X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/8a06f4f9392d1ac373442f82ee40428a3cb81395..2376fb745f4ae8c6bd2353127524e0b28005143d:/wp-admin/user-edit.php

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index e7a30cd5..414dfb3f 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -1,98 +1,97 @@
 <?php
+/**
+ * Edit user administration panel.
+ *
+ * @package WordPress
+ * @subpackage Administration
+ */
 
-require_once('admin.php');
+/** WordPress Administration Bootstrap */
+require_once('./admin.php');
 
-if ( defined('IS_PROFILE_PAGE') && IS_PROFILE_PAGE )
-	$is_profile_page = true;
-else
-	$is_profile_page = false;
-
-function profile_js ( ) {
-?>
-<script type="text/javascript">
-	function check_pass_strength ( ) {
-
-		var pass = jQuery('#pass1').val();
-		var user = jQuery('#user_login').val();
-
-		// get the result as an object, i'm tired of typing it
-		var res = jQuery('#pass-strength-result');
-
-		var strength = passwordStrength(pass, user);
-
-		jQuery(res).removeClass('short bad good strong');
-
-		if ( strength == pwsL10n.bad ) {
-			jQuery(res).addClass('bad');
-			jQuery(res).html( pwsL10n.bad );
-		}
-		else if ( strength == pwsL10n.good ) {
-			jQuery(res).addClass('good');
-			jQuery(res).html( pwsL10n.good );
-		}
-		else if ( strength == pwsL10n.strong ) {
-			jQuery(res).addClass('strong');
-			jQuery(res).html( pwsL10n.strong );
-		}
-		else {
-			// this catches 'Too short' and the off chance anything else comes along
-			jQuery(res).addClass('short');
-			jQuery(res).html( pwsL10n.short );
-		}
-
-	}
-	
-	function update_nickname ( ) {
-		
-		var nickname = jQuery('#nickname').val();
-		var display_nickname = jQuery('#display_nickname').val();
-		
-		if ( nickname == '' ) {
-			jQuery('#display_nickname').remove();
-		}
-		jQuery('#display_nickname').val(nickname).html(nickname);
-		
-	}
-
-	jQuery(function($) { 
-		$('#pass1').keyup( check_pass_strength ) 
-		$('.color-palette').click(function(){$(this).siblings('input[name=admin_color]').attr('checked', 'checked')});
-	} );
-	
-	jQuery(document).ready( function() {
-		jQuery('#pass1,#pass2').attr('autocomplete','off');
-		jQuery('#nickname').blur(update_nickname);
-    });
-</script>
-<?php
-}
-
-if ( $is_profile_page ) {
-	add_action('admin_head', 'profile_js');
-	wp_enqueue_script('jquery');
-	wp_enqueue_script('password-strength-meter');
-}
+wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
 
-$title = $is_profile_page? __('Profile') : __('Edit User');
-if ( current_user_can('edit_users') && !$is_profile_page )
+$user_id = (int) $user_id;
+$current_user = wp_get_current_user();
+if ( ! defined( 'IS_PROFILE_PAGE' ) )
+	define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) );
+
+if ( ! $user_id && IS_PROFILE_PAGE )
+	$user_id = $current_user->ID;
+elseif ( ! $user_id && ! IS_PROFILE_PAGE )
+	wp_die(__( 'Invalid user ID.' ) );
+elseif ( ! get_userdata( $user_id ) )
+	wp_die( __('Invalid user ID.') );
+
+wp_enqueue_script('user-profile');
+wp_enqueue_script('password-strength-meter');
+
+$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
+if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
 	$submenu_file = 'users.php';
 else
 	$submenu_file = 'profile.php';
 $parent_file = 'users.php';
 
-wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
+// contextual help - choose Help on the top right of admin panel to preview this.
+add_contextual_help($current_screen,
+    '<p>' . __('Your profile contains information about you (your &#8220;account&#8221;) as well as some personal options related to using WordPress.') . '</p>' .
+    '<p>' . __('You can change your password, turn on keyboard shortcuts, change the color scheme of your WordPress administration screens, and turn off the WYSIWYG (Visual) editor, among other things.') . '</p>' .
+    '<p>' . __('Your username cannot be changed, but you can use other fields to enter your real name or a nickname, and change which name to display on your posts.') . '</p>' .
+    '<p>' . __('Required fields are indicated; the rest are optional. Profile information will only be displayed if your theme is set up to do so.') . '</p>' .
+    '<p>' . __('Remember to click the Update Profile button when you are finished.') . '</p>' .
+    '<p><strong>' . __('For more information:') . '</strong></p>' .
+    '<p>' . __('<a href="http://codex.wordpress.org/Users_Your_Profile_SubPanel" target="_blank">Documentation on User Profiles</a>') . '</p>' .
+    '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
+);
+
 
 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
 
-$user_id = (int) $user_id;
+$all_post_caps = array('posts', 'pages');
+$user_can_edit = false;
+foreach ( $all_post_caps as $post_cap )
+	$user_can_edit |= current_user_can("edit_$post_cap");
+
+/**
+ * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
+ *
+ * @since 2.7.0
+ *
+ * @param object $user User data object
+ */
+function use_ssl_preference($user) {
+?>
+	<tr>
+		<th scope="row"><?php _e('Use https')?></th>
+		<td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
+	</tr>
+<?php
+}
+
 
-if ( !$user_id )
-	if ( $is_profile_page ) {
-		$current_user = wp_get_current_user();
-		$user_id = $current_user->ID;
-	} else {
-		wp_die(__('Invalid user ID.'));
+// Only allow super admins on multisite to edit every user.
+if ( is_multisite() && ! current_user_can( 'manage_network_users' ) && $user_id != $current_user->ID && ! apply_filters( 'enable_edit_any_user_configuration', true ) )
+	wp_die( __( 'You do not have permission to edit this user.' ) );
+
+// Execute confirmed email change. See send_confirmation_on_profile_email().
+if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
+	$new_email = get_option( $current_user->ID . '_new_email' );
+	if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
+		$user->ID = $current_user->ID;
+		$user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
+		if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
+			$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );
+		wp_update_user( get_object_vars( $user ) );
+		delete_option( $current_user->ID . '_new_email' );
+		wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
+		die();
 	}
+} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
+	delete_option( $current_user->ID . '_new_email' );
+	wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
+	die();
+}
 
 switch ($action) {
 case 'switchposts':
@@ -110,14 +109,41 @@ check_admin_referer('update-user_' . $user_id);
 if ( !current_user_can('edit_user', $user_id) )
 	wp_die(__('You do not have permission to edit this user.'));
 
-if ( $is_profile_page ) {
-	do_action('personal_options_update');
-}
+if ( IS_PROFILE_PAGE )
+	do_action('personal_options_update', $user_id);
+else
+	do_action('edit_user_profile_update', $user_id);
+
+if ( !is_multisite() ) {
+	$errors = edit_user($user_id);
+} else {
+	$user = get_userdata( $user_id );
+
+	// Update the email address in signups, if present.
+	if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) )
+		$wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) );
+
+	// WPMU must delete the user from the current blog if WP added him after editing.
+	$delete_role = false;
+	$blog_prefix = $wpdb->get_blog_prefix();
+	if ( $user_id != $current_user->ID ) {
+		$cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
+		if ( null == $cap && $_POST[ 'role' ] == '' ) {
+			$_POST[ 'role' ] = 'contributor';
+			$delete_role = true;
+		}
+	}
+	if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
+		$errors = edit_user($user_id);
+	if ( $delete_role ) // stops users being added to current blog when they are edited
+		delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
 
-$errors = edit_user($user_id);
+	if ( is_multisite() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
+		empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
+}
 
-if( !is_wp_error( $errors ) ) {
-	$redirect = ($is_profile_page? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
+if ( !is_wp_error( $errors ) ) {
+	$redirect = (IS_PROFILE_PAGE ? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
 	$redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
 	wp_redirect($redirect);
 	exit;
@@ -127,37 +153,34 @@ default:
 $profileuser = get_user_to_edit($user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-		wp_die(__('You do not have permission to edit this user.'));
+	wp_die(__('You do not have permission to edit this user.'));
 
 include ('admin-header.php');
 ?>
 
+<?php if ( !IS_PROFILE_PAGE && is_super_admin( $profileuser->ID ) && current_user_can( 'manage_network_options' ) ) { ?>
+	<div class="updated"><p><strong><?php _e('Important:'); ?></strong> <?php _e('This user has super admin privileges.'); ?></p></div>
+<?php } ?>
 <?php if ( isset($_GET['updated']) ) : ?>
-<div id="message" class="updated fade">
+<div id="message" class="updated">
 	<p><strong><?php _e('User updated.') ?></strong></p>
-	<?php if ( $wp_http_referer && !$is_profile_page ) : ?>
-	<p><a href="users.php"><?php _e('&laquo; Back to Authors and Users'); ?></a></p>
+	<?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
+	<p><a href="users.php"><?php _e('&larr; Back to Authors and Users'); ?></a></p>
 	<?php endif; ?>
 </div>
 <?php endif; ?>
-<?php if ( is_wp_error( $errors ) ) : ?>
-<div class="error">
-	<ul>
-	<?php
-	foreach( $errors->get_error_messages() as $message )
-		echo "<li>$message</li>";
-	?>
-	</ul>
-</div>
+<?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
+<div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
 <?php endif; ?>
 
 <div class="wrap" id="profile-page">
-<h2><?php $is_profile_page? _e('Your Profile and Personal Options') : _e('Edit User'); ?></h2>
+<?php screen_icon(); ?>
+<h2><?php echo esc_html( $title ); ?></h2>
 
-<form name="profile" id="your-profile" action="" method="post">
+<form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
 <?php wp_nonce_field('update-user_' . $user_id) ?>
 <?php if ( $wp_http_referer ) : ?>
-	<input type="hidden" name="wp_http_referer" value="<?php echo clean_url($wp_http_referer); ?>" />
+	<input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />
 <?php endif; ?>
 <p>
 <input type="hidden" name="from" value="profile" />
@@ -167,41 +190,32 @@ include ('admin-header.php');
 <h3><?php _e('Personal Options'); ?></h3>
 
 <table class="form-table">
-<?php if ( rich_edit_exists() ) : // don't bother showing the option if the editor has been removed ?>
+<?php if ( rich_edit_exists() && !( IS_PROFILE_PAGE && !$user_can_edit ) ) : // don't bother showing the option if the editor has been removed ?>
 	<tr>
 		<th scope="row"><?php _e('Visual Editor')?></th>
-		<td><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="true" <?php checked('true', $profileuser->rich_editing); ?> /> <?php _e('Use the visual editor when writing'); ?></label></td>
+		<td><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="false" <?php checked('false', $profileuser->rich_editing); ?> /> <?php _e('Disable the visual editor when writing'); ?></label></td>
 	</tr>
 <?php endif; ?>
+<?php if ( count($_wp_admin_css_colors) > 1 && has_action('admin_color_scheme_picker') ) : ?>
 <tr>
 <th scope="row"><?php _e('Admin Color Scheme')?></th>
-<td><fieldset><legend class="hidden"><?php _e('Admin Color Scheme')?></legend>
+<td><?php do_action( 'admin_color_scheme_picker' ); ?></td>
+</tr>
 <?php
-$current_color = get_user_option('admin_color', $user_id);
-if ( empty($current_color) )
-	$current_color = 'fresh';
-foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>
-<div class="color-option"><input name="admin_color" id="admin_color_<?php echo $color; ?>" type="radio" value="<?php echo $color ?>" class="tog" <?php checked($color, $current_color); ?> />
-	<table class="color-palette">
-	<tr>
-	<?php
-	foreach ( $color_info->colors as $html_color ): ?>
-	<td style="background-color: <?php echo $html_color ?>" title="<?php echo $color ?>">&nbsp;</td>
-	<?php endforeach; ?>
-	</tr>
-	</table>
-	
-	<label for="admin_color_<?php echo $color; ?>"><?php echo $color_info->name ?></label>
-</div>
-<?php endforeach; ?>
-</fieldset></td>
+endif; // $_wp_admin_css_colors
+if ( !( IS_PROFILE_PAGE && !$user_can_edit ) ) : ?>
+<tr>
+<th scope="row"><?php _e( 'Keyboard Shortcuts' ); ?></th>
+<td><label for="comment_shortcuts"><input type="checkbox" name="comment_shortcuts" id="comment_shortcuts" value="true" <?php if ( !empty($profileuser->comment_shortcuts) ) checked('true', $profileuser->comment_shortcuts); ?> /> <?php _e('Enable keyboard shortcuts for comment moderation.'); ?></label> <?php _e('<a href="http://codex.wordpress.org/Keyboard_Shortcuts">More information</a>'); ?></td>
 </tr>
+<?php
+endif;
+do_action('personal_options', $profileuser);
+?>
 </table>
-
 <?php
-	if ( $is_profile_page ) {
-		do_action('profile_personal_options');
-	}
+	if ( IS_PROFILE_PAGE )
+		do_action('profile_personal_options', $profileuser);
 ?>
 
 <h3><?php _e('Name') ?></h3>
@@ -209,65 +223,72 @@ foreach ( $_wp_admin_css_colors as $color => $color_info ): ?>
 <table class="form-table">
 	<tr>
 		<th><label for="user_login"><?php _e('Username'); ?></label></th>
-		<td><input type="text" name="user_login" id="user_login" value="<?php echo $profileuser->user_login; ?>" disabled="disabled" /> <?php _e('Your username cannot be changed'); ?></td>
+		<td><input type="text" name="user_login" id="user_login" value="<?php echo esc_attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <span class="description"><?php _e('Usernames cannot be changed.'); ?></span></td>
 	</tr>
 
-<?php if ( !$is_profile_page ): ?>
+<?php if ( !IS_PROFILE_PAGE ): ?>
 <tr><th><label for="role"><?php _e('Role:') ?></label></th>
+<td><select name="role" id="role">
 <?php
-// print_r($profileuser);
-echo '<td><select name="role" id="role">';
-$role_list = '';
-$user_has_role = false;
-foreach($wp_roles->role_names as $role => $name) {
-	$name = translate_with_context($name);
-	if ( $profileuser->has_cap($role) ) {
-		$selected = ' selected="selected"';
-		$user_has_role = true;
-	} else {
-		$selected = '';
-	}
-	$role_list .= "<option value=\"{$role}\"{$selected}>{$name}</option>";
-}
-if ( $user_has_role )
-	$role_list .= '<option value="">' . __('&mdash; No role for this blog &mdash;') . '</option>';
+// Get the highest/primary role for this user
+// TODO: create a function that does this: wp_get_user_role()
+$user_roles = $profileuser->roles;
+$user_role = array_shift($user_roles);
+
+// print the full list of roles with the primary one selected.
+wp_dropdown_roles($user_role);
+
+// print the 'no role' option. Make it selected if the user has no role yet.
+if ( $user_role )
+	echo '<option value="">' . __('&mdash; No role for this site &mdash;') . '</option>';
 else
-	$role_list .= '<option value="" selected="selected">' . __('&mdash; No role for this blog &mdash;') . '</option>';
-echo $role_list . '</select></td></tr>';
+	echo '<option value="" selected="selected">' . __('&mdash; No role for this site &mdash;') . '</option>';
 ?>
-<?php endif; ?>
+</select>
+<?php if ( is_multisite() && current_user_can( 'manage_network_options' ) && !isset($super_admins) ) { ?>
+<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profileuser->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.'); ?></label></p>
+<?php } ?>
+</td></tr>
+<?php endif; //!IS_PROFILE_PAGE ?>
 
 <tr>
-	<th><label for="first_name"><?php _e('First name') ?></label></th>
-	<td><input type="text" name="first_name" id="first_name" value="<?php echo $profileuser->first_name ?>" /></td>
+	<th><label for="first_name"><?php _e('First Name') ?></label></th>
+	<td><input type="text" name="first_name" id="first_name" value="<?php echo esc_attr($profileuser->first_name) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
-	<th><label for="last_name"><?php _e('Last name') ?></label></th>
-	<td><input type="text" name="last_name" id="last_name" value="<?php echo $profileuser->last_name ?>" /></td>
+	<th><label for="last_name"><?php _e('Last Name') ?></label></th>
+	<td><input type="text" name="last_name" id="last_name" value="<?php echo esc_attr($profileuser->last_name) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
-	<th><label for="nickname"><?php _e('Nickname') ?></label></th>
-	<td><input type="text" name="nickname" id="nickname" value="<?php echo $profileuser->nickname ?>" /></td>
+	<th><label for="nickname"><?php _e('Nickname'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
+	<td><input type="text" name="nickname" id="nickname" value="<?php echo esc_attr($profileuser->nickname) ?>" class="regular-text" /></td>
 </tr>
 
