/** * Handles AJAX from /admin/tags * Used to delete and rename tags */ public function ajax_tags($handler_vars) { Utils::check_request_method(array('POST')); $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $tag_names = array(); $theme_dir = Plugins::filter('admin_theme_dir', Site::get_dir('admin_theme', true)); $this->theme = Themes::create('admin', 'RawPHPEngine', $theme_dir); $action = $this->handler_vars['action']; switch ($action) { case 'delete': foreach ($_POST as $id => $delete) { // skip POST elements which are not tag ids if (preg_match('/^tag_\\d+/', $id) && $delete) { $id = substr($id, 4); $tag = Tags::get_by_id($id); $tag_names[] = $tag->term_display; Tags::vocabulary()->delete_term($tag); } } $msg_status = _n(_t('Tag %s has been deleted.', array(implode('', $tag_names))), _t('%d tags have been deleted.', array(count($tag_names))), count($tag_names)); Session::notice($msg_status); break; case 'rename': if (!isset($this->handler_vars['master'])) { Session::error(_t('Error: New name not specified.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $master = $this->handler_vars['master']; $tag_names = array(); foreach ($_POST as $id => $rename) { // skip POST elements which are not tag ids if (preg_match('/^tag_\\d+/', $id) && $rename) { $id = substr($id, 4); $tag = Tags::get_by_id($id); $tag_names[] = $tag->term_display; } } Tags::vocabulary()->merge($master, $tag_names); $msg_status = sprintf(_n('Tag %1$s has been renamed to %2$s.', 'Tags %1$s have been renamed to %2$s.', count($tag_names)), implode($tag_names, ', '), $master); Session::notice($msg_status); break; } $this->theme->tags = Tags::vocabulary()->get_tree(); $this->theme->max = Tags::vocabulary()->max_count(); echo json_encode(array('msg' => Session::messages_get(true, 'array'), 'tags' => $this->theme->fetch('tag_collection'))); }
/** * Handles AJAX from /admin/tags * Used to delete and rename tags */ public function ajax_tags($handler_vars) { Utils::check_request_method(array('POST')); $response = new AjaxResponse(); $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { $response->message = _t('WSSE authentication failed.'); $response->out(); return; } $tag_names = array(); $this->create_theme(); $action = $this->handler_vars['action']; switch ($action) { case 'delete': foreach ($_POST as $id => $delete) { // skip POST elements which are not tag ids if (preg_match('/^tag_\\d+/', $id) && $delete) { $id = substr($id, 4); $tag = Tags::get_by_id($id); $tag_names[] = $tag->term_display; Tags::vocabulary()->delete_term($tag); } } $response->message = _n(_t('Tag %s has been deleted.', array(implode('', $tag_names))), _t('%d tags have been deleted.', array(count($tag_names))), count($tag_names)); break; case 'rename': if (!isset($this->handler_vars['master'])) { $response->message = _t('Error: New name not specified.'); $response->out(); return; } $master = $this->handler_vars['master']; $tag_names = array(); foreach ($_POST as $id => $rename) { // skip POST elements which are not tag ids if (preg_match('/^tag_\\d+/', $id) && $rename) { $id = substr($id, 4); $tag = Tags::get_by_id($id); $tag_names[] = $tag->term_display; } } Tags::vocabulary()->merge($master, $tag_names); $response->message = sprintf(_n('Tag %1$s has been renamed to %2$s.', 'Tags %1$s have been renamed to %2$s.', count($tag_names)), implode($tag_names, ', '), $master); break; } $this->theme->tags = Tags::vocabulary()->get_tree('term_display ASC'); $this->theme->max = Tags::vocabulary()->max_count(); $response->data = $this->theme->fetch('tag_collection'); $response->out(); }
