WordPress.org

Make WordPress Core

Ticket #15562: 15562.full.diff

File 15562.full.diff, 3.3 KB (added by duck_, 7 years ago)
  • wp-admin/user-new.php

     
    3232}
    3333
    3434if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) {
    35         check_admin_referer('add-user');
     35        check_admin_referer( 'add-user', '_wpnonce_add-user' );
    3636
    3737        $user_details = null;
    3838        if ( false !== strpos($_REQUEST[ 'email' ], '@') ) {
     
    7676        wp_redirect( $redirect );
    7777        die();
    7878} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) {
    79         check_admin_referer('create-user');
     79        check_admin_referer( 'create-user', '_wpnonce_create-user' );
    8080
    8181        if ( ! current_user_can('create_users') )
    8282                wp_die(__('Cheatin’ uh?'));
     
    223223        }
    224224?>
    225225<form action="" method="post" name="adduser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
    226 <input name="action" type="hidden" id="action" value="adduser" />
    227 <?php wp_nonce_field('add-user') ?>
     226<input name="action" type="hidden" value="adduser" />
     227<?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?>
    228228
    229229<table class="form-table">
    230230        <tr class="form-field form-required">
    231                 <th scope="row"><label for="email"><?php echo $label; ?></label></th>
    232                 <td><input name="email" type="text" id="email" value="" /></td>
     231                <th scope="row"><label for="adduser-email"><?php echo $label; ?></label></th>
     232                <td><input name="email" type="text" id="adduser-email" value="" /></td>
    233233        </tr>
    234234        <tr class="form-field">
    235                 <th scope="row"><label for="role"><?php _e('Role'); ?></label></th>
    236                 <td><select name="role" id="role">
     235                <th scope="row"><label for="adduser-role"><?php _e('Role'); ?></label></th>
     236                <td><select name="role" id="adduser-role">
    237237                        <?php wp_dropdown_roles( get_option('default_role') ); ?>
    238238                        </select>
    239239                </td>
    240240        </tr>
    241241<?php if ( is_super_admin() ) { ?>
    242242        <tr>
    243                 <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
    244                 <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" /> <?php _e( 'Add the user without sending them a confirmation email.' ); ?></label></td>
     243                <th scope="row"><label for="adduser-noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
     244                <td><label for="adduser-noconfirmation"><input type="checkbox" name="noconfirmation" id="adduser-noconfirmation" value="1" /> <?php _e( 'Add the user without sending them a confirmation email.' ); ?></label></td>
    245245        </tr>
    246246<?php } ?>
    247247</table>
     
    255255                echo '<h3 id="create-new-user">' . __( 'Create New User' ) . '</h3>';
    256256?>
    257257<p><?php _e('Create a brand new user and add it to this site.'); ?></p>
    258 <form action="" method="post" name="createuser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
    259 <input name="action" type="hidden" id="action" value="createuser" />
    260 <?php wp_nonce_field('create-user') ?>
     258<form action="" method="post" name="createuser" id="createuser" class="add:users: validate"<?php do_action('user_new_form_tag');?>>
     259<input name="action" type="hidden" value="createuser" />
     260<?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ) ?>
    261261<?php
    262262// Load up the passed data, else set to a default.
    263263foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname',