public function __construct($base)
{
$this->base = $base;
$this->admin = $base->admin;
$this->orig_referer = wp_get_original_referer();
if (isset($_GET['message'])) {
$this->message = intval($_GET['message']);
if ($this->message == 1 && !$this->orig_referer) {
$this->message = 4;
}
}
$this->messages[1] = sprintf(__('Page updated. Continue editing below or <a href="%s">go back</a>.', 'ktai_style'), esc_attr($this->orig_referer));
$this->messages[2] = __('Custom field updated.', 'ktai_style');
$this->messages[3] = __('Custom field deleted.', 'ktai_style');
$this->messages[4] = __('Page updated.', 'ktai_style');
$this->messages[5] = __('Page published.', 'ktai_style');
$this->messages[6] = __('Page submitted.', 'ktai_style');
if (isset($_GET['revision'])) {
$this->messages[5] = sprintf(__('Page restored to revision from %s'), wp_post_revision_title((int) $_GET['revision'], false));
}
$this->notices[1] = __('There is an autosave of this page that is more recent than the version below. <a href="%s">View the autosave</a>.');
global $post_ID, $temp_ID;
$post_ID = isset($post_ID) ? intval($post_ID) : 0;
$temp_ID = isset($temp_ID) ? intval($temp_ID) : 0;
}
function wp_referer_field()
{
$ref = wp_specialchars($_SERVER['REQUEST_URI']);
echo '<input type="hidden" name="_wp_http_referer" value="' . $ref . '" />';
if (wp_get_original_referer()) {
$original_ref = wp_specialchars(stripslashes(wp_get_original_referer()));
echo '<input type="hidden" name="_wp_original_http_referer" value="' . $original_ref . '" />';
}
}
public function __construct($base)
{
$this->base = $base;
$this->admin = $base->admin;
$this->referer = $this->admin->get_referer();
if ('' != wp_get_original_referer()) {
$this->referer = wp_get_original_referer();
}
$this->referer = remove_query_arg(array('approved', 'unapproved', 'spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids'), $this->referer);
global $action;
wp_reset_vars(array('action'));
if ('cdc' == $action) {
$action = 'delete';
} elseif ('mac' == $action) {
$action = 'approve';
}
if (isset($_GET['dt'])) {
if ('spam' == $_GET['dt']) {
$action = 'spam';
} elseif ('trash' == $_GET['dt']) {
$action = 'trash';
}
}
switch ($action) {
case 'spam':
case 'approve':
case 'delete':
case 'trash':
$this->confirm($action);
break;
case 'editcomment':
$this->edit_form();
break;
case 'deletecomment':
case 'trashcomment':
case 'untrashcomment':
case 'spamcomment':
case 'unspamcomment':
$this->delete_comment($action);
exit;
case 'approvecomment':
case 'unapprovecomment':
$this->approve_comment($action);
exit;
case 'editedcomment':
$this->edited_comment();
exit;
default:
break;
}
}
function handle_members_updates()
{
global $action, $page;
wp_reset_vars(array('action', 'page'));
if (isset($_GET['doaction']) || isset($_GET['doaction2'])) {
if (addslashes($_GET['action']) == 'toggle' || addslashes($_GET['action2']) == 'toggle') {
$action = 'bulk-toggle';
}
}
switch (addslashes($action)) {
case 'removeheader':
$this->dismiss_user_help($page);
wp_safe_redirect(remove_query_arg('action'));
break;
case 'toggle':
if (isset($_GET['member_id'])) {
$user_id = (int) $_GET['member_id'];
check_admin_referer('toggle-member_' . $user_id);
$member = new M_Membership($user_id);
if ($member->toggle_activation()) {
wp_safe_redirect(add_query_arg('msg', 7, wp_get_referer()));
} else {
wp_safe_redirect(add_query_arg('msg', 8, wp_get_referer()));
}
}
break;
case 'bulk-toggle':
check_admin_referer('bulk-members');
foreach ($_GET['users'] as $value) {
if (is_numeric($value)) {
$user_id = (int) $value;
$member = new M_Membership($user_id);
$member->toggle_activation();
}
}
wp_safe_redirect(add_query_arg('msg', 7, wp_get_referer()));
break;
case 'bulkaddlevel-level-complete':
case 'addlevel-level-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$tolevel_id = (int) $_POST['tolevel_id'];
if ($tolevel_id) {
$member->add_level($tolevel_id);
}
}
}
$this->update_levelcounts();
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
case 'bulkdroplevel-level-complete':
case 'droplevel-level-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromlevel_id = (int) $_POST['fromlevel_id'];
if ($fromlevel_id) {
$member->drop_level($fromlevel_id);
}
}
}
$this->update_levelcounts();
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
case 'bulkmovelevel-level-complete':
case 'movelevel-level-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromlevel_id = (int) $_POST['fromlevel_id'];
$tolevel_id = (int) $_POST['tolevel_id'];
if ($fromlevel_id && $tolevel_id) {
$member->move_level($fromlevel_id, $tolevel_id);
}
}
}
$this->update_levelcounts();
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
case 'bulkaddsub-sub-complete':
case 'addsub-sub-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$tosub_id = $_POST['tosub_id'];
if ($tosub_id) {
$subs = explode('-', $tosub_id);
if (count($subs) == 3) {
$member->add_subscription($subs[0], $subs[1], $subs[2]);
}
}
}
}
$this->update_levelcounts();
$this->update_subcounts();
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
case 'bulkdropsub-sub-complete':
case 'dropsub-sub-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromsub_id = (int) $_POST['fromsub_id'];
if ($fromsub_id) {
$member->drop_subscription($fromsub_id);
}
}
}
$this->update_levelcounts();
$this->update_subcounts();
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
case 'bulkmovesub-sub-complete':
case 'movesub-sub-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromsub_id = (int) $_POST['fromsub_id'];
$tosub_id = $_POST['tosub_id'];
if ($fromsub_id && $tosub_id) {
$subs = explode('-', $tosub_id);
if (count($subs) == 3) {
