1 | <?php |
2 | /** |
3 | * Link Management Administration Panel. |
4 | * |
5 | * @package WordPress |
6 | * @subpackage Administration |
7 | */ |
8 | |
9 | /** Load WordPress Administration Bootstrap */ |
10 | require_once ('admin.php'); |
11 | |
12 | // Handle bulk deletes |
13 | if ( isset($_GET['action']) && isset($_GET['linkcheck']) ) { |
14 | check_admin_referer('bulk-bookmarks'); |
15 | $doaction = $_GET['action'] ? $_GET['action'] : $_GET['action2']; |
16 | |
17 | if ( ! current_user_can('manage_links') ) |
18 | wp_die( __('You do not have sufficient permissions to edit the links for this site.') ); |
19 | |
20 | if ( 'delete' == $doaction ) { |
21 | $bulklinks = (array) $_GET['linkcheck']; |
22 | foreach ( $bulklinks as $link_id ) { |
23 | $link_id = (int) $link_id; |
24 | |
25 | wp_delete_link($link_id); |
26 | } |
27 | |
28 | wp_safe_redirect( wp_get_referer() ); |
29 | exit; |
30 | } |
31 | } elseif ( ! empty($_GET['_wp_http_referer']) ) { |
32 | wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) ); |
33 | exit; |
34 | } |
35 | |
36 | wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]')); |
37 | |
38 | if ( empty($cat_id) ) |
39 | $cat_id = 'all'; |
40 | |
41 | if ( empty($order_by) ) |
42 | $order_by = 'order_name'; |
43 | |
44 | $title = __('Links'); |
45 | $this_file = $parent_file = 'link-manager.php'; | //Arbitrary file disclosing
|
46 | |
47 | add_contextual_help( $current_screen, |
48 | '<p>' . sprintf(__('You can add links here to be displayed on your site, usually using <a href="%s">Widgets</a>. By default, links to several sites in the WordPress community are included as examples.'), 'widgets.php') . '</p>' . |
49 | '<p>' . __('Links may be separated into categories; these are different than the categories used on your posts.') . '</p>' . |
50 | '<p>' . __('You can customize the display of this screen using the Screen Options tab and/or the dropdown filters above the links table.') . '</p>' . |
51 | '<p>' . __('If you delete a link, it will be removed permanently, as Links do not have a Trash function yet.') . '</p>' . |
52 | '<p><strong>' . __('For more information:') . '</strong></p>' . |
53 | '<p>' . __('<a href="http://codex.wordpress.org/Links_Edit_SubPanel" target="_blank">Link Management Documentation</a>') . '</p>' . |
54 | '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>' |
55 | ); |
56 | |
57 | include_once ('./admin-header.php'); |
58 | |
59 | if ( ! current_user_can('manage_links') ) |
60 | wp_die(__("You do not have sufficient permissions to edit the links for this site.")); |
61 | |
62 | switch ($order_by) { |
63 | case 'order_id' : |
64 | $sqlorderby = 'id'; |
65 | break; |
66 | case 'order_url' : |
67 | $sqlorderby = 'url'; |
68 | break; |
69 | case 'order_desc' : |
70 | $sqlorderby = 'description'; |
71 | break; |
72 | case 'order_owner' : |
73 | $sqlorderby = 'owner'; |
74 | break; |
75 | case 'order_rating' : |
76 | $sqlorderby = 'rating'; |
77 | break; |
78 | case 'order_name' : |
79 | default : |
80 | $sqlorderby = 'name'; |
81 | break; |
82 | } ?> |
83 | |
84 | <div class="wrap nosubsub"> |
85 | <?php screen_icon(); ?> |
86 | <h2><?php echo esc_html( $title ); ?> <a href="link-add.php" class="button add-new-h2"><?php echo esc_html_x('Add New', 'link'); ?></a> <?php |
87 | if ( !empty($_GET['s']) ) |
88 | printf( '<span class="subtitle">' . __('Search results for “%s”') . '</span>', esc_html( stripslashes($_GET['s']) ) ); ?> |
89 | </h2> |
90 | |
91 | <?php |
92 | if ( isset($_GET['deleted']) ) { |
93 | echo '<div id="message" class="updated"><p>'; |
94 | $deleted = (int) $_GET['deleted']; |
95 | printf(_n('%s link deleted.', '%s links deleted', $deleted), $deleted); |
96 | echo '</p></div>'; |
97 | $_SERVER['REQUEST_URI'] = remove_query_arg(array('deleted'), $_SERVER['REQUEST_URI']); |
98 | } |
99 | ?> |
100 | |
101 | <form class="search-form" action="" method="get"> |
102 | <p class="search-box"> |
103 | <label class="screen-reader-text" for="link-search-input"><?php _e( 'Search Links' ); ?>:</label> |
104 | <input type="text" id="link-search-input" name="s" value="<?php _admin_search_query(); ?>" /> |
105 | <input type="submit" value="<?php esc_attr_e( 'Search Links' ); ?>" class="button" /> |
106 | </p> |
107 | </form> |
108 | <br class="clear" /> |
109 | |
110 | <form id="posts-filter" action="" method="get"> |
111 | <div class="tablenav"> |
112 | |
113 | <?php |
114 | if ( 'all' == $cat_id ) |
115 | $cat_id = ''; |
116 | $args = array( 'category' => $cat_id, 'hide_invisible' => 0, 'orderby' => $sqlorderby, 'hide_empty' => 0 ); |
117 | if ( ! empty( $_GET['s'] ) ) |
118 | $args['search'] = $_GET['s']; |
119 | $links = get_bookmarks( $args ); |
120 | if ( $links ) { |
121 | ?> |
122 | |
123 | <div class="alignleft actions"> |
124 | <select name="action"> |
125 | <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> |
126 | <option value="delete"><?php _e('Delete'); ?></option> |
127 | </select> |
128 | <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction" id="doaction" class="button-secondary action" /> |
129 | |
130 | <?php |
131 | $categories = get_terms('link_category', array("hide_empty" => 1)); |
132 | $select_cat = "<select name=\"cat_id\">\n"; |
133 | $select_cat .= '<option value="all"' . (($cat_id == 'all') ? " selected='selected'" : '') . '>' . __('View all Categories') . "</option>\n"; |
134 | foreach ((array) $categories as $cat) |
135 | $select_cat .= '<option value="' . esc_attr($cat->term_id) . '"' . (($cat->term_id == $cat_id) ? " selected='selected'" : '') . '>' . sanitize_term_field('name', $cat->name, $cat->term_id, 'link_category', 'display') . "</option>\n"; |
136 | $select_cat .= "</select>\n"; |
137 | |
138 | $select_order = "<select name=\"order_by\">\n"; |
139 | $select_order .= '<option value="order_id"' . (($order_by == 'order_id') ? " selected='selected'" : '') . '>' . __('Order by Link ID') . "</option>\n"; |
140 | $select_order .= '<option value="order_name"' . (($order_by == 'order_name') ? " selected='selected'" : '') . '>' . __('Order by Name') . "</option>\n"; |
141 | $select_order .= '<option value="order_url"' . (($order_by == 'order_url') ? " selected='selected'" : '') . '>' . __('Order by Address') . "</option>\n"; |
142 | $select_order .= '<option value="order_rating"' . (($order_by == 'order_rating') ? " selected='selected'" : '') . '>' . __('Order by Rating') . "</option>\n"; |
143 | $select_order .= "</select>\n"; |
144 | |
145 | echo $select_cat; | //Cross Site Scripting
|
146 | echo $select_order; | //Cross Site Scripting
|
147 | |
148 | ?> |
149 | <input type="submit" id="post-query-submit" value="<?php esc_attr_e('Filter'); ?>" class="button-secondary" /> |
150 | |
151 | </div> |
152 | |
153 | <br class="clear" /> |
154 | </div> |
155 | |
156 | <div class="clear"></div> |
157 | |
158 | <?php |
159 | $link_columns = get_column_headers('link-manager'); |
160 | $hidden = get_hidden_columns('link-manager'); |
161 | ?> |
162 | |
163 | <?php wp_nonce_field('bulk-bookmarks') ?> |
164 | <table class="widefat fixed" cellspacing="0"> |
165 | <thead> |
166 | <tr> |
167 | <?php print_column_headers('link-manager'); ?> |
168 | </tr> |
169 | </thead> |
170 | |
171 | <tfoot> |
172 | <tr> |
173 | <?php print_column_headers('link-manager', false); ?> |
174 | </tr> |
175 | </tfoot> |
176 | |
177 | <tbody> |
178 | <?php |
179 | $alt = 0; |
180 | |
181 | foreach ($links as $link) { |
182 | $link = sanitize_bookmark($link); |
183 | $link->link_name = esc_attr($link->link_name); |
184 | $link->link_category = wp_get_link_cats($link->link_id); |
185 | $short_url = str_replace('http://', '', $link->link_url); |
186 | $short_url = preg_replace('/^www\./i', '', $short_url); |
187 | if ('/' == substr($short_url, -1)) |
188 | $short_url = substr($short_url, 0, -1); |
189 | if (strlen($short_url) > 35) |
190 | $short_url = substr($short_url, 0, 32).'...'; |
191 | $visible = ($link->link_visible == 'Y') ? __('Yes') : __('No'); |
192 | $rating = $link->link_rating; |
193 | $style = ($alt % 2) ? '' : ' class="alternate"'; |
