/** * Handles AJAX requests to update comments, comment moderation */ public function ajax_update_comment( $handler_vars ) { Utils::check_request_method( array( 'POST' ) ); // check WSSE authentication $wsse = Utils::WSSE( $handler_vars['nonce'], $handler_vars['timestamp'] ); if ( $handler_vars['digest'] != $wsse['digest'] ) { Session::error( _t( 'WSSE authentication failed.' ) ); echo Session::messages_get( true, array( 'Format', 'json_messages' ) ); return; } $ids = array(); foreach ( $_POST as $id => $update ) { // skip POST elements which are not comment ids if ( preg_match( '/^p\d+$/', $id ) && $update ) { $ids[] = (int) substr( $id, 1 ); } } if ( ( ! isset( $ids ) || empty( $ids ) ) && $handler_vars['action'] == 'delete' ) { Session::notice( _t( 'No comments selected.' ) ); echo Session::messages_get( true, array( 'Format', 'json_messages' ) ); return; } $comments = Comments::get( array( 'id' => $ids, 'nolimit' => true ) ); Plugins::act( 'admin_moderate_comments', $handler_vars['action'], $comments, $this ); $status_msg = _t( 'Unknown action "%s"', array( $handler_vars['action'] ) ); switch ( $handler_vars['action'] ) { case 'delete_spam': Comments::delete_by_status( Comment::STATUS_SPAM ); $status_msg = _t( 'Deleted all spam comments' ); break; case 'delete_unapproved': Comments::delete_by_status( Comment::STATUS_UNAPPROVED ); $status_msg = _t( 'Deleted all unapproved comments' ); break; case 'delete': // Comments marked for deletion Comments::delete_these( $comments ); $status_msg = sprintf( _n( 'Deleted %d comment', 'Deleted %d comments', count( $ids ) ), count( $ids ) ); break; case 'spam': // Comments marked as spam Comments::moderate_these( $comments, Comment::STATUS_SPAM ); $status_msg = sprintf( _n( 'Marked %d comment as spam', 'Marked %d comments as spam', count( $ids ) ), count( $ids ) ); break; case 'approve': case 'approved': // Comments marked for approval Comments::moderate_these( $comments, Comment::STATUS_APPROVED ); $status_msg = sprintf( _n( 'Approved %d comment', 'Approved %d comments', count( $ids ) ), count( $ids ) ); break; case 'unapprove': case 'unapproved': // Comments marked for unapproval Comments::moderate_these( $comments, Comment::STATUS_UNAPPROVED ); $status_msg = sprintf( _n( 'Unapproved %d comment', 'Unapproved %d comments', count( $ids ) ), count( $ids ) ); break; default: // Specific plugin-supplied action $status_msg = Plugins::filter( 'admin_comments_action', $status_msg, $handler_vars['action'], $comments ); break; } Session::notice( $status_msg ); echo Session::messages_get( true, array( 'Format', 'json_messages' ) ); }
public function fetch_comments($params = array()) { // Make certain handler_vars local with defaults, and add them to the theme output $locals = array('do_delete' => false, 'do_spam' => false, 'do_approve' => false, 'do_unapprove' => false, 'comment_ids' => null, 'nonce' => '', 'timestamp' => '', 'PasswordDigest' => '', 'mass_spam_delete' => null, 'mass_delete' => null, 'type' => 'All', 'limit' => 20, 'offset' => 0, 'search' => '', 'status' => 'All', 'orderby' => 'date DESC'); foreach ($locals as $varname => $default) { ${$varname} = isset($this->handler_vars[$varname]) ? $this->handler_vars[$varname] : (isset($params[$varname]) ? $params[$varname] : $default); $this->theme->{$varname} = ${$varname}; } // Setting these mass_delete options prevents any other processing. Desired? if (isset($mass_spam_delete) && $status == Comment::STATUS_SPAM) { // Delete all comments that have the spam status. Comments::delete_by_status(Comment::STATUS_SPAM); // let's optimize the table $result = DB::query('OPTIMIZE TABLE {comments}'); Session::notice(_t('Deleted all spam comments')); Utils::redirect(); } elseif (isset($mass_delete) && $status == Comment::STATUS_UNAPPROVED) { // Delete all comments that are unapproved. Comments::delete_by_status(Comment::STATUS_UNAPPROVED); Session::notice(_t('Deleted all unapproved comments')); Utils::redirect(); } elseif (($do_delete || $do_spam || $do_approve || $do_unapprove) && isset($comment_ids)) { $okay = true; if (empty($nonce) || empty($timestamp) || empty($PasswordDigest)) { $okay = false; } $wsse = Utils::WSSE($nonce, $timestamp); if ($PasswordDigest != $wsse['digest']) { $okay = false; } if ($okay) { if ($do_delete) { $action = 'delete'; } elseif ($do_spam) { $action = 'spam'; } elseif ($do_approve) { $action = 'approve'; } elseif ($do_unapprove) { $action = 'unapprove'; } $ids = array(); foreach ($comment_ids as $id => $id_value) { if (!isset(${'$comment_ids[' . $id . ']'})) { // Skip unmoderated submitted comment_ids $ids[] = $id; } } $to_update = Comments::get(array('id' => $ids)); $modstatus = array('Deleted %d comments' => 0, 'Marked %d comments as spam' => 0, 'Approved %d comments' => 0, 'Unapproved %d comments' => 0, 'Edited %d comments' => 0); Plugins::act('admin_moderate_comments', $action, $to_update, $this); switch ($action) { case 'delete': // This comment was marked for deletion $to_update = $this->comment_access_filter($to_update, 'delete'); Comments::delete_these($to_update); $modstatus['Deleted %d comments'] = count($to_update); break; case 'spam': // This comment was marked as spam $to_update = $this->comment_access_filter($to_update, 'edit'); Comments::moderate_these($to_update, Comment::STATUS_SPAM); $modstatus['Marked %d comments as spam'] = count($to_update); break; case 'approve': case 'approved': // Comments marked for approval $to_update = $this->comment_access_filter($to_update, 'edit'); Comments::moderate_these($to_update, Comment::STATUS_APPROVED); $modstatus['Approved %d comments'] = count($to_update); foreach ($to_update as $comment) { $modstatus['Approved comments on these posts: %s'] = (isset($modstatus['Approved comments on these posts: %s']) ? $modstatus['Approved comments on these posts: %s'] . ' · ' : '') . '<a href="' . $comment->post->permalink . '">' . $comment->post->title . '</a> '; } break; case 'unapprove': case 'unapproved': // This comment was marked for unapproval $to_update = $this->comment_access_filter($to_update, 'edit'); Comments::moderate_these($to_update, Comment::STATUS_UNAPPROVED); $modstatus['Unapproved %d comments'] = count($to_update); break; case 'edit': $to_update = $this->comment_access_filter($to_update, 'edit'); foreach ($to_update as $comment) { // This comment was edited if ($_POST['name_' . $comment->id] != NULL) { $comment->name = $_POST['name_' . $comment->id]; } if ($_POST['email_' . $comment->id] != NULL) { $comment->email = $_POST['email_' . $comment->id]; } if ($_POST['url_' . $comment->id] != NULL) { $comment->url = $_POST['url_' . $comment->id]; } if ($_POST['content_' . $comment->id] != NULL) { $comment->content = $_POST['content_' . $comment->id]; } $comment->update(); } $modstatus['Edited %d comments'] = count($to_update); break; } foreach ($modstatus as $key => $value) { if ($value) { Session::notice(sprintf(_t($key), $value)); } } } Utils::redirect(); } // we load the WSSE tokens // for use in the delete button $this->theme->wsse = Utils::WSSE(); $arguments = array('type' => $type, 'status' => $status, 'limit' => $limit, 'offset' => $offset, 'orderby' => $orderby); // only get comments the user is allowed to manage if (!User::identify()->can('manage_all_comments')) { $arguments['post_author'] = User::identify()->id; } // there is no explicit 'all' type/status for comments, so we need to unset these arguments // if that's what we want. At the same time we can set up the search field $this->theme->search_args = ''; if ($type == 'All') { unset($arguments['type']); } else { $this->theme->search_args = 'type:' . Comment::type_name($type) . ' '; } if ($status == 'All') { unset($arguments['status']); } else { $this->theme->search_args .= 'status:' . Comment::status_name($status); } if ('' != $search) { $arguments = array_merge($arguments, Comments::search_to_get($search)); } $this->theme->comments = Comments::get($arguments); $monthcts = Comments::get(array_merge($arguments, array('month_cts' => 1))); $years = array(); foreach ($monthcts as $month) { if (isset($years[$month->year])) { $years[$month->year][] = $month; } else { $years[$month->year] = array($month); } } $this->theme->years = $years; $baseactions = array(); $statuses = Comment::list_comment_statuses(); foreach ($statuses as $statusid => $statusname) { $baseactions[$statusname] = array('url' => 'javascript:itemManage.update(\'' . $statusname . '\',__commentid__);', 'title' => _t('Change this comment\'s status to %s', array($statusname)), 'label' => Comment::status_action($statusid), 'access' => 'edit'); } /* Standard actions */ $baseactions['delete'] = array('url' => 