X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/fa11948979fd6a4ea5705dc613b239699a459db3..1132430022383fdf47fa6cb9377300fd885297aa:/wp-admin/user-new.php?ds=sidebyside diff --git a/wp-admin/user-new.php b/wp-admin/user-new.php index 60d63b2f..78300b45 100644 --- a/wp-admin/user-new.php +++ b/wp-admin/user-new.php @@ -11,9 +11,9 @@ require_once( dirname( __FILE__ ) . '/admin.php' ); if ( is_multisite() ) { if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) - wp_die( __( 'Cheatin’ uh?' ) ); + wp_die( __( 'Cheatin’ uh?' ), 403 ); } elseif ( ! current_user_can( 'create_users' ) ) { - wp_die( __( 'Cheatin’ uh?' ) ); + wp_die( __( 'Cheatin’ uh?' ), 403 ); } if ( is_multisite() ) { @@ -31,21 +31,18 @@ Please click the following link to activate your user account: %%s' ), get_bloginfo( 'name' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ) ); } add_filter( 'wpmu_signup_user_notification_email', 'admin_created_user_email' ); - - function admin_created_user_subject( $text ) { - return sprintf( __( '[%s] Your site invite' ), get_bloginfo( 'name' ) ); - } } if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) { check_admin_referer( 'add-user', '_wpnonce_add-user' ); $user_details = null; - if ( false !== strpos($_REQUEST[ 'email' ], '@') ) { - $user_details = get_user_by('email', $_REQUEST[ 'email' ]); + $user_email = wp_unslash( $_REQUEST['email'] ); + if ( false !== strpos( $user_email, '@' ) ) { + $user_details = get_user_by( 'email', $user_email ); } else { if ( is_super_admin() ) { - $user_details = get_user_by('login', $_REQUEST[ 'email' ]); + $user_details = get_user_by( 'login', $user_email ); } else { wp_redirect( add_query_arg( array('update' => 'enter_email'), 'user-new.php' ) ); die(); @@ -58,7 +55,7 @@ if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) { } if ( ! current_user_can('promote_user', $user_details->ID) ) - wp_die(__('Cheatin’ uh?')); + wp_die( __( 'Cheatin’ uh?' ), 403 ); // Adding an existing user to this blog $new_user_email = $user_details->user_email; @@ -85,7 +82,7 @@ You\'ve been invited to join \'%1$s\' at Please click the following link to confirm the invite: %4$s' ); - wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), get_option( 'blogname' ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) ); + wp_mail( $new_user_email, sprintf( __( '[%s] Joining confirmation' ), wp_specialchars_decode( get_option( 'blogname' ) ) ), sprintf( $message, get_option( 'blogname' ), home_url(), wp_specialchars_decode( translate_user_role( $role['name'] ) ), home_url( "/newbloguser/$newuser_key/" ) ) ); $redirect = add_query_arg( array('update' => 'add'), 'user-new.php' ); } } @@ -95,7 +92,7 @@ Please click the following link to confirm the invite: check_admin_referer( 'create-user', '_wpnonce_create-user' ); if ( ! current_user_can('create_users') ) - wp_die(__('Cheatin’ uh?')); + wp_die( __( 'Cheatin’ uh?' ), 403 ); if ( ! is_multisite() ) { $user_id = edit_user(); @@ -112,24 +109,26 @@ Please click the following link to confirm the invite: } } else { // Adding a new user to this site - $user_details = wpmu_validate_user_signup( $_REQUEST[ 'user_login' ], $_REQUEST[ 'email' ] ); + $new_user_email = wp_unslash( $_REQUEST['email'] ); + $user_details = wpmu_validate_user_signup( $_REQUEST['user_login'], $new_user_email ); if ( is_wp_error( $user_details[ 'errors' ] ) && !empty( $user_details[ 'errors' ]->errors ) ) { $add_user_errors = $user_details[ 'errors' ]; } else { /** - * Filter the user_login, aka the username, before it is added to the site. + * Filter the user_login, also known as the username, before it is added to the site. * - * @since 3.0.0 + * @since 2.0.3 * - * @param string $_REQUEST['user_login'] The sanitized username. + * @param string $user_login The sanitized username. */ $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) ); if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email + add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email } - wpmu_signup_user( $new_user_login, $_REQUEST[ 'email' ], array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST[ 'role' ] ) ); + wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) ); if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) { - $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $_REQUEST[ 'email' ] ) ); + $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) ); wpmu_activate_signup( $key ); $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' ); } else { @@ -171,29 +170,29 @@ get_current_screen()->add_help_tab( array( 'title' => __('User Roles'), 'content' => '

