WordPress.org

Make WordPress Core

Ticket #15562: 15562.full.diff

File 15562.full.diff, 3.3 KB (added by duck_, 3 years ago)
  • wp-admin/user-new.php

     
    3232} 
    3333 
    3434if ( isset($_REQUEST['action']) && 'adduser' == $_REQUEST['action'] ) { 
    35         check_admin_referer('add-user'); 
     35        check_admin_referer( 'add-user', '_wpnonce_add-user' ); 
    3636 
    3737        $user_details = null; 
    3838        if ( false !== strpos($_REQUEST[ 'email' ], '@') ) { 
     
    7676        wp_redirect( $redirect ); 
    7777        die(); 
    7878} elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) { 
    79         check_admin_referer('create-user'); 
     79        check_admin_referer( 'create-user', '_wpnonce_create-user' ); 
    8080 
    8181        if ( ! current_user_can('create_users') ) 
    8282                wp_die(__('Cheatin’ uh?')); 
     
    223223        } 
    224224?> 
    225225<form action="" method="post" name="adduser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>> 
    226 <input name="action" type="hidden" id="action" value="adduser" /> 
    227 <?php wp_nonce_field('add-user') ?> 
     226<input name="action" type="hidden" value="adduser" /> 
     227<?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?> 
    228228 
    229229<table class="form-table"> 
    230230        <tr class="form-field form-required"> 
    231                 <th scope="row"><label for="email"><?php echo $label; ?></label></th> 
    232                 <td><input name="email" type="text" id="email" value="" /></td> 
     231                <th scope="row"><label for="adduser-email"><?php echo $label; ?></label></th> 
     232                <td><input name="email" type="text" id="adduser-email" value="" /></td> 
    233233        </tr> 
    234234        <tr class="form-field"> 
    235                 <th scope="row"><label for="role"><?php _e('Role'); ?></label></th> 
    236                 <td><select name="role" id="role"> 
     235                <th scope="row"><label for="adduser-role"><?php _e('Role'); ?></label></th> 
     236                <td><select name="role" id="adduser-role"> 
    237237                        <?php wp_dropdown_roles( get_option('default_role') ); ?> 
    238238                        </select> 
    239239                </td> 
    240240        </tr> 
    241241<?php if ( is_super_admin() ) { ?> 
    242242        <tr> 
    243                 <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th> 
    244                 <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" /> <?php _e( 'Add the user without sending them a confirmation email.' ); ?></label></td> 
     243                <th scope="row"><label for="adduser-noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th> 
     244                <td><label for="adduser-noconfirmation"><input type="checkbox" name="noconfirmation" id="adduser-noconfirmation" value="1" /> <?php _e( 'Add the user without sending them a confirmation email.' ); ?></label></td> 
    245245        </tr> 
    246246<?php } ?> 
    247247</table> 
     
    255255                echo '<h3 id="create-new-user">' . __( 'Create New User' ) . '</h3>'; 
    256256?> 
    257257<p><?php _e('Create a brand new user and add it to this site.'); ?></p> 
    258 <form action="" method="post" name="createuser" id="adduser" class="add:users: validate"<?php do_action('user_new_form_tag');?>> 
    259 <input name="action" type="hidden" id="action" value="createuser" /> 
    260 <?php wp_nonce_field('create-user') ?> 
     258<form action="" method="post" name="createuser" id="createuser" class="add:users: validate"<?php do_action('user_new_form_tag');?>> 
     259<input name="action" type="hidden" value="createuser" /> 
     260<?php wp_nonce_field( 'create-user', '_wpnonce_create-user' ) ?> 
    261261<?php 
    262262// Load up the passed data, else set to a default. 
    263263foreach ( array( 'user_login' => 'login', 'first_name' => 'firstname', 'last_name' => 'lastname',