'javascript:itemManage.update(\'delete\',__commentid__);', 'title' => _t('Delete this comment'), 'label' => _t('Delete'), 'access' => 'delete'); $baseactions['edit'] = array('url' => URL::get('admin', 'page=comment&id=__commentid__'), 'title' => _t('Edit this comment'), 'label' => _t('Edit'), 'access' => 'edit'); /* Actions for inline edit */ $baseactions['submit'] = array('url' => 'javascript:inEdit.update();', 'title' => _t('Submit changes'), 'label' => _t('Update'), 'nodisplay' => TRUE, 'access' => 'edit'); $baseactions['cancel'] = array('url' => 'javascript:inEdit.deactivate();', 'title' => _t('Cancel changes'), 'label' => _t('Cancel'), 'nodisplay' => TRUE); /* Allow plugins to apply actions */ $actions = Plugins::filter('comments_actions', $baseactions, $this->theme->comments); foreach ($this->theme->comments as $comment) { // filter the actions based on the user's permissions $comment_access = $comment->get_access(); $menu = array(); foreach ($actions as $name => $action) { if (!isset($action['access']) || ACL::access_check($comment_access, $action['access'])) { $menu[$name] = $action; } } // remove the current status from the dropmenu unset($menu[Comment::status_name($comment->status)]); $comment->menu = Plugins::filter('comment_actions', $menu, $comment); } }
/** * Handles spam deletion * * @return void **/ public function action_auth_ajax_deleteall($handler) { $result = array(); switch ($handler->handler_vars['target']) { case 'spam': if (!User::identify()->can('manage_all_comments')) { Session::error(_t('You do not have permission to do that action.')); break; } $total = Comments::count_total(Comment::STATUS_SPAM, FALSE); Comments::delete_by_status(Comment::status('spam')); Session::notice(sprintf(_t('Deleted all %s spam comments.'), $total)); break; case 'logs': if (!User::identify()->can('manage_logs')) { Session::error(_t('You do not have permission to do that action.')); break; } $to_delete = EventLog::get(array('date' => 'any', 'nolimit' => 1)); $count = 0; foreach ($to_delete as $log) { $log->delete(); $count++; } Session::notice(sprintf(_t('Deleted all %s log entries.'), $count)); break; } $result['messages'] = Session::messages_get(true, 'array'); echo json_encode($result); }
/** * Handles AJAX requests to update comments, comment moderation */ public function ajax_update_comment($handler_vars) { Utils::check_request_method(array('POST')); $ar = new AjaxResponse(); // check WSSE authentication $wsse = Utils::WSSE($_POST['nonce'], $_POST['timestamp']); if ($_POST['digest'] != $wsse['digest']) { $ar->message = _t('WSSE authentication failed.'); $ar->out(); return; } $ids = $_POST['selected']; if ((!isset($ids) || empty($ids)) && $_POST['action'] == 'delete') { $ar->message = _t('No comments selected.'); $ar->out(); return; } $comments = Comments::get(array('id' => $ids, 'nolimit' => true)); Plugins::act('admin_moderate_comments', $_POST['action'], $comments, $this); $status_msg = _t('Unknown action "%s"', array($handler_vars['action'])); switch ($_POST['action']) { case 'delete_spam': Comments::delete_by_status('spam'); $status_msg = _t('Deleted all spam comments'); break; case 'delete_unapproved': Comments::delete_by_status('unapproved'); $status_msg = _t('Deleted all unapproved comments'); break; case 'delete': // Comments marked for deletion Comments::delete_these($comments); $status_msg = sprintf(_n('Deleted %d comment', 'Deleted %d comments', count($ids)), count($ids)); break; case 'spam': // Comments marked as spam Comments::moderate_these($comments, 'spam'); $status_msg = sprintf(_n('Marked %d comment as spam', 'Marked %d comments as spam', count($ids)), count($ids)); break; case 'approve': case 'approved': // Comments marked for approval Comments::moderate_these($comments, 'approved'); $status_msg = sprintf(_n('Approved %d comment', 'Approved %d comments', count($ids)), count($ids)); break; case 'unapprove': case 'unapproved': // Comments marked for unapproval Comments::moderate_these($comments, 'unapproved'); $status_msg = sprintf(_n('Unapproved %d comment', 'Unapproved %d comments', count($ids)), count($ids)); break; default: // Specific plugin-supplied action $status_msg = Plugins::filter('admin_comments_action', $status_msg, $_POST['action'], $comments); break; } $ar->message = $status_msg; $ar->out(); }