194 | ++ $alt; |
195 | $edit_link = get_edit_bookmark_link(); |
196 | ?><tr id="link-<?php echo $link->link_id; ?>" valign="middle" <?php echo $style; ?>><?php | //Cross Site Scripting
|
197 | foreach($link_columns as $column_name=>$column_display_name) { |
198 | $class = "class=\"column-$column_name\""; |
199 | |
200 | $style = ''; |
201 | if ( in_array($column_name, $hidden) ) |
202 | $style = ' style="display:none;"'; |
203 | |
204 | $attributes = "$class$style"; |
205 | |
206 | switch($column_name) { |
207 | case 'cb': |
208 | echo '<th scope="row" class="check-column"><input type="checkbox" name="linkcheck[]" value="'. esc_attr($link->link_id) .'" /></th>'; |
209 | break; |
210 | case 'name': |
211 | |
212 | echo "<td $attributes><strong><a class='row-title' href='$edit_link' title='" . esc_attr(sprintf(__('Edit “%s”'), $link->link_name)) . "'>$link->link_name</a></strong><br />"; |
213 | $actions = array(); |
214 | $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; |
215 | $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("link.php?action=delete&link_id=$link->link_id", 'delete-bookmark_' . $link->link_id) . "' onclick=\"if ( confirm('" . esc_js(sprintf( __("You are about to delete this link '%s'\n 'Cancel' to stop, 'OK' to delete."), $link->link_name )) . "') ) { return true;}return false;\">" . __('Delete') . "</a>"; |
216 | $action_count = count($actions); |
217 | $i = 0; |
218 | echo '<div class="row-actions">'; |
219 | foreach ( $actions as $action => $linkaction ) { |
220 | ++$i; |
221 | ( $i == $action_count ) ? $sep = '' : $sep = ' | '; |
222 | echo "<span class='$action'>$linkaction$sep</span>"; |
223 | } |
224 | echo '</div>'; |
225 | echo '</td>'; |
226 | break; |
227 | case 'url': |
228 | echo "<td $attributes><a href='$link->link_url' title='".sprintf(__('Visit %s'), $link->link_name)."'>$short_url</a></td>"; |
229 | break; |
230 | case 'categories': |
231 | ?><td <?php echo $attributes ?>><?php |
232 | $cat_names = array(); |
233 | foreach ($link->link_category as $category) { |
234 | $cat = get_term($category, 'link_category', OBJECT, 'display'); |
235 | if ( is_wp_error( $cat ) ) |
236 | echo $cat->get_error_message(); | //Cross Site Scripting
|
237 | $cat_name = $cat->name; |
238 | if ( $cat_id != $category ) |
239 | $cat_name = "<a href='link-manager.php?cat_id=$category'>$cat_name</a>"; |
240 | $cat_names[] = $cat_name; |
241 | } |
242 | echo implode(', ', $cat_names); |
243 | ?></td><?php |
244 | break; |
245 | case 'rel': |
246 | ?><td <?php echo $attributes ?>><?php echo empty($link->link_rel) ? '<br />' : $link->link_rel; ?></td><?php | //Cross Site Scripting
|
247 | break; |
248 | case 'visible': |
249 | ?><td <?php echo $attributes ?>><?php echo $visible; ?></td><?php | //Cross Site Scripting
|
250 | break; |
251 | case 'rating': |
252 | ?><td <?php echo $attributes ?>><?php echo $rating; ?></td><?php | //Cross Site Scripting
|
253 | break; |
254 | default: |
255 | ?> |
256 | <td <?php echo $attributes ?>><?php do_action('manage_link_custom_column', $column_name, $link->link_id); ?></td> | //Cross Site Scripting
|
257 | <?php |
258 | break; |
259 | |
260 | } |
261 | } |
262 | echo "\n </tr>\n"; |
263 | } |
264 | ?> |
265 | </tbody> |
266 | </table> |
267 | |
268 | <div class="tablenav"> |
269 | |
270 | <div class="alignleft actions"> |
271 | <select name="action2"> |
272 | <option value="" selected="selected"><?php _e('Bulk Actions'); ?></option> |
273 | <option value="delete"><?php _e('Delete'); ?></option> |
274 | </select> |
275 | <input type="submit" value="<?php esc_attr_e('Apply'); ?>" name="doaction2" id="doaction2" class="button-secondary action" /> |
276 | </div> |
277 | |
278 | <?php } else { ?> |
279 | <p><?php _e( 'No links found.' ) ?></p> |
280 | <?php } ?> |
281 | |
282 | <br class="clear" /> |
283 | </div> |
284 | |
285 | </form> |
286 | |
287 | <div id="ajax-response"></div> |
288 | |
289 | </div> |
290 | |
291 | <?php |
292 | include('./admin-footer.php'); |
293 | |