived, spam, deleted and mature, to remove from public listings or disable.') . '</p>' . '<p>' . __('<strong>Users</strong> — This displays the users associated with this site. You can also change their role, reset their password, or remove them from the site. Removing the user from the site does not remove the user from the network.') . '</p>' . '<p>' . sprintf(__('<strong>Themes</strong> — This area shows themes that are not already enabled across the network. Enabling a theme in this menu makes it accessible to this site. It does not activate the theme, but allows it to show in the site’s Appearance menu. To enable a theme for the entire network, see the <a href="%s">Network Themes</a> screen.'), network_admin_url('themes.php')) . '</p>' . '<p>' . __('<strong>Settings</strong> — This page shows a list of all settings associated with this site. Some are created by WordPress and others are created by plugins you activate. Note that some fields are grayed out and say Serialized Data. You cannot modify these values due to the way the setting is stored in the database.') . '</p>'));
get_current_screen()->set_help_sidebar('<p><strong>' . __('For more information:') . '</strong></p>' . '<p>' . __('<a href="https://codex.wordpress.org/Network_Admin_Sites_Screen" target="_blank">Documentation on Site Management</a>') . '</p>' . '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/" target="_blank">Support Forums</a>') . '</p>');
$id = isset($_REQUEST['id']) ? intval($_REQUEST['id']) : 0;
if (!$id) {
wp_die(__('Invalid site ID.'));
}
$details = get_blog_details($id);
if (!$details) {
wp_die(__('The requested site does not exist.'));
}
if (!can_edit_network($details->site_id)) {
wp_die(__('You do not have permission to access this page.'), 403);
}
$parsed_scheme = parse_url($details->siteurl, PHP_URL_SCHEME);
$is_main_site = is_main_site($id);
if (wp_validate_action('update-site')) {
check_admin_referer('edit-site');
switch_to_blog($id);
// Rewrite rules can't be flushed during switch to blog.
delete_option('rewrite_rules');
$blog_data = wp_unslash($_POST['blog']);
$blog_data['scheme'] = $parsed_scheme;
if ($is_main_site) {
// On the network's main site, don't allow the domain or path to change.
$blog_data['domain'] = $details->domain;
$blog_data['path'] = $details->path;
} else {
// For any other site, the scheme, domain, and path can all be changed. We first
// need to ensure a scheme has been provided, otherwise fallback to the existing.
$new_url_scheme = parse_url($blog_data['url'], PHP_URL_SCHEME);
if (!$new_url_scheme) {
