check_status(ACCESS_ADMINISTRATOR); // +-----------------------------------------------------------------------+ // | actions | // +-----------------------------------------------------------------------+ if (!empty($_POST)) { if (empty($_POST['comments'])) { $page['errors'][] = l10n('Select at least one comment'); } else { include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comments', $_POST, true, PATTERN_ID); if (isset($_POST['validate'])) { validate_user_comment($_POST['comments']); $page['infos'][] = l10n_dec('%d user comment validated', '%d user comments validated', count($_POST['comments'])); } if (isset($_POST['reject'])) { delete_user_comment($_POST['comments']); $page['infos'][] = l10n_dec('%d user comment rejected', '%d user comments rejected', count($_POST['comments'])); } } } // +-----------------------------------------------------------------------+ // | template init | // +-----------------------------------------------------------------------+ $template->set_filenames(array('comments' => 'comments.tpl')); $template->assign(array('F_ACTION' => get_root_url() . 'admin.php?page=comments')); // +-----------------------------------------------------------------------+ // | Tabs | // +-----------------------------------------------------------------------+ include_once PHPWG_ROOT_PATH . 'admin/include/tabsheet.class.php'; $my_base_url = get_root_url() . 'admin.php?page='; $tabsheet = new tabsheet();
} if ($perform_redirect) { redirect($url_self); } unset($_POST['content']); } $edit_comment = $_GET['comment_to_edit']; } break; case 'delete_comment': check_pwg_token(); include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_delete', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_delete']); if (can_manage_comment('delete', $author_id)) { delete_user_comment($_GET['comment_to_delete']); } redirect($url_self); case 'validate_comment': check_pwg_token(); include_once PHPWG_ROOT_PATH . 'include/functions_comment.inc.php'; check_input_parameter('comment_to_validate', $_GET, false, PATTERN_ID); $author_id = get_comment_author_id($_GET['comment_to_validate']); if (can_manage_comment('validate', $author_id)) { validate_user_comment($_GET['comment_to_validate']); } redirect($url_self); } } //---------- incrementation of the number of hits $inc_hit_count = !isset($_POST['content']);
$actions = array('delete', 'validate', 'edit'); foreach ($actions as $loop_action) { if (isset($_GET[$loop_action])) { $action = $loop_action; check_input_parameter($action, $_GET, false, PATTERN_ID); $comment_id = $_GET[$action]; break; } } if (isset($action)) { $comment_author_id = get_comment_author_id($comment_id); if (can_manage_comment($action, $comment_author_id)) { $perform_redirect = false; if ('delete' == $action) { check_pwg_token(); delete_user_comment($comment_id); $perform_redirect = true; } if ('validate' == $action) { check_pwg_token(); validate_user_comment($comment_id); $perform_redirect = true; } if ('edit' == $action) { if (!empty($_POST['content'])) { check_pwg_token(); $comment_action = update_user_comment(array('comment_id' => $_GET['edit'], 'image_id' => $_POST['image_id'], 'content' => $_POST['content'], 'website_url' => @$_POST['website_url']), $_POST['key']); switch ($comment_action) { case 'moderate': $_SESSION['page_infos'][] = l10n('An administrator must authorize your comment before it is visible.'); case 'validate':