Ticket #15855: 15855.2.patch

wp-admin/users.php

@@ -42 +42 @@
 
 $update = '';
 
+function confirm_remove_users( $users, $action = 'remove' ) {
+        global $referer;
+
+        $current_user = wp_get_current_user();
+        if ( !is_array( $users ) )
+                return false;
+?>
+<div class="wrap">
+<form action="" method="post" name="updateusers" id="updateusers">
+<?php
+        wp_nonce_field("$action-users");
+        echo $referer;
+        screen_icon();
+
+        switch ( $action ) {
+        case 'delete':
+                echo '<h2>' . __( 'Delete Users' ) . '</h2>';
+                echo '<p>' . __( 'Transfer or delete posts and links before deleting users.' ) . '</p>';
+                break;
+        case 'remove':
+                echo '<h2>' . __( 'Remove Users from Site' ) . '</h2>';
+                echo '<p>' . __( 'Transfer or delete posts and links before removing users.' ) . '</p>';
+                break;
+        }
+
+        echo '<ul>';
+        foreach ( (array) $users as $user_id ) {
+                $user = new WP_User($user_id);
+                $proceed = false;
+
+                switch ( $action ) {
+                case 'delete':
+                        if ( $user_id == $current_user->ID )
+                                echo '<li>' . sprintf( __('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $user_id, $user->user_login ) . '</li>';
+                        elseif ( !current_user_can('delete_user', $user_id) )
+                                echo '<li>' . sprintf( __('ID #%1s: %2s <strong>You don\'t have permission to delete this user.</strong>'), $user_id, $user->user_login ) . '</li>';
+                        else
+                                $proceed = true;
+                        break;
+                case 'remove':
+                        if ( $user_id == $current_user->id && ! is_super_admin() )
+                                echo '<li>' . sprintf( __('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $user_id, $user->user_login ) . '</li>';
+                        elseif ( !current_user_can('remove_user', $user_id) )
+                                echo '<li>' . sprintf( __('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $user_id, $user->user_login ) . '</li>';
+                        else
+                                $proceed = true;
+                        break;
+                }
+
+                if ( $proceed ) {
+                        echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr( $user_id ) . "\" />" . sprintf( __('ID #%1s: %2s'), $user_id, $user->user_login ) . "</li>\n";
+                        ?>
+                        <fieldset><p><legend><?php printf( __( "What should be done with posts and links owned by <em>%s</em>?" ), $user->user_login ); ?></legend></p>
+                        <ul style="list-style:none;">
+                                <li><label><input type="radio" id="delete_option0" name="delete_option[<?php echo $user->ID; ?>]" value="delete" checked="checked" />
+                                <?php _e( 'Delete all posts and links.' ); ?></label></li>
+                                <li><label><input type="radio" id="delete_option1" name="delete_option[<?php echo $user->ID; ?>]" value="reassign" />
+                                <?php echo __( 'Attribute all posts and links to:' ) . '</label>'; ?>
+                                <?php wp_dropdown_users( array( 'exclude' => array_diff( $users, array( $user->ID ) ) ) ); ?></li>
+                        </ul></fieldset>
+                        <?php
+                }
+        }
+        echo '</ul>';
+
+        switch ( $action ) {
+        case 'delete':
+                echo '<input type="hidden" name="action" value="dodelete" />';
+                submit_button( __('Confirm Deletion'), 'secondary' );
+                break;
+        case 'remove':
+                echo '<input type="hidden" name="action" value="doremove" />';
+                submit_button( __('Confirm Removal'), 'secondary' );
+                break;
+        }
+?>
+</form>
+</div>
+<?php 
+}
+
 switch ( $wp_list_table->current_action() ) {
 
 /* Bulk Dropdown menu Role changes */
@@ -95 +176 @@
         }
 
         if ( ! current_user_can( 'delete_users' ) )
-                wp_die(__('You can&#8217;t delete users.'));
+                wp_die( __('You can&#8217;t delete users.') );
 
         $userids = $_REQUEST['users'];
         $update = 'del';
@@ -105 +186 @@
                 $id = (int) $id;
 
                 if ( ! current_user_can( 'delete_user', $id ) )
-                        wp_die(__( 'You can&#8217;t delete that user.' ) );
+                        wp_die( __('You can&#8217;t delete that user.') );
 
                 if ( $id == $current_user->ID ) {
                         $update = 'err_admin_del';
                         continue;
                 }
-                switch ( $_REQUEST['delete_option'] ) {
+
+                switch ( $_REQUEST['delete_option'][$id] ) {
                 case 'delete':
-                        if ( current_user_can('delete_user', $id) )
-                                wp_delete_user($id);
+                        wp_delete_user( $id );
                         break;
                 case 'reassign':
-                        if ( current_user_can('delete_user', $id) )
-                                wp_delete_user($id, $_REQUEST['reassign_user']);
+                        wp_delete_user( $id, $_REQUEST['user'] );
                         break;
                 }
                 ++$delete_count;
@@ -142 +222 @@
         }
 
         if ( ! current_user_can( 'delete_users' ) )
-                $errors = new WP_Error( 'edit_users', __( 'You can&#8217;t delete users.' ) );
+                $errors = new WP_Error( 'edit_users', __('You can&#8217;t delete users.') );
 
         if ( empty($_REQUEST['users']) )
-                $userids = array(intval($_REQUEST['user']));
+                $userids = array( intval($_REQUEST['user']) );
         else
                 $userids = $_REQUEST['users'];
 
