Cleaner url

User must have "manage_options" perms to access delete blog page now (fixes #211)


git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@833 7be80a69-a1ef-0310-a953-fb0f7c49ff36

1 files changed, 6 insertions, 7 deletions

diff --git a/wp-content/mu-plugins/delete-blog.php b/wp-content/mu-plugins/delete-blog.php
index dbc1c4e..710c0c6 100644
--- a/wp-content/mu-plugins/delete-blog.php
+++ b/wp-content/mu-plugins/delete-blog.php
@@ -17,15 +17,14 @@ class delete_blog {
 	}
 
 	function admin_menu() {
-		$pfile = basename(dirname(__FILE__)) . '/' . basename(__FILE__);
-		add_submenu_page('options-general.php', __('Delete Blog'), __('Delete Blog'), 0, $pfile, array(&$this, 'plugin_content'));
+		add_submenu_page('options-general.php', __('Delete Blog'), __('Delete Blog'), 'manage_options', 'delete-blog', array(&$this, 'plugin_content'));
 	}
 
 	function plugin_content() {
 		global $wpdb, $current_blog, $current_site;
 		$this->delete_blog_hash = get_settings('delete_blog_hash');
 		print '<div class="wrap"><h2>' . __('Delete Blog') . '</h2>';
-		if( $_GET[ 'action' ] == "deleteblog" && $_GET[ 'confirmdelete' ] == '1' ) {
+		if( $_POST[ 'action' ] == "deleteblog" && $_POST[ 'confirmdelete' ] == '1' ) {
 			$hash = substr( md5( $_SERVER[ 'REQUEST_URI' ] . time() ), 0, 6 );
 			update_option( "delete_blog_hash", $hash );
 			$msg = "Dear User,
@@ -33,7 +32,7 @@ You recently clicked the 'Delete Blog' link on your blog and filled in a
 form on that page.
 If you really want to delete your blog, click the link below. You will not
 be asked to confirm again so only click this link if you are 100% certain:
-" . get_option( "siteurl" ) . "/wp-admin/options-general.php?page=mu-plugins/delete-blog.php&h=" . $hash . "
+" . get_option( "siteurl" ) . "/wp-admin/options-general.php?page=delete-blog&h=" . $hash . "
 
 If you delete your blog, please consider opening a new blog here
 some time in the future! (But remember your current blog and username 
@@ -47,8 +46,8 @@ Webmaster
 			?>
 			<p><?php _e('Thank you. Please check your email for a link to confirm your action. Your blog will not be deleted until this link is clicked.') ?></p>
 			<?php
-		} elseif( isset( $_GET[ 'h' ] ) && $_GET[ 'h' ] != '' && $this->delete_blog_hash != false ) {
-			if( $this->delete_blog_hash == $_GET[ 'h' ] ) {
+		} elseif( isset( $_GET[ 'h' ] ) && $_GET[ 'h' ] != '' && get_option('delete_blog_hash') != false ) {
+			if( get_option('delete_blog_hash') == $_GET[ 'h' ] ) {
 				$this->reallydeleteblog = true;
 				print "<p>" . __('Thank you for using ' .$current_site->site_name. ', your blog has been deleted. Happy trails to you until we meet again.') . "</p>";
 			} else {
@@ -59,7 +58,7 @@ Webmaster
 ?>
 <p><?php _e('If you do not want to use your ' .$current_site->site_name. ' blog any more, you can delete it using the form below. When you click <q>Delete My Blog</q> you will be sent an email with a link in it. Click on this link to delete your blog.') ?></p>
 <p><?php _e('Remember, once deleted your blog cannot be restored.') ?></p>
-<form method='GET' name='deletedirect'>
+<form method='post' name='deletedirect'>
 <input type="hidden" name="page" value="<?php echo $_GET['page'] ?>" />
 <input type='hidden' name='action' value='deleteblog' />
 <p><input id='confirmdelete' type='checkbox' name='confirmdelete' value='1' /> <label for='confirmdelete'><strong><?php printf( __("I'm sure I want to permanently disable my blog, and I am aware I can never get it back or use %s again."), $current_blog->domain ) ?></strong></label></p>