switch ($action) {
case 'promote':
- check_admin_referer();
+ check_admin_referer('bulk-users');
if (empty($_POST['users'])) {
- header('Location: users.php');
+ wp_redirect('users.php');
+ exit();
}
if ( !current_user_can('edit_users') )
$user->set_role($_POST['new_role']);
}
- header('Location: users.php?update=' . $update);
+ wp_redirect('users.php?update=' . $update);
+ exit();
break;
case 'dodelete':
- check_admin_referer();
+ check_admin_referer('delete-users');
if ( empty($_POST['users']) ) {
- header('Location: users.php');
+ wp_redirect('users.php');
+ exit();
}
if ( !current_user_can('edit_users') )
}
}
- header('Location: users.php?update=' . $update);
-
+ wp_redirect('users.php?update=' . $update);
+ exit();
break;
case 'delete':
- check_admin_referer();
+ check_admin_referer('bulk-users');
- if (empty($_POST['users'])) {
- header('Location: users.php');
+ if ( empty($_POST['users']) ) {
+ wp_redirect('users.php');
+ exit();
}
if ( !current_user_can('edit_users') )
include ('admin-header.php');
?>
<form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('delete-users') ?>
<div class="wrap">
<h2><?php _e('Delete Users'); ?></h2>
<p><?php _e('You have specified these users for deletion:'); ?></p>
break;
case 'adduser':
- check_admin_referer();
+ check_admin_referer('add-user');
$errors = add_user();
- if(count($errors) == 0) {
- header('Location: users.php?update=add');
- die();
+ if ( count($errors) == 0 ) {
+ wp_redirect('users.php?update=add');
+ exit();
}
default:
?>
<form action="" method="post" name="updateusers" id="updateusers">
+<?php wp_nonce_field('bulk-users') ?>
<div class="wrap">
<h2><?php _e('User List by Role'); ?></h2>
<table cellpadding="3" cellspacing="3" width="100%">
<?php
foreach($roleclasses as $role => $roleclass) {
- ksort($roleclass);
+ uksort($roleclass, "strnatcasecmp");
?>
<tr>
<h2><?php _e('Add New User') ?></h2>
<?php echo '<p>'.sprintf(__('Users can <a href="%1$s">register themselves</a> or you can manually create users here.'), get_settings('siteurl').'/wp-register.php').'</p>'; ?>
<form action="" method="post" name="adduser" id="adduser">
+ <?php wp_nonce_field('add-user') ?>
<table class="editform" width="100%" cellspacing="2" cellpadding="5">
<tr>
<th scope="row" width="33%"><?php _e('Nickname') ?>