 <tr>
-	<th><label for="display_name"><?php _e('Display name publicly&nbsp;as') ?></label></th>
+	<th><label for="display_name"><?php _e('Display name publicly as') ?></label></th>
 	<td>
 		<select name="display_name" id="display_name">
 		<?php
 			$public_display = array();
-			$public_display['display_displayname'] = $profileuser->display_name;
-			$public_display['display_nickname'] = $profileuser->nickname;
-			$public_display['display_username'] = $profileuser->user_login;
-			$public_display['display_firstname'] = $profileuser->first_name;
-			$public_display['display_firstlast'] = $profileuser->first_name.' '.$profileuser->last_name;
-			$public_display['display_lastfirst'] = $profileuser->last_name.' '.$profileuser->first_name;
-			$public_display = array_unique(array_filter(array_map('trim', $public_display)));
-			foreach($public_display as $id => $item) {
+			$public_display['display_username']  = $profileuser->user_login;
+			$public_display['display_nickname']  = $profileuser->nickname;
+			if ( !empty($profileuser->first_name) )
+				$public_display['display_firstname'] = $profileuser->first_name;
+			if ( !empty($profileuser->last_name) )
+				$public_display['display_lastname'] = $profileuser->last_name;
+			if ( !empty($profileuser->first_name) && !empty($profileuser->last_name) ) {
+				$public_display['display_firstlast'] = $profileuser->first_name . ' ' . $profileuser->last_name;
+				$public_display['display_lastfirst'] = $profileuser->last_name . ' ' . $profileuser->first_name;
+			}
+			if ( !in_array( $profileuser->display_name, $public_display ) ) // Only add this if it isn't duplicated elsewhere
+				$public_display = array( 'display_displayname' => $profileuser->display_name ) + $public_display;
+			$public_display = array_map( 'trim', $public_display );
+			$public_display = array_unique( $public_display );
+			foreach ( $public_display as $id => $item ) {
 		?>
-			<option id="<?php echo $id; ?>" value="<?php echo $item; ?>"><?php echo $item; ?></option>
+			<option id="<?php echo $id; ?>" value="<?php echo esc_attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>
 		<?php
 			}
 		?>
@@ -280,74 +301,77 @@ echo $role_list . '</select></td></tr>';
 
 <table class="form-table">
 <tr>
-	<th><label for="email"><?php _e('E-mail') ?></label></th>
-	<td><input type="text" name="email" id="email" value="<?php echo $profileuser->user_email ?>" /> <?php _e('Required'); ?></td>
+	<th><label for="email"><?php _e('E-mail'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
+	<td><input type="text" name="email" id="email" value="<?php echo esc_attr($profileuser->user_email) ?>" class="regular-text" />
+	<?php
+	$new_email = get_option( $current_user->ID . '_new_email' );
+	if ( $new_email && $new_email != $current_user->user_email ) : ?>
+	<div class="updated inline">
+	<p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url( admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?></p>
+	</div>
+	<?php endif; ?>
+	</td>
 </tr>
 
 <tr>
 	<th><label for="url"><?php _e('Website') ?></label></th>
-	<td><input type="text" name="url" id="url" value="<?php echo $profileuser->user_url ?>" /></td>
-</tr>
-
-<tr>
-	<th><label for="aim"><?php _e('AIM') ?></label></th>
-	<td><input type="text" name="aim" id="aim" value="<?php echo $profileuser->aim ?>" /></td>
-</tr>
-
-<tr>
-	<th><label for="yim"><?php _e('Yahoo IM') ?></label></th>
-	<td><input type="text" name="yim" id="yim" value="<?php echo $profileuser->yim ?>" /></td>
+	<td><input type="text" name="url" id="url" value="<?php echo esc_attr($profileuser->user_url) ?>" class="regular-text code" /></td>
 </tr>
 
+<?php
+	foreach (_wp_get_user_contactmethods() as $name => $desc) {
+?>
 <tr>
-	<th><label for="jabber"><?php _e('Jabber / Google Talk') ?></label></th>
-	<td><input type="text" name="jabber" id="jabber" value="<?php echo $profileuser->jabber ?>" /></td>
+	<th><label for="<?php echo $name; ?>"><?php echo apply_filters('user_'.$name.'_label', $desc); ?></label></th>
+	<td><input type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr($profileuser->$name) ?>" class="regular-text" /></td>
 </tr>
+<?php
+	}
+?>
 </table>
 
-<h3><?php $is_profile_page? _e('About Yourself') : _e('About the user'); ?></h3>
+<h3><?php IS_PROFILE_PAGE ? _e('About Yourself') : _e('About the user'); ?></h3>
 
 <table class="form-table">
 <tr>
 	<th><label for="description"><?php _e('Biographical Info'); ?></label></th>
-	<td><textarea name="description" id="description" rows="5" cols="30"><?php echo $profileuser->description ?></textarea><br /><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></td>
+	<td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_html($profileuser->description); ?></textarea><br />
+	<span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
 </tr>
 