$member->move_subscription($fromsub_id, $subs[0], $subs[1], $subs[2]);
}
}
}
}
$this->update_levelcounts();
$this->update_subcounts();
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
case 'bulkmovegateway-gateway-complete':
case 'movegateway-gateway-complete':
check_admin_referer($action);
$members_id = $_POST['member_id'];
$members = explode(',', $members_id);
if ($members) {
foreach ($members as $member_id) {
$member = new M_Membership($member_id);
$fromgateway = $_POST['fromgateway'];
$togateway = $_POST['togateway'];
if (!empty($fromgateway) && !empty($togateway)) {
$relationships = $member->get_relationships();
foreach ($relationships as $rel) {
if ($rel->usinggateway == $fromgateway) {
$member->update_relationship_gateway($rel->rel_id, $fromgateway, $togateway);
}
}
}
}
}
wp_safe_redirect(add_query_arg('msg', 3, wp_get_original_referer()));
break;
}
}
/**
* Handles logout redirection
*
* Callback for "logout_redirect" hook in method Theme_My_Login::the_request()
*
* @see Theme_My_Login::the_request()
* @since 6.0
* @access public
*
* @param string $redirect_to Default redirect
* @param string $request Requested redirect
* @param WP_User|WP_Error WP_User if user logged in, WP_Error otherwise
* @return string New redirect
*/
function logout_redirect($redirect_to, $request, $user)
{
global $theme_my_login;
// Determine the correct referer
if (!($http_referer = wp_get_original_referer())) {
$http_referer = wp_get_referer();
}
// Remove some arguments that may be present and shouldn't be
$http_referer = remove_query_arg(array('instance', 'action', 'checkemail', 'error', 'loggedout', 'registered', 'redirect_to', 'updated', 'key', '_wpnonce'), $http_referer);
// Make sure $user object exists and is a WP_User instance
if (!is_wp_error($user) && is_a($user, 'WP_User')) {
if (is_multisite() && empty($user->roles)) {
$user->roles = array('subscriber');
}
$redirection = array();
foreach ((array) $user->roles as $role) {
if ($theme_my_login->options->get_option(array('redirection', $role))) {
$redirection = $theme_my_login->options->get_option(array('redirection', $role));
break;
}
}
if ('referer' == $redirection['logout_type']) {
// Send 'em back to the referer
$redirect_to = $http_referer;
} elseif ('custom' == $redirection['logout_type']) {
// Send 'em to the specified URL
$redirect_to = $redirection['logout_url'];
// Allow a few user specific variables
$replace = array('%user_id%' => $user->ID, '%user_login%' => $user->user_login);
$redirect_to = str_replace(array_keys($replace), array_values($replace), $redirect_to);
}
}
// Make sure $redirect_to isn't empty or pointing to an admin URL (causing an endless loop)
if (empty($redirect_to) || strpos($redirect_to, 'wp-admin') !== false) {
$redirect_to = $theme_my_login->get_login_page_link('loggedout=true');
}
return $redirect_to;
}
/**
* Handles logout redirection
*
* Callback for "logout_redirect" hook in method Theme_My_Login::the_request()
*
* @see Theme_My_Login::the_request()
* @since 6.0
* @access public
*
* @param string $redirect_to Default redirect
* @param string $request Requested redirect
* @param WP_User|WP_Error WP_User if user logged in, WP_Error otherwise
* @return string New redirect
*/
public function logout_redirect($redirect_to, $request, $user)
{
// Determine the correct referer
if (!($http_referer = wp_get_original_referer())) {
$http_referer = wp_get_referer();
}
// Remove some arguments that may be present and shouldn't be
$http_referer = remove_query_arg(array('instance', 'action', 'checkemail', 'error', 'loggedout', 'registered', 'redirect_to', 'updated', 'key', '_wpnonce'), $http_referer);
// Make sure $user object exists and is a WP_User instance
if (!is_wp_error($user) && is_a($user, 'WP_User')) {
if (is_multisite() && empty($user->roles)) {
$user->roles = array('subscriber');
}
$user_role = reset($user->roles);
$redirection = $this->get_option($user_role, array());
if ('referer' == $redirection['logout_type']) {
// Send 'em back to the referer
$redirect_to = $http_referer;
} elseif ('custom' == $redirection['logout_type']) {
// Send 'em to the specified URL
$redirect_to = $redirection['logout_url'];
// Allow a few user specific variables
$redirect_to = Theme_My_Login_Common::replace_vars($redirect_to, $user->ID, array('%user_id%' => $user->ID));
}
}
// Make sure $redirect_to isn't empty or pointing to an admin URL (causing an endless loop)
if (empty($redirect_to) || false !== strpos($redirect_to, 'wp-admin')) {
$redirect_to = add_query_arg('loggedout', 'true', wp_login_url());
}
return $redirect_to;
}
/**
* Adds "_wp_original_referer" field to login form
*
* Callback for "login_form" hook in file "login-form.php", included by method Theme_My_Login_Template::display()
*
* @see Theme_My_Login_Template::display()
* @since 6.0
* @access public
*/
public function login_form()
{
if (!empty($_REQUEST['redirect_to'])) {
$referer = wp_unslash($_REQUEST['redirect_to']);
} elseif (wp_get_original_referer()) {
$referer = wp_get_original_referer();
} else {
$referer = Theme_My_Login::is_tml_page() ? wp_get_referer() : wp_unslash($_SERVER['REQUEST_URI']);
}
echo '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr($referer) . '" />';
}
function wpu_menuSettings()
{
global $user_ID, $wp_roles;
$profileuser = get_user_to_edit($user_ID);
$bookmarklet_height = 440;
$wpuConnSettings = get_settings('wputd_connection');
$page_output = '';
if (isset($_GET['updated'])) {
$page_output .= '<div id="message" class="updated fade">
<p><strong>' . __('Settings updated.') . '</strong></p>
</div>';
}
if (!empty($wpuConnSettings['blogs'])) {
$pageTitle .= __('Your Blog Details');
} else {
$pageTitle .= __('Your Profile');
}
