/**
	 * Handles AJAX requests to update comments, comment moderation
	 */
	public function ajax_update_comment( $handler_vars )
	{

		Utils::check_request_method( array( 'POST' ) );

		// check WSSE authentication
		$wsse = Utils::WSSE( $handler_vars['nonce'], $handler_vars['timestamp'] );
		if ( $handler_vars['digest'] != $wsse['digest'] ) {
			Session::error( _t( 'WSSE authentication failed.' ) );
			echo Session::messages_get( true, array( 'Format', 'json_messages' ) );
			return;
		}

		$ids = array();

		foreach ( $_POST as $id => $update ) {
			// skip POST elements which are not comment ids
			if ( preg_match( '/^p\d+$/', $id ) && $update ) {
				$ids[] = (int) substr( $id, 1 );
			}
		}

		if ( ( ! isset( $ids ) || empty( $ids ) ) && $handler_vars['action'] == 'delete' ) {
			Session::notice( _t( 'No comments selected.' ) );
			echo Session::messages_get( true, array( 'Format', 'json_messages' ) );
			return;
		}

		$comments = Comments::get( array( 'id' => $ids, 'nolimit' => true ) );
		Plugins::act( 'admin_moderate_comments', $handler_vars['action'], $comments, $this );
		$status_msg = _t( 'Unknown action "%s"', array( $handler_vars['action'] ) );

		switch ( $handler_vars['action'] ) {
			case 'delete_spam':
				Comments::delete_by_status( Comment::STATUS_SPAM );
				$status_msg = _t( 'Deleted all spam comments' );
				break;
			case 'delete_unapproved':
				Comments::delete_by_status( Comment::STATUS_UNAPPROVED );
				$status_msg = _t( 'Deleted all unapproved comments' );
				break;
			case 'delete':
				// Comments marked for deletion
				Comments::delete_these( $comments );
				$status_msg = sprintf( _n( 'Deleted %d comment', 'Deleted %d comments', count( $ids ) ), count( $ids ) );
				break;
			case 'spam':
				// Comments marked as spam
				Comments::moderate_these( $comments, Comment::STATUS_SPAM );
				$status_msg = sprintf( _n( 'Marked %d comment as spam', 'Marked %d comments as spam', count( $ids ) ), count( $ids ) );
				break;
			case 'approve':
			case 'approved':
				// Comments marked for approval
				Comments::moderate_these( $comments, Comment::STATUS_APPROVED );
				$status_msg = sprintf( _n( 'Approved %d comment', 'Approved %d comments', count( $ids ) ), count( $ids ) );
				break;
			case 'unapprove':
			case 'unapproved':
				// Comments marked for unapproval
				Comments::moderate_these( $comments, Comment::STATUS_UNAPPROVED );
				$status_msg = sprintf( _n( 'Unapproved %d comment', 'Unapproved %d comments', count( $ids ) ), count( $ids ) );
				break;
			default:
				// Specific plugin-supplied action
				$status_msg = Plugins::filter( 'admin_comments_action', $status_msg, $handler_vars['action'], $comments );
				break;
		}

