case 'editcomment': $title = __('Edit Comment'); $parent_file = 'edit.php'; require_once ('admin-header.php'); get_currentuserinfo(); $comment = (int) $_GET['comment']; if ( ! $comment = get_comment($comment) ) die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'javascript:history.go(-1)')); if ( !current_user_can('edit_post', $comment->comment_post_ID) ) die( __('You are not allowed to edit comments on this post.') ); $comment = get_comment_to_edit($comment); include('edit-form-comment.php'); break; case 'confirmdeletecomment': require_once('./admin-header.php'); $comment = (int) $_GET['comment']; $p = (int) $_GET['p']; if ( ! $comment = get_comment($comment) ) die(sprintf(__('Oops, no comment with this ID. <a href="%s">Go back</a>!'), 'edit.php'));
$comment = get_comment_to_edit( $comment_id ); include( ABSPATH . 'wp-admin/edit-form-comment.php' ); break; case 'delete' : case 'approve' : case 'trash' : case 'spam' : $title = __('Moderate Comment'); $comment_id = absint( $_GET['c'] ); if ( !$comment = get_comment_to_edit( $comment_id ) ) { wp_redirect( admin_url('edit-comments.php?error=1') ); die(); } if ( !current_user_can( 'edit_comment', $comment->comment_ID ) ) { wp_redirect( admin_url('edit-comments.php?error=2') ); die(); } // No need to re-approve/re-trash/re-spam a comment. if ( $action == str_replace( '1', 'approve', $comment->comment_approved ) ) { wp_redirect( admin_url( 'edit-comments.php?same=' . $comment_id ) ); die(); }
private function confirm($action) { global $comment; $comment_id = intval($_GET['c']); $formaction = $action . 'comment'; $nonce_action = 'approve' == $action ? 'approve-comment_' : 'delete-comment_'; $nonce_action .= $comment_id; if (!($comment = get_comment_to_edit($comment_id))) { $this->base->ks_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>', 'edit-comments.php'), '', false); } if (!current_user_can('edit_post', $comment->comment_post_ID)) { $this->base->ks_die('delete' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.')); } include dirname(__FILE__) . '/admin-header.php'; switch ($action) { case 'spam': $message = __('You are about to mark the following comment as spam:'); break; case 'trash': $message = __('You are about to move the following comment to the Trash:', 'ktai_style'); break; case 'delete': $message = __('You are about to delete the following comment:'); break; default: $message = __('You are about to approve the following comment:'); break; } echo '<p><img localsrc="1" alt="" /><font color="red">' . $message . '</font><br />' . __('Are you sure you want to do this?') . '</p>'; ?> <form action="edit-comments.php" method="get"> <?php $this->admin->sid_field(); ?> <div><input type="submit" value="<?php _e('No'); ?> " /></div></form> <form action="comment.php" method="get"> <?php $this->admin->sid_field(); wp_nonce_field($nonce_action); ?> <input type="hidden" name="action" value="<?php echo esc_attr($formaction); ?> " /> <input type="hidden" name="p" value="<?php echo intval($comment->comment_post_ID); ?> " /> <input type="hidden" name="c" value="<?php echo intval($comment->comment_ID); ?> " /> <input type="hidden" name="noredir" value="1" /> <div><input type="submit" value="<?php _e('Yes'); ?> " /></div> </form> <dl><dt><img localsrc="<?php comment_type(68, 112, 112); ?> " alt="[<?php comment_type(__('Comment', 'ktai_style'), __('Trackback'), __('Pingback')); ?> ] " /><?php comment_author(); ?> <img localsrc="46" alt=" @ " /><font color="<?php echo ks_option('ks_date_color'); ?> "><?php ks_comment_datetime(); ?> </font></dt><dd><?php if ($comment->comment_author_email) { ?> <img localsrc="108" alt="" /><font color="olive"><?php comment_author_email(); ?> </font><br /><?php } if ($comment->comment_author_url && 'http://' != $comment->comment_author_url) { ?> <img localsrc="112" alt="" /><font color="olive"><?php comment_author_url(); ?> </font><br /><?php } comment_excerpt(); ?> </dd></dl><?php include dirname(__FILE__) . '/admin-footer.php'; }
function get_comment($comment_id, $context) { global $blog_id; $comment = get_comment($comment_id); if (!$comment || is_wp_error($comment)) { return new WP_Error('unknown_comment', 'Unknown comment', 404); } $types = array('', 'comment', 'pingback', 'trackback'); if (!in_array($comment->comment_type, $types)) { return new WP_Error('unknown_comment', 'Unknown comment', 404); } $post = get_post($comment->comment_post_ID); if (!$post || is_wp_error($post)) { return new WP_Error('unknown_post', 'Unknown post', 404); } $status = wp_get_comment_status($comment->comment_ID); // Permissions switch ($context) { case 'edit': if (!current_user_can('edit_comment', $comment->comment_ID)) { return new WP_Error('unauthorized', 'User cannot edit comment', 403); } $GLOBALS['post'] = $post; $comment = get_comment_to_edit($comment->comment_ID); foreach (array('comment_author', 'comment_author_email', 'comment_author_url') as $field) { $comment->{$field} = htmlspecialchars_decode($comment->{$field}, ENT_QUOTES); } break; case 'display': if ('approved' !