Ticket #15855: 15855.3.patch
File 15855.3.patch, 12.6 KB (added by , 14 years ago) |
---|
-
wp-admin/includes/user.php
380 380 echo '</p></div>'; 381 381 } 382 382 383 /** 384 * Confirm users deletion or removal from current site. 385 * 386 * @since 3.1.0 387 * 388 * @param array $users User IDs. 389 * @param string action Optional. 'remove' or 'delete'. 390 * @return null 391 */ 392 function _confirm_remove_users( $users, $action = 'remove' ) { 393 global $referer; 394 395 $current_user = wp_get_current_user(); 396 if ( !is_array( $users ) ) 397 return false; 383 398 ?> 399 <div class="wrap"> 400 <form action="" method="post" name="updateusers" id="updateusers"> 401 <?php 402 wp_nonce_field('bulk-users'); 403 if ( !empty($_REQUEST['id']) ) 404 echo ' <input type="hidden" name="id" value="' . esc_attr( $_REQUEST['id'] ) . '" />'; 405 echo $referer; 406 screen_icon('users'); 407 408 switch ( $action ) { 409 case 'delete': 410 echo '<h2>' . __( 'Delete Users' ) . '</h2>'; 411 echo '<p>' . __( 'Transfer or delete posts and links before deleting users.' ) . '</p>'; 412 break; 413 case 'remove': 414 echo '<h2>' . __( 'Remove Users from Site' ) . '</h2>'; 415 echo '<p>' . __( 'Transfer or delete posts and links before removing users.' ) . '</p>'; 416 break; 417 } 418 419 echo '<ul>'; 420 $counter = 0; 421 foreach ( (array) $users as $user_id ) { 422 $user = new WP_User($user_id); 423 $proceed = false; 424 425 switch ( $action ) { 426 case 'delete': 427 if ( $user_id == $current_user->ID ) 428 echo '<li>' . sprintf( __('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $user_id, $user->user_login ) . '</li>'; 429 elseif ( !current_user_can('delete_user', $user_id) ) 430 echo '<li>' . sprintf( __('ID #%1s: %2s <strong>You don\'t have permission to delete this user.</strong>'), $user_id, $user->user_login ) . '</li>'; 431 else 432 $proceed = true; 433 break; 434 case 'remove': 435 if ( $user_id == $current_user->id && ! is_super_admin() ) 436 echo '<li>' . sprintf( __('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $user_id, $user->user_login ) . '</li>'; 437 elseif ( !current_user_can('remove_user', $user_id) ) 438 echo '<li>' . sprintf( __('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $user_id, $user->user_login ) . '</li>'; 439 else 440 $proceed = true; 441 break; 442 } 443 444 if ( $proceed ) { 445 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr( $user_id ) . "\" />" . sprintf( __('ID #%1s: %2s'), $user_id, $user->user_login ) . "</li>\n"; 446 ?> 447 <fieldset><p><legend><?php printf( __( "What should be done with posts and links owned by <em>%s</em>?" ), $user->user_login ); ?></legend></p> 448 <ul style="list-style:none;"> 449 <li><label><input type="radio" id="delete_option0" name="delete_option[<?php echo $user->ID; ?>]" value="delete" checked="checked" /> 450 <?php _e( 'Delete all posts and links.' ); ?></label></li> 451 <li><label><input type="radio" id="delete_option1" name="delete_option[<?php echo $user->ID; ?>]" value="reassign" /> 452 <?php echo __( 'Attribute all posts and links to:' ) . '</label>'; ?> 453 <?php wp_dropdown_users( array( 454 'exclude' => array_diff( $users, array( $user->ID ) ), 455 'id' => "reassign{$counter}", 456 'name' => "reassign[{$user->ID}]" ) ); ?></li> 457 </ul></fieldset> 458 <?php 459 $counter++; 460 } 461 } 462 echo '</ul>'; 463 464 switch ( $action ) { 465 case 'delete': 466 echo '<input type="hidden" name="action" value="dodelete" />'; 467 submit_button( __('Confirm Deletion'), 'secondary' ); 468 break; 469 case 'remove': 470 echo '<input type="hidden" name="action" value="doremove" />'; 471 submit_button( __('Confirm Removal'), 'secondary' ); 472 break; 473 } 474 ?> 475 </form> 476 </div> 477 <?php 478 } 479 480 ?> -
