Ticket #5152: 5152.patch
| File 5152.patch, 3.2 KB (added by Viper007Bond, 6 years ago) |
|---|
-
wp-admin/users.php
121 121 case 'promote': 122 122 check_admin_referer('bulk-users'); 123 123 124 if (empty($_ POST['users'])) {124 if (empty($_REQUEST['users'])) { 125 125 wp_redirect($redirect); 126 126 exit(); 127 127 } … … 129 129 if ( !current_user_can('edit_users') ) 130 130 wp_die(__('You can’t edit users.')); 131 131 132 $userids = $_ POST['users'];132 $userids = $_REQUEST['users']; 133 133 $update = 'promote'; 134 134 foreach($userids as $id) { 135 135 if ( ! current_user_can('edit_user', $id) ) 136 136 wp_die(__('You can’t edit that user.')); 137 137 // The new role of the current user must also have edit_users caps 138 if($id == $current_user->ID && !$wp_roles->role_objects[$_ POST['new_role']]->has_cap('edit_users')) {138 if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) { 139 139 $update = 'err_admin_role'; 140 140 continue; 141 141 } 142 142 143 143 $user = new WP_User($id); 144 $user->set_role($_ POST['new_role']);144 $user->set_role($_REQUEST['new_role']); 145 145 } 146 146 147 147 wp_redirect(add_query_arg('update', $update, $redirect)); … … 153 153 154 154 check_admin_referer('delete-users'); 155 155 156 if ( empty($_ POST['users']) ) {156 if ( empty($_REQUEST['users']) ) { 157 157 wp_redirect($redirect); 158 158 exit(); 159 159 } … … 161 161 if ( !current_user_can('delete_users') ) 162 162 wp_die(__('You can’t delete users.')); 163 163 164 $userids = $_ POST['users'];164 $userids = $_REQUEST['users']; 165 165 $update = 'del'; 166 166 $delete_count = 0; 167 167 … … 173 173 $update = 'err_admin_del'; 174 174 continue; 175 175 } 176 switch($_ POST['delete_option']) {176 switch($_REQUEST['delete_option']) { 177 177 case 'delete': 178 178 wp_delete_user($id); 179 179 break; 180 180 case 'reassign': 181 wp_delete_user($id, $_ POST['reassign_user']);181 wp_delete_user($id, $_REQUEST['reassign_user']); 182 182 break; 183 183 } 184 184 ++$delete_count; … … 194 194 195 195 check_admin_referer('bulk-users'); 196 196 197 if ( empty($_ POST['users']) ) {197 if ( empty($_REQUEST['users']) ) { 198 198 wp_redirect($redirect); 199 199 exit(); 200 200 } … … 202 202 if ( !current_user_can('delete_users') ) 203 203 $errors = new WP_Error('edit_users', __('You can’t delete users.')); 204 204 205 $userids = $_ POST['users'];205 $userids = $_REQUEST['users']; 206 206 207 207 include ('admin-header.php'); 208 208 ?> … … 262 262 if ( is_wp_error( $user_id ) ) 263 263 $add_user_errors = $user_id; 264 264 else { 265 $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_ POST['user_login']), true));265 $new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true)); 266 266 $redirect = add_query_arg( array('usersearch' => urlencode($new_user_login), 'update' => $update), $redirect ); 267 267 wp_redirect( $redirect . '#user-' . $user_id ); 268 268 die(); … … 429 429 if ( is_wp_error($add_user_errors) ) { 430 430 foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) { 431 431 $var = 'new_' . $var; 432 $$var = attribute_escape(stripslashes($_ POST[$formpost]));432 $$var = attribute_escape(stripslashes($_REQUEST[$formpost])); 433 433 } 434 434 unset($name); 435 435 }
