X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/fa11948979fd6a4ea5705dc613b239699a459db3..78ff9d91a14da1f53bd3f1ffcab1264d92359b72:/wp-admin/user-edit.php?ds=sidebyside diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 5f7249d8..331fb9de 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -74,9 +74,26 @@ function use_ssl_preference($user) { ID && ! apply_filters( 'enable_edit_any_user_configuration', true ) ) +/** + * Filter whether to allow administrators on Multisite to edit every user. + * + * Enabling the user editing form via this filter also hinges on the user holding + * the 'manage_network_users' cap, and the logged-in user not matching the user + * profile open for editing. + * + * The filter was introduced to replace the EDIT_ANY_USER constant. + * + * @since 3.0.0 + * + * @param bool $allow Whether to allow editing of any user. Default true. + */ +if ( is_multisite() + && ! current_user_can( 'manage_network_users' ) + && $user_id != $current_user->ID + && ! apply_filters( 'enable_edit_any_user_configuration', true ) +) { wp_die( __( 'You do not have permission to edit this user.' ) ); +} // Execute confirmed email change. See send_confirmation_on_profile_email(). if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) { @@ -106,10 +123,27 @@ check_admin_referer('update-user_' . $user_id); if ( !current_user_can('edit_user', $user_id) ) wp_die(__('You do not have permission to edit this user.')); -if ( IS_PROFILE_PAGE ) - do_action('personal_options_update', $user_id); -else - do_action('edit_user_profile_update', $user_id); +if ( IS_PROFILE_PAGE ) { + /** + * Fires before the page loads on the 'Your Profile' editing screen. + * + * The action only fires if the current user is editing their own profile. + * + * @since 2.0.0 + * + * @param int $user_id The user ID. + */ + do_action( 'personal_options_update', $user_id ); +} else { + /** + * Fires before the page loads on the 'Edit User' screen. + * + * @since 2.7.0 + * + * @param int $user_id The user ID. + */ + do_action( 'edit_user_profile_update', $user_id ); +} if ( !is_multisite() ) { $errors = edit_user($user_id); @@ -120,7 +154,7 @@ if ( !is_multisite() ) { if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) ) $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) ); - // WPMU must delete the user from the current blog if WP added him after editing. + // We must delete the user from the current blog if WP added them after editing. $delete_role = false; $blog_prefix = $wpdb->get_blog_prefix(); if ( $user_id != $current_user->ID ) { @@ -176,7 +210,6 @@ include (ABSPATH . 'wp-admin/admin-header.php');
-

- -
> + +> @@ -211,7 +250,17 @@ if ( ! IS_PROFILE_PAGE ) { 1 && has_action('admin_color_scheme_picker') ) : ?> - + + - +

@@ -353,7 +421,19 @@ if ( is_multisite() && is_network_admin() && ! IS_PROFILE_PAGE && current_user_c foreach ( wp_get_user_contact_methods( $profileuser ) as $name => $desc ) { ?> - + + - + - +
+ - + - +
+
-
-

+
+

-caps ) > count( $profileuser->roles ) && apply_filters( 'additional_capabilities_display', true, $profileuser ) ) : ?> +caps ) > count( $profileuser->roles ) + && apply_filters( 'additional_capabilities_display', true, $profileuser ) +) : ?>