 <?php
-$show_password_fields = apply_filters('show_password_fields', true);
+$show_password_fields = apply_filters('show_password_fields', true, $profileuser);
 if ( $show_password_fields ) :
 ?>
-<tr>
+<tr id="password">
 	<th><label for="pass1"><?php _e('New Password'); ?></label></th>
-	<td><input type="password" name="pass1" id="pass1" size="16" value="" /> <?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?><br />
-		<input type="password" name="pass2" id="pass2" size="16" value="" /> <?php _e("Type your new password again."); ?><br />
-		<?php if ( $is_profile_page ): ?>
-		<p><strong><?php _e('Password Strength'); ?></strong></p>
-		<div id="pass-strength-result"><?php _e('Too short'); ?></div> <?php _e('Hint: Use upper and lower case characters, numbers and symbols like !"?$%^&amp;( in your password.'); ?>
-		<?php endif; ?>
+	<td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span><br />
+		<input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type your new password again."); ?></span><br />
+		<div id="pass-strength-result"><?php _e('Strength indicator'); ?></div>
+		<p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ &amp; ).'); ?></p>
 	</td>
 </tr>
 <?php endif; ?>
 </table>
 
 <?php
-	if ( $is_profile_page ) {
-		do_action('show_user_profile');
-	} else {
-		do_action('edit_user_profile');
-	}
+	if ( IS_PROFILE_PAGE )
+		do_action( 'show_user_profile', $profileuser );
+	else
+		do_action( 'edit_user_profile', $profileuser );
 ?>
 
-<?php if (count($profileuser->caps) > count($profileuser->roles)): ?>
+<?php if ( count($profileuser->caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser) ) { ?>
 <br class="clear" />
 	<table width="99%" style="border: none;" cellspacing="2" cellpadding="3" class="editform">
 		<tr>
 			<th scope="row"><?php _e('Additional Capabilities') ?></th>
 			<td><?php
 			$output = '';
-			foreach($profileuser->caps as $cap => $value) {
-				if(!$wp_roles->is_role($cap)) {
-					if($output != '') $output .= ', ';
+			foreach ( $profileuser->caps as $cap => $value ) {
+				if ( !$wp_roles->is_role($cap) ) {
+					if ( $output != '' )
+						$output .= ', ';
 					$output .= $value ? $cap : "Denied: {$cap}";
 				}
 			}
@@ -355,18 +379,24 @@ if ( $show_password_fields ) :
 			?></td>
 		</tr>
 	</table>
-<?php endif; ?>
+<?php } ?>
 
 <p class="submit">
 	<input type="hidden" name="action" value="update" />
-	<input type="hidden" name="user_id" id="user_id" value="<?php echo $user_id; ?>" />
-	<input type="submit" value="<?php $is_profile_page? _e('Update Profile') : _e('Update User') ?>" name="submit" />
- </p>
+	<input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr($user_id); ?>" />
+	<input type="submit" class="button-primary" value="<?php IS_PROFILE_PAGE ? esc_attr_e('Update Profile') : esc_attr_e('Update User') ?>" name="submit" />
+</p>
 </form>
 </div>
 <?php
 break;
 }
-
-include('admin-footer.php');
+?>
+<script type="text/javascript" charset="utf-8">
+	if (window.location.hash == '#password') {
+		document.getElementById('pass1').focus();
+	}
+</script>
+<?php
+include('./admin-footer.php');
 ?>


	'; -$role_list = ''; -$user_has_role = false; -foreach($wp_roles->role_names as $role => $name) { - $name = translate_with_context($name); - if ( $profileuser->has_cap($role) ) { - $selected = ' selected="selected"'; - $user_has_role = true; - } else { - $selected = ''; - } - $role_list .= ""; -} -if ( $user_has_role ) - $role_list .= ''; +// Get the highest/primary role for this user +// TODO: create a function that does this: wp_get_user_role() +$user_roles = $profileuser->roles; +$user_role = array_shift($user_roles); + +// print the full list of roles with the primary one selected. +wp_dropdown_roles($user_role); + +// print the 'no role' option. Make it selected if the user has no role yet. +if ( $user_role ) + echo ''; else - $role_list .= ''; -echo $role_list . '
			+ ID . '_new_email' ); + if ( $new_email && $new_email != $current_user->user_email ) : ?> + + %1$s. Cancel'), $new_email['newemail'], esc_url( admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?> + + +
	<?php echo $profileuser->description ?>	<?php echo esc_html($profileuser->description); ?> +
	- - - - - +	+ + +