1<?php 2/** 3 * Multisite sites administration panel. 4 * 5 * @package WordPress 6 * @subpackage Multisite 7 * @since 3.0.0 8 */ 9 10/** Load WordPress Administration Bootstrap */ 11require_once __DIR__ . '/admin.php'; 12 13if ( ! current_user_can( 'manage_sites' ) ) { 14 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 15} 16 17$wp_list_table = _get_list_table( 'WP_MS_Sites_List_Table' ); 18$pagenum = $wp_list_table->get_pagenum(); 19 20$title = __( 'Sites' ); 21$parent_file = 'sites.php'; 22 23add_screen_option( 'per_page' ); 24 25get_current_screen()->add_help_tab( 26 array( 27 'id' => 'overview', 28 'title' => __( 'Overview' ), 29 'content' => 30 '<p>' . __( 'Add New takes you to the Add New Site screen. You can search for a site by Name, ID number, or IP address. Screen Options allows you to choose how many sites to display on one page.' ) . '</p>' . 31 '<p>' . __( 'This is the main table of all sites on this network. Switch between list and excerpt views by using the icons above the right side of the table.' ) . '</p>' . 32 '<p>' . __( 'Hovering over each site reveals seven options (three for the primary site):' ) . '</p>' . 33 '<ul><li>' . __( 'An Edit link to a separate Edit Site screen.' ) . '</li>' . 34 '<li>' . __( 'Dashboard leads to the Dashboard for that site.' ) . '</li>' . 35 '<li>' . __( 'Deactivate, Archive, and Spam which lead to confirmation screens. These actions can be reversed later.' ) . '</li>' . 36 '<li>' . __( 'Delete which is a permanent action after the confirmation screens.' ) . '</li>' . 37 '<li>' . __( 'Visit to go to the front-end site live.' ) . '</li></ul>' . 38 '<p>' . __( 'The site ID is used internally, and is not shown on the front end of the site or to users/viewers.' ) . '</p>' . 39 '<p>' . __( 'Clicking on bold headings can re-sort this table.' ) . '</p>', 40 ) 41); 42 43get_current_screen()->set_help_sidebar( 44 '<p><strong>' . __( 'For more information:' ) . '</strong></p>' . 45 '<p>' . __( '<a href="https://wordpress.org/support/article/network-admin-sites-screen/">Documentation on Site Management</a>' ) . '</p>' . 46 '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>' ) . '</p>' 47); 48 49get_current_screen()->set_screen_reader_content( 50 array( 51 'heading_pagination' => __( 'Sites list navigation' ), 52 'heading_list' => __( 'Sites list' ), 53 ) 54); 55 56$id = isset( $_REQUEST['id'] ) ? (int) $_REQUEST['id'] : 0; 57 58if ( isset( $_GET['action'] ) ) { 59 /** This action is documented in wp-admin/network/edit.php */ 60 do_action( 'wpmuadminedit' ); 61 62 // A list of valid actions and their associated messaging for confirmation output. 63 $manage_actions = array( 64 /* translators: %s: Site URL. */ 65 'activateblog' => __( 'You are about to activate the site %s.' ), 66 /* translators: %s: Site URL. */ 67 'deactivateblog' => __( 'You are about to deactivate the site %s.' ), 68 /* translators: %s: Site URL. */ 69 'unarchiveblog' => __( 'You are about to unarchive the site %s.' ), 70 /* translators: %s: Site URL. */ 71 'archiveblog' => __( 'You are about to archive the site %s.' ), 72 /* translators: %s: Site URL. */ 73 'unspamblog' => __( 'You are about to unspam the site %s.' ), 74 /* translators: %s: Site URL. */ 75 'spamblog' => __( 'You are about to mark the site %s as spam.' ), 76 /* translators: %s: Site URL. */ 77 'deleteblog' => __( 'You are about to delete the site %s.' ), 78 /* translators: %s: Site URL. */ 79 'unmatureblog' => __( 'You are about to mark the site %s as mature.' ), 80 /* translators: %s: Site URL. */ 81 'matureblog' => __( 'You are about to mark the site %s as not mature.' ), 82 ); 83 84 if ( 'confirm' === $_GET['action'] ) { 85 // The action2 parameter contains the action being taken on the site. 86 $site_action = $_GET['action2']; 87 88 if ( ! array_key_exists( $site_action, $manage_actions ) ) { 89 wp_die( __( 'The requested action is not valid.' ) ); 90 } 91 92 // The mature/unmature UI exists only as external code. Check the "confirm" nonce for backward compatibility. 93 if ( 'matureblog' === $site_action || 'unmatureblog' === $site_action ) { 94 check_admin_referer( 'confirm' ); 95 } else { 96 check_admin_referer( $site_action . '_' . $id ); 97 } 98 99 if ( ! headers_sent() ) { 100 nocache_headers(); 101 header( 'Content-Type: text/html; charset=utf-8' ); 102 } 103 104 if ( get_network()->site_id == $id ) { 105 wp_die( __( 'Sorry, you are not allowed to change the current site.' ) ); 106 } 107 108 $site_details = get_site( $id ); 109 $site_address = untrailingslashit( $site_details->domain . $site_details->path ); 110 111 require_once ABSPATH . 'wp-admin/admin-header.php'; 112 ?> 113 <div class="wrap"> 114 <h1><?php _e( 'Confirm your action' ); ?></h1> 115 <form action="sites.php?action=<?php echo esc_attr( $site_action ); ?>" method="post"> 116 <input type="hidden" name="action" value="<?php echo esc_attr( $site_action ); ?>" /> 117 <input type="hidden" name="id" value="<?php echo esc_attr( $id ); ?>" /> 118 <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" /> 119 <?php wp_nonce_field( $site_action . '_' . $id, '_wpnonce', false ); ?> 120 <p><?php printf( $manage_actions[ $site_action ], $site_address ); ?></p> 121 <?php submit_button( __( 'Confirm' ), 'primary' ); ?> 122 </form> 123 </div> 124 <?php 125 require_once ABSPATH . 'wp-admin/admin-footer.php'; 126 exit; 127 } elseif ( array_key_exists( $_GET['action'], $manage_actions ) ) { 128 $action = $_GET['action']; 129 check_admin_referer( $action . '_' . $id ); 130 } elseif ( 'allblogs' === $_GET['action'] ) { 131 check_admin_referer( 'bulk-sites' ); 132 } 133 134 $updated_action = ''; 135 136 switch ( $_GET['action'] ) { 137 138 case 'deleteblog': 139 if ( ! current_user_can( 'delete_sites' ) ) { 140 wp_die( __( 'Sorry, you are not allowed to access this page.' ), '', array( 'response' => 403 ) ); 141 } 142 143 $updated_action = 'not_deleted'; 144 if ( '0' != $id && get_network()->site_id != $id && current_user_can( 'delete_site', $id ) ) { 145 wpmu_delete_blog( $id, true ); 146 $updated_action = 'delete'; 147 } 148 break; 149 150 case 'delete_sites': 151 check_admin_referer( 'ms-delete-sites' ); 152 153 foreach ( (array) $_POST['site_ids'] as $site_id ) { 154 $site_id = (int) $site_id; 155 156 if ( get_network()->site_id == $site_id ) { 157 continue; 158 } 159 160 if ( ! current_user_can( 'delete_site', $site_id ) ) { 161 $site = get_site( $site_id ); 162 $site_address = untrailingslashit( $site->domain . $site->path ); 163 164 wp_die( 165 sprintf( 166 /* translators: %s: Site URL. */ 167 __( 'Sorry, you are not allowed to delete the site %s.' ), 168 $site_address 169 ), 170 403 171 ); 172 } 173 174 $updated_action = 'all_delete'; 175 wpmu_delete_blog( $site_id, true ); 176 } 177 break; 178 179 case 'allblogs': 180 if ( isset( $_POST['action'] ) && isset( $_POST['allblogs'] ) ) { 181 $doaction = $_POST['action']; 182 183 foreach ( (array) $_POST['allblogs'] as $key => $val ) { 184 if ( '0' != $val && get_network()->site_id != $val ) { 185 switch ( $doaction ) { 186 case 'delete': 187 require_once ABSPATH . 