X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/3e7fab96d7874067884348df10bbdcdefa4a89ad..312084b5d95c21feb519ff03decf948420e1f6fa:/wp-admin/users.php diff --git a/wp-admin/users.php b/wp-admin/users.php index 7797b2ce..d11ee53d 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -1,5 +1,15 @@ '; -} elseif ( isset($_POST['wp_http_referer']) ) { - $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_POST['wp_http_referer'])); - $referer = ''; -} else { - $redirect = 'users.php'; +if ( empty($doaction) ) { + if ( isset($_GET['changeit']) && !empty($_GET['new_role']) ) + $doaction = 'promote'; } - -// WP_User_Search class -// by Mark Jaquith - - -class WP_User_Search { - var $results; - var $search_term; - var $page; - var $raw_page; - var $users_per_page = 50; - var $first_user; - var $last_user; - var $query_limit; - var $query_from_where; - var $total_users_for_query = 0; - var $too_many_total_users = false; - var $search_errors; - - function WP_User_Search ($search_term = '', $page = '') { // constructor - $this->search_term = $search_term; - $this->raw_page = ( '' == $page ) ? false : (int) $page; - $this->page = (int) ( '' == $page ) ? 1 : $page; - - $this->prepare_query(); - $this->query(); - $this->prepare_vars_for_template_usage(); - $this->do_paging(); - } - - function prepare_query() { - global $wpdb; - $this->first_user = ($this->page - 1) * $this->users_per_page; - $this->query_limit = 'LIMIT ' . $this->first_user . ',' . $this->users_per_page; - if ( $this->search_term ) { - $searches = array(); - $search_sql = 'AND ('; - foreach ( array('user_login', 'user_nicename', 'user_email', 'user_url', 'display_name') as $col ) - $searches[] = $col . " LIKE '%$this->search_term%'"; - $search_sql .= implode(' OR ', $searches); - $search_sql .= ')'; - } - $this->query_from_where = "FROM $wpdb->users WHERE 1=1 $search_sql"; - - } - - function query() { - global $wpdb; - $this->results = $wpdb->get_col('SELECT ID ' . $this->query_from_where . $this->query_limit); - - if ( $this->results ) - $this->total_users_for_query = $wpdb->get_var('SELECT COUNT(ID) ' . $this->query_from_where); // no limit - else - $this->search_errors = new WP_Error('no_matching_users_found', __('No matching users were found!')); - } - - function prepare_vars_for_template_usage() { - $this->search_term = stripslashes($this->search_term); // done with DB, from now on we want slashes gone - } - - function do_paging() { - if ( $this->total_users_for_query > $this->users_per_page ) { // have to page the results - $this->paging_text = paginate_links( array( - 'total' => ceil($this->total_users_for_query / $this->users_per_page), - 'current' => $this->page, - 'prev_text' => __('« Previous Page'), - 'next_text' => __('Next Page »'), - 'base' => 'users.php?%_%', - 'format' => 'userspage=%#%', - 'add_args' => array( 'usersearch' => urlencode($this->search_term) ) - ) ); - } - } - - function get_results() { - return (array) $this->results; - } - - function page_links() { - echo $this->paging_text; - } - - function results_are_paged() { - if ( $this->paging_text ) - return true; - return false; - } - - function is_search() { - if ( $this->search_term ) - return true; - return false; - } +if ( empty($_REQUEST) ) { + $referer = ''; +} elseif ( isset($_REQUEST['wp_http_referer']) ) { + $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), stripslashes($_REQUEST['wp_http_referer'])); + $referer = ''; +} else { + $redirect = 'users.php'; + $referer = ''; } +switch ($doaction) { -switch ($action) { - +/* Bulk Dropdown menu Role changes */ case 'promote': check_admin_referer('bulk-users'); - if (empty($_POST['users'])) { + if (empty($_REQUEST['users'])) { wp_redirect($redirect); exit(); } - if ( !current_user_can('edit_users') ) - wp_die(__('You can’t edit users.')); + $editable_roles = get_editable_roles(); + if (!$editable_roles[$_REQUEST['new_role']]) + wp_die(__('You can’t give users that role.')); - $userids = $_POST['users']; + $userids = $_REQUEST['users']; $update = 'promote'; foreach($userids as $id) { if ( ! current_user_can('edit_user', $id) ) wp_die(__('You can’t edit that user.')); // The new role of the current user must also have edit_users caps - if($id == $current_user->ID && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) { + if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) { $update = 'err_admin_role'; continue; } $user = new WP_User($id); - $user->set_role($_POST['new_role']); + $user->set_role($_REQUEST['new_role']); } wp_redirect(add_query_arg('update', $update, $redirect)); @@ -153,7 +76,7 @@ case 'dodelete': check_admin_referer('delete-users'); - if ( empty($_POST['users']) ) { + if ( empty($_REQUEST['users']) ) { wp_redirect($redirect); exit(); } @@ -161,7 +84,7 @@ case 'dodelete': if ( !current_user_can('delete_users') ) wp_die(__('You can’t delete users.')); - $userids = $_POST['users']; + $userids = $_REQUEST['users']; $update = 'del'; $delete_count = 0; @@ -173,12 +96,12 @@ case 'dodelete': $update = 'err_admin_del'; continue; } - switch($_POST['delete_option']) { + switch($_REQUEST['delete_option']) { case 'delete': wp_delete_user($id); break; case 'reassign': - wp_delete_user($id, $_POST['reassign_user']); + wp_delete_user($id, $_REQUEST['reassign_user']); break; } ++$delete_count; @@ -194,7 +117,7 @@ case 'delete': check_admin_referer('bulk-users'); - if ( empty($_POST['users']) ) { + if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { wp_redirect($redirect); exit(); } @@ -202,25 +125,31 @@ case 'delete': if ( !current_user_can('delete_users') ) $errors = new WP_Error('edit_users', __('You can’t delete users.')); - $userids = $_POST['users']; + if ( empty($_REQUEST['users']) ) + $userids = array(intval($_REQUEST['user'])); + else + $userids = $_REQUEST['users']; include ('admin-header.php'); ?>