== $status) { $current_user_id = get_current_user_id(); $user_can_read_coment = false; if ($current_user_id && $comment->user_id && $current_user_id == $comment->user_id) { $user_can_read_coment = true; } elseif ($comment->comment_author_email && $comment->comment_author && isset($this->api->token_details['user']) && isset($this->api->token_details['user']['user_email']) && $this->api->token_details['user']['user_email'] === $comment->comment_author_email && $this->api->token_details['user']['display_name'] === $comment->comment_author) { $user_can_read_coment = true; } else { $user_can_read_coment = current_user_can('edit_comment', $comment->comment_ID); } if (!$user_can_read_coment) { return new WP_Error('unauthorized', 'User cannot read unapproved comment', 403); } } $GLOBALS['post'] = $post; setup_postdata($post); break; default: return new WP_Error('invalid_context', 'Invalid API CONTEXT', 400); } $can_view = $this->user_can_view_post($post->ID); if (!$can_view || is_wp_error($can_view)) { return $can_view; } $GLOBALS['comment'] = $comment; $response = array(); foreach (array_keys($this->comment_object_format) as $key) { switch ($key) { case 'ID': // explicitly cast all output $response[$key] = (int) $comment->comment_ID; break; case 'post': $response[$key] = (object) array('ID' => (int) $post->ID, 'title' => (string) get_the_title($post->ID), 'type' => (string) $post->post_type, 'link' => (string) $this->links->get_post_link($this->api->get_blog_id_for_output(), $post->ID)); break; case 'author': $response[$key] = (object) $this->get_author($comment, 'edit' === $context && current_user_can('edit_comment', $comment->comment_ID)); break; case 'date': $response[$key] = (string) $this->format_date($comment->comment_date_gmt, $comment->comment_date); break; case 'URL': $response[$key] = (string) esc_url_raw(get_comment_link($comment->comment_ID)); break; case 'short_URL': // @todo - pagination $response[$key] = (string) esc_url_raw(wp_get_shortlink($post->ID) . "%23comment-{$comment->comment_ID}"); break; case 'content': if ('display' === $context) { ob_start(); comment_text(); $response[$key] = (string) ob_get_clean(); } else { $response[$key] = (string) $comment->comment_content; } break; case 'status': $response[$key] = (string) $status; break; case 'parent': // (object|false) if ($comment->comment_parent) { $parent = get_comment($comment->comment_parent); $response[$key] = (object) array('ID' => (int) $parent->comment_ID, 'type' => (string) ($parent->comment_type ? $parent->comment_type : 'comment'), 'link' => (string) $this->links->get_comment_link($blog_id, $parent->comment_ID)); } else { $response[$key] = false; } break; case 'type': $response[$key] = (string) ($comment->comment_type ? $comment->comment_type : 'comment'); break; case 'like_count': if (defined('IS_WPCOM') && IS_WPCOM) { $response[$key] = (int) $this->api->comment_like_count($blog_id, $post->ID, $comment->comment_ID); } break; case 'i_like': if (defined('IS_WPCOM') && IS_WPCOM) { $response[$key] = (bool) Likes::comment_like_current_user_likes($blog_id, $comment->comment_ID); } break; case 'meta': $response[$key] = (object) array('links' => (object) array('self' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID), 'help' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID, 'help'), 'site' => (string) $this->links->get_site_link($this->api->get_blog_id_for_output()), 'post' => (string) $this->links->get_post_link($this->api->get_blog_id_for_output(), $comment->comment_post_ID), 'replies' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID, 'replies/'), 'likes' => (string) $this->links->get_comment_link($this->api->get_blog_id_for_output(), $comment->comment_ID, 'likes/'))); break; } } unset($GLOBALS['comment'], $GLOBALS['post']); return $response; }
wp_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>!', 'javascript:history.go(-1)')); } if (!current_user_can('edit_post', $comment->comment_post_ID)) { wp_die(__('You are not allowed to edit comments on this post.')); } $comment = get_comment_to_edit($comment); include 'edit-form-comment.php'; break; case 'cdc': case 'mac': require_once './admin-header.php'; $comment = (int) $_GET['c']; $formaction = 'cdc' == $action ? 'deletecomment' : 'approvecomment'; $nonce_action = 'cdc' == $action ? 'delete-comment_' : 'approve-comment_'; $nonce_action .= $comment; if (!($comment = get_comment_to_edit($comment))) { wp_die(__('Oops, no comment with this ID.') . sprintf(' <a href="%s">' . __('Go back') . '</a>!', 'edit.php')); } if (!current_user_can('edit_post', $comment->comment_post_ID)) { wp_die('cdc' == $action ? __('You are not allowed to delete comments on this post.') : __('You are not allowed to edit comments on this post, so you cannot approve this comment.')); } ?> <div class='wrap'> <div class="narrow"> <?php if ('spam' == $_GET['dt']) { ?> <p><?php echo '<strong>' . __('Caution:') . '</strong> ' . __('You are about to mark the following comment as spam:'); ?>