' . __('Here is a basic overview of the different user roles and the permissions associated with each one:') . '

' . '' ) ); get_current_screen()->set_help_sidebar( '

' . __('For more information:') . '

' . '

' . __('Documentation on Adding New Users') . '

' . - '

' . __('Support Forums') . '

' + '

' . __('Support Forums') . '

' ); wp_enqueue_script('wp-ajax-response'); wp_enqueue_script('user-profile'); /** - * Allows you to enable user auto-complete for non-super admins in multisite. + * Filter whether to enable user auto-complete for non-super admins in Multisite. * * @since 3.4.0 * - * @param bool True or false, based on if you enable auto-complete for non-super admins. Default is false. + * @param bool $enable Whether to enable auto-complete for non-super admins. Default false. */ if ( is_multisite() && current_user_can( 'promote_users' ) && ! wp_is_large_network( 'users' ) && ( is_super_admin() || apply_filters( 'autocomplete_users_for_site_admins', false ) ) @@ -233,7 +232,6 @@ if ( isset($_GET['update']) ) { } ?>
-

' . __('Add Existing User') . '

'; if ( !is_super_admin() ) { - _e( 'Enter the email address of an existing user on this network to invite them to this site. That person will be sent an email asking them to confirm the invite.' ); + echo '

' . __( 'Enter the email address of an existing user on this network to invite them to this site. That person will be sent an email asking them to confirm the invite.' ) . '

'; $label = __('E-mail'); + $type = 'email'; } else { - _e( 'Enter the email address or username of an existing user on this network to invite them to this site. That person will be sent an email asking them to confirm the invite.' ); + echo '

' . __( 'Enter the email address or username of an existing user on this network to invite them to this site. That person will be sent an email asking them to confirm the invite.' ) . '

'; $label = __('E-mail or Username'); + $type = 'text'; } ?> - -
> +> - + @@ -306,7 +306,7 @@ if ( is_multisite() ) { - +
@@ -320,7 +320,7 @@ if ( is_multisite() ) { * * @since 3.7.0 * - * @param string A contextual string specifying which type of new user form the hook follows. + * @param string $type A contextual string specifying which type of new user form the hook follows. */ do_action( 'user_new_form', 'add-existing-user' ); ?> @@ -334,24 +334,24 @@ if ( current_user_can( 'create_users') ) { echo '

' . __( 'Add New User' ) . '

'; ?>

- -> +> 'login', 'first_name' => 'firstname', 'last_name' => 'lastname', - 'email' => 'email', 'url' => 'uri', 'role' => 'role', 'send_password' => 'send_password', 'noconfirmation' => 'ignore_pass' ) as $post_field => $var ) { - $var = "new_user_$var"; - if( isset( $_POST['createuser'] ) ) { - if ( ! isset($$var) ) - $$var = isset( $_POST[$post_field] ) ? wp_unslash( $_POST[$post_field] ) : ''; - } else { - $$var = false; - } -} +$creating = isset( $_POST['createuser'] ); + +$new_user_login = $creating && isset( $_POST['user_login'] ) ? wp_unslash( $_POST['user_login'] ) : ''; +$new_user_firstname = $creating && isset( $_POST['first_name'] ) ? wp_unslash( $_POST['first_name'] ) : ''; +$new_user_lastname = $creating && isset( $_POST['last_name'] ) ? wp_unslash( $_POST['last_name'] ) : ''; +$new_user_email = $creating && isset( $_POST['email'] ) ? wp_unslash( $_POST['email'] ) : ''; +$new_user_uri = $creating && isset( $_POST['url'] ) ? wp_unslash( $_POST['url'] ) : ''; +$new_user_role = $creating && isset( $_POST['role'] ) ? wp_unslash( $_POST['role'] ) : ''; +$new_user_send_password = $creating && isset( $_POST['send_password'] ) ? wp_unslash( $_POST['send_password'] ) : ''; +$new_user_ignore_pass = $creating && isset( $_POST['noconfirmation'] ) ? wp_unslash( $_POST['noconfirmation'] ) : ''; ?> @@ -361,7 +361,7 @@ foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_nam - + @@ -374,7 +374,7 @@ foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_nam - + 'login', 'first_name' => 'firstname', 'last_nam * * @since 1.5.1 * - * @param bool True or false, based on if you want to show the password fields. Default is true. + * @param bool $show Whether to show the password fields. Default true. */ if ( apply_filters( 'show_password_fields', true ) ) : ?> @@ -398,12 +398,12 @@ if ( apply_filters( 'show_password_fields', true ) ) : ?>
-

+

- + @@ -421,7 +421,7 @@ if ( apply_filters( 'show_password_fields', true ) ) : ?> - +