X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/03f2fa83c13c1b532284205fa7efcab9b8b2c41f..refs/tags/wordpress-4.5:/wp-admin/user-edit.php diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 88d4657b..04c19fb4 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -55,7 +55,7 @@ get_current_screen()->set_help_sidebar( '

' . __('Support Forums') . '

' ); -$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer ); +$wp_http_referer = remove_query_arg( array( 'update', 'delete_count', 'user_id' ), $wp_http_referer ); $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' ); @@ -82,20 +82,24 @@ if ( is_multisite() // Execute confirmed email change. See send_confirmation_on_profile_email(). if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { - $new_email = get_option( $current_user->ID . '_new_email' ); - if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { + $new_email = get_user_meta( $current_user->ID, '_new_email', true ); + if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) { $user = new stdClass; $user->ID = $current_user->ID; $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); - if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) + if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) { $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) ); + } wp_update_user( $user ); - delete_option( $current_user->ID . '_new_email' ); - wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); + delete_user_meta( $current_user->ID, '_new_email' ); + wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) ); die(); + } else { + wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) ); } -} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) { - delete_option( $current_user->ID . '_new_email' ); +} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) { + check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' ); + delete_user_meta( $current_user->ID, '_new_email' ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); die(); } @@ -176,11 +180,18 @@ include(ABSPATH . 'wp-admin/admin-header.php');

- +

+ +
+ +

+ +
+

\n

", $errors->get_error_messages() ); ?>

@@ -383,15 +394,21 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c ID . '_new_email' ); + $new_email = get_user_meta( $current_user->ID, '_new_email', true ); if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>

Cancel' ), - '' . $new_email['newemail'] . '', - esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) - ); ?>

+ /* translators: %s: new email */ + __( 'There is a pending change of your email to %s.' ), + '' . esc_html( $new_email['newemail'] ) . '' + ); + printf( + ' %2$s', + esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ), + __( 'Cancel' ) + ); + ?>