1<?php 2/** 3 * Comment Management Screen 4 * 5 * @package WordPress 6 * @subpackage Administration 7 */ 8 9/** Load WordPress Bootstrap */ 10require_once __DIR__ . '/admin.php'; 11 12$parent_file = 'edit-comments.php'; 13$submenu_file = 'edit-comments.php'; 14 15/** 16 * @global string $action 17 */ 18global $action; 19wp_reset_vars( array( 'action' ) ); 20 21if ( isset( $_POST['deletecomment'] ) ) { 22 $action = 'deletecomment'; 23} 24 25if ( 'cdc' === $action ) { 26 $action = 'delete'; 27} elseif ( 'mac' === $action ) { 28 $action = 'approve'; 29} 30 31if ( isset( $_GET['dt'] ) ) { 32 if ( 'spam' === $_GET['dt'] ) { 33 $action = 'spam'; 34 } elseif ( 'trash' === $_GET['dt'] ) { 35 $action = 'trash'; 36 } 37} 38 39if ( isset( $_REQUEST['c'] ) ) { 40 $comment_id = absint( $_REQUEST['c'] ); 41 $comment = get_comment( $comment_id ); 42 43 // Prevent actions on a comment associated with a trashed post. 44 if ( $comment && 'trash' === get_post_status( $comment->comment_post_ID ) ) { 45 wp_die( 46 __( 'You can’t edit this comment because the associated post is in the Trash. Please restore the post first, then try again.' ) 47 ); 48 } 49} else { 50 $comment = null; 51} 52 53switch ( $action ) { 54 55 case 'editcomment': 56 $title = __( 'Edit Comment' ); 57 58 get_current_screen()->add_help_tab( 59 array( 60 'id' => 'overview', 61 'title' => __( 'Overview' ), 62 'content' => 63 '<p>' . __( 'You can edit the information left in a comment if needed. This is often useful when you notice that a commenter has made a typographical error.' ) . '</p>' . 64 '<p>' . __( 'You can also moderate the comment from this screen using the Status box, where you can also change the timestamp of the comment.' ) . '</p>', 65 ) 66 ); 67 68 get_current_screen()->set_help_sidebar( 69 '<p><strong>' . __( 'For more information:' ) . '</strong></p>' . 70 '<p>' . __( '<a href="https://wordpress.org/support/article/comments-screen/">Documentation on Comments</a>' ) . '</p>' . 71 '<p>' . __( '<a href="https://wordpress.org/support/">Support</a>' ) . '</p>' 72 ); 73 74 wp_enqueue_script( 'comment' ); 75 require_once ABSPATH . 'wp-admin/admin-header.php'; 76 77 if ( ! $comment ) { 78 comment_footer_die( __( 'Invalid comment ID.' ) . sprintf( ' <a href="%s">' . __( 'Go back' ) . '</a>.', 'javascript:history.go(-1)' ) ); 79 } 80 81 if ( ! current_user_can( 'edit_comment', $comment_id ) ) { 82 comment_footer_die( __( 'Sorry, you are not allowed to edit this comment.' ) ); 83 } 84 85 if ( 'trash' === $comment->comment_approved ) { 86 comment_footer_die( __( 'This comment is in the Trash. Please move it out of the Trash if you want to edit it.' ) ); 87 } 88 89 $comment = get_comment_to_edit( $comment_id ); 90 91 require ABSPATH . 'wp-admin/edit-form-comment.php'; 92 93 break; 94 95 case 'delete': 96 case 'approve': 97 case 'trash': 98 case 'spam': 99 $title = __( 'Moderate Comment' ); 100 101 if ( ! $comment ) { 102 wp_redirect( admin_url( 'edit-comments.php?error=1' ) ); 103 die(); 104 } 105 106 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) { 107 wp_redirect( admin_url( 'edit-comments.php?error=2' ) ); 108 die(); 109 } 110 111 // No need to re-approve/re-trash/re-spam a comment. 112 if ( str_replace( '1', 'approve', $comment->comment_approved ) === $action ) { 113 wp_redirect( admin_url( 'edit-comments.php?same=' . $comment_id ) ); 114 die(); 115 } 116 117 require_once ABSPATH . 'wp-admin/admin-header.php'; 118 119 $formaction = $action . 'comment'; 120 $nonce_action = ( 'approve' === $action ) ? 'approve-comment_' : 'delete-comment_'; 121 $nonce_action .= $comment_id; 122 123 ?> 124 <div class="wrap"> 125 126 <h1><?php echo esc_html( $title ); ?></h1> 127 128 <?php 129 switch ( $action ) { 130 case 'spam': 131 $caution_msg = __( 'You are about to mark the following comment as spam:' ); 132 $button = _x( 'Mark as spam', 'comment' ); 133 break; 134 case 'trash': 135 $caution_msg = __( 'You are about to move the following comment to the Trash:' ); 136 $button = __( 'Move to Trash' ); 137 break; 138 case 'delete': 139 $caution_msg = __( 'You are about to delete the following comment:' ); 140 $button = __( 'Permanently delete comment' ); 141 break; 142 default: 143 $caution_msg = __( 'You are about to approve the following comment:' ); 144 $button = __( 'Approve comment' ); 145 break; 146 } 147 148 if ( '0' !== $comment->comment_approved ) { // If not unapproved. 149 $message = ''; 150 switch ( $comment->comment_approved ) { 151 case '1': 152 $message = __( 'This comment is currently approved.' ); 153 break; 154 case 'spam': 155 $message = __( 'This comment is currently marked as spam.' ); 156 break; 157 case 'trash': 158 $message = __( 'This comment is currently in the Trash.' ); 159 break; 160 } 161 if ( $message ) { 162 echo '<div id="message" class="notice notice-info"><p>' . $message . '</p></div>'; 163 } 164 } 165 ?> 166<div id="message" class="notice notice-warning"><p><strong><?php _e( 'Caution:' ); ?></strong> <?php echo $caution_msg; ?></p></div> 167 168<table class="form-table comment-ays"> 169<tr> 170 <th scope="row"><?php _e( 'Author' ); ?></th> 171 <td><?php comment_author( $comment ); ?></td> 172</tr> 173 <?php if ( get_comment_author_email( $comment ) ) { ?> 174<tr> 175 <th scope="row"><?php _e( 'Email' ); ?></th> 176 <td><?php comment_author_email( $comment ); ?></td> 177</tr> 178<?php } ?> 179 <?php if ( get_comment_author_url( $comment ) ) { ?> 180<tr> 181 <th scope="row"><?php _e( 'URL' ); ?></th> 182 <td><a href="<?php comment_author_url( $comment ); ?>"><?php comment_author_url( $comment ); ?></a></td> 183</tr> 184<?php } ?> 185<tr> 186 <th scope="row"><?php /* translators: Column name or table row header. */ _e( 'In response to' ); ?></th> 187 <td> 188 <?php 189 $post_id = $comment->comment_post_ID; 190 if ( current_user_can( 'edit_post', $post_id ) ) { 191 $post_link = "<a href='" . esc_url( get_edit_post_link( $post_id ) ) . "'>"; 192 $post_link .= esc_html( get_the_title( $post_id ) ) . '</a>'; 193 } else { 194 $post_link = esc_html( get_the_title( $post_id ) ); 195 } 196 echo $post_link; 197 198 if ( $comment->comment_parent ) { 199 $parent = get_comment( $comment->comment_parent ); 200 $parent_link = esc_url( get_comment_link( $parent ) ); 201 $name = get_comment_author( $parent ); 202 printf( 203 /* translators: %s: Comment link. */ 204 ' | ' . __( 'In reply to %s.' ), 205 '<a href="' . $parent_link . '">' . $name . '</a>' 206 ); 207 } 208 ?> 209 </td> 210</tr> 211<tr> 212 <th scope="row"><?php _e( 'Submitted on' ); ?></th> 213 <td> 214 <?php 215 $submitted = sprintf( 216 /* translators: 1: Comment date, 2: Comment time. */ 217 __( '%1$s at %2$s' ), 218 /* translators: Comment date format. See https://www.php.net/manual/datetime.format.php */ 219 get_comment_date( __( 'Y/m/d' ), $comment ), 220 /* translators: Comment time format. See https://www.php.net/manual/datetime.format.php */ 221 get_comment_date( __( 'g:i a' ), $comment ) 222 ); 223 if ( 'approved' === wp_get_comment_status( $comment ) && ! empty( $comment->comment_post_ID ) ) { 224 echo '<a href="' . esc_url( get_comment_link( $comment ) ) . '">' . $submitted . '</a>'; 225 } else { 226 echo $submitted; 227 } 228 ?> 229 </td> 230</tr> 231<tr> 232 <th scope="row"><?php /* translators: Field name in comment form. */ _ex( 'Comment', 'noun' ); ?></th> 233 <td class="comment-content"> 234 <?php comment_text( $comment ); ?> 235 <p class="edit-comment"> 236 <a href="<?php echo esc_url( admin_url( "comment.php?action=editcomment&c={$comment->comment_ID}" ) ); ?>"><?php esc_html_e( 'Edit' ); ?></a> 237 </p> 238 </td> 239</tr> 240</table> 241 242<form action="comment.php" method="get" class="comment-ays-submit"> 243 <p> 244 <?php submit_button( $button, 'primary', 'submit', false ); ?> 245 <a href="<?php echo esc_url( admin_url( 'edit-comments.php' ) ); ?>" class="button-cancel"><?php esc_html_e( 'Cancel' ); ?></a> 246 </p> 247 248 <?php wp_nonce_field( $nonce_action ); ?