escape($_REQUEST['comment_status']); $delete_time = $wpdb->escape($_REQUEST['pagegen_timestamp']); $comment_ids = $wpdb->get_col( "SELECT comment_ID FROM $wpdb->comments WHERE comment_approved = '$comment_status' AND '$delete_time' > comment_date_gmt" ); $doaction = 'delete'; } elseif ( ($_REQUEST['action'] != -1 || $_REQUEST['action2'] != -1) && isset($_REQUEST['delete_comments']) ) { $comment_ids = $_REQUEST['delete_comments']; $doaction = ($_REQUEST['action'] != -1) ? $_REQUEST['action'] : $_REQUEST['action2']; } elseif ( $_REQUEST['doaction'] == 'undo' && isset($_REQUEST['ids']) ) { $comment_ids = array_map( 'absint', explode(',', $_REQUEST['ids']) ); $doaction = $_REQUEST['action']; } else { wp_redirect( wp_get_referer() ); } $approved = $unapproved = $spammed = $unspammed = $trashed = $untrashed = $deleted = 0; $redirect_to = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'spammed', 'unspammed', 'approved', 'unapproved', 'ids'), wp_get_referer() ); foreach ($comment_ids as $comment_id) { // Check the permissions on each $_post_id = (int) $wpdb->get_var( $wpdb->prepare( "SELECT comment_post_ID FROM $wpdb->comments WHERE comment_ID = %d", $comment_id) ); if ( !current_user_can('edit_post', $_post_id) ) continue; switch( $doaction ) { case 'approve' : wp_set_comment_status($comment_id, 'approve'); $approved++; break; case 'unapprove' : wp_set_comment_status($comment_id, 'hold'); $unapproved++; break; case 'spam' : wp_spam_comment($comment_id); $spammed++; break; case 'unspam' : wp_unspam_comment($comment_id); $unspammed++; break; case 'trash' : wp_trash_comment($comment_id); $trashed++; break; case 'untrash' : wp_untrash_comment($comment_id); $untrashed++; break; case 'delete' : wp_delete_comment($comment_id); $deleted++; break; } } if ( $approved ) $redirect_to = add_query_arg( 'approved', $approved, $redirect_to ); if ( $unapproved ) $redirect_to = add_query_arg( 'unapproved', $unapproved, $redirect_to ); if ( $spammed ) $redirect_to = add_query_arg( 'spammed', $spammed, $redirect_to ); if ( $unspammed ) $redirect_to = add_query_arg( 'unspammed', $unspammed, $redirect_to ); if ( $trashed ) $redirect_to = add_query_arg( 'trashed', $trashed, $redirect_to ); if ( $untrashed ) $redirect_to = add_query_arg( 'untrashed', $untrashed, $redirect_to ); if ( $deleted ) $redirect_to = add_query_arg( 'deleted', $deleted, $redirect_to ); if ( $trashed || $spammed ) $redirect_to = add_query_arg( 'ids', join(',', $comment_ids), $redirect_to ); wp_redirect( $redirect_to ); exit; } elseif ( ! empty($_GET['_wp_http_referer']) ) { wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) ); exit; } if ( $post_id ) $title = sprintf(__('Edit Comments on “%s”'), wp_html_excerpt(_draft_or_post_title($post_id), 50)); else $title = __('Edit Comments'); require_once('./admin-header.php'); $mode = ( empty($_GET['mode']) ) ? 'detail' : esc_attr($_GET['mode']); $comment_status = isset($_REQUEST['comment_status']) ? $_REQUEST['comment_status'] : 'all'; if ( !in_array($comment_status, array('all', 'moderated', 'approved', 'spam', 'trash')) ) $comment_status = 'all'; $comment_type = !empty($_GET['comment_type']) ? esc_attr($_GET['comment_type']) : ''; $search_dirty = ( isset($_GET['s']) ) ? $_GET['s'] : ''; $search = esc_attr( $search_dirty ); ?>
' . $error_msg . '
' . implode( "
\n", $messages ) . '