$page_output .= '<div class="wrap">';
echo $page_output;
screen_icon();
$page_output = '<h2>' . wp_specialchars($pageTitle) . '</h2>';
$page_output .= '<form name="profile" id="your-profile" action="admin.php?noheader=true&page=' . $wpuConnSettings['full_path_to_plugin'] . '&wpu_action=update-blog-profile" method="post">' . "\n";
// have to use this, because wp_nonce_field echos. //wp_nonce_field('update-blog-profile_' . $user_ID);
// beginning of nonce fields
$page_output .= '<input type="hidden" name="' . attribute_escape('_wpnonce') . '" value="' . wp_create_nonce('update-blog-profile_' . $user_ID) . '" />';
$ref = attribute_escape($_SERVER['REQUEST_URI']);
$page_output .= '<input type="hidden" name="_wp_http_referer" value="' . $ref . '" />';
if (wp_get_original_referer()) {
$original_ref = attribute_escape(stripslashes(wp_get_original_referer()));
$page_output .= '<input type="hidden" name="_wp_original_http_referer" value="' . $original_ref . '" />';
}
// End of nonce fields
$page_output .= '<p>
<!--<input type="hidden" name="page" value="' . $wpuConnSettings['full_path_to_plugin'] . '" /> -->
<!--<input type="hidden" name="action" value="update-blog-profile" />-->
<!--<input type="hidden" name="from" value="blog_settings" /> -->
<input type="hidden" name="checkuser_id" value="' . 'echo $user_ID' . '" />
</p>
<fieldset>
<legend>' . __('Name') . '</legend>
<input type="hidden" name="user_login" value="' . $profileuser->user_login . '" />
<p><label>' . __('First name:') . '<br />
<input type="text" name="first_name" value="' . $profileuser->first_name . '" /></label></p>
<p><label>' . 'Last name:' . '<br />
<input type="text" name="last_name" value="' . $profileuser->last_name . '" /></label></p>
<p><label>' . __('Nickname:') . '<br />
<input type="text" name="nickname" value="' . $profileuser->nickname . '" /></label></p>
<p><label>' . __('Display name publicly as:') . '<br />
<select name="display_name">
<option value="' . $profileuser->display_name . '">' . $profileuser->display_name . '</option>
<option value="' . $profileuser->nickname . '">' . $profileuser->nickname . '</option>
<option value="' . $profileuser->user_login . '">' . $profileuser->user_login . '</option>';
if (!empty($profileuser->first_name)) {
$page_output .= '<option value="' . $profileuser->first_name . '">' . $profileuser->first_name . '</option>';
}
if (!empty($profileuser->last_name)) {
$page_output .= '<option value="' . $profileuser->last_name . '">' . $profileuser->last_name . '</option>';
}
if (!empty($profileuser->first_name) && !empty($profileuser->last_name)) {
$page_output .= '<option value="' . $profileuser->first_name . ' ' . $profileuser->last_name . '">' . $profileuser->first_name . ' ' . $profileuser->last_name . '</option>
<option value="' . $profileuser->last_name . ' ' . $profileuser->first_name . '">' . $profileuser->last_name . ' ' . $profileuser->first_name . '</option>';
}
$page_output .= '</select></label></p>
</fieldset>';
if (!empty($wpuConnSettings['blogs'])) {
$page_output .= '<fieldset>
<legend>' . __('About Your Blog') . '</legend>
<input type="hidden" name="email" value="' . $profileuser->user_email . '" />';
// Retrieve blog options
$blog_title = get_usermeta($user_ID, 'blog_title');
$blog_tagline = get_usermeta($user_ID, 'blog_tagline');
$page_output .= '<p><label>' . __('The Title of Your Blog:') . '<br />
<input type="text" name="blog_title" value="' . $blog_title . '" /></label></p>
<p><label>' . __('Blog Tagline') . '<br />
<input type="text" name="blog_tagline" value="' . $blog_tagline . '"</label></p>
</fieldset>';
}
$page_output .= '<br clear="all" />
<fieldset>
<legend>' . __('About yourself') . '</legend>
<p class="desc">' . __('Share a little biographical information to fill out your profile. This may be shown publicly.') . '</p>
<p><textarea name="description" rows="5" cols="30">' . $profileuser->description . '</textarea></p>
</fieldset>';
do_action('show_user_profile');
$richEditing = get_user_option('rich_editing') ? "checked='checked'" : "";
$page_output .= '<br clear="all" />
<h3>' . __('Personal Options') . '</h3>
<p><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="true" ' . $richEditing . ' />' . __('Use the visual rich editor when writing') . '</label></p>';
do_action('profile_personal_options');
$page_output .= '<table width="99%" border="0" cellspacing="2" cellpadding="3" class="editform">';
if (count($profileuser->caps) > count($profileuser->roles)) {
$page_output .= '<tr>
<th scope="row">' . __('Additional Capabilities:') . '</th>
<td>';
$output = '';
foreach ($profileuser->caps as $cap => $value) {
if (!$wp_roles->is_role($cap)) {
if ($output != '') {
$output .= ', ';
}
$output .= $value ? $cap : "Denied: {$cap}";
}
}
$page_output .= $output . '
</td>
</tr>';
}
$page_output .= '</table>
<p class="submit">
<input type="submit" value="' . __('Update Profile »') . '" name="submit" />
</p>
</form>
</div>';
//What to do with this page we've just made?
if (defined('WPU_ALTER_PROFILE')) {
//replace profile page with it
return $page_output . '<div id="footer">';
} else {
// display the page
echo $page_output;
}
}
/**
* Retrieve or display original referer hidden field for forms.
*
* The input name is '_wp_original_http_referer' and will be either the same
* value of wp_referer_field(), if that was posted already or it will be the
* current page, if it doesn't exist.
*
* @since 2.0.4
*
* @param bool $echo Optional. Whether to echo the original http referer. Default true.
* @param string $jump_back_to Optional. Can be 'previous' or page you want to jump back to.
* Default 'current'.
* @return string Original referer field.
*/
function wp_original_referer_field($echo = true, $jump_back_to = 'current')
{
if (!($ref = wp_get_original_referer())) {
$ref = 'previous' == $jump_back_to ? wp_get_referer() : wp_unslash($_SERVER['REQUEST_URI']);
}
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . esc_attr($ref) . '" />';
if ($echo) {
echo $orig_referer_field;
}
return $orig_referer_field;
}
private function redirect_post($post_ID = '')
{
$admin_dir = $this->base->get('plugin_dir') . '/' . basename(dirname(__FILE__));
$referredby = '';
if (!empty($_POST['referredby'])) {
$referredby = preg_replace('|https?://[^/]+|i', '', $_POST['referredby']);
$referredby = remove_query_arg('_wp_original_http_referer', $referredby);
}
$referer = preg_replace('|https?://[^/]+|i', '', $this->admin->get_referer());
if ((isset($_POST['save']) || isset($_POST['publish'])) && (empty($referredby) || $referredby == $referer || 'redo' != $referredby)) {
$orig_referer = wp_get_original_referer();
if (strpos($orig_referer, $admin_dir . '/post.php') === false && strpos($orig_referer, $admin_dir . '/post-new.php') === false) {
$location = add_query_arg(array('_wp_original_http_referer' => urlencode($orig_referer), 'message' => 1), get_edit_post_link($post_ID, 'url'));
} else {
if (isset($_POST['publish'])) {
if ('pending' == get_post_status($post_ID)) {
$location = add_query_arg('message', 8, get_edit_post_link($post_ID, 'url'));
} else {
$location = add_query_arg('message', 6, get_edit_post_link($post_ID, 'url'));
}
} else {
$location = add_query_arg('message', 7, get_edit_post_link($post_ID, 'url'));
}
}
/* } elseif (isset($_POST['addmeta']) && $_POST['addmeta']) {
$location = add_query_arg( 'message', 2, $this->admin->get_referer() );
$location = explode('#', $location);
$location = $location[0] . '#postcustom';
} elseif (isset($_POST['deletemeta']) && $_POST['deletemeta']) {
$location = add_query_arg( 'message', 3, $this->admin->get_referer() );
$location = explode('#', $location);
$location = $location[0] . '#postcustom';
*/
} elseif (!empty($referredby) && $referredby != $referer) {
$location = $_POST['referredby'];
$location = remove_query_arg('_wp_original_http_referer', $location);
if (false !== strpos($location, 'edit.php')) {
$location = add_query_arg('posted', $post_ID, $location);
} elseif (false !== strpos($location, basename(dirname(__FILE__)))) {
$location = "post-new.php?posted={$post_ID}";
}
} elseif (isset($_POST['publish'])) {
$location = "post-new.php?posted={$post_ID}";
} else {
$location = add_query_arg('message', 4, get_edit_post_link($post_ID, 'url'));
}
$this->admin->redirect($location);
}
function load_admin_style()
{
wp_register_style('admin_css', 'http://www.mentalhaiku.com/wp-content/themes/mentalhaiku/admin-style.css', false, '1.0.0');
wp_enqueue_style('admin_css', get_template_directory_uri() . '/admin-style.css', false, '1.0.0');
}
add_filter('ajax_query_attachments_args', 'show_users_own_attachments', 1, 1);
function show_users_own_attachments($query)
{
$id = get_current_user_id();
if (!current_user_can('manage_options')) {
$query['author'] = $id;
}
return $query;
}
add_filter('redirect_post_location', function ($location) {
global $post;
if ((isset($_POST['publish']) || isset($_POST['save'])) && preg_match("/post=([0-9]*)/", $location, $match) && $post && $post->ID == $match[1] && (isset($_POST['publish']) || $post->post_status == 'publish') && ($pl = get_permalink($post->ID))) {
if (isset($_POST['publish'])) {
// Homepage for new posts only
$location = home_url();
} elseif ($ref = wp_get_original_referer()) {
// Referer for edited posts
$ref = explode('#', $ref, 2);
$location = $ref[0] . '#post-' . $post->ID;
} else {
// Post page as a last resort
$location = $pl;
}
}
return $location;
});
/**
* Process the selected action for a single contribution
*
* @since 1.0.0
*/
public function process_contribution_action()
{
if (!isset($_REQUEST['action']) || !isset($_REQUEST['c'])) {
return;
}
switch ($_REQUEST['action']) {
case 'flagcomment':
$comment_id = absint($_REQUEST['c']);
check_admin_referer('delete-comment_' . $comment_id);
$noredir = isset($_REQUEST['noredir']);
if (!($comment = get_comment($comment_id))) {
comment_footer_die(__('Oops, no comment with this ID.', WC_Product_Reviews_Pro::TEXT_DOMAIN) . sprintf(' <a href="%s">' . __('Go back', WC_Product_Reviews_Pro::TEXT_DOMAIN) . '</a>.', 'admin.php?page=contributions'));
}
if ('' != wp_get_referer() && !$noredir && false === strpos(wp_get_referer(), 'page=contributions')) {
$redir = wp_get_referer();
} elseif ('' != wp_get_original_referer() && !$noredir) {
$redir = wp_get_original_referer();
} else {
$redir = admin_url('admin.php?page=contributions');
}
$redir = remove_query_arg(array('ids', 'flagged'), $redir);
$contribution = wc_product_reviews_pro_get_contribution($comment_id);
if ($contribution && $contribution->flag()) {
$redir = add_query_arg(array('flagged' => '1'), $redir);
}
wp_redirect(esc_url_raw($redir));
exit;
break;
}
}
function universal_exceptions_note($tag, $taxonomy, $post_type)
{
$tx_obj = get_taxonomy($taxonomy);
$type_obj = get_post_type_object($post_type);
?>
<div class="form-wrap"><p>
<?php
// if _wp_original_http_referer is not passed, redirect will be from universal exceptions edit form to type-specific exceptions edit form
if (!($referer = wp_get_original_referer())) {
$referer = wp_get_referer();
}
$url = add_query_arg('_wp_original_http_referer', urlencode($referer), "edit-tags.php?action=edit&taxonomy={$taxonomy}&tag_ID={$tag->term_id}&pp_universal=1");
printf(__('Displayed exceptions are those assigned for the "%1$s" type. You can also %2$sdefine universal %3$s exceptions which apply to all related post types%4$s.', 'pp'), $type_obj->labels->singular_name, "<a href='{$url}'>", $tx_obj->labels->singular_name, '</a>');
?>
</p></div>
<?php
}
function pp_admin_projects()
{
global $user_identity;
$title = __('Edit Projects', 'prologue-projects');
if (!($project_category_id = pp_get_category_id('projects'))) {
?>
<div class="wrap nosubsub">
<?php
screen_icon();
?>
<h2>
<?php
echo wp_specialchars($title);
?>
</h2>
<div id="message" class="updated"><p><?php
_e('You must <a href="admin.php?page=prologue-projects-settings">assign an existing category</a> as the container for all projects.', 'prologue-projects');
?>
</p></div>
</div>
<?php
return;
}
global $action;
wp_reset_vars(array('action'));
if (isset($_GET['action']) && isset($_GET['delete']) && ('delete' == $_GET['action'] || 'delete' == $_GET['action2'])) {
$action = 'bulk-delete';
}
switch ($action) {
case 'addproject':
check_admin_referer('add-project');
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?', 'prologue-projects'));
}
if (pp_insert_project($_POST)) {
wp_redirect('admin.php?page=prologue-projects&message=1#addproject');
} else {
wp_redirect('admin.php?page=prologue-projects&message=4#addproject');
}
exit;
break;
case 'delete':
$project_ID = (int) $_GET['project_ID'];
check_admin_referer('delete-project_' . $project_ID);
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?', 'prologue-projects'));
}
$project_name = get_catname($project_ID);
// Don't delete the default cats.
if ($project_ID == get_option('default_category')) {
wp_die(sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one", 'prologue-projects'), $cat_name));
}
pp_delete_project($project_ID);
wp_redirect('admin.php?page=prologue-projects&message=2');
exit;
break;
case 'bulk-delete':
check_admin_referer('bulk-projects');
echo 1;
if (!current_user_can('manage_categories')) {
wp_die(__('You are not allowed to delete projects.', 'prologue-projects'));
}
foreach ((array) $_GET['delete'] as $project_ID) {
$project_name = get_catname($project_ID);
// Don't delete the default cats.
if ($project_ID == get_option('default_category')) {
wp_die(sprintf(__("Can’t delete the <strong>%s</strong> category: this is the default one", 'prologue-projects'), $cat_name));
}
pp_delete_project($project_ID);
}
$sendback = wp_get_referer();
wp_redirect($sendback);
exit;
break;
case 'edit':
if (!current_user_can('manage_categories')) {
wp_die(__('You are not allowed to edit projects.', 'prologue-projects'));
}
$title = __('Edit Project', 'prologue-projects');
require_once 'admin-header.php';
$project_ID = (int) $_GET['project_ID'];
$project = pp_get_project_data($project_ID, 'all', 'editing');
?>
<div class="wrap nosubsub">
<?php
screen_icon();
?>
<h2><?php
echo wp_specialchars($title);
?>
</h2>
<?php
if (isset($_GET['message']) && ($msg = (int) $_GET['message'])) {
?>
<div id="message" class="updated fade"><p><?php
echo $messages[$msg];
?>
</p></div>
<?php
$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
}
?>
<div class="wrap">
<div id="ajax-response"></div>
<form name="addproject" id="editproject" method="post" action="admin.php?page=prologue-projects" class="validate">
<input type="hidden" name="action" value="editedproject" />
<input type="hidden" name="project_ID" value="<?php
echo $project['id'];
?>
" />
<?php
wp_original_referer_field(true, 'previous');
?>
<?php
wp_nonce_field('update-project_' . $project['id']);
?>
<table class="form-table">
<tr class="form-field form-required">
<th scope="row" valign="top"><label for="project_name"><?php
_e('Project Name', 'prologue-projects');
?>
</label></th>
<td><input name="project_name" id="project_name" type="text" value="<?php
echo attribute_escape($project['name']);
?>
" size="40" aria-required="true" /><br />
<span class="setting-description"><?php
_e('The name is used to identify the project almost everywhere, for example under the post or in the project widgets.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_nicename"><?php
_e('Project Slug', 'prologue-projects');
?>
</label></th>
<td><input name="project_nicename" id="project_nicename" type="text" value="<?php
echo attribute_escape($project['slug']);
?>
" size="40" /><br />
<span class="setting-description"><?php
_e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_parent"><?php
_e('Project Parent', 'prologue-projects');
?>
</label></th>
<td><?php
wp_dropdown_categories(array('child_of' => $project_category_id, 'hide_empty' => 0, 'name' => 'project_parent', 'orderby' => 'name', 'selected' => $project['parent_id'], 'hierarchical' => true, 'show_option_none' => __('None', 'prologue-projects')));
?>
<br />
<span class="setting-description"><?php
_e('Projects, can have a hierarchy. You might have an event project, and under that have sub-projects for catering and merchandise. Totally optional.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_description"><?php
_e('Description', 'prologue-projects');
?>
</label></th>
<td><textarea name="project_description" id="project_description" rows="5" cols="40"><?php
echo wp_specialchars($project['description']);
?>
</textarea><br />
<span class="setting-description"><?php
_e('The description is displayed on each project page.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_logo"><?php
_e('Project Logo', 'prologue-projects');
?>
</label></th>
<td><input name="project_logo" id="project_logo" type="text" value="<?php
echo attribute_escape($project['logo']);
?>
" size="255" /><br />
<span class="setting-description"><?php
_e('The project\'s logo. Must be a full URL of an image. Maximum size of 64px x 64px is recommended.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_website"><?php
_e('Project Website', 'prologue-projects');
?>
</label></th>
<td><input name="project_website" id="project_website" type="text" value="<?php
echo attribute_escape($project['website']);
?>
" size="255" /><br />
<span class="setting-description"><?php
_e('The project\'s external website. Must be a full URL.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_blog"><?php
_e('Project Blog', 'prologue-projects');
?>
</label></th>
<td><input name="project_blog" id="project_blog" type="text" value="<?php
echo attribute_escape($project['blog']);
?>
" size="255" /><br />
<span class="setting-description"><?php
_e('The project\'s external blog. Must be a full URL.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_svn"><?php
_e('Project Subversion Repository', 'prologue-projects');
?>
</label></th>
<td><input name="project_svn" id="project_svn" type="text" value="<?php
echo attribute_escape($project['svn']);
?>
" size="255" /><br />
<span class="setting-description"><?php
_e('The location of the project\'s Subversion repository. This is only common in software projects.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_trac"><?php
_e('Project Trac Installation', 'prologue-projects');
?>
</label></th>
<td><input name="project_trac" id="project_trac" type="text" value="<?php
echo attribute_escape($project['trac']);
?>
" size="255" /><br />
<span class="setting-description"><?php
_e('The location of the project\'s Trac ticketing website. This is only common in software projects.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_intertrac"><?php
_e('Project InterTrac Code', 'prologue-projects');
?>
</label></th>
<td><input name="project_intertrac" id="project_intertrac" type="text" value="<?php
echo attribute_escape($project['intertrac']);
?>
" size="255" /><br />
<span class="setting-description"><?php
_e('This code allows users to distinguish between different Trac installations in the same update. This is only common in software projects.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_activity"><?php
_e('Project Activity Feeds', 'prologue-projects');
?>
</label></th>
<td><textarea name="project_activity" id="project_activity" rows="5" cols="40"><?php
echo wp_specialchars(join("\n", stripslashes_deep($project['activity'])));
?>
</textarea><br />
<span class="setting-description"><?php
_e('Specify a list of feeds you wish to aggregate into the projects "activity" sidebar. One feed per line. Activity reported by Trac is automatically included here.', 'prologue-projects');
?>
</span></td>
</tr>
<tr class="form-field">
<th scope="row" valign="top"><label for="project_overheard"><?php
_e('Project Overheard Feeds', 'prologue-projects');
?>
</label></th>
<td><textarea name="project_overheard" id="project_overheard" rows="5" cols="40"><?php
echo wp_specialchars(join("\n", stripslashes_deep($project['overheard'])));
?>
</textarea><br />
<span class="setting-description"><?php
_e('Specify a list of feeds you wish to aggregate into the projects "overheard" sidebar. One feed per line.', 'prologue-projects');
?>
</span></td>
</tr>
</table>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php
_e('Update Project', 'prologue-projects');
?>
" /></p>
</form>
</div><!-- /wrap -->
<?php
break;
case 'editedproject':
$project_ID = (int) $_POST['project_ID'];
check_admin_referer('update-project_' . $project_ID);
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?', 'prologue-projects'));
}
$location = 'admin.php?page=prologue-projects';
if ($referer = wp_get_original_referer()) {
if (false !== strpos($referer, 'admin.php')) {
$location = $referer;
}
}
if (pp_update_project($_POST)) {
$location = add_query_arg('message', 3, $location);
} else {
$location = add_query_arg('message', 5, $location);
}
wp_redirect($location);
exit;
break;
default:
if (isset($_GET['_wp_http_referer']) && !empty($_GET['_wp_http_referer'])) {
wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
exit;
}
require_once 'admin-header.php';
$messages[1] = __('Project added.', 'prologue-projects');
$messages[2] = __('Project deleted.', 'prologue-projects');
$messages[3] = __('Project updated.', 'prologue-projects');
$messages[4] = __('Project not added.', 'prologue-projects');
$messages[5] = __('Project not updated.', 'prologue-projects');
?>
<div class="wrap nosubsub">
<?php
screen_icon();
?>
<h2>
<?php
echo wp_specialchars($title);
if (isset($_GET['s']) && $_GET['s']) {
printf('<span class="subtitle">' . __('Search results for “%s”', 'prologue-projects') . '</span>', wp_specialchars(stripslashes($_GET['s'])));
}
?>
</h2>
<?php
if (isset($_GET['message']) && ($msg = (int) $_GET['message'])) {
?>
<div id="message" class="updated fade"><p><?php
echo $messages[$msg];
?>
</p></div>
<?php
$_SERVER['REQUEST_URI'] = remove_query_arg(array('message'), $_SERVER['REQUEST_URI']);
}
?>
<form class="search-form topmargin" action="" method="get">
<p class="search-box">
<label class="hidden" for="project-search-input"><?php
_e('Search Projects', 'prologue-projects');
?>
:</label>
<input type="text" class="search-input" id="project-search-input" name="s" value="<?php
_admin_search_query();
?>
" />
<input type="hidden" name="page" value="prologue-projects" />
<input type="submit" value="<?php
_e('Search Projects', 'prologue-projects');
?>
" class="button" />
</p>
</form><br class="clear" />
<div id="col-container">
<div id="col-right">
<div class="col-wrap">
<form id="posts-filter" action="" method="get">
<input type="hidden" name="page" value="prologue-projects" />
<div class="tablenav">
<?php
$pagenum = isset($_GET['pagenum']) ? absint($_GET['pagenum']) : 0;
if (empty($pagenum)) {
$pagenum = 1;
}
if (!isset($projectsperpage) || $projectsperpage < 0) {
$projectsperpage = 20;
}
$projectstotal = count(pp_get_projects());
$page_links = paginate_links(array('base' => add_query_arg('pagenum', '%#%'), 'format' => '', 'prev_text' => __('«', 'prologue-projects'), 'next_text' => __('»', 'prologue-projects'), 'total' => ceil($projectstotal / $projectsperpage), 'current' => $pagenum));
if ($page_links) {
?>
<div class="tablenav-pages"><?php
echo $page_links;
?>
</div>
<?php
}
?>
<div class="alignleft actions">
<select name="action">
<option value="" selected="selected"><?php
_e('Bulk Actions', 'prologue-projects');
?>
</option>
<option value="delete"><?php
_e('Delete', 'prologue-projects');
?>
</option>
</select>
<input type="submit" value="<?php
_e('Apply', 'prologue-projects');
?>
" name="doaction" id="doaction" class="button-secondary action" />
<?php
wp_nonce_field('bulk-projects');
?>
</div>
<br class="clear" />
</div>
<div class="clear"></div>
<table class="widefat fixed" cellspacing="0">
<thead>
<tr>
<?php
print_column_headers('projects');
?>
</tr>
</thead>
<tfoot>
<tr>
<?php
print_column_headers('projects', false);
?>
</tr>
</tfoot>
<tbody id="the-list" class="list:projects">
<?php
pp_project_rows($project_category_id, 0, 0, $pagenum, $projectsperpage);
?>
</tbody>
</table>
<div class="tablenav">
<?php
if ($page_links) {
?>
<div class="tablenav-pages"><?php
echo $page_links;
?>
</div>
<?php
}
?>
<div class="alignleft actions">
<select name="action2">
<option value="" selected="selected"><?php
_e('Bulk Actions', 'prologue-projects');
?>
</option>
<option value="delete"><?php
_e('Delete', 'prologue-projects');
?>
</option>
</select>
<input type="submit" value="<?php
_e('Apply', 'prologue-projects');
?>
" name="doaction2" id="doaction2" class="button-secondary action" />
<?php
wp_nonce_field('bulk-projects');
?>
</div>
<br class="clear" />
</div>
</form>
<div class="form-wrap">
<p><?php
_e('<strong>Note:</strong><br />Deleting a project does not delete the posts in that project.', 'prologue-projects');
?>
</p>
</div>
</div>
</div><!-- /col-right -->
<div id="col-left">
<div class="col-wrap">
<?php
if (current_user_can('manage_categories')) {
?>
<div class="form-wrap">
<h3><?php
_e('Add Project', 'prologue-projects');
?>
</h3>
<div id="ajax-response"></div>