> 249 <input type="hidden" name="action" value="<?php echo esc_attr( $formaction ); ?>" /> 250 <input type="hidden" name="c" value="<?php echo esc_attr( $comment->comment_ID ); ?>" /> 251 <input type="hidden" name="noredir" value="1" /> 252</form> 253 254</div> 255 <?php 256 break; 257 258 case 'deletecomment': 259 case 'trashcomment': 260 case 'untrashcomment': 261 case 'spamcomment': 262 case 'unspamcomment': 263 case 'approvecomment': 264 case 'unapprovecomment': 265 $comment_id = absint( $_REQUEST['c'] ); 266 267 if ( in_array( $action, array( 'approvecomment', 'unapprovecomment' ), true ) ) { 268 check_admin_referer( 'approve-comment_' . $comment_id ); 269 } else { 270 check_admin_referer( 'delete-comment_' . $comment_id ); 271 } 272 273 $noredir = isset( $_REQUEST['noredir'] ); 274 275 $comment = get_comment( $comment_id ); 276 if ( ! $comment ) { 277 comment_footer_die( __( 'Invalid comment ID.' ) . sprintf( ' <a href="%s">' . __( 'Go back' ) . '</a>.', 'edit-comments.php' ) ); 278 } 279 if ( ! current_user_can( 'edit_comment', $comment->comment_ID ) ) { 280 comment_footer_die( __( 'Sorry, you are not allowed to edit comments on this post.' ) ); 281 } 282 283 if ( wp_get_referer() && ! $noredir && false === strpos( wp_get_referer(), 'comment.php' ) ) { 284 $redir = wp_get_referer(); 285 } elseif ( wp_get_original_referer() && ! $noredir ) { 286 $redir = wp_get_original_referer(); 287 } elseif ( in_array( $action, array( 'approvecomment', 'unapprovecomment' ), true ) ) { 288 $redir = admin_url( 'edit-comments.php?p=' . absint( $comment->comment_post_ID ) ); 289 } else { 290 $redir = admin_url( 'edit-comments.php' ); 291 } 292 293 $redir = remove_query_arg( array( 'spammed', 'unspammed', 'trashed', 'untrashed', 'deleted', 'ids', 'approved', 'unapproved' ), $redir ); 294 295 switch ( $action ) { 296 case 'deletecomment': 297 wp_delete_comment( $comment ); 298 $redir = add_query_arg( array( 'deleted' => '1' ), $redir ); 299 break; 300 case 'trashcomment': 301 wp_trash_comment( $comment ); 302 $redir = add_query_arg( 303 array( 304 'trashed' => '1', 305 'ids' => $comment_id, 306 ), 307 $redir 308 ); 309 break; 310 case 'untrashcomment': 311 wp_untrash_comment( $comment ); 312 $redir = add_query_arg( array( 'untrashed' => '1' ), $redir ); 313 break; 314 case 'spamcomment': 315 wp_spam_comment( $comment ); 316 $redir = add_query_arg( 317 array( 318 'spammed' => '1', 319 'ids' => $comment_id, 320 ), 321 $redir 322 ); 323 break; 324 case 'unspamcomment': 325 wp_unspam_comment( $comment ); 326 $redir = add_query_arg( array( 'unspammed' => '1' ), $redir ); 327 break; 328 case 'approvecomment': 329 wp_set_comment_status( $comment, 'approve' ); 330 $redir = add_query_arg( array( 'approved' => 1 ), $redir ); 331 break; 332 case 'unapprovecomment': 333 wp_set_comment_status( $comment, 'hold' ); 334 $redir = add_query_arg( array( 'unapproved' => 1 ), $redir ); 335 break; 336 } 337 338 wp_redirect( $redir ); 339 die; 340 341 case 'editedcomment': 342 $comment_id = absint( $_POST['comment_ID'] ); 343 $comment_post_id = absint( $_POST['comment_post_ID'] ); 344 345 check_admin_referer( 'update-comment_' . $comment_id ); 346 347 $updated = edit_comment(); 348 if ( is_wp_error( $updated ) ) { 349 wp_die( $updated->get_error_message() ); 350 } 351 352 $location = ( empty( $_POST['referredby'] ) ? "edit-comments.php?p=$comment_post_id" : $_POST['referredby'] ) . '#comment-' . $comment_id; 353 354 /** 355 * Filters the URI the user is redirected to after editing a comment in the admin. 356 * 357 * @since 2.1.0 358 * 359 * @param string $location The URI the user will be redirected to. 360 * @param int $comment_id The ID of the comment being edited. 361 */ 362 $location = apply_filters( 'comment_edit_redirect', $location, $comment_id ); 363 364 wp_redirect( $location ); 365 exit; 366 367 default: 368 wp_die( __( 'Unknown action.' ) ); 369 370} // End switch. 371 372require_once ABSPATH . 'wp-admin/admin-footer.php'; 373