/** * Handle GET requests for /admin/tags to display the tags. */ public function get_tags() { $this->theme->wsse = Utils::WSSE(); $this->theme->tags = Tags::vocabulary()->get_tree('term_display asc'); $this->theme->max = Tags::vocabulary()->max_count(); $this->theme->min = Tags::vocabulary()->min_count(); $form = new FormUI('tags'); $form->append(FormControlFacet::create('search')->set_property('data-facet-config', array('onsearch' => 'deselect_all(); $("#tag_collection").manager("update", self.data("visualsearch").searchQuery.facets());', 'facetsURL' => URL::get('admin_ajax_facets', array('context' => 'facets', 'page' => 'tags', 'component' => 'facets')), 'valuesURL' => URL::get('admin_ajax_facets', array('context' => 'facets', 'page' => 'tags', 'component' => 'values'))))); $aggregate = FormControlAggregate::create('selected_items')->set_selector("#tag_collection input")->label('0 Selected'); $aggr_wrap = FormControlWrapper::create('tag_controls_aggregate')->add_class('aggregate_wrapper'); $aggr_wrap->append($aggregate); $delete = FormControlDropbutton::create('delete_dropbutton'); $delete->append(FormControlButton::create('action')->set_caption(_t('Delete selected'))->set_properties(array('title' => _t('Delete selected'), 'value' => 'delete'))); $rename_text = FormControlText::create('rename_text'); $rename = FormControlDropbutton::create('rename_dropbutton'); $rename->append(FormControlButton::create('action')->set_caption(_t('Rename selected'))->set_properties(array('title' => _t('Rename selected'), 'value' => 'rename'))); $tag_controls = $form->append(FormControlWrapper::create('tag_controls'))->add_class("container tag_controls"); $tag_controls->append($aggr_wrap); $tag_controls->append($rename_text); $tag_controls->append($rename); $tag_controls->append($delete); $tag_controls->append(FormControlWrapper::create('selected_tags')->set_setting('wrap_element', 'ul')->set_property('id', 'selected_tags')); if (count($this->theme->tags) > 0) { $tag_collection = $form->append(FormControlWrapper::create('tag_collection')->add_class('container items')->set_setting('wrap_element', 'ul')->set_property('id', 'tag_collection')); $listitems = $this->get_tag_listitems(); foreach ($listitems as $item) { $tag_collection->append($item); } } else { $tag_collection = $form->append(FormControlStatic::create('<p>' . _t('No tags could be found to match the query criteria.') . '</p>')); } $form->on_success(array($this, 'process_tags')); $this->theme->form = $form; Stack::add('admin_header_javascript', 'visualsearch'); Stack::add('admin_header_javascript', 'manage-js'); Stack::add('admin_stylesheet', 'visualsearch-css'); Stack::add('admin_stylesheet', 'visualsearch-datauri-css'); $this->display('tags'); }
/** * Handles AJAX from /comments. * Used to edit comments inline. */ public function action_auth_ajax_in_edit(ActionHandler $handler) { Utils::check_request_method(array('POST')); $handler_vars = $handler->handler_vars; $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } $comment = Comment::get($handler_vars['id']); if (!ACL::access_check($comment->get_access(), 'edit')) { Session::error(_t('You do not have permission to edit this comment.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } if (isset($handler_vars['author']) && $handler_vars['author'] != '') { $comment->name = $handler_vars['author']; } if (isset($handler_vars['url'])) { $comment->url = $handler_vars['url']; } if (isset($handler_vars['email']) && $handler_vars['email'] != '') { $comment->email = $handler_vars['email']; } if (isset($handler_vars['content']) && $handler_vars['content'] != '') { $comment->content = $handler_vars['content']; } if (isset($handler_vars['time']) && $handler_vars['time'] != '' && isset($handler_vars['date']) && $handler_vars['date'] != '') { $seconds = date('s', strtotime($comment->date)); $date = date('Y-m-d H:i:s', strtotime($handler_vars['date'] . ' ' . $handler_vars['time'] . ':' . $seconds)); $comment->date = $date; } $comment->update(); Session::notice(_t('Updated 1 comment.')); echo Session::messages_get(true, array('Format', 'json_messages')); }