<form name="addproject" id="addproject" method="post" action="admin.php?page=prologue-projects" class="add:the-list: validate">
<input type="hidden" name="action" value="addproject" />
<?php
wp_original_referer_field(true, 'previous');
?>
<?php
wp_nonce_field('add-project');
?>
<div class="form-field form-required">
<label for="project_name"><?php
_e('Project Name', 'prologue-projects');
?>
</label>
<input name="project_name" id="project_name" type="text" value="" size="40" aria-required="true" />
<p><?php
_e('The name is used to identify the project almost everywhere, for example under the post or in the project widgets.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_nicename"><?php
_e('Project Slug', 'prologue-projects');
?>
</label>
<input name="project_nicename" id="project_nicename" type="text" value="" size="40" />
<p><?php
_e('The “slug” is the URL-friendly version of the name. It is usually all lowercase and contains only letters, numbers, and hyphens.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_parent"><?php
_e('Project Parent', 'prologue-projects');
?>
</label>
<?php
wp_dropdown_categories(array('child_of' => $project_category_id, 'hide_empty' => 0, 'name' => 'project_parent', 'orderby' => 'name', 'selected' => 0, 'hierarchical' => true, 'show_option_none' => __('None', 'prologue-projects')));
?>
<p><?php
_e('Projects, can have a hierarchy. You might have an event project, and under that have sub-projects for catering and merchandise. Totally optional.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_description"><?php
_e('Description', 'prologue-projects');
?>
</label>
<textarea name="project_description" id="project_description" rows="5" cols="40"></textarea>
<p><?php
_e('The description is displayed on each project page.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_logo"><?php
_e('Project Logo', 'prologue-projects');
?>
</label>
<input name="project_logo" id="project_logo" type="text" value="" size="255" />
<p><?php
_e('The project\'s logo. Must be a full URL of an image. Maximum size of 64px x 64px is recommended.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_website"><?php
_e('Project Website', 'prologue-projects');
?>
</label>
<input name="project_website" id="project_website" type="text" value="" size="255" />
<p><?php
_e('The project\'s external website. Must be a full URL.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_blog"><?php
_e('Project Blog', 'prologue-projects');
?>
</label>
<input name="project_blog" id="project_blog" type="text" value="" size="255" />
<p><?php
_e('The project\'s external blog. Must be a full URL.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_svn"><?php
_e('Project Subversion Repository', 'prologue-projects');
?>
</label>
<input name="project_svn" id="project_svn" type="text" value="" size="255" />
<p><?php
_e('The location of the project\'s Subversion repository. This is only common in software projects.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_trac"><?php
_e('Project Trac Installation', 'prologue-projects');
?>
</label>
<input name="project_trac" id="project_trac" type="text" value="" size="255" />
<p><?php
_e('The location of the project\'s Trac ticketing website. This is only common in software projects.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_intertrac"><?php
_e('Project InterTrac Code', 'prologue-projects');
?>
</label>
<input name="project_intertrac" id="project_intertrac" type="text" value="" size="255" />
<p><?php
_e('This code allows users to distinguish between different Trac installations in the same update. This is only common in software projects.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_activity"><?php
_e('Project Activity Feeds', 'prologue-projects');
?>
</label>
<textarea name="project_activity" id="project_activity" rows="5" cols="40"></textarea>
<p><?php
_e('Specify a list of feeds you wish to aggregate into the projects "activity" sidebar. One feed per line. Activity reported by Trac is automatically included here.', 'prologue-projects');
?>
</p>
</div>
<div class="form-field">
<label for="project_overheard"><?php
_e('Project Overheard Feeds', 'prologue-projects');
?>
</label>
<textarea name="project_overheard" id="project_overheard" rows="5" cols="40"></textarea>
<p><?php
_e('Specify a list of feeds you wish to aggregate into the projects "overheard" sidebar. One feed per line.', 'prologue-projects');
?>
</p>
</div>
<p class="submit"><input type="submit" class="button" name="submit" value="<?php
_e('Add Project', 'prologue-projects');
?>
" /></p>
</form>
</div>
<?php
}
?>
</div>
</div><!-- /col-left -->
</div><!-- /col-container -->
</div><!-- /wrap -->
<script type="text/javascript">
/* <![CDATA[ */
(function($){
$(document).ready(function(){
$('#doaction, #doaction2').click(function(){
if ( $('select[name^="action"]').val() == 'delete' ) {
var m = '<?php
echo js_escape(__("You are about to delete the selected projects.\n 'Cancel' to stop, 'OK' to delete.", 'prologue-projects'));
?>
';
return showNotice.warn(m);
}
});
});
})(jQuery);
/* ]]> */
</script>
<?php
break;
}
}
function check_for_submitted()
{
if (!$_REQUEST['cwp_submitted_' . $this->get_page_id()]) {
return;
}
$action = $_REQUEST['action'];
$taxonomy = $_REQUEST['taxonomy'];
if (isset($_GET['action']) && isset($_GET['delete_tags']) && ('delete' == $_GET['action'] || 'delete' == $_GET['action2'])) {
$action = 'bulk-delete';
}
do_action('cwp_taxonomy_page_form_submitted_pre', array($this));
switch ($action) {
case 'addtag':
check_admin_referer('add-tag');
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?'));
}
$ret = wp_insert_term($_POST['name'], $taxonomy, $_POST);
if (!is_wp_error($ret)) {
do_action('cwp_taxonomy_page_form_submitted_term_added', $this, $ret['term_id'], $taxonomy);
}
if ($ret && !is_wp_error($ret)) {
wp_redirect(add_query_arg('message', 1));
} else {
wp_redirect(add_query_arg('message', 4));
}
exit;
break;
case 'delete':
$tag_ID = (int) $_GET['tag_ID'];
check_admin_referer('delete-tag_' . $tag_ID);
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?'));
}
wp_delete_term($tag_ID, $taxonomy);
$location = $this->get_page_url();