'wp-admin/admin-header.php'; 188 ?> 189 <div class="wrap"> 190 <h1><?php _e( 'Confirm your action' ); ?></h1> 191 <form action="sites.php?action=delete_sites" method="post"> 192 <input type="hidden" name="action" value="delete_sites" /> 193 <input type="hidden" name="_wp_http_referer" value="<?php echo esc_attr( wp_get_referer() ); ?>" /> 194 <?php wp_nonce_field( 'ms-delete-sites', '_wpnonce', false ); ?> 195 <p><?php _e( 'You are about to delete the following sites:' ); ?></p> 196 <ul class="ul-disc"> 197 <?php 198 foreach ( $_POST['allblogs'] as $site_id ) : 199 $site = get_site( $site_id ); 200 $site_address = untrailingslashit( $site->domain . $site->path ); 201 ?> 202 <li> 203 <?php echo $site_address; ?> 204 <input type="hidden" name="site_ids[]" value="<?php echo (int) $site_id; ?>" /> 205 </li> 206 <?php endforeach; ?> 207 </ul> 208 <?php submit_button( __( 'Confirm' ), 'primary' ); ?> 209 </form> 210 </div> 211 <?php 212 require_once ABSPATH . 'wp-admin/admin-footer.php'; 213 exit; 214 break; 215 216 case 'spam': 217 case 'notspam': 218 $updated_action = ( 'spam' === $doaction ) ? 'all_spam' : 'all_notspam'; 219 update_blog_status( $val, 'spam', ( 'spam' === $doaction ) ? '1' : '0' ); 220 break; 221 } 222 } else { 223 wp_die( __( 'Sorry, you are not allowed to change the current site.' ) ); 224 } 225 } 226 227 if ( ! in_array( $doaction, array( 'delete', 'spam', 'notspam' ), true ) ) { 228 $redirect_to = wp_get_referer(); 229 $blogs = (array) $_POST['allblogs']; 230 231 /** This action is documented in wp-admin/network/site-themes.php */ 232 $redirect_to = apply_filters( 'handle_network_bulk_actions-' . get_current_screen()->id, $redirect_to, $doaction, $blogs, $id ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 233 234 wp_safe_redirect( $redirect_to ); 235 exit; 236 } 237 } else { 238 // Process query defined by WP_MS_Site_List_Table::extra_table_nav(). 239 $location = remove_query_arg( 240 array( '_wp_http_referer', '_wpnonce' ), 241 add_query_arg( $_POST, network_admin_url( 'sites.php' ) ) 242 ); 243 244 wp_redirect( $location ); 245 exit; 246 } 247 248 break; 249 250 case 'archiveblog': 251 case 'unarchiveblog': 252 update_blog_status( $id, 'archived', ( 'archiveblog' === $_GET['action'] ) ? '1' : '0' ); 253 break; 254 255 case 'activateblog': 256 update_blog_status( $id, 'deleted', '0' ); 257 258 /** 259 * Fires after a network site is activated. 260 * 261 * @since MU (3.0.0) 262 * 263 * @param string $id The ID of the activated site. 264 */ 265 do_action( 'activate_blog', $id ); 266 break; 267 268 case 'deactivateblog': 269 /** 270 * Fires before a network site is deactivated. 271 * 272 * @since MU (3.0.0) 273 * 274 * @param string $id The ID of the site being deactivated. 275 */ 276 do_action( 'deactivate_blog', $id ); 277 278 update_blog_status( $id, 'deleted', '1' ); 279 break; 280 281 case 'unspamblog': 282 case 'spamblog': 283 update_blog_status( $id, 'spam', ( 'spamblog' === $_GET['action'] ) ? '1' : '0' ); 284 break; 285 286 case 'unmatureblog': 287 case 'matureblog': 288 update_blog_status( $id, 'mature', ( 'matureblog' === $_GET['action'] ) ? '1' : '0' ); 289 break; 290 } 291 292 if ( empty( $updated_action ) && array_key_exists( $_GET['action'], $manage_actions ) ) { 293 $updated_action = $_GET['action']; 294 } 295 296 if ( ! empty( $updated_action ) ) { 297 wp_safe_redirect( add_query_arg( array( 'updated' => $updated_action ), wp_get_referer() ) ); 298 exit; 299 } 300} 301 302$msg = ''; 303if ( isset( $_GET['updated'] ) ) { 304 $action = $_GET['updated']; 305 306 switch ( $action ) { 307 case 'all_notspam': 308 $msg = __( 'Sites removed from spam.' ); 309 break; 310 case 'all_spam': 311 $msg = __( 'Sites marked as spam.' ); 312 break; 313 case 'all_delete': 314 $msg = __( 'Sites deleted.' ); 315 break; 316 case 'delete': 317 $msg = __( 'Site deleted.' ); 318 break; 319 case 'not_deleted': 320 $msg = __( 'Sorry, you are not allowed to delete that site.' ); 321 break; 322 case 'archiveblog': 323 $msg = __( 'Site archived.' ); 324 break; 325 case 'unarchiveblog': 326 $msg = __( 'Site unarchived.' ); 327 break; 328 case 'activateblog': 329 $msg = __( 'Site activated.' ); 330 break; 331 case 'deactivateblog': 332 $msg = __( 'Site deactivated.' ); 333 break; 334 case 'unspamblog': 335 $msg = __( 'Site removed from spam.' ); 336 break; 337 case 'spamblog': 338 $msg = __( 'Site marked as spam.' ); 339 break; 340 default: 341 /** 342 * Filters a specific, non-default, site-updated message in the Network admin. 343 * 344 * The dynamic portion of the hook name, `$action`, refers to the non-default 345 * site update action. 346 * 347 * @since 3.1.0 348 * 349 * @param string $msg The update message. Default 'Settings saved'. 350 */ 351 $msg = apply_filters( "network_sites_updated_message_{$action}", __( 'Settings saved.' ) ); 352 break; 353 } 354 355 if ( ! empty( $msg ) ) { 356 $msg = '<div id="message" class="updated notice is-dismissible"><p>' . $msg . '</p></div>'; 357 } 358} 359 360$wp_list_table->prepare_items(); 361 362require_once ABSPATH . 'wp-admin/admin-header.php'; 363?> 364 365<div class="wrap"> 366<h1 class="wp-heading-inline"><?php _e( 'Sites' ); ?></h1> 367 368<?php if ( current_user_can( 'create_sites' ) ) : ?> 369 <a href="<?php echo esc_url( network_admin_url( 'site-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'site' ); ?></a> 370<?php endif; ?> 371 372<?php 373if ( isset( $_REQUEST['s'] ) && strlen( $_REQUEST['s'] ) ) { 374 echo '<span class="subtitle">'; 375 printf( 376 /* translators: %s: Search query. */ 377 __( 'Search results for: %s' ), 378 '<strong>' . esc_html( $s ) . '</strong>' 379 ); 380 echo '</span>'; 381} 382?> 383 384<hr class="wp-header-end"> 385 386<?php $wp_list_table->views(); ?> 387 388<?php echo $msg; ?> 389 390<form method="get" id="ms-search" class="wp-clearfix"> 391<?php $wp_list_table->search_box( __( 'Search Sites' ), 'site' ); ?> 392<input type="hidden" name="action" value="blogs" /> 393</form> 394 395<form id="form-site-list" action="sites.php?action=allblogs" method="post"> 396 <?php $wp_list_table->display(); ?> 397</form> 398</div> 399<?php 400 401require_once ABSPATH . 'wp-admin/admin-footer.php'; ?> 402