		Session::notice( $status_msg );
		echo Session::messages_get( true, array( 'Format', 'json_messages' ) );
	}
示例#2
0
 public function fetch_comments($params = array())
 {
     // Make certain handler_vars local with defaults, and add them to the theme output
     $locals = array('do_delete' => false, 'do_spam' => false, 'do_approve' => false, 'do_unapprove' => false, 'comment_ids' => null, 'nonce' => '', 'timestamp' => '', 'PasswordDigest' => '', 'mass_spam_delete' => null, 'mass_delete' => null, 'type' => 'All', 'limit' => 20, 'offset' => 0, 'search' => '', 'status' => 'All', 'orderby' => 'date DESC');
     foreach ($locals as $varname => $default) {
         ${$varname} = isset($this->handler_vars[$varname]) ? $this->handler_vars[$varname] : (isset($params[$varname]) ? $params[$varname] : $default);
         $this->theme->{$varname} = ${$varname};
     }
     // Setting these mass_delete options prevents any other processing.  Desired?
     if (isset($mass_spam_delete) && $status == Comment::STATUS_SPAM) {
         // Delete all comments that have the spam status.
         Comments::delete_by_status(Comment::STATUS_SPAM);
         // let's optimize the table
         $result = DB::query('OPTIMIZE TABLE {comments}');
         Session::notice(_t('Deleted all spam comments'));
         Utils::redirect();
     } elseif (isset($mass_delete) && $status == Comment::STATUS_UNAPPROVED) {
         // Delete all comments that are unapproved.
         Comments::delete_by_status(Comment::STATUS_UNAPPROVED);
         Session::notice(_t('Deleted all unapproved comments'));
         Utils::redirect();
     } elseif (($do_delete || $do_spam || $do_approve || $do_unapprove) && isset($comment_ids)) {
         $okay = true;
         if (empty($nonce) || empty($timestamp) || empty($PasswordDigest)) {
             $okay = false;
         }
         $wsse = Utils::WSSE($nonce, $timestamp);
         if ($PasswordDigest != $wsse['digest']) {
             $okay = false;
         }
         if ($okay) {
             if ($do_delete) {
                 $action = 'delete';
             } elseif ($do_spam) {
                 $action = 'spam';
             } elseif ($do_approve) {
                 $action = 'approve';
             } elseif ($do_unapprove) {
                 $action = 'unapprove';
             }
             $ids = array();
             foreach ($comment_ids as $id => $id_value) {
                 if (!isset(${'$comment_ids[' . $id . ']'})) {
                     // Skip unmoderated submitted comment_ids
                     $ids[] = $id;
                 }
             }
             $to_update = Comments::get(array('id' => $ids));
             $modstatus = array('Deleted %d comments' => 0, 'Marked %d comments as spam' => 0, 'Approved %d comments' => 0, 'Unapproved %d comments' => 0, 'Edited %d comments' => 0);
             Plugins::act('admin_moderate_comments', $action, $to_update, $this);
             switch ($action) {
                 case 'delete':
                     // This comment was marked for deletion
                     $to_update = $this->comment_access_filter($to_update, 'delete');
                     Comments::delete_these($to_update);
                     $modstatus['Deleted %d comments'] = count($to_update);
                     break;
                 case 'spam':
                     // This comment was marked as spam
                     $to_update = $this->comment_access_filter($to_update, 'edit');
                     Comments::moderate_these($to_update, Comment::STATUS_SPAM);
                     $modstatus['Marked %d comments as spam'] = count($to_update);
                     break;
                 case 'approve':
                 case 'approved':
                     // Comments marked for approval
                     $to_update = $this->comment_access_filter($to_update, 'edit');
                     Comments::moderate_these($to_update, Comment::STATUS_APPROVED);
                     $modstatus['Approved %d comments'] = count($to_update);
                     foreach ($to_update as $comment) {
                         $modstatus['Approved comments on these posts: %s'] = (isset($modstatus['Approved comments on these posts: %s']) ? $modstatus['Approved comments on these posts: %s'] . ' &middot; ' : '') . '<a href="' . $comment->post->permalink . '">' . $comment->post->title . '</a> ';
                     }
                     break;
                 case 'unapprove':
                 case 'unapproved':
                     // This comment was marked for unapproval
                     $to_update = $this->comment_access_filter($to_update, 'edit');
                     Comments::moderate_these($to_update, Comment::STATUS_UNAPPROVED);
                     $modstatus['Unapproved %d comments'] = count($to_update);
                     break;
                 case 'edit':
                     $to_update = $this->comment_access_filter($to_update, 'edit');
                     foreach ($to_update as $comment) {
                         // This comment was edited
                         if ($_POST['name_' . $comment->id] != NULL) {
                             $comment->name = $_POST['name_' . $comment->id];
                         }
                         if ($_POST['email_' . $comment->id] != NULL) {
                             $comment->email = $_POST['email_' . $comment->id];
                         }
                         if ($_POST['url_' . $comment->id] != NULL) {
                             $comment->url = $_POST['url_' . $comment->id];
                         }
                         if ($_POST['content_' . $comment->id] != NULL) {
                             $comment->content = $_POST['content_' . $comment->id];
                         }
                         $comment->update();
                     }
                     $modstatus['Edited %d comments'] = count($to_update);
                     break;
             }
             foreach ($modstatus as $key => $value) {
                 if ($value) {
                     Session::notice(sprintf(_t($key), $value));
                 }
             }
         }
         Utils::redirect();
     }
     // we load the WSSE tokens
     // for use in the delete button
     $this->theme->wsse = Utils::WSSE();
     $arguments = array('type' => $type, 'status' => $status, 'limit' => $limit, 'offset' => $offset, 'orderby' => $orderby);
     // only get comments the user is allowed to manage
     if (!User::identify()->can('manage_all_comments')) {
         $arguments['post_author'] = User::identify()->id;
     }
     // there is no explicit 'all' type/status for comments, so we need to unset these arguments
     // if that's what we want. At the same time we can set up the search field
     $this->theme->search_args = '';
     if ($type == 'All') {
         unset($arguments['type']);
     } else {
         $this->theme->search_args = 'type:' . Comment::type_name($type) . ' ';
     }
     if ($status == 'All') {
         unset($arguments['status']);
     } else {
         $this->theme->search_args .= 'status:' . Comment::status_name($status);
     }
     if ('' != $search) {
         $arguments = array_merge($arguments, Comments::search_to_get($search));
     }
     $this->theme->comments = Comments::get($arguments);
     $monthcts = Comments::get(array_merge($arguments, array('month_cts' => 1)));
     $years = array();
     foreach ($monthcts as $month) {
         if (isset($years[$month->year])) {
             $years[$month->year][] = $month;
         } else {
             $years[$month->year] = array($month);
         }
     }
     $this->theme->years = $years;
     $baseactions = array();
     $statuses = Comment::list_comment_statuses();
     foreach ($statuses as $statusid => $statusname) {
         $baseactions[$statusname] = array('url' => 'javascript:itemManage.update(\'' . $statusname . '\',__commentid__);', 'title' => _t('Change this comment\'s status to %s', array($statusname)), 'label' => Comment::status_action($statusid), 'access' => 'edit');
     }
     /* Standard actions */
     $baseactions['delete'] = array('url' => 'javascript:itemManage.update(\'delete\',__commentid__);', 'title' => _t('Delete this comment'), 'label' => _t('Delete'), 'access' => 'delete');
     $baseactions['edit'] = array('url' => URL::get('admin', 'page=comment&id=__commentid__'), 'title' => _t('Edit this comment'), 'label' => _t('Edit'), 'access' => 'edit');
     /* Actions for inline edit */
     $baseactions['submit'] = array('url' => 'javascript:inEdit.update();', 'title' => _t('Submit changes'), 'label' => _t('Update'), 'nodisplay' => TRUE, 'access' => 'edit');
     $baseactions['cancel'] = array('url' => 'javascript:inEdit.deactivate();', 'title' => _t('Cancel changes'), 'label' => _t('Cancel'), 'nodisplay' => TRUE);
     /* Allow plugins to apply actions */
     $actions = Plugins::filter('comments_actions', $baseactions, $this->theme->comments);
     foreach ($this->theme->comments as $comment) {
