X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/53f4633144ed68c8b8fb5861f992b5489894a940..3d39054f012aefe514b3f5509e32f09fc4feda44:/wp-admin/user-edit.php

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 6143514f..aa6ed7f5 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -55,28 +55,12 @@ get_current_screen()->set_help_sidebar(
     '<p>' . __('<a href="https://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
 );
 
-$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer );
+$wp_http_referer = remove_query_arg( array( 'update', 'delete_count', 'user_id' ), $wp_http_referer );
 
 $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' );
 
 /**
- * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
- *
- * @since 2.7.0
- *
- * @param object $user User data object
- */
-function use_ssl_preference($user) {
-?>
-	<tr class="user-use-ssl-wrap">
-		<th scope="row"><?php _e('Use https')?></th>
-		<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
-	</tr>
-<?php
-}
-
-/**
- * Filter whether to allow administrators on Multisite to edit every user.
+ * Filters whether to allow administrators on Multisite to edit every user.
  *
  * Enabling the user editing form via this filter also hinges on the user holding
  * the 'manage_network_users' cap, and the logged-in user not matching the user
@@ -93,25 +77,29 @@ if ( is_multisite()
 	&& $user_id != $current_user->ID
 	&& ! apply_filters( 'enable_edit_any_user_configuration', true )
 ) {
-	wp_die( __( 'You do not have permission to edit this user.' ) );
+	wp_die( __( 'Sorry, you are not allowed to edit this user.' ) );
 }
 
 // Execute confirmed email change. See send_confirmation_on_profile_email().
 if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
-	$new_email = get_option( $current_user->ID . '_new_email' );
-	if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
+	$new_email = get_user_meta( $current_user->ID, '_new_email', true );
+	if ( $new_email && hash_equals( $new_email[ 'hash' ], $_GET[ 'newuseremail' ] ) ) {
 		$user = new stdClass;
 		$user->ID = $current_user->ID;
 		$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
-		if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
+		if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) {
 			$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
+		}
 		wp_update_user( $user );
-		delete_option( $current_user->ID . '_new_email' );
-		wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
+		delete_user_meta( $current_user->ID, '_new_email' );
+		wp_redirect( add_query_arg( array( 'updated' => 'true' ), self_admin_url( 'profile.php' ) ) );
 		die();
+	} else {
+		wp_redirect( add_query_arg( array( 'error' => 'new-email' ), self_admin_url( 'profile.php' ) ) );
 	}
-} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
-	delete_option( $current_user->ID . '_new_email' );
+} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' === $_GET['dismiss'] ) {
+	check_admin_referer( 'dismiss-' . $current_user->ID . '_new_email' );
+	delete_user_meta( $current_user->ID, '_new_email' );
 	wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
 	die();
 }
@@ -122,7 +110,7 @@ case 'update':
 check_admin_referer('update-user_' . $user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-	wp_die(__('You do not have permission to edit this user.'));
+	wp_die(__('Sorry, you are not allowed to edit this user.'));
 
 if ( IS_PROFILE_PAGE ) {
 	/**
@@ -175,7 +163,7 @@ default:
 $profileuser = get_user_to_edit($user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-	wp_die(__('You do not have permission to edit this user.'));
+	wp_die(__('Sorry, you are not allowed to edit this user.'));
 
 $sessions = WP_Session_Tokens::get_instance( $profileuser->ID );
 
@@ -192,11 +180,18 @@ include(ABSPATH . 'wp-admin/admin-header.php');
 	<?php else: ?>
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php endif; ?>
-	<?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
+	<?php if ( $wp_http_referer && false === strpos( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) : ?>
 	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e('&larr; Back to Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
+<?php if ( isset( $_GET['error'] ) ) : ?>
+<div class="notice notice-error">
+	<?php if ( 'new-email' == $_GET['error'] ) : ?>
+	<p><?php _e( 'Error while saving the new email address. Please try again.' ); ?></p>
+	<?php endif; ?>
+</div>
+<?php endif; ?>
 <?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
 <div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
 <?php endif; ?>
@@ -230,7 +225,7 @@ if ( ! IS_PROFILE_PAGE ) {
 <input type="hidden" name="checkuser_id" value="<?php echo get_current_user_id(); ?>" />
 </p>
 
-<h3><?php _e('Personal Options'); ?></h3>
+<h2><?php _e( 'Personal Options' ); ?></h2>
 
 <table class="form-table">
 <?php if ( ! ( IS_PROFILE_PAGE && ! $user_can_edit ) ) : ?>
@@ -301,7 +296,7 @@ do_action( 'personal_options', $profileuser );
 	}
 ?>
 
-<h3><?php _e('Name') ?></h3>
+<h2><?php _e( 'Name' ); ?></h2>
 
 <table class="form-table">
 	<tr class="user-user-login-wrap">
@@ -392,22 +387,28 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
 </tr>
 </table>
 
-<h3><?php _e('Contact Info') ?></h3>
+<h2><?php _e( 'Contact Info' ); ?></h2>
 
 <table class="form-table">
 <tr class="user-email-wrap">
-	<th><label for="email"><?php _e('E-mail'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
+	<th><label for="email"><?php _e('Email'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
 	<td><input type="email" name="email" id="email" value="<?php echo esc_attr( $profileuser->user_email ) ?>" class="regular-text ltr" />
 	<?php
-	$new_email = get_option( $current_user->ID . '_new_email' );
+	$new_email = get_user_meta( $current_user->ID, '_new_email', true );
 	if ( $new_email && $new_email['newemail'] != $current_user->user_email && $profileuser->ID == $current_user->ID ) : ?>
 	<div class="updated inline">
 	<p><?php
 		printf(
-			__( 'There is a pending change of your e-mail to %1$s. <a href="%2$s">Cancel</a>' ),
-			'<code>' . $new_email['newemail'] . '</code>',
-			esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) )
-	); ?></p>
+			/* translators: %s: new email */
+			__( 'There is a pending change of your email to %s.' ),
+			'<code>' . esc_html( $new_email['newemail'] ) . '</code>'
+		);
+		printf(
+			' <a href="%1$s">%2$s</a>',
+			esc_url( wp_nonce_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ), 'dismiss-' . $current_user->ID . '_new_email' ) ),
+			__( 'Cancel' )
+		);
+	?></p>
 	</div>
 	<?php endif; ?>
 	</td>
@@ -425,7 +426,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
 	<th><label for="<?php echo $name; ?>">
 		<?php
 		/**
-		 * Filter a user contactmethod label.
+		 * Filters a user contactmethod label.
 		 *
 		 * The dynamic portion of the filter hook, `$name`, refers to
 		 * each of the keys in the contactmethods array.
@@ -444,7 +445,7 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
 ?>
 </table>
 
-<h3><?php IS_PROFILE_PAGE ? _e('About Yourself') : _e('About the user'); ?></h3>
+<h2><?php IS_PROFILE_PAGE ? _e( 'About Yourself' ) : _e( 'About the user' ); ?></h2>
 
 <table class="form-table">
 <tr class="user-description-wrap">
@@ -453,14 +454,50 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c
 	<p class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></p></td>
 </tr>
 
+<?php if ( get_option( 'show_avatars' ) ) : ?>
+<tr class="user-profile-picture">
+	<th><?php _e( 'Profile Picture' ); ?></th>
+	<td>
+		<?php echo get_avatar( $user_id ); ?>
+		<p class="description"><?php
+			if ( IS_PROFILE_PAGE ) {
+				/* translators: %s: Gravatar URL */
+				$description = sprintf( __( 'You can change your profile picture on <a href="%s">Gravatar</a>.' ),
+					__( 'https://en.gravatar.com/' )
+				);
+			} else {
+				$description = '';
+			}
+
+			/**
+			 * Filters the user profile picture description displayed under the Gravatar.
+			 *
+			 * @since 4.4.0
+			 *
+			 * @param string $description The description that will be printed.
+			 */
+			echo apply_filters( 'user_profile_picture_description', $description );
+		?></p>
+	</td>
+</tr>
+<?php endif; ?>
+
 <?php
-/** This filter is documented in wp-admin/user-new.php */
-$show_password_fields = apply_filters( 'show_password_fields', true, $profileuser );
-if ( $show_password_fields ) :
+/**
+ * Filters the display of the password fields.
+ *
+ * @since 1.5.1
+ * @since 2.8.0 Added the `$profileuser` parameter.
+ * @since 4.4.0 Now evaluated only in user-edit.php.
+ *
+ * @param bool    $show        Whether to show the password fields. Default true.
+ * @param WP_User $profileuser User object for the current user to edit.
+ */
+if ( $show_password_fields = apply_filters( 'show_password_fields', true, $profileuser ) ) :
 ?>
 </table>
 
-<h3><?php _e('Account Management'); ?></h3>
+<h2><?php _e( 'Account Management' ); ?></h2>
 <table class="form-table">
 <tr id="password" class="user-pass1-wrap">
 	<th><label for="pass1"><?php _e( 'New Password' ); ?></label></th>
@@ -494,7 +531,7 @@ if ( $show_password_fields ) :
 	<td>
 		<label>
 			<input type="checkbox" name="pw_weak" class="pw-checkbox" />
-			<?php _e( 'Confirm use of weak password' ); ?>
+			<span id="pw-weak-text-label"><?php _e( 'Confirm use of potentially weak password' ); ?></span>
 		</label>
 	</td>
 </tr>
@@ -564,11 +601,11 @@ if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
 
 <?php
 /**
- * Filter whether to display additional capabilities for the user.
+ * Filters whether to display additional capabilities for the user.
  *
  * The 'Additional Capabilities' section will only be enabled if
  * the number of the user's capabilities exceeds their number of
- * of roles.
+ * roles.
  *
  * @since 2.8.0
  *
@@ -578,7 +615,7 @@ if ( IS_PROFILE_PAGE && count( $sessions->get_all() ) === 1 ) : ?>
 if ( count( $profileuser->caps ) > count( $profileuser->roles )
 	&& apply_filters( 'additional_capabilities_display', true, $profileuser )
 ) : ?>
-<h3><?php _e( 'Additional Capabilities' ); ?></h3>
+<h2><?php _e( 'Additional Capabilities' ); ?></h2>
 <table class="form-table">
 <tr class="user-capabilities-wrap">
 	<th scope="row"><?php _e( 'Capabilities' ); ?></th>