diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-16 13:07:13 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2007-10-16 13:07:13 +0000 |
commit | 66df7b815bf4cd9dff862e6200e1c366e02b08eb (patch) | |
tree | 22e399890dcebdb3048d7f9561a56693b46a6719 /wp-admin | |
parent | 35fa0c742a676868205bdc760d0f4427d525ae1a (diff) | |
download | wordpress-mu-66df7b815bf4cd9dff862e6200e1c366e02b08eb.tar.gz wordpress-mu-66df7b815bf4cd9dff862e6200e1c366e02b08eb.tar.xz wordpress-mu-66df7b815bf4cd9dff862e6200e1c366e02b08eb.zip |
Use GET and POST
Use update_user_status()
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1080 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin')
-rw-r--r-- | wp-admin/wpmu-edit.php | 8 | ||||
-rw-r--r-- | wp-admin/wpmu-options.php | 3 | ||||
-rw-r--r-- | wp-admin/wpmu-users.php | 30 |
3 files changed, 30 insertions, 11 deletions
diff --git a/wp-admin/wpmu-edit.php b/wp-admin/wpmu-edit.php index 9befdff..63056b0 100644 --- a/wp-admin/wpmu-edit.php +++ b/wp-admin/wpmu-edit.php @@ -6,11 +6,11 @@ if( is_site_admin() == false ) { do_action( "wpmuadminedit", "" ); -$id = intval( $_REQUEST[ 'id' ] ); +$id = intval( $_POST[ 'id' ] ); if( isset( $_POST[ 'ref' ] ) == false && empty( $_SERVER[ 'HTTP_REFERER' ] ) == false ) $_POST[ 'ref' ] = $_SERVER[ 'HTTP_REFERER' ]; -switch( $_REQUEST[ 'action' ] ) { +switch( $_GET[ 'action' ] ) { case "siteoptions": check_admin_referer('siteoptions'); @@ -251,7 +251,7 @@ switch( $_REQUEST[ 'action' ] ) { check_admin_referer('deleteblog'); if( $id != '0' && $id != '1' ) wpmu_delete_blog( $id, true ); - wp_redirect( add_query_arg( "updated", "blogdeleted", $_SERVER[ 'HTTP_REFERER' ] ) ); + wp_redirect( add_query_arg( "updated", "blogdeleted", $_POST[ 'ref' ] ) ); die(); break; case "allblogs": @@ -365,7 +365,7 @@ switch( $_REQUEST[ 'action' ] ) { break; case "confirm": ?> - <html><head><title><?php _e("Please confirm your action"); ?></title></head><body><h1><?php _e("Please Confirm"); ?></h1><form action='wpmu-edit.php' method='POST'><input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>'><input type='hidden' name='id' value='<?php echo wp_specialchars( $_GET[ 'id' ] ); ?>'><input type='hidden' name='ref' value='<?php if( isset( $_GET[ 'ref' ] ) ) {echo wp_specialchars( $_GET[ 'ref' ] ); } else { echo $_SERVER[ 'HTTP_REFERER' ]; } ?>'><?php wp_nonce_field( $_GET[ 'action2' ] ) ?><p><?php echo wp_specialchars( $_GET[ 'msg' ] ) ?></p><input type='submit' value='<?php _e("Confirm"); ?>'></form></body></html> + <html><head><title>Please confirm your action</title></head><body><h1>Please Confirm</h1><form action='wpmu-edit.php?action=<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>' method='POST'><input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>'><input type='hidden' name='id' value='<?php echo wp_specialchars( $_GET[ 'id' ] ); ?>'><input type='hidden' name='ref' value='<?php if( isset( $_GET[ 'ref' ] ) ) {echo wp_specialchars( $_GET[ 'ref' ] ); } else { echo $_SERVER[ 'HTTP_REFERER' ]; } ?>'><?php wp_nonce_field( $_GET[ 'action2' ] ) ?><p><?php echo wp_specialchars( $_GET[ 'msg' ] ) ?></p><input type='submit' value='Confirm'></form></body></html> <?php break; default: diff --git a/wp-admin/wpmu-options.php b/wp-admin/wpmu-options.php index 98114a8..bdb0acf 100644 --- a/wp-admin/wpmu-options.php +++ b/wp-admin/wpmu-options.php @@ -16,8 +16,7 @@ if (isset($_GET['updated'])) { ?> <div class="wrap"> <h2><?php _e('Site Options') ?></h2> - <form name="form1" method="POST" action="wpmu-edit.php"> - <input type='hidden' name='action' value='siteoptions'> + <form name="form1" method="POST" action="wpmu-edit.php?action=siteoptions"> <?php wp_nonce_field( "siteoptions" ); ?> <fieldset class="options"> <legend><?php _e('Operational Settings <em>(These settings cannot be modified by blog owners)</em>') ?></legend> diff --git a/wp-admin/wpmu-users.php b/wp-admin/wpmu-users.php index fbcc086..f6bf70f 100644 --- a/wp-admin/wpmu-users.php +++ b/wp-admin/wpmu-users.php @@ -3,15 +3,19 @@ require_once('admin.php'); $title = __('WPMU Admin: Users'); $parent_file = 'wpmu-admin.php'; -$id = intval( $_REQUEST[ 'id' ] ); +if( $_GET[ 'id' ] ) { + $id = intval( $_GET[ 'id' ] ); +} elseif( $_POST[ 'id' ] ) { + $id = intval( $_POST[ 'id' ] ); +} if( is_site_admin() == false ) { die( __('<p>You do not have permission to access this page.</p>') ); } -switch( $_REQUEST[ 'action' ] ) { +switch( $_GET[ 'action' ] ) { case "confirm": ?> - <form action='wpmu-users.php' method='POST'><input type='hidden' name='action' value='<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>'><input type='hidden' name='id' value='<?php echo wp_specialchars( $_GET[ 'id' ] ) ?>'><input type='hidden' name='ref' value='<?php if( isset( $_GET[ 'ref' ] ) ) {echo wp_specialchars( $_GET[ 'ref' ] ); } else { echo $_SERVER[ 'HTTP_REFERER' ]; } ?>'><?php wp_nonce_field( $_GET[ 'action2' ] ) ?><p><?php echo wp_specialchars( $_GET[ 'msg' ] ) ?></p><input type='submit' value='Confirm'></form> +<form action='wpmu-users.php?action=<?php echo wp_specialchars( $_GET[ 'action2' ] ) ?>' method='POST'><input type='hidden' name='id' value='<?php echo wp_specialchars( $_GET[ 'id' ] ) ?>'><input type='hidden' name='ref' value='<?php if( isset( $_GET[ 'ref' ] ) ) {echo wp_specialchars( $_GET[ 'ref' ] ); } else { echo $_SERVER[ 'HTTP_REFERER' ]; } ?>'><?php wp_nonce_field( $_GET[ 'action2' ] ) ?><p><?php echo wp_specialchars( $_GET[ 'msg' ] ) ?></p><input type='submit' value='Confirm'></form> <?php die(); break; @@ -25,6 +29,9 @@ switch( $_REQUEST[ 'action' ] ) { break; case "allusers": check_admin_referer('allusers'); + if( is_site_admin() == false ) { + die( __('<p>You do not have permission to access this page.</p>') ); + } if( is_array( $_POST[ 'allusers' ] ) ) { while( list( $key, $val ) = each( $_POST[ 'allusers' ] ) ) { if( $val != '' && $val != '0' && $val != '1' ) { @@ -39,6 +46,15 @@ switch( $_REQUEST[ 'action' ] ) { do_action( "make_spam_blog", $details->userblog_id ); } } + update_user_status( $val, "spam", '1', 1 ); + } elseif ( $_POST[ 'userfunction' ] == 'notspam' ) { + $blogs = get_blogs_of_user( $val, true ); + if( is_array( $blogs ) ) { + while( list( $key, $details ) = each( $blogs ) ) { + update_blog_status( $details->userblog_id, "spam", '0' ); + } + } + update_user_status( $val, "spam", '0', 1 ); } } } @@ -51,6 +67,9 @@ switch( $_REQUEST[ 'action' ] ) { $title = __('WPMU Admin'); $parent_file = 'wpmu-admin.php'; require_once('admin-header.php'); +if( is_site_admin() == false ) { + die( __('<p>You do not have permission to access this page.</p>') ); +} if (isset($_GET['updated'])) { ?><div id="message" class="updated fade"><p><?php _e('Options saved.') ?></p></div><?php } @@ -248,7 +267,7 @@ function check_all_rows() { <?php if ($user_list) { $bgcolor = ''; -foreach ($user_list as $user) { +foreach ($user_list as $user) { $class = ('alternate' == $class) ? '' : 'alternate'; ?> <tr class='<?php echo $class; ?>'> @@ -258,7 +277,7 @@ $class = ('alternate' == $class) ? '' : 'alternate'; foreach($posts_columns as $column_name=>$column_display_name) { switch($column_name) { - + case 'id': ?> <th scope="row"><input type='checkbox' id='<?php echo $user[ 'ID' ] ?>' name='allusers[]' value='<?php echo $user[ 'ID' ] ?>' /> <label for='<?php echo $user[ 'ID' ] ?>'><?php echo $user[ 'ID' ] ?></label></th> @@ -341,6 +360,7 @@ foreach($posts_columns as $column_name=>$column_display_name) { <?php wp_nonce_field( "allusers" ); ?> <li><input type='radio' name='userfunction' id='delete' value='delete' /> <label for='delete'><?php _e('Delete') ?></label></li> <li><input type='radio' name='userfunction' id='spam' value='spam' /> <label for='spam'><?php _e('Mark as Spammers') ?></label></li> +<li><input type='radio' name='userfunction' id='notspam' value='notspam' /> <label for='spam'><?php _e('Not Spam') ?></label></li> </ul> <input type='hidden' name='action' value='allusers'> <p><input type='submit' value='<?php _e('Apply Changes') ?>'></p> |