X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/699231ae09f7057a4d0000cdf32e50a3df6a04ca..0278c4b31e94c74bb5da5832653ad26e14a7b275:/wp-admin/user-edit.php

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 414dfb3f..cf3efd41 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -24,14 +24,17 @@ elseif ( ! get_userdata( $user_id ) )
 	wp_die( __('Invalid user ID.') );
 
 wp_enqueue_script('user-profile');
-wp_enqueue_script('password-strength-meter');
 
 $title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
 if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
 	$submenu_file = 'users.php';
 else
 	$submenu_file = 'profile.php';
-$parent_file = 'users.php';
+
+if ( current_user_can('edit_users') && !is_user_admin() )
+	$parent_file = 'users.php';
+else
+	$parent_file = 'profile.php';
 
 // contextual help - choose Help on the top right of admin panel to preview this.
 add_contextual_help($current_screen,
@@ -84,24 +87,16 @@ if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $c
 			$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
 		wp_update_user( get_object_vars( $user ) );
 		delete_option( $current_user->ID . '_new_email' );
-		wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
+		wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
 		die();
 	}
 } elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
 	delete_option( $current_user->ID . '_new_email' );
-	wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
+	wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) );
 	die();
 }
 
 switch ($action) {
-case 'switchposts':
-
-check_admin_referer();
-
-/* TODO: Switch all posts from one user to another user */
-
-break;
-
 case 'update':
 
 check_admin_referer('update-user_' . $user_id);
@@ -128,7 +123,7 @@ if ( !is_multisite() ) {
 	$blog_prefix = $wpdb->get_blog_prefix();
 	if ( $user_id != $current_user->ID ) {
 		$cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
-		if ( null == $cap && $_POST[ 'role' ] == '' ) {
+		if ( !is_network_admin() && null == $cap && $_POST[ 'role' ] == '' ) {
 			$_POST[ 'role' ] = 'contributor';
 			$delete_role = true;
 		}
@@ -138,13 +133,14 @@ if ( !is_multisite() ) {
 	if ( $delete_role ) // stops users being added to current blog when they are edited
 		delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
 
-	if ( is_multisite() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
+	if ( is_multisite() && is_network_admin() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
 		empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
 }
 
 if ( !is_wp_error( $errors ) ) {
 	$redirect = (IS_PROFILE_PAGE ? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
-	$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
+	if ( $wp_http_referer )
+		$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
 	wp_redirect($redirect);
 	exit;
 }
@@ -155,7 +151,7 @@ $profileuser = get_user_to_edit($user_id);
 if ( !current_user_can('edit_user', $user_id) )
 	wp_die(__('You do not have permission to edit this user.'));
 
-include ('admin-header.php');
+include (ABSPATH . 'wp-admin/admin-header.php');
 ?>
 
 <?php if ( !IS_PROFILE_PAGE && is_super_admin( $profileuser->ID ) && current_user_can( 'manage_network_options' ) ) { ?>
@@ -165,7 +161,7 @@ include ('admin-header.php');
 <div id="message" class="updated">
 	<p><strong><?php _e('User updated.') ?></strong></p>
 	<?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
-	<p><a href="users.php"><?php _e('&larr; Back to Authors and Users'); ?></a></p>
+	<p><a href="<?php echo esc_url( $wp_http_referer ); ?>"><?php _e('&larr; Back to Authors and Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
@@ -177,7 +173,7 @@ include ('admin-header.php');
 <?php screen_icon(); ?>
 <h2><?php echo esc_html( $title ); ?></h2>
 