-        include ('admin-header.php');
-?>
-<form action="" method="post" name="updateusers" id="updateusers">
-<?php wp_nonce_field('delete-users') ?>
-<?php echo $referer; ?>
+        include( 'admin-header.php' );
+        confirm_remove_users( $userids, 'delete' );
 
-<div class="wrap">
-<?php screen_icon(); ?>
-<h2><?php _e('Delete Users'); ?></h2>
-<p><?php _e('You have specified these users for deletion:'); ?></p>
-<ul>
-<?php
-        $go_delete = false;
-        foreach ( (array) $userids as $id ) {
-                $id = (int) $id;
-                $user = new WP_User($id);
-                if ( $id == $current_user->ID ) {
-                        echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
-                } else {
-                        echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
-                        $go_delete = true;
-                }
-        }
-        ?>
-        </ul>
-<?php if ( $go_delete ) : ?>
-        <fieldset><p><legend><?php _e('What should be done with posts and links owned by this user?'); ?></legend></p>
-        <ul style="list-style:none;">
-                <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" />
-                <?php _e('Delete all posts and links.'); ?></label></li>
-                <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />
-                <?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:').'</label>';
-                wp_dropdown_users( array( 'exclude' => array_diff( $userids, array($current_user->ID) ) ) ); ?></li>
-        </ul></fieldset>
-        <input type="hidden" name="action" value="dodelete" />
-        <?php submit_button( __('Confirm Deletion'), 'secondary' ); ?>
-<?php else : ?>
-        <p><?php _e('There are no valid users selected for deletion.'); ?></p>
-<?php endif; ?>
-</div>
-</form>
-<?php
-
 break;
 
 case 'doremove':
@@ -202 +242 @@
                 exit;
         }
 
-        if ( !current_user_can('remove_users')  )
-                die(__('You can&#8217;t remove users.'));
+        if ( ! current_user_can('remove_users')  )
+                die( __('You can&#8217;t remove users.') );
 
         $userids = $_REQUEST['users'];
 
         $update = 'remove';
-        foreach ( $userids as $id ) {
+        foreach ( (array) $userids as $id ) {
                 $id = (int) $id;
-                if ( $id == $current_user->id && !is_super_admin() ) {
-                        $update = 'err_admin_remove';
+
+                if ( ! current_user_can('remove_user', $id) ) {
+                        wp_die( __('You can&#8217;t remove that user.') );
                         continue;
                 }
-                if ( !current_user_can('remove_user', $id) ) {
+
+                if ( $id == $current_user->id && !is_super_admin() ) {
                         $update = 'err_admin_remove';
                         continue;
                 }
-                remove_user_from_blog($id, $blog_id);
+
+                switch ( $_REQUEST['delete_option'][$id] ) {
+                case 'delete':
+                        remove_user_from_blog( $id, $blog_id );
+                        break;
+                case 'reassign':
+                        remove_user_from_blog( $id, $blog_id, $_REQUEST['user'] );
+                        break;
+                }
         }
 
         $redirect = add_query_arg( array('update' => $update), $redirect);
@@ -236 +286 @@
                 exit();
         }
 
-        if ( !current_user_can('remove_users') )
-                $error = new WP_Error('edit_users', __('You can&#8217;t remove users.'));
+        if ( !current_user_can( 'remove_users' ) )
+                $error = new WP_Error( 'edit_users', __('You can&#8217;t remove users.') );
 
         if ( empty($_REQUEST['users']) )
-                $userids = array(intval($_REQUEST['user']));
+                $userids = array( intval($_REQUEST['user']) );
         else
                 $userids = $_REQUEST['users'];
 
-        include ('admin-header.php');
-?>
-<form action="" method="post" name="updateusers" id="updateusers">
-<?php wp_nonce_field('remove-users') ?>
-<?php echo $referer; ?>
+        include( 'admin-header.php' );
+        confirm_remove_users( $userids, 'remove' );
 
-<div class="wrap">
-<?php screen_icon(); ?>
-<h2><?php _e('Remove Users from Site'); ?></h2>
-<p><?php _e('You have specified these users for removal:'); ?></p>
-<ul>
-<?php
-        $go_remove = false;
-        foreach ( $userids as $id ) {
-                $id = (int) $id;
-                $user = new WP_User($id);
-                if ( $id == $current_user->id && !is_super_admin() ) {
-                        echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n";
-                } elseif ( !current_user_can('remove_user', $id) ) {
-                        echo "<li>" . sprintf(__('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $id, $user->user_login) . "</li>\n";
-                } else {
-                        echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";
-                        $go_remove = true;
-                }
-        }
-        ?>
-<?php if ( $go_remove ) : ?>
-                <input type="hidden" name="action" value="doremove" />
-                <?php submit_button( __('Confirm Removal'), 'secondary' ); ?>
-<?php else : ?>
-        <p><?php _e('There are no valid users selected for removal.'); ?></p>
-<?php endif; ?>
-</div>
-</form>
-<?php
-
 break;
 
 default: