/**
* Handles AJAX requests to update comments, comment moderation
*/
public function ajax_update_comment( $handler_vars )
{
Utils::check_request_method( array( 'POST' ) );
// check WSSE authentication
$wsse = Utils::WSSE( $handler_vars['nonce'], $handler_vars['timestamp'] );
if ( $handler_vars['digest'] != $wsse['digest'] ) {
Session::error( _t( 'WSSE authentication failed.' ) );
echo Session::messages_get( true, array( 'Format', 'json_messages' ) );
return;
}
$ids = array();
foreach ( $_POST as $id => $update ) {
// skip POST elements which are not comment ids
if ( preg_match( '/^p\d+$/', $id ) && $update ) {
$ids[] = (int) substr( $id, 1 );
}
}
if ( ( ! isset( $ids ) || empty( $ids ) ) && $handler_vars['action'] == 'delete' ) {
Session::notice( _t( 'No comments selected.' ) );
echo Session::messages_get( true, array( 'Format', 'json_messages' ) );
return;
}
$comments = Comments::get( array( 'id' => $ids, 'nolimit' => true ) );
Plugins::act( 'admin_moderate_comments', $handler_vars['action'], $comments, $this );
$status_msg = _t( 'Unknown action "%s"', array( $handler_vars['action'] ) );
switch ( $handler_vars['action'] ) {
case 'delete_spam':
Comments::delete_by_status( Comment::STATUS_SPAM );
$status_msg = _t( 'Deleted all spam comments' );
break;
case 'delete_unapproved':
Comments::delete_by_status( Comment::STATUS_UNAPPROVED );
$status_msg = _t( 'Deleted all unapproved comments' );
break;
case 'delete':
// Comments marked for deletion
Comments::delete_these( $comments );
$status_msg = sprintf( _n( 'Deleted %d comment', 'Deleted %d comments', count( $ids ) ), count( $ids ) );
break;
case 'spam':
// Comments marked as spam
Comments::moderate_these( $comments, Comment::STATUS_SPAM );
$status_msg = sprintf( _n( 'Marked %d comment as spam', 'Marked %d comments as spam', count( $ids ) ), count( $ids ) );
break;
case 'approve':
case 'approved':
// Comments marked for approval
Comments::moderate_these( $comments, Comment::STATUS_APPROVED );
$status_msg = sprintf( _n( 'Approved %d comment', 'Approved %d comments', count( $ids ) ), count( $ids ) );
break;
case 'unapprove':
case 'unapproved':
// Comments marked for unapproval
Comments::moderate_these( $comments, Comment::STATUS_UNAPPROVED );
$status_msg = sprintf( _n( 'Unapproved %d comment', 'Unapproved %d comments', count( $ids ) ), count( $ids ) );
break;
default:
// Specific plugin-supplied action
$status_msg = Plugins::filter( 'admin_comments_action', $status_msg, $handler_vars['action'], $comments );
break;
}
Session::notice( $status_msg );
echo Session::messages_get( true, array( 'Format', 'json_messages' ) );
}
public function fetch_comments($params = array())
{
// Make certain handler_vars local with defaults, and add them to the theme output
$locals = array('do_delete' => false, 'do_spam' => false, 'do_approve' => false, 'do_unapprove' => false, 'comment_ids' => null, 'nonce' => '', 'timestamp' => '', 'PasswordDigest' => '', 'mass_spam_delete' => null, 'mass_delete' => null, 'type' => 'All', 'limit' => 20, 'offset' => 0, 'search' => '', 'status' => 'All', 'orderby' => 'date DESC');
foreach ($locals as $varname => $default) {
${$varname} = isset($this->handler_vars[$varname]) ? $this->handler_vars[$varname] : (isset($params[$varname]) ? $params[$varname] : $default);
$this->theme->{$varname} = ${$varname};
}
// Setting these mass_delete options prevents any other processing. Desired?
if (isset($mass_spam_delete) && $status == Comment::STATUS_SPAM) {
// Delete all comments that have the spam status.
Comments::delete_by_status(Comment::STATUS_SPAM);
// let's optimize the table
$result = DB::query('OPTIMIZE TABLE {comments}');
Session::notice(_t('Deleted all spam comments'));
Utils::redirect();
} elseif (isset($mass_delete) && $status == Comment::STATUS_UNAPPROVED) {
// Delete all comments that are unapproved.