         // filter the actions based on the user's permissions
         $comment_access = $comment->get_access();
         $menu = array();
         foreach ($actions as $name => $action) {
             if (!isset($action['access']) || ACL::access_check($comment_access, $action['access'])) {
                 $menu[$name] = $action;
             }
         }
         // remove the current status from the dropmenu
         unset($menu[Comment::status_name($comment->status)]);
         $comment->menu = Plugins::filter('comment_actions', $menu, $comment);
     }
 }
 /**
  * Handles spam deletion
  *
  * @return void
  **/
 public function action_auth_ajax_deleteall($handler)
 {
     $result = array();
     switch ($handler->handler_vars['target']) {
         case 'spam':
             if (!User::identify()->can('manage_all_comments')) {
                 Session::error(_t('You do not have permission to do that action.'));
                 break;
             }
             $total = Comments::count_total(Comment::STATUS_SPAM, FALSE);
             Comments::delete_by_status(Comment::status('spam'));
             Session::notice(sprintf(_t('Deleted all %s spam comments.'), $total));
             break;
         case 'logs':
             if (!User::identify()->can('manage_logs')) {
                 Session::error(_t('You do not have permission to do that action.'));
                 break;
             }
             $to_delete = EventLog::get(array('date' => 'any', 'nolimit' => 1));
             $count = 0;
             foreach ($to_delete as $log) {
                 $log->delete();
                 $count++;
             }
             Session::notice(sprintf(_t('Deleted all %s log entries.'), $count));
             break;
     }
     $result['messages'] = Session::messages_get(true, 'array');
     echo json_encode($result);
 }
示例#4
0
 /**
  * Handles AJAX requests to update comments, comment moderation
  */
 public function ajax_update_comment($handler_vars)
 {
     Utils::check_request_method(array('POST'));
     $ar = new AjaxResponse();
     // check WSSE authentication
     $wsse = Utils::WSSE($_POST['nonce'], $_POST['timestamp']);
     if ($_POST['digest'] != $wsse['digest']) {
         $ar->message = _t('WSSE authentication failed.');
         $ar->out();
         return;
     }
     $ids = $_POST['selected'];
     if ((!isset($ids) || empty($ids)) && $_POST['action'] == 'delete') {
         $ar->message = _t('No comments selected.');
         $ar->out();
         return;
     }
     $comments = Comments::get(array('id' => $ids, 'nolimit' => true));
     Plugins::act('admin_moderate_comments', $_POST['action'], $comments, $this);
     $status_msg = _t('Unknown action "%s"', array($handler_vars['action']));
     switch ($_POST['action']) {
         case 'delete_spam':
             Comments::delete_by_status('spam');
             $status_msg = _t('Deleted all spam comments');
             break;
         case 'delete_unapproved':
             Comments::delete_by_status('unapproved');
             $status_msg = _t('Deleted all unapproved comments');
             break;
         case 'delete':
             // Comments marked for deletion
             Comments::delete_these($comments);
             $status_msg = sprintf(_n('Deleted %d comment', 'Deleted %d comments', count($ids)), count($ids));
             break;
         case 'spam':
             // Comments marked as spam
             Comments::moderate_these($comments, 'spam');
             $status_msg = sprintf(_n('Marked %d comment as spam', 'Marked %d comments as spam', count($ids)), count($ids));
             break;
         case 'approve':
         case 'approved':
             // Comments marked for approval
             Comments::moderate_these($comments, 'approved');
             $status_msg = sprintf(_n('Approved %d comment', 'Approved %d comments', count($ids)), count($ids));
             break;
         case 'unapprove':
         case 'unapproved':
             // Comments marked for unapproval
             Comments::moderate_these($comments, 'unapproved');
             $status_msg = sprintf(_n('Unapproved %d comment', 'Unapproved %d comments', count($ids)), count($ids));
             break;
         default:
             // Specific plugin-supplied action
             $status_msg = Plugins::filter('admin_comments_action', $status_msg, $_POST['action'], $comments);
             break;
     }
     $ar->message = $status_msg;
     $ar->out();
 }