Ticket #15969: 15969.2.diff
| File 15969.2.diff, 1.8 KB (added by PeteMall, 2 years ago) |
|---|
-
wp-admin/network/site-users.php
62 62 63 63 switch ( $action ) { 64 64 case 'newuser': 65 check_admin_referer( 'add-user', '_wpnonce_add-new-user' ); 65 66 $user = $_POST['user']; 66 67 if ( !is_array( $_POST['user'] ) || empty( $user['username'] ) || empty( $user['email'] ) ) { 67 68 $update = 'err_new'; … … 80 81 break; 81 82 82 83 case 'adduser': 84 check_admin_referer( 'add-user', '_wpnonce_add-user' ); 83 85 if ( !empty( $_POST['newuser'] ) ) { 84 86 $update = 'adduser'; 85 87 $newuser = $_POST['newuser']; … … 101 103 case 'remove': 102 104 if ( !current_user_can('remove_users') ) 103 105 die(__('You can’t remove users.')); 104 106 check_admin_referer( 'bulk-users' ); 107 105 108 $update = 'remove'; 106 109 if ( isset( $_REQUEST['users'] ) ) { 107 110 $userids = $_REQUEST['users']; … … 118 121 break; 119 122 120 123 case 'promote': 124 check_admin_referer( 'bulk-users' ); 121 125 $editable_roles = get_editable_roles(); 122 126 if ( empty( $editable_roles[$_REQUEST['new_role']] ) ) 123 127 wp_die(__('You can’t give users that role.')); … … 258 262 </select></td> 259 263 </tr> 260 264 </table> 265 <?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> 261 266 <?php submit_button( __('Add User'), 'primary', 'add-user' ); ?> 262 267 </form> 263 268 <?php endif; ?> … … 293 298 <td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td> 294 299 </tr> 295 300 </table> 296 <?php wp_nonce_field( 'add-user', '_wpnonce_add- user' ) ?>301 <?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ) ?> 297 302 <?php submit_button( __('Add New User'), 'primary', 'add-user' ); ?> 298 303 </form> 299 304 <?php endif; ?>
