Schinckel.net

I couldn’t find a simple explanation of how to do this, so here is one. First, a bit of background. I wanted to be able to delete a comment from a standard post page, without having to a) go to a confirmation page, and b) have to navigate back to the original page afterwards. The following code creates an HTTP request, opens the required page, then fakes the header so it looks like it came from an admin page, before sending the request. When the request is complete, it refreshes the current page, so as to update the display.

1     del = new XMLHttpRequest();
2     del.open("GET","{$siteurl}/wp-admin/post.php?action=deletecomment&comment={comment_ID}");
3     del.setRequestHeader("Referer", "{$siteurl}/wp-admin/post.php");
4     del.send("");
5     document.location.reload();

A better option might be to just hide the deleted comment from view – that would be immediate, and if the user refreshed the page it would reflect reality.

1     document.getElementById('{comment_ID}').style.display='none';

However, if the user was to somehow cause the comment to become visible again, it doesn’t get it’s number back, at least in Firefox. There are a multitude of other ways to handle this case: .style.visibility = 'hidden' hides the object, but leaves the space. You could also delete the object from the whole DOM structure, using:

1     document.getElementById('{comment_ID}').parentNode.deleteChild(document.getElementById('{comment_ID}'));

A bit down the track, I want to fix some things with the way Posts are parsed when they are created or edited using Blogsome. I’m loath to change too much the stuff in the actual edit box: people need to be able to put Raw HTML code in there if they want, and if they don’t, they can use the WYSI-editor. However, the Title field needs to be escaped before being saved to the database. Having an & in the title generates invalid XHTML code. This is basically the same issue as what causes the errors when extended (non-latin) characters are used in the title, and transferred into the post-slug. This should be fairly easy to fix: just a function that looks at this field on posting (and perhaps the post-slug field also, just to check), and replaces any invalid characters with the escaped version. I only thought about this again, as I had two posts with & in their titles in the past week.

Occasionally, people report a particular error when trying to delete posts or comments.

Sorry, you need to enable sending referrers for this feature to work.

I came across this twice in the past week. Once was when I changed my $siteurlvariable, and this disappeared when I returned it to the normal value. The other was when I tried to set up a shortcut to delete a comment from the post page. The original shortcut was: {$siteurl}/wp-admin/post.php?action=confirmdeletecomment&comment;={$comment_ID} Which worked, but loaded a confirmation page. I replaced it with: {$siteurl}/wp-admin/post.php?action=deletecomment&comment;={$comment_ID} And made the confirmation a confirm dialog instead: return confirm("Delete Comment by {$comment_author}?\nThis cannot be undone.");, which is the way it is done in the Edit Comment page (not the Mass Edit though, I don’t think). This is when I received the error page. I think what is happening is that the referrer of the second page must be within the {$siteurl}/wp-admin/ domain for it to be accepted. I wonder if I can fake the referrer, and make it work. This also explains why the error appeared when changing the {$siteurl} variable, since it’s looking for a referrer and obviously getting the wrong one. Knowing this may help me to a fix so that I can change the {$siteurl} variable, and avoid the referrer errors.