Comments::delete_by_status(Comment::STATUS_UNAPPROVED);
Session::notice(_t('Deleted all unapproved comments'));
Utils::redirect();
} elseif (($do_delete || $do_spam || $do_approve || $do_unapprove) && isset($comment_ids)) {
$okay = true;
if (empty($nonce) || empty($timestamp) || empty($PasswordDigest)) {
$okay = false;
}
$wsse = Utils::WSSE($nonce, $timestamp);
if ($PasswordDigest != $wsse['digest']) {
$okay = false;
}
if ($okay) {
if ($do_delete) {
$action = 'delete';
} elseif ($do_spam) {
$action = 'spam';
} elseif ($do_approve) {
$action = 'approve';
} elseif ($do_unapprove) {
$action = 'unapprove';
}
$ids = array();
foreach ($comment_ids as $id => $id_value) {
if (!isset(${'$comment_ids[' . $id . ']'})) {
// Skip unmoderated submitted comment_ids
$ids[] = $id;
}
}
$to_update = Comments::get(array('id' => $ids));
$modstatus = array('Deleted %d comments' => 0, 'Marked %d comments as spam' => 0, 'Approved %d comments' => 0, 'Unapproved %d comments' => 0, 'Edited %d comments' => 0);
Plugins::act('admin_moderate_comments', $action, $to_update, $this);
switch ($action) {
case 'delete':
// This comment was marked for deletion
$to_update = $this->comment_access_filter($to_update, 'delete');
Comments::delete_these($to_update);
$modstatus['Deleted %d comments'] = count($to_update);
break;
case 'spam':
// This comment was marked as spam
$to_update = $this->comment_access_filter($to_update, 'edit');
Comments::moderate_these($to_update, Comment::STATUS_SPAM);
$modstatus['Marked %d comments as spam'] = count($to_update);
break;
case 'approve':
case 'approved':
// Comments marked for approval
$to_update = $this->comment_access_filter($to_update, 'edit');
Comments::moderate_these($to_update, Comment::STATUS_APPROVED);
$modstatus['Approved %d comments'] = count($to_update);
foreach ($to_update as $comment) {
$modstatus['Approved comments on these posts: %s'] = (isset($modstatus['Approved comments on these posts: %s']) ? $modstatus['Approved comments on these posts: %s'] . ' · ' : '') . '<a href="' . $comment->post->permalink . '">' . $comment->post->title . '</a> ';
}
break;
case 'unapprove':
case 'unapproved':
// This comment was marked for unapproval
$to_update = $this->comment_access_filter($to_update, 'edit');
Comments::moderate_these($to_update, Comment::STATUS_UNAPPROVED);
$modstatus['Unapproved %d comments'] = count($to_update);
break;
case 'edit':
$to_update = $this->comment_access_filter($to_update, 'edit');
foreach ($to_update as $comment) {
// This comment was edited
if ($_POST['name_' . $comment->id] != NULL) {
$comment->name = $_POST['name_' . $comment->id];
}
if ($_POST['email_' . $comment->id] != NULL) {
$comment->email = $_POST['email_' . $comment->id];
}
if ($_POST['url_' . $comment->id] != NULL) {
$comment->url = $_POST['url_' . $comment->id];
}
if ($_POST['content_' . $comment->id] != NULL) {
$comment->content = $_POST['content_' . $comment->id];
}
$comment->update();
}
$modstatus['Edited %d comments'] = count($to_update);
break;
}
foreach ($modstatus as $key => $value) {
if ($value) {
Session::notice(sprintf(_t($key), $value));
}
}
}
Utils::redirect();
}
// we load the WSSE tokens
// for use in the delete button
$this->theme->wsse = Utils::WSSE();
$arguments = array('type' => $type, 'status' => $status, 'limit' => $limit, 'offset' => $offset, 'orderby' => $orderby);
// only get comments the user is allowed to manage
if (!User::identify()->can('manage_all_comments')) {
$arguments['post_author'] = User::identify()->id;
}
// there is no explicit 'all' type/status for comments, so we need to unset these arguments
// if that's what we want. At the same time we can set up the search field
$this->theme->search_args = '';
if ($type == 'All') {
unset($arguments['type']);
} else {
$this->theme->search_args = 'type:' . Comment::type_name($type) . ' ';
}
if ($status == 'All') {
unset($arguments['status']);
} else {
$this->theme->search_args .= 'status:' . Comment::status_name($status);
}
if ('' != $search) {
$arguments = array_merge($arguments, Comments::search_to_get($search));
}
$this->theme->comments = Comments::get($arguments);
$monthcts = Comments::get(array_merge($arguments, array('month_cts' => 1)));
$years = array();
foreach ($monthcts as $month) {
if (isset($years[$month->year])) {
$years[$month->year][] = $month;
} else {
$years[$month->year] = array($month);
}
}
$this->theme->years = $years;
$baseactions = array();
$statuses = Comment::list_comment_statuses();
foreach ($statuses as $statusid => $statusname) {
$baseactions[$statusname] = array('url' => 'javascript:itemManage.update(\'' . $statusname . '\',__commentid__);', 'title' => _t('Change this comment\'s status to %s', array($statusname)), 'label' => Comment::status_action($statusid), 'access' => 'edit');
}
/* Standard actions */
$baseactions['delete'] = array('url' => 'javascript:itemManage.update(\'delete\',__commentid__);', 'title' => _t('Delete this comment'), 'label' => _t('Delete'), 'access' => 'delete');
$baseactions['edit'] = array('url' => URL::get('admin', 'page=comment&id=__commentid__'), 'title' => _t('Edit this comment'), 'label' => _t('Edit'), 'access' => 'edit');
/* Actions for inline edit */
$baseactions['submit'] = array('url' => 'javascript:inEdit.update();', 'title' => _t('Submit changes'), 'label' => _t('Update'), 'nodisplay' => TRUE, 'access' => 'edit');
$baseactions['cancel'] = array('url' => 'javascript:inEdit.deactivate();', 'title' => _t('Cancel changes'), 'label' => _t('Cancel'), 'nodisplay' => TRUE);
/* Allow plugins to apply actions */
$actions = Plugins::filter('comments_actions', $baseactions, $this->theme->comments);
foreach ($this->theme->comments as $comment) {
// filter the actions based on the user's permissions
$comment_access = $comment->get_access();
$menu = array();
foreach ($actions as $name => $action) {
if (!isset($action['access']) || ACL::access_check($comment_access, $action['access'])) {
$menu[$name] = $action;
}
}
// remove the current status from the dropmenu
unset($menu[Comment::status_name($comment->status)]);
$comment->menu = Plugins::filter('comment_actions', $menu, $comment);
}
}
/**
* Handles spam deletion
*
* @return void
**/
public function action_auth_ajax_deleteall($handler)
{
$result = array();
switch ($handler->handler_vars['target']) {
case 'spam':
if (!User::identify()->can('manage_all_comments')) {
Session::error(_t('You do not have permission to do that action.'));
break;
}
$total = Comments::count_total(Comment::STATUS_SPAM, FALSE);
Comments::delete_by_status(Comment::status('spam'));
Session::notice(sprintf(_t('Deleted all %s spam comments.'), $total));
break;
case 'logs':
if (!User::identify()->can('manage_logs')) {
Session::error(_t('You do not have permission to do that action.'));
break;
}
$to_delete = EventLog::get(array('date' => 'any', 'nolimit' => 1));
$count = 0;
foreach ($to_delete as $log) {
$log->delete();
$count++;
}
Session::notice(sprintf(_t('Deleted all %s log entries.'), $count));
break;
}
$result['messages'] = Session::messages_get(true, 'array');
echo json_encode($result);
}
/**
* Handles AJAX requests to update comments, comment moderation
*/
public function ajax_update_comment($handler_vars)
{
Utils::check_request_method(array('POST'));
$ar = new AjaxResponse();
// check WSSE authentication
$wsse = Utils::WSSE($_POST['nonce'], $_POST['timestamp']);
if ($_POST['digest'] != $wsse['digest']) {
$ar->message = _t('WSSE authentication failed.');
$ar->out();
return;
}
$ids = $_POST['selected'];
if ((!isset($ids) || empty($ids)) && $_POST['action'] == 'delete') {
$ar->message = _t('No comments selected.');
$ar->out();
return;
}
$comments = Comments::get(array('id' => $ids, 'nolimit' => true));
Plugins::act('admin_moderate_comments', $_POST['action'], $comments, $this);
$status_msg = _t('Unknown action "%s"', array($handler_vars['action']));
switch ($_POST['action']) {
case 'delete_spam':
Comments::delete_by_status('spam');
$status_msg = _t('Deleted all spam comments');
break;
case 'delete_unapproved':
Comments::delete_by_status('unapproved');
$status_msg = _t('Deleted all unapproved comments');
break;
case 'delete':
// Comments marked for deletion
Comments::delete_these($comments);
$status_msg = sprintf(_n('Deleted %d comment', 'Deleted %d comments', count($ids)), count($ids));
break;
case 'spam':
// Comments marked as spam
Comments::moderate_these($comments, 'spam');
$status_msg = sprintf(_n('Marked %d comment as spam', 'Marked %d comments as spam', count($ids)), count($ids));
break;
case 'approve':
case 'approved':
// Comments marked for approval
Comments::moderate_these($comments, 'approved');
$status_msg = sprintf(_n('Approved %d comment', 'Approved %d comments', count($ids)), count($ids));
break;
case 'unapprove':
case 'unapproved':
// Comments marked for unapproval
Comments::moderate_these($comments, 'unapproved');
$status_msg = sprintf(_n('Unapproved %d comment', 'Unapproved %d comments', count($ids)), count($ids));
break;
default:
// Specific plugin-supplied action
$status_msg = Plugins::filter('admin_comments_action', $status_msg, $_POST['action'], $comments);
break;
}
$ar->message = $status_msg;
$ar->out();
}
