Index: wp-admin/users.php
===================================================================
--- wp-admin/users.php	(revision 6188)
+++ wp-admin/users.php	(working copy)
@@ -121,7 +121,7 @@
 case 'promote':
 	check_admin_referer('bulk-users');
 
-	if (empty($_POST['users'])) {
+	if (empty($_REQUEST['users'])) {
 		wp_redirect($redirect);
 		exit();
 	}
@@ -129,19 +129,19 @@
 	if ( !current_user_can('edit_users') )
 		wp_die(__('You can&#8217;t edit users.'));
 
-	$userids = $_POST['users'];
+	$userids = $_REQUEST['users'];
 	$update = 'promote';
 	foreach($userids as $id) {
 		if ( ! current_user_can('edit_user', $id) )
 			wp_die(__('You can&#8217;t edit that user.'));
 		// The new role of the current user must also have edit_users caps
-		if($id == $current_user->ID && !$wp_roles->role_objects[$_POST['new_role']]->has_cap('edit_users')) {
+		if($id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('edit_users')) {
 			$update = 'err_admin_role';
 			continue;
 		}
 
 		$user = new WP_User($id);
-		$user->set_role($_POST['new_role']);
+		$user->set_role($_REQUEST['new_role']);
 	}
 
 	wp_redirect(add_query_arg('update', $update, $redirect));
@@ -153,7 +153,7 @@
 
 	check_admin_referer('delete-users');
 
-	if ( empty($_POST['users']) ) {
+	if ( empty($_REQUEST['users']) ) {
 		wp_redirect($redirect);
 		exit();
 	}
@@ -161,7 +161,7 @@
 	if ( !current_user_can('delete_users') )
 		wp_die(__('You can&#8217;t delete users.'));
 
-	$userids = $_POST['users'];
+	$userids = $_REQUEST['users'];
 	$update = 'del';
 	$delete_count = 0;
 
@@ -173,12 +173,12 @@
 			$update = 'err_admin_del';
 			continue;
 		}
-		switch($_POST['delete_option']) {
+		switch($_REQUEST['delete_option']) {
 		case 'delete':
 			wp_delete_user($id);
 			break;
 		case 'reassign':
-			wp_delete_user($id, $_POST['reassign_user']);
+			wp_delete_user($id, $_REQUEST['reassign_user']);
 			break;
 		}
 		++$delete_count;
@@ -194,7 +194,7 @@
 
 	check_admin_referer('bulk-users');
 
-	if ( empty($_POST['users']) ) {
+	if ( empty($_REQUEST['users']) ) {
 		wp_redirect($redirect);
 		exit();
 	}
@@ -202,7 +202,7 @@
 	if ( !current_user_can('delete_users') )
 		$errors = new WP_Error('edit_users', __('You can&#8217;t delete users.'));
 
-	$userids = $_POST['users'];
+	$userids = $_REQUEST['users'];
 
 	include ('admin-header.php');
 ?>
@@ -262,7 +262,7 @@
 	if ( is_wp_error( $user_id ) )
 		$add_user_errors = $user_id;
 	else {
-		$new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_POST['user_login']), true));
+		$new_user_login = apply_filters('pre_user_login', sanitize_user(stripslashes($_REQUEST['user_login']), true));
 		$redirect = add_query_arg( array('usersearch' => urlencode($new_user_login), 'update' => $update), $redirect );
 		wp_redirect( $redirect . '#user-' . $user_id );
 		die();
@@ -429,7 +429,7 @@
 	if ( is_wp_error($add_user_errors) ) {
 		foreach ( array('user_login' => 'user_login', 'first_name' => 'user_firstname', 'last_name' => 'user_lastname', 'email' => 'user_email', 'url' => 'user_uri', 'role' => 'user_role') as $formpost => $var ) {
 			$var = 'new_' . $var;
-			$$var = attribute_escape(stripslashes($_POST[$formpost]));
+			$$var = attribute_escape(stripslashes($_REQUEST[$formpost]));
 		}
 		unset($name);
 	}