*/
/** WordPress Administration Bootstrap */
-require_once('./admin.php');
+require_once( dirname( __FILE__ ) . '/admin.php' );
if ( is_multisite() ) {
if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) )
if ( is_multisite() ) {
function admin_created_user_email( $text ) {
+ $roles = get_editable_roles();
+ $role = $roles[ $_REQUEST['role'] ];
/* translators: 1: Site name, 2: site URL, 3: role */
return sprintf( __( 'Hi,
You\'ve been invited to join \'%1$s\' at
this email. This invitation will expire in a few days.
Please click the following link to activate your user account:
-%%s' ), get_bloginfo('name'), home_url(), esc_html( $_REQUEST[ 'role' ] ) );
+%%s' ), get_bloginfo( 'name' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ) );
}
add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' );
} else {
$newuser_key = substr( md5( $user_id ), 0, 5 );
add_option( 'new_user_' . $newuser_key, array( 'user_id' => $user_id, 'email' => $user_details->user_email, 'role' => $_REQUEST[ 'role' ] ) );
+
+ $roles = get_editable_roles();
+ $role = $roles[ $_REQUEST['role'] ];
/* translators: 1: Site name, 2: site URL, 3: role, 4: activation URL */
$message = __( 'Hi,
Please click the following link to confirm the invite:
%4$s' );
- wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), get_option( 'blogname' ) ), sprintf($message, get_option('blogname'), home_url(), $_REQUEST[ 'role' ], home_url("/newbloguser/$newuser_key/")));
+ wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), get_option( 'blogname' ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) );
$redirect = add_query_arg( array('update' => 'add'), 'user-new.php' );
}
}
die();
}
} else {
- // Adding a new user to this blog
+ // Adding a new user to this site
$user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] );
- unset( $user_details[ 'errors' ]->errors[ 'user_email_used' ] );
if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) {
$add_user_errors = $user_details[ 'errors' ];
} else {
- $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
+ /**
+ * Filter the user_login, aka the username, before it is added to the site.
+ *
+ * @since 3.0.0
+ *
+ * @param string $_REQUEST['user_login'] The sanitized username.
+ */
+ $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
}
wpmu_activate_signup( $key );
$redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
} else {
- $redirect = add_query_arg( array('update' => 'newuserconfimation'), 'user-new.php' );
+ $redirect = add_query_arg( array('update' => 'newuserconfirmation'), 'user-new.php' );
}
wp_redirect( $redirect );
die();
wp_enqueue_script('wp-ajax-response');
wp_enqueue_script('user-profile');
+/**
+ * Allows you to enable user auto-complete for non-super admins in multisite.
+ *
+ * @since 3.4.0
+ *
+ * @param bool True or false, based on if you enable auto-complete for non-super admins. Default is false.
+ */
if ( is_multisite() && current_user_can( 'promote_users' ) && ! wp_is_large_network( 'users' )
&& ( is_super_admin() || apply_filters( 'autocomplete_users_for_site_admins', false ) )
) {
wp_enqueue_script( 'user-suggest' );
}
-require_once( 'admin-header.php' );
+require_once( ABSPATH . 'wp-admin/admin-header.php' );
if ( isset($_GET['update']) ) {
$messages = array();
if ( is_multisite() ) {
switch ( $_GET['update'] ) {
- case "newuserconfimation":
+ case "newuserconfirmation":
$messages[] = __('Invitation email sent to new user. A confirmation link must be clicked before their account is created.');
break;
case "add":
case "does_not_exist":
$messages[] = __('The requested user does not exist.');
break;
- case "does_not_exist":
+ case "enter_email":
$messages[] = __('Please enter a valid email address.');
break;
}
$label = __('E-mail or Username');
}
?>
-<form action="" method="post" name="adduser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
+<?php
+/**
+ * Fires inside the adduser form tag.
+ *
+ * @since 3.0.0
+ */
+?>
+<form action="" method="post" name="adduser" id="adduser" class="validate"<?php do_action('user_new_form_tag');?>>
<input name="action" type="hidden" value="adduser" />
<?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?>
</tr>
<?php } ?>
</table>
+<?php
+/**
+ * Fires at the end of the new user form.
+ *
+ * Passes a contextual string to make both types of new user forms
+ * uniquely targetable. Contexts are 'add-existing-user' (Multisite),
+ * and 'add-new-user' (single site and network admin).
+ *
+ * @since 3.7.0
+ *
+ * @param string A contextual string specifying which type of new user form the hook follows.
+ */
+do_action( 'user_new_form', 'add-existing-user' );
+?>
<?php submit_button( __( 'Add Existing User '), 'primary', 'adduser', true, array( 'id' => 'addusersub' ) ); ?>
</form>
<?php
if ( $do_both )
echo '<h3 id="create-new-user">' . __( 'Add New User' ) . '</h3>';
?>
-<p><?php _e('Create a brand new user and add it to this site.'); ?></p>
-<form action="" method="post" name="createuser" id="createuser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
+<p><?php _e('Create a brand new user and add them to this site.'); ?></p>
+<?php
+/** This action is documented in wp-admin/user-new.php */
+?>
+<form action="" method="post" name="createuser" id="createuser" class="validate"<?php do_action('user_new_form_tag');?>>
<input name="action" type="hidden" value="createuser" />
-<?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ) ?>
+<?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ); ?>
<?php
// Load up the passed data, else set to a default.
foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname',
$var = "new_user_$var";
if( isset( $_POST['createuser'] ) ) {
if ( ! isset($$var) )
- $$var = isset( $_POST[$post_field] ) ? stripslashes( $_POST[$post_field] ) : '';
+ $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : '';
} else {
$$var = false;
}
<th scope="row"><label for="url"><?php _e('Website') ?></label></th>
<td><input name="url" type="text" id="url" class="code" value="<?php echo esc_attr($new_user_uri); ?>" /></td>
</tr>
-<?php if ( apply_filters('show_password_fields', true) ) : ?>
+<?php
+/**
+ * Filter the display of the password fields.
+ *
+ * @since 1.5.1
+ *
+ * @param bool True or false, based on if you want to show the password fields. Default is true.
+ */
+if ( apply_filters( 'show_password_fields', true ) ) : ?>
+ <tr class="form-field form-required">
+ <th scope="row"><label for="pass1"><?php _e('Password'); ?> <span class="description"><?php /* translators: password input field */_e('(required)'); ?></span></label></th>
+ <td>
+ <input class="hidden" value=" " /><!-- #24364 workaround -->
+ <input name="pass1" type="password" id="pass1" autocomplete="off" />
+ </td>
+ </tr>
<tr class="form-field form-required">
- <th scope="row"><label for="pass1"><?php _e('Password'); ?> <span class="description"><?php /* translators: password input field */_e('(twice, required)'); ?></span></label></th>
- <td><input name="pass1" type="password" id="pass1" autocomplete="off" />
- <br />
+ <th scope="row"><label for="pass2"><?php _e('Repeat Password'); ?> <span class="description"><?php /* translators: password input field */_e('(required)'); ?></span></label></th>
+ <td>
<input name="pass2" type="password" id="pass2" autocomplete="off" />
<br />
<div id="pass-strength-result"><?php _e('Strength indicator'); ?></div>
<?php } ?>
</table>
+<?php
+/** This action is documented in wp-admin/user-new.php */
+do_action( 'user_new_form', 'add-new-user' );
+?>
+
<?php submit_button( __( 'Add New User '), 'primary', 'createuser', true, array( 'id' => 'createusersub' ) ); ?>
</form>
<?php } // current_user_can('create_users') ?>
</div>
<?php
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php' );