X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/0f29eadd474473203a1182f52af1aa82721cecbd..312084b5d95c21feb519ff03decf948420e1f6fa:/wp-admin/users.php diff --git a/wp-admin/users.php b/wp-admin/users.php index fcd4fe03..d11ee53d 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -1,40 +1,73 @@ '; +} elseif ( isset($_REQUEST['wp_http_referer']) ) { + $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); + $referer = ''; +} else { + $redirect = 'users.php'; + $referer = ''; +} + +switch ($doaction) { +/* Bulk Dropdown menu Role changes */ case 'promote': check_admin_referer('bulk-users'); - if (empty($_POST['users'])) { - wp_redirect('users.php'); + if (empty($_REQUEST['users'])) { + wp_redirect($redirect); exit(); } - if ( !current_user_can('edit_users') ) - die(__('You can’t edit users.')); + $editable_roles = get_editable_roles(); + if (!$editable_roles[$_REQUEST['new_role']]) + wp_die(__('You can’t give users that role.')); - $userids = $_POST['users']; + $userids = $_REQUEST['users']; $update = 'promote'; - foreach($userids as $id) { + foreach($userids as $id) { + if ( ! current_user_can('edit_user', $id) ) + wp_die(__('You can’t edit that user.')); // The new role of the current user must also have edit_users caps - if($id == $current_user->id && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { + if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) { $update = 'err_admin_role'; continue; } - $user = new WP_User($id); - $user->set_role($_POST['new_role']); - } - - wp_redirect('users.php?update=' . $update); + $user = new WP_User($id); + $user->set_role($_REQUEST['new_role']); + } + + wp_redirect(add_query_arg('update', $update, $redirect)); exit(); break; @@ -43,89 +76,101 @@ case 'dodelete': check_admin_referer('delete-users'); - if ( empty($_POST['users']) ) { - wp_redirect('users.php'); + if ( empty($_REQUEST['users']) ) { + wp_redirect($redirect); exit(); } - if ( !current_user_can('edit_users') ) - die(__('You can’t delete users.')); + if ( !current_user_can('delete_users') ) + wp_die(__('You can’t delete users.')); - $userids = $_POST['users']; - + $userids = $_REQUEST['users']; $update = 'del'; - foreach ($userids as $id) { - if($id == $current_user->id) { + $delete_count = 0; + + foreach ( (array) $userids as $id) { + if ( ! current_user_can('delete_user', $id) ) + wp_die(__('You can’t delete that user.')); + + if($id == $current_user->ID) { $update = 'err_admin_del'; continue; } - switch($_POST['delete_option']) { + switch($_REQUEST['delete_option']) { case 'delete': wp_delete_user($id); break; case 'reassign': - wp_delete_user($id, $_POST['reassign_user']); + wp_delete_user($id, $_REQUEST['reassign_user']); break; } + ++$delete_count; } - wp_redirect('users.php?update=' . $update); + $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect); + wp_redirect($redirect); exit(); + break; case 'delete': check_admin_referer('bulk-users'); - if ( empty($_POST['users']) ) { - wp_redirect('users.php'); + if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { + wp_redirect($redirect); exit(); } - if ( !current_user_can('edit_users') ) - $error['edit_users'] = __('You can’t delete users.'); + if ( !current_user_can('delete_users') ) + $errors = new WP_Error('edit_users', __('You can’t delete users.')); - $userids = $_POST['users']; + if ( empty($_REQUEST['users']) ) + $userids = array(intval($_REQUEST['user'])); + else + $userids = $_REQUEST['users']; include ('admin-header.php'); ?>
+ + + +
- | -- |
---|---|
- | - |
- | - |
- | - |
- | - |
- |
- - |
-
---|
- -
-