public function action_init() { $user = User::identify(); if ($user->loggedin && $user->can('super_user')) { Stack::add('template_header_javascript', Site::get_url('scripts') . '/jquery.js', 'jquery'); Stack::add('template_stylesheet', array($this->get_url(true) . 'hconsole.css', 'screen')); Stack::add('admin_stylesheet', array($this->get_url(true) . 'hconsole.css', 'screen')); if ($_POST->raw('hconsole_code')) { $wsse = Utils::WSSE($_POST['nonce'], $_POST['timestamp']); if ($_POST['PasswordDigest'] == $wsse['digest']) { if (isset($_POST['sql']) && $_POST['sql'] == 'RUN SQL') { $this->sql = rawurldecode($_POST->raw('hconsole_code')); return; } if (isset($_POST['htmlspecial']) && $_POST['htmlspecial'] == 'true') { $this->htmlspecial = true; } $this->code = $this->parse_code(rawurldecode($_POST->raw('hconsole_code'))); foreach ($this->code['hooks'] as $i => $hook) { $functions = $this->get_functions($hook['code']); if (empty($functions)) { trigger_error("Parse Error in {$i}. No function to register.", E_USER_WARNING); } else { eval($hook['code']); foreach ($functions as $function) { if ($i == 'action_init') { call_user_func($function); } else { Plugins::register($function, $hook['type'], $hook['hook']); } } } } } } } }
/** * Handles AJAX requests to update comments, comment moderation */ public function ajax_update_comment( $handler_vars ) { Utils::check_request_method( array( 'POST' ) ); // check WSSE authentication $wsse = Utils::WSSE( $handler_vars['nonce'], $handler_vars['timestamp'] ); if ( $handler_vars['digest'] != $wsse['digest'] ) { Session::error( _t( 'WSSE authentication failed.' ) ); echo Session::messages_get( true, array( 'Format', 'json_messages' ) ); return; } $ids = array(); foreach ( $_POST as $id => $update ) { // skip POST elements which are not comment ids if ( preg_match( '/^p\d+$/', $id ) && $update ) { $ids[] = (int) substr( $id, 1 ); } } if ( ( ! isset( $ids ) || empty( $ids ) ) && $handler_vars['action'] == 'delete' ) { Session::notice( _t( 'No comments selected.' ) ); echo Session::messages_get( true, array( 'Format', 'json_messages' ) ); return; } $comments = Comments::get( array( 'id' => $ids, 'nolimit' => true ) ); Plugins::act( 'admin_moderate_comments', $handler_vars['action'], $comments, $this ); $status_msg = _t( 'Unknown action "%s"', array( $handler_vars['action'] ) ); switch ( $handler_vars['action'] ) { case 'delete_spam': Comments::delete_by_status( Comment::STATUS_SPAM ); $status_msg = _t( 'Deleted all spam comments' ); break; case 'delete_unapproved': Comments::delete_by_status( Comment::STATUS_UNAPPROVED ); $status_msg = _t( 'Deleted all unapproved comments' ); break; case 'delete': // Comments marked for deletion Comments::delete_these( $comments ); $status_msg = sprintf( _n( 'Deleted %d comment', 'Deleted %d comments', count( $ids ) ), count( $ids ) ); break; case 'spam': // Comments marked as spam Comments::moderate_these( $comments, Comment::STATUS_SPAM ); $status_msg = sprintf( _n( 'Marked %d comment as spam', 'Marked %d comments as spam', count( $ids ) ), count( $ids ) ); break; case 'approve': case 'approved': // Comments marked for approval Comments::moderate_these( $comments, Comment::STATUS_APPROVED ); $status_msg = sprintf( _n( 'Approved %d comment', 'Approved %d comments', count( $ids ) ), count( $ids ) ); break; case 'unapprove': case 'unapproved': // Comments marked for unapproval Comments::moderate_these( $comments, Comment::STATUS_UNAPPROVED ); $status_msg = sprintf( _n( 'Unapproved %d comment', 'Unapproved %d comments', count( $ids ) ), count( $ids ) ); break; default: // Specific plugin-supplied action $status_msg = Plugins::filter( 'admin_comments_action', $status_msg, $handler_vars['action'], $comments ); break; } Session::notice( $status_msg ); echo Session::messages_get( true, array( 'Format', 'json_messages' ) ); }
