Wordpress 2.0.11-scripts

[autoinstalls/wordpress.git] / wp-admin / users.php

diff --git a/wp-admin/users.php b/wp-admin/users.php
index ab555323cfdd23c56ce263314c63dbafe435e482..fcd4fe03e8a0f3da33775ee3324dee947f27e04c 100644 (file)
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -11,10 +11,11 @@ $update = '';
 switch ($action) {
 
 case 'promote':
-       check_admin_referer();
+       check_admin_referer('bulk-users');
 
        if (empty($_POST['users'])) {
-               header('Location: users.php');
+               wp_redirect('users.php');
+               exit();
        }
 
        if ( !current_user_can('edit_users') )
@@ -33,16 +34,18 @@ case 'promote':
                $user->set_role($_POST['new_role']);
        }
                
-       header('Location: users.php?update=' . $update);
+       wp_redirect('users.php?update=' . $update);
+       exit();
 
 break;
 
 case 'dodelete':
 
-       check_admin_referer();
+       check_admin_referer('delete-users');
 
        if ( empty($_POST['users']) ) {
-               header('Location: users.php');
+               wp_redirect('users.php');
+               exit();
        }
 
        if ( !current_user_can('edit_users') )
@@ -66,16 +69,17 @@ case 'dodelete':
                }
        }
 
-       header('Location: users.php?update=' . $update);
-
+       wp_redirect('users.php?update=' . $update);
+       exit();
 break;
 
 case 'delete':
 
-       check_admin_referer();
+       check_admin_referer('bulk-users');
 
-       if (empty($_POST['users'])) {
-               header('Location: users.php');
+       if ( empty($_POST['users']) ) {
+               wp_redirect('users.php');
+               exit();
        }
 
        if ( !current_user_can('edit_users') )
@@ -86,6 +90,7 @@ case 'delete':
        include ('admin-header.php');
 ?>
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
 <div class="wrap">
 <h2><?php _e('Delete Users'); ?></h2>
 <p><?php _e('You have specified these users for deletion:'); ?></p>
@@ -131,13 +136,13 @@ case 'delete':
 break;
 
 case 'adduser':
-       check_admin_referer();
+       check_admin_referer('add-user');
        
        $errors = add_user();
        
-       if(count($errors) == 0) {
-               header('Location: users.php?update=add');
-               die();
+       if ( count($errors) == 0 ) {
+               wp_redirect('users.php?update=add');
+               exit();
        }
 
 default:
@@ -200,12 +205,13 @@ default:
        ?>
        
 <form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
 <div class="wrap">
        <h2><?php _e('User List by Role'); ?></h2>
   <table cellpadding="3" cellspacing="3" width="100%">
        <?php
        foreach($roleclasses as $role => $roleclass) {
-               ksort($roleclass);
+               uksort($roleclass, "strnatcasecmp");
                ?>
 
        <tr>
@@ -280,6 +286,7 @@ $role_select .= '</select>';
 <h2><?php _e('Add New User') ?></h2>
 <?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
 <form action="" method="post" name="adduser" id="adduser">
+  <?php wp_nonce_field('add-user') ?>
   <table class="editform" width="100%" cellspacing="2" cellpadding="5">
     <tr>
       <th scope="row" width="33%"><?php _e('Nickname') ?>