-<form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
+<form id="your-profile" action="<?php echo esc_url( self_admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
 <?php wp_nonce_field('update-user_' . $user_id) ?>
 <?php if ( $wp_http_referer ) : ?>
 	<input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />
@@ -206,12 +202,21 @@ endif; // $_wp_admin_css_colors
 if ( !( IS_PROFILE_PAGE && !$user_can_edit ) ) : ?>
 <tr>
 <th scope="row"><?php _e( 'Keyboard Shortcuts' ); ?></th>
-<td><label for="comment_shortcuts"><input type="checkbox" name="comment_shortcuts" id="comment_shortcuts" value="true" <?php if ( !empty($profileuser->comment_shortcuts) ) checked('true', $profileuser->comment_shortcuts); ?> /> <?php _e('Enable keyboard shortcuts for comment moderation.'); ?></label> <?php _e('<a href="http://codex.wordpress.org/Keyboard_Shortcuts">More information</a>'); ?></td>
+<td><label for="comment_shortcuts"><input type="checkbox" name="comment_shortcuts" id="comment_shortcuts" value="true" <?php if ( !empty($profileuser->comment_shortcuts) ) checked('true', $profileuser->comment_shortcuts); ?> /> <?php _e('Enable keyboard shortcuts for comment moderation.'); ?></label> <?php _e('<a href="http://codex.wordpress.org/Keyboard_Shortcuts" target="_blank">More information</a>'); ?></td>
 </tr>
-<?php
-endif;
-do_action('personal_options', $profileuser);
-?>
+<?php endif; ?>
+<tr class="show-admin-bar">
+<th scope="row"><?php _e('Show Admin Bar')?></th>
+<td><fieldset><legend class="screen-reader-text"><span><?php _e('Show Admin Bar') ?></span></legend>
+<label for="admin_bar_front">
+<input name="admin_bar_front" type="checkbox" id="admin_bar_front" value="1" <?php checked( _get_admin_bar_pref( 'front', $profileuser->ID ) ); ?> />
+<?php /* translators: Show admin bar when viewing site */ _e( 'when viewing site' ); ?></label><br />
+<label for="admin_bar_admin">
+<input name="admin_bar_admin" type="checkbox" id="admin_bar_admin" value="1" <?php checked( _get_admin_bar_pref( 'admin', $profileuser->ID ) ); ?> />
+<?php /* translators: Show admin bar in dashboard */ _e( 'in dashboard' ); ?></label>
+</td>
+</tr>
+<?php do_action('personal_options', $profileuser); ?>
 </table>
 <?php
 	if ( IS_PROFILE_PAGE )
@@ -226,7 +231,7 @@ do_action('personal_options', $profileuser);
 		<td><input type="text" name="user_login" id="user_login" value="<?php echo esc_attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <span class="description"><?php _e('Usernames cannot be changed.'); ?></span></td>
 	</tr>
 
-<?php if ( !IS_PROFILE_PAGE ): ?>
+<?php if ( !IS_PROFILE_PAGE && !is_network_admin() ) : ?>
 <tr><th><label for="role"><?php _e('Role:') ?></label></th>
 <td><select name="role" id="role">
 <?php
@@ -245,11 +250,18 @@ else
 	echo '<option value="" selected="selected">' . __('&mdash; No role for this site &mdash;') . '</option>';
 ?>
 </select>
-<?php if ( is_multisite() && current_user_can( 'manage_network_options' ) && !isset($super_admins) ) { ?>
-<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profileuser->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.'); ?></label></p>
-<?php } ?>
+<?php endif; //!IS_PROFILE_PAGE
+
+if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) ) { ?>
+<tr><th><label for="role"><?php _e('Super Admin'); ?></label></th>
+<td>
+<?php if ( $profileuser->user_email != get_site_option( 'admin_email' ) ) : ?>
+<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profileuser->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.' ); ?></label></p>
+<?php else : ?>
+<p><?php _e( 'Super admin privileges cannot be removed because this user has the network admin email.' ); ?></p>
+<?php endif; ?>
 </td></tr>
-<?php endif; //!IS_PROFILE_PAGE ?>
+<?php } ?>
 
 <tr>
 	<th><label for="first_name"><?php _e('First Name') ?></label></th>
@@ -307,7 +319,7 @@ else
 	$new_email = get_option( $current_user->ID . '_new_email' );
 	if ( $new_email && $new_email != $current_user->user_email ) : ?>
 	<div class="updated inline">
-	<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url( admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?></p>
+	<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url( self_admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?></p>
 	</div>
 	<?php endif; ?>
 	</td>
@@ -319,7 +331,7 @@ else
 </tr>
 
 <?php
-	foreach (_wp_get_user_contactmethods() as $name => $desc) {
+	foreach (_wp_get_user_contactmethods( $profileuser ) as $name => $desc) {
 ?>
 <tr>
 	<th><label for="<?php echo $name; ?>"><?php echo apply_filters('user_'.$name.'_label', $desc); ?></label></th>
@@ -335,7 +347,7 @@ else
 <table class="form-table">
 <tr>
 	<th><label for="description"><?php _e('Biographical Info'); ?></label></th>
-	<td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_html($profileuser->description); ?></textarea><br />
+	<td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description; // textarea_escaped ?></textarea><br />
 	<span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
 </tr>
 
@@ -381,11 +393,11 @@ if ( $show_password_fields ) :
 	</table>
 <?php } ?>
 
-<p class="submit">
-	<input type="hidden" name="action" value="update" />
-	<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr($user_id); ?>" />
-	<input type="submit" class="button-primary" value="<?php IS_PROFILE_PAGE ? esc_attr_e('Update Profile') : esc_attr_e('Update User') ?>" name="submit" />
-</p>
+<input type="hidden" name="action" value="update" />
+<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr($user_id); ?>" />
+
+<?php submit_button( IS_PROFILE_PAGE ? __('Update Profile') : __('Update User') ); ?>
+
 </form>
 </div>
 <?php
@@ -398,5 +410,5 @@ break;
 	}
 </script>
 <?php
-include('./admin-footer.php');
+include( ABSPATH . 'wp-admin/admin-footer.php');
 ?>