/** * Handles AJAX from /logs. * Used to delete logs. */ public function ajax_delete_logs($handler_vars) { Utils::check_request_method(array('POST')); $count = 0; $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } foreach ($_POST as $id => $delete) { // skip POST elements which are not log ids if (preg_match('/^p\\d+$/', $id) && $delete) { $id = (int) substr($id, 1); $ids[] = array('id' => $id); } } if ((!isset($ids) || empty($ids)) && $handler_vars['action'] != 'purge') { Session::notice(_t('No logs selected.')); echo Session::messages_get(true, array('Format', 'json_messages')); return; } switch ($handler_vars['action']) { case 'delete': $to_delete = EventLog::get(array('date' => 'any', 'where' => $ids, 'nolimit' => 1)); foreach ($to_delete as $log) { $log->delete(); $count++; } Session::notice(_t('Deleted %d logs.', array($count))); break; case 'purge': $result = EventLog::purge(); Session::notice(_t('Logs purged.')); break; } echo Session::messages_get(true, array('Format', 'json_messages')); }
/** * Handles POST requests from the Users listing (ie: creating a new user) */ public function post_users() { $wsse = Utils::WSSE($this->handler_vars['nonce'], $this->handler_vars['timestamp']); if ($this->handler_vars['password_digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); return Session::messages_get(true, 'array'); } $this->fetch_users(); $extract = $this->handler_vars->filter_keys('newuser', 'delete', 'new_pass1', 'new_pass2', 'new_email', 'new_username'); foreach ($extract as $key => $value) { ${$key} = $value; } if (isset($newuser)) { $action = 'newuser'; } elseif (isset($delete)) { $action = 'delete'; } $error = ''; if (isset($action) && 'newuser' == $action) { if (!isset($new_pass1) || !isset($new_pass2) || empty($new_pass1) || empty($new_pass2)) { Session::error(_t('Password is required.'), 'adduser'); } else { if ($new_pass1 !== $new_pass2) { Session::error(_t('Password mis-match.'), 'adduser'); } } if (!isset($new_email) || empty($new_email) || !strstr($new_email, '@')) { Session::error(_t('Please supply a valid email address.'), 'adduser'); } if (!isset($new_username) || empty($new_username)) { Session::error(_t('Please supply a user name.'), 'adduser'); } // safety check to make sure no such username exists $user = User::get_by_name($new_username); if (isset($user->id)) { Session::error(_t('That username is already assigned.'), 'adduser'); } if (!Session::has_errors('adduser')) { $user = new User(array('username' => $new_username, 'email' => $new_email, 'password' => Utils::crypt($new_pass1))); if ($user->insert()) { Session::notice(_t("Added user '%s'", array($new_username))); } else { $dberror = DB::get_last_error(); Session::error($dberror[2], 'adduser'); } } else { $settings = array(); if (isset($new_username)) { $settings['new_username'] = $new_username; } if (isset($new_email)) { $settings['new_email'] = $new_email; } $this->theme->assign('settings', $settings); } } else { if (isset($action) && 'delete' == $action) { $this->update_users($this->handler_vars); } } $this->theme->display('users'); }
