}
}
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+ die(__('Invalid user ID.'));
+
switch ($action) {
case 'switchposts':
case 'update':
-check_admin_referer();
+check_admin_referer('update-user_' . $user_id);
$errors = array();
if (!current_user_can('edit_users'))
- $errors['head'] = __('You do not have permission to edit this user.');
+ die(__('You do not have permission to edit this user.'));
else
$errors = edit_user($user_id);
if(count($errors) == 0) {
- header("Location: user-edit.php?user_id=$user_id&updated=true");
+ wp_redirect("user-edit.php?user_id=$user_id&updated=true");
exit;
}
default:
include ('admin-header.php');
-$profileuser = new WP_User($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users'))
+ die__('You do not have permission to edit this user.');
-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
?>
<?php if ( isset($_GET['updated']) ) : ?>
<h2><?php _e('Edit User'); ?></h2>
<form name="profile" id="your-profile" action="user-edit.php" method="post">
+<?php wp_nonce_field('update-user_' . $user_id) ?>
<p>
<input type="hidden" name="from" value="profile" />
<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
<p><label><?php _e('Nickname:') ?><br />
<input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
-</p><label><?php _e('Display name publicly as:') ?> <br />
+<p><label><?php _e('Display name publicly as:') ?> <br />
<select name="display_name">
<option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
<option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>