X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/80b7979fccf09a75af3f4c111fa27060ae6dbf85..4713a14935b83517997f3c88f808eb41da55033d:/wp-admin/user-edit.php diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index dfc878dd..2c064bad 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -7,9 +7,9 @@ */ /** WordPress Administration Bootstrap */ -require_once('./admin.php'); +require_once( dirname( __FILE__ ) . '/admin.php' ); -wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer')); +wp_reset_vars( array( 'action', 'user_id', 'wp_http_referer' ) ); $user_id = (int) $user_id; $current_user = wp_get_current_user(); @@ -51,10 +51,10 @@ get_current_screen()->add_help_tab( array( get_current_screen()->set_help_sidebar( '
' . __('For more information:') . '
' . '' . __('Documentation on User Profiles') . '
' . - '' . __('Support Forums') . '
' + '' . __('Support Forums') . '
' ); -$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); +$wp_http_referer = remove_query_arg(array('update', 'delete_count'), $wp_http_referer ); $user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pages' ); @@ -74,19 +74,37 @@ function use_ssl_preference($user) { ID && ! apply_filters( 'enable_edit_any_user_configuration', true ) ) +/** + * Filter whether to allow administrators on Multisite to edit every user. + * + * Enabling the user editing form via this filter also hinges on the user holding + * the 'manage_network_users' cap, and the logged-in user not matching the user + * profile open for editing. + * + * The filter was introduced to replace the EDIT_ANY_USER constant. + * + * @since 3.0.0 + * + * @param bool $allow Whether to allow editing of any user. Default true. + */ +if ( is_multisite() + && ! current_user_can( 'manage_network_users' ) + && $user_id != $current_user->ID + && ! apply_filters( 'enable_edit_any_user_configuration', true ) +) { wp_die( __( 'You do not have permission to edit this user.' ) ); +} // Execute confirmed email change. See send_confirmation_on_profile_email(). if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { $new_email = get_option( $current_user->ID . '_new_email' ); if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) { + $user = new stdClass; $user->ID = $current_user->ID; $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) ); if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) ) $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) ); - wp_update_user( get_object_vars( $user ) ); + wp_update_user( $user ); delete_option( $current_user->ID . '_new_email' ); wp_redirect( add_query_arg( array('updated' => 'true'), self_admin_url( 'profile.php' ) ) ); die(); @@ -105,10 +123,27 @@ check_admin_referer('update-user_' . $user_id); if ( !current_user_can('edit_user', $user_id) ) wp_die(__('You do not have permission to edit this user.')); -if ( IS_PROFILE_PAGE ) - do_action('personal_options_update', $user_id); -else - do_action('edit_user_profile_update', $user_id); +if ( IS_PROFILE_PAGE ) { + /** + * Fires before the page loads on the 'Your Profile' editing screen. + * + * The action only fires if the current user is editing their own profile. + * + * @since 2.0.0 + * + * @param int $user_id The user ID. + */ + do_action( 'personal_options_update', $user_id ); +} else { + /** + * Fires before the page loads on the 'Edit User' screen. + * + * @since 2.7.0 + * + * @param int $user_id The user ID. + */ + do_action( 'edit_user_profile_update', $user_id ); +} if ( !is_multisite() ) { $errors = edit_user($user_id); @@ -119,7 +154,7 @@ if ( !is_multisite() ) { if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) ); - // WPMU must delete the user from the current blog if WP added him after editing. + // We must delete the user from the current blog if WP added them after editing. $delete_role = false; $blog_prefix = $wpdb->get_blog_prefix(); if ( $user_id != $current_user->ID ) { @@ -139,7 +174,7 @@ if ( !is_multisite() ) { } if ( !is_wp_error( $errors ) ) { - $redirect = (IS_PROFILE_PAGE ? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true"; + $redirect = add_query_arg( 'updated', true, get_edit_user_link( $user_id ) ); if ( $wp_http_referer ) $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect); wp_redirect($redirect); @@ -175,7 +210,6 @@ include (ABSPATH . 'wp-admin/admin-header.php');