/** * * Callback for Format::term_tree to use with $config['linkcallback'] * * @param Term $term * @param array $config * @return array $config modified with the new wrapper div */ public function tree_item_callback(Term $term, $config) { // coming into this, default $config['wrapper'] is "<div>%s</div>" // make the links $edit_link = URL::get('admin', array('page' => 'menu_iframe', 'action' => $term->info->type, 'term' => $term->id, 'menu' => $term->info->menu)); $delete_link = URL::get('admin', Utils::WSSE(array('page' => 'menus', 'action' => 'delete_term', 'term' => $term->id, 'menu' => $term->info->menu))); $delete_link = str_replace('%', '%%', $delete_link); // This is so it doesn't break the sprintf in Format::term_tree() // insert them into the wrapper $edit_title = _t('Edit this'); $edit_label = _t('edit'); $delete_title = _t('Delete this'); $delete_label = _t('delete'); $links = <<<LINKS <ul class="dropbutton"> \t<li><a title="{$edit_title}" class="modal_popup_form" href="{$edit_link}">{$edit_label}</a></li> \t<li><a title="{$delete_title}" href="{$delete_link}">{$delete_label}</a></li> </ul> LINKS; // Put the dropbutton links for each item at the end of the item's div $config['wrapper'] = "<div>%s {$links}</div>"; return $config; }
private function fetch_logs() { // load all the values for our filter drop-downs $dates = $this->fetch_log_dates(); $users = $this->fetch_log_users(); $ips = $this->fetch_log_ips(); extract($this->fetch_log_modules_types()); // $modules and $types $severities = LogEntry::list_severities(); // parse out the arguments we'll fetch logs for // the initial arguments $arguments = array('limit' => Controller::get_var('limit', 20), 'offset' => Controller::get_var('offset', 0)); // filter for the search field $search = Controller::get_var('search', ''); if ($search != '') { $arguments['criteria'] = $search; } // filter by date $date = Controller::get_var('date', 'any'); if ($date != 'any') { $d = DateTime::create($date); // ! means fill any non-specified pieces with default Unix Epoch ones $arguments['year'] = $d->format('Y'); $arguments['month'] = $d->format('m'); } // filter by user $user = Controller::get_var('user', 'any'); if ($user != 'any') { $arguments['user_id'] = $user; } // filter by ip $ip = Controller::get_var('address', 'any'); if ($ip != 'any') { $arguments['ip'] = $ip; } // filter modules and types // @todo get events of a specific type in a specific module, instead of either of the two // the interface doesn't currently make any link between module and type, so we won't worry about it for now $module = Controller::get_var('module', 'any'); $type = Controller::get_var('type', 'any'); if ($module != 'any') { // we get a slugified key back, get the actual module name $arguments['module'] = $modules[$module]; } if ($type != 'any') { // we get a slugified key back, get the actual type name $arguments['type'] = $types[$type]; } // filter by severity $severity = Controller::get_var('severity', 0); if ($severity != 0) { $arguments['severity'] = $severity; } // get the logs! $logs = EventLog::get($arguments); // last, but not least, generate the list of years used for the timeline $months = EventLog::get(array_merge($arguments, array('month_cts' => true))); $years = array(); foreach ($months as $m) { $years[$m->year][] = $m; } // assign all our theme values in one spot // first the filter options $this->theme->dates = $dates; $this->theme->users = $users; $this->theme->addresses = $ips; $this->theme->modules = $modules; $this->theme->types = $types; $this->theme->severities = $severities; // next the filter criteria we used $this->theme->search_args = $search; $this->theme->date = $date; $this->theme->user = $user; $this->theme->address = $ip; $this->theme->module = $module; $this->theme->type = $type; $this->theme->severity = $severity; $this->theme->logs = $logs; $this->theme->years = $years; $form = new FormUI('logs_batch', 'logs_batch'); $form->append(FormControlAggregate::create('entries')->set_selector('.log_entry')->set_value(array())->label('None Selected')); $form->append($actions = FormControlDropbutton::create('actions')); $actions->append(FormControlSubmit::create('delete_selected')->on_success(function (FormUI $form) { $ids = $form->entries->value; $count = 0; /** @var LogEntry $log */ foreach ($ids as $id) { $logs = EventLog::get(array('id' => $id)); foreach ($logs as $log) { $log->delete(); $count++; } } Session::notice(_t('Deleted %d logs.', array($count))); $form->bounce(false); })->set_caption(_t('Delete Selected'))); $actions->append(FormControlSubmit::create('purge_logs')->on_success(function (FormUI $form) { if (EventLog::purge()) { Session::notice(_t('Logs purged.')); } else { Session::notice(_t('There was a problem purging the event logs.')); } $form->bounce(false); })->set_caption(_t('Purge Logs'))); $this->theme->form = $form; $this->theme->wsse = Utils::WSSE(); // prepare a WSSE token for any ajax calls }
/** * Assign values needed to display the users listing * */ private function fetch_users($params = null) { // prepare the WSSE tokens $this->theme->wsse = Utils::WSSE(); // Get author list $author_list = Users::get_all(); $authors[0] = _t('nobody'); foreach ($author_list as $author) { $authors[$author->id] = $author->displayname; } $this->theme->authors = $authors; }
/** * Add or delete groups. */ public function update_groups($handler_vars, $ajax = true) { $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if (isset($handler_vars['digest']) && $handler_vars['digest'] != $wsse['digest'] || isset($handler_vars['password_digest']) && $handler_vars['password_digest'] != $wsse['digest']) { Session::error(_t('WSSE authentication failed.')); return Session::messages_get(true, 'array'); } if (isset($handler_vars['password_digest']) || isset($handler_vars['digest'])) { if (isset($handler_vars['action']) && $handler_vars['action'] == 'add' || isset($handler_vars['newgroup'])) { if (isset($handler_vars['newgroup'])) { $name = trim($handler_vars['new_groupname']); } else { $name = trim($handler_vars['name']); } $settings = array('name' => $name); $this->theme->addform = $settings; if (UserGroup::exists($name)) { Session::notice(sprintf(_t('The group %s already exists'), $name)); if ($ajax) { return Session::messages_get(true, 'array'); } else { return; } } elseif (empty($name)) { Session::notice(_t('The group must have a name')); if ($ajax) { return Session::message_get(true, 'array'); } else { return; } } else { $groupdata = array('name' => $name); $group = UserGroup::create($groupdata); Session::notice(sprintf(_t('Added group %s'), $name)); // reload the groups $this->theme->groups = UserGroups::get_all(); $this->theme->addform = array(); } if ($ajax) { return Session::messages_get(true, 'array'); } else { if (!$ajax) { Utils::redirect(URL::get('admin', 'page=groups')); } } } if (isset($handler_vars['action']) && $handler_vars['action'] == 'delete' && $ajax == true) { $ids = array(); foreach ($_POST as $id => $delete) { // skip POST elements which are not group ids if (preg_match('/^p\\d+$/', $id) && $delete) { $id = (int) substr($id, 1); $ids[] = array('id' => $id); } } $count = 0; if (!isset($ids)) { Session::notice(_t('No groups deleted.')); return Session::messages_get(true, 'array'); } foreach ($ids as $id) { $id = $id['id']; $group = UserGroup::get_by_id($id); $group->delete(); $count++; } if (!isset($msg_status)) { $msg_status = sprintf(_t('Deleted %d groups.'), $count); } Session::notice($msg_status); return Session::messages_get(true, 'array'); } } }