if ($referer = wp_get_referer()) {
if (false !== strpos($referer, 'edit-tags.php')) {
$location = $referer;
}
}
$location = add_query_arg('message', 2, $location);
wp_redirect($location);
exit;
break;
case 'bulk-delete':
check_admin_referer('bulk-tags');
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?'));
}
$tags = $_GET['delete_tags'];
foreach ((array) $tags as $tag_ID) {
wp_delete_term($tag_ID, $taxonomy);
}
$location = $this->get_page_url();
if ($referer = wp_get_referer()) {
if (false !== strpos($referer, 'edit-tags.php')) {
$location = $referer;
}
}
$location = add_query_arg('message', 6, $location);
wp_redirect($location);
exit;
break;
case 'editedtag':
$tag_ID = (int) $_REQUEST['tag_ID'];
check_admin_referer('update-tag_' . $tag_ID);
if (!current_user_can('manage_categories')) {
wp_die(__('Cheatin’ uh?'));
}
$ret = wp_update_term($tag_ID, $taxonomy, $_POST);
$location = $this->get_page_url();
if ($referer = wp_get_original_referer()) {
if (false !== strpos($referer, 'edit-tags.php')) {
$location = $referer;
}
}
if ($ret && !is_wp_error($ret)) {
do_action('cwp_taxonomy_page_form_submitted_term_updated', $this, $tag_ID, $taxonomy);
}
if ($ret && !is_wp_error($ret)) {
$location = add_query_arg('message', 3, $location);
} else {
$location = add_query_arg('message', 5, $location);
}
wp_redirect($location);
exit;
break;
default:
if (isset($_GET['_wp_http_referer']) && !empty($_GET['_wp_http_referer'])) {
wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
exit;
}
}
}
if ( in_array( $action, array( 'approvecomment', 'unapprovecomment' ) ) )
check_admin_referer( 'approve-comment_' . $comment_id );
else
check_admin_referer( 'delete-comment_' . $comment_id );
$noredir = isset($_REQUEST['noredir']);
if ( !$comment = get_comment($comment_id) )
comment_footer_die( __('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>.', 'edit-comments.php') );
if ( !current_user_can( 'edit_comment', $comment->comment_ID ) )
comment_footer_die( __('You are not allowed to edit comments on this post.') );
if ( '' != wp_get_referer() && ! $noredir && false === strpos(wp_get_referer(), 'comment.php') )
$redir = wp_get_referer();
elseif ( '' != wp_get_original_referer() && ! $noredir )
$redir = wp_get_original_referer();
elseif ( in_array( $action, array( 'approvecomment', 'unapprovecomment' ) ) )
$redir = admin_url('edit-comments.php?p=' . absint( $comment->comment_post_ID ) );
else
$redir = admin_url('edit-comments.php');
$redir = remove_query_arg( array('spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids', 'approved', 'unapproved'), $redir );
switch ( $action ) {
case 'deletecomment' :
wp_delete_comment( $comment_id );
$redir = add_query_arg( array('deleted' => '1'), $redir );
break;
case 'trashcomment' :
wp_trash_comment($comment_id);
$redir = add_query_arg( array('trashed' => '1', 'ids' => $comment_id), $redir );
/** Load WordPress Administration Bootstrap */
require_once './admin.php';
$parent_file = 'upload.php';
$submenu_file = 'upload.php';
wp_reset_vars(array('action'));
switch ($action) {
case 'editattachment':
$attachment_id = (int) $_POST['attachment_id'];
check_admin_referer('media-form');
if (!current_user_can('edit_post', $attachment_id)) {
wp_die(__('You are not allowed to edit this attachment.'));
}
$errors = media_upload_form_handler();
if (empty($errors)) {
$location = 'media.php';
if ($referer = wp_get_original_referer()) {
if (false !== strpos($referer, 'upload.php') || url_to_postid($referer) == $attachment_id) {
$location = $referer;
}
}
if (false !== strpos($location, 'upload.php')) {
$location = remove_query_arg('message', $location);
$location = add_query_arg('posted', $attachment_id, $location);
} elseif (false !== strpos($location, 'media.php')) {
$location = add_query_arg('message', 'updated', $location);
}
wp_redirect($location);
exit;
}
// no break
// no break
}
if (!current_user_can('edit_post', $comment->comment_post_ID)) {
comment_footer_die(__('You are not allowed to edit comments on this post.'));
}
if ($action == 'trashcomment') {
check_admin_referer('trash-comment_' . $comment_id);
wp_trash_comment($comment_id);
} else {
check_admin_referer('untrash-comment_' . $comment_id);
wp_untrash_comment($comment_id);
}
if ('' != wp_get_referer() && false == $noredir && false === strpos(wp_get_referer(), 'comment.php')) {
wp_redirect(wp_get_referer());
} else {
if ('' != wp_get_original_referer() && false == $noredir) {
wp_redirect(wp_get_original_referer());
} else {
wp_redirect(admin_url('edit-comments.php'));
}
}
die;
break;
case 'unapprovecomment':
$comment_id = absint($_GET['c']);
check_admin_referer('unapprove-comment_' . $comment_id);
if (isset($_GET['noredir'])) {
$noredir = true;
} else {
$noredir = false;
}
if (!($comment = get_comment($comment_id))) {
/**
* Retrieve or display original referer hidden field for forms.
*
* The input name is '_wp_original_http_referer' and will be either the same
* value of {@link wp_referer_field()}, if that was posted already or it will
* be the current page, if it doesn't exist.
*
* @package WordPress
* @subpackage Security
* @since 2.0.4
*
* @param bool $echo Whether to echo the original http referer
* @param string $jump_back_to Optional, default is 'current'. Can be 'previous' or page you want to jump back to.
* @return string Original referer field.
*/
function wp_original_referer_field($echo = true, $jump_back_to = 'current')
{
$jump_back_to = 'previous' == $jump_back_to ? wp_get_referer() : $_SERVER['REQUEST_URI'];
$ref = wp_get_original_referer() ? wp_get_original_referer() : $jump_back_to;
$orig_referer_field = '<input type="hidden" name="_wp_original_http_referer" value="' . attribute_escape(stripslashes($ref)) . '" />';
if ($echo) {
echo $orig_referer_field;
}
return $orig_referer_field;
}
function wpjam_get_referer()
{
$referer = wp_get_original_referer();
$referer = $referer ? $referer : wp_get_referer();
$removable_query_args = array_merge(wpjam_get_removable_query_args(), array('_wp_http_referer', 'id', 'action', 'action2', '_wpnonce'));
return remove_query_arg($removable_query_args, $referer);
}