/** * Handles AJAX from /manage/posts. * Used to delete posts. */ public function ajax_update_posts($handler_vars) { Utils::check_request_method(array('POST')); $response = new AjaxResponse(); $wsse = Utils::WSSE($handler_vars['nonce'], $handler_vars['timestamp']); if ($handler_vars['digest'] != $wsse['digest']) { $response->message = _t('WSSE authentication failed.'); $response->out(); return; } $ids = array(); foreach ($_POST as $id => $delete) { // skip POST elements which are not post ids if (preg_match('/^p\\d+$/', $id) && $delete) { $ids[] = (int) substr($id, 1); } } if (count($ids) == 0) { $posts = new Posts(); } else { $posts = Posts::get(array('id' => $ids, 'nolimit' => true)); } Plugins::act('admin_update_posts', $handler_vars['action'], $posts, $this); $status_msg = _t('Unknown action "%s"', array($handler_vars['action'])); switch ($handler_vars['action']) { case 'delete': $deleted = 0; foreach ($posts as $post) { if (ACL::access_check($post->get_access(), 'delete')) { $post->delete(); $deleted++; } } if ($deleted != count($posts)) { $response->message = _t('You did not have permission to delete some posts.'); } else { $response->message = sprintf(_n('Deleted %d post', 'Deleted %d posts', count($ids)), count($ids)); } break; default: // Specific plugin-supplied action Plugins::act('admin_posts_action', $response, $handler_vars['action'], $posts); break; } $response->out(); exit; }
/** * Simulate posting data to this form * @param array $data An associative array of data to simultae adding to the $_POST array * @param bool $do_wsse_and_id Default is false. If true, add this form's id and correct WSSE values to the $_POST array */ public function simulate($data, $do_wsse_and_id = false) { if ($do_wsse_and_id) { $_POST['_form_id'] = $this->control_id(); foreach (Utils::WSSE() as $key => $value) { $_POST[$key] = $value; } } /** @var FormControl $control */ foreach ($this->controls as $control) { if ($value = $control->value) { $_POST[$control->input_name()] = $value; } } foreach ($data as $key => $value) { $_POST[$key] = $value; } }
/** * Handles AJAX requests to update comments, comment moderation */ public function ajax_update_comment($handler_vars) { Utils::check_request_method(array('POST')); $ar = new AjaxResponse(); // check WSSE authentication $wsse = Utils::WSSE($_POST['nonce'], $_POST['timestamp']); if ($_POST['digest'] != $wsse['digest']) { $ar->message = _t('WSSE authentication failed.'); $ar->out(); return; } $ids = $_POST['selected']; if ((!isset($ids) || empty($ids)) && $_POST['action'] == 'delete') { $ar->message = _t('No comments selected.'); $ar->out(); return; } $comments = Comments::get(array('id' => $ids, 'nolimit' => true)); Plugins::act('admin_moderate_comments', $_POST['action'], $comments, $this); $status_msg = _t('Unknown action "%s"', array($handler_vars['action'])); switch ($_POST['action']) { case 'delete_spam': Comments::delete_by_status('spam'); $status_msg = _t('Deleted all spam comments'); break; case 'delete_unapproved': Comments::delete_by_status('unapproved'); $status_msg = _t('Deleted all unapproved comments'); break; case 'delete': // Comments marked for deletion Comments::delete_these($comments); $status_msg = sprintf(_n('Deleted %d comment', 'Deleted %d comments', count($ids)), count($ids)); break; case 'spam': // Comments marked as spam Comments::moderate_these($comments, 'spam'); $status_msg = sprintf(_n('Marked %d comment as spam', 'Marked %d comments as spam', count($ids)), count($ids)); break; case 'approve': case 'approved': // Comments marked for approval Comments::moderate_these($comments, 'approved'); $status_msg = sprintf(_n('Approved %d comment', 'Approved %d comments', count($ids)), count($ids)); break; case 'unapprove': case 'unapproved': // Comments marked for unapproval Comments::moderate_these($comments, 'unapproved'); $status_msg = sprintf(_n('Unapproved %d comment', 'Unapproved %d comments', count($ids)), count($ids)); break; default: // Specific plugin-supplied action $status_msg = Plugins::filter('admin_comments_action', $status_msg, $_POST['action'], $comments); break; } $ar->message = $status_msg; $ar->out(); }