wp-admin/network/site-users.php
55 55 } 56 56 $default_role = get_blog_option( $id, 'default_role' ); 57 57 58 $referer = remove_query_arg( 'action', wp_get_referer() ); 59 58 60 $action = $wp_list_table->current_action(); 59 61 60 62 if ( $action ) { … … 100 102 } 101 103 break; 102 104 103 case ' remove':105 case 'doremove': 104 106 if ( !current_user_can('remove_users') ) 105 die( __('You can’t remove users.'));107 die( __('You can’t remove users.') ); 106 108 check_admin_referer( 'bulk-users' ); 107 109 108 110 $update = 'remove'; 109 111 if ( isset( $_REQUEST['users'] ) ) { 110 112 $userids = $_REQUEST['users']; 111 113 112 114 foreach ( $userids as $user_id ) { 113 115 $user_id = (int) $user_id; 116 switch ( $_REQUEST['delete_option'][$user_id] ) { 117 case 'delete': 118 remove_user_from_blog( $user_id, $id ); 119 break; 120 case 'reassign': 121 remove_user_from_blog( $user_id, $id, $_REQUEST['reassign'][$user_id] ); 122 break; 123 } 124 } 125 } elseif ( isset( $_GET['user'] ) ) { 126 $user_id = $_GET['user']; 127 128 switch ( $_REQUEST['delete_option'][$user_id] ) { 129 case 'delete': 114 130 remove_user_from_blog( $user_id, $id ); 131 break; 132 case 'reassign': 133 remove_user_from_blog( $user_id, $id, $_REQUEST['reassign'][$user_id] ); 134 break; 115 135 } 116 } elseif ( isset( $_GET['user'] ) ) {117 remove_user_from_blog( $_GET['user'] );118 136 } else { 119 137 $update = 'err_remove'; 120 138 } 139 $referer = add_query_arg( 'id', $id, $referer ); 121 140 break; 122 141 142 case 'remove': 143 if ( !current_user_can('remove_users') ) 144 die( __('You can’t remove users.') ); 145 146 if ( empty($_REQUEST['users']) ) 147 $userids = array( intval($_REQUEST['user']) ); 148 else 149 $userids = $_REQUEST['users']; 150 151 require_once( '../admin-header.php' ); 152 _confirm_remove_users( $userids ); 153 require_once( '../admin-footer.php' ); 154 exit(); 155 break; 156 123 157 case 'promote': 124 158 check_admin_referer( 'bulk-users' ); 125 159 $editable_roles = get_editable_roles(); … … 146 180 } 147 181 148 182 restore_current_blog(); 149 wp_redirect( add_query_arg( 'update', $update, wp_get_referer()) );183 wp_redirect( add_query_arg( 'update', $update, $referer ) ); 150 184 exit(); 151 185 } 152 186 -
wp-admin/users.php
87 87 if ( is_multisite() ) 88 88 wp_die( __('User deletion is not allowed from this screen.') ); 89 89 90 check_admin_referer(' delete-users');90 check_admin_referer('bulk-users'); 91 91 92 92 if ( empty($_REQUEST['users']) ) { 93 93 wp_redirect($redirect); … … 95 95 } 96 96 97 97 if ( ! current_user_can( 'delete_users' ) ) 98 wp_die( __('You can’t delete users.'));98 wp_die( __('You can’t delete users.') ); 99 99 100 100 $userids = $_REQUEST['users']; 101 101 $update = 'del'; … … 105 105 $id = (int) $id; 106 106 107 107 if ( ! current_user_can( 'delete_user', $id ) ) 108 wp_die( __( 'You can’t delete that user.') );108 wp_die( __('You can’t delete that user.') ); 109 109 110 110 if ( $id == $current_user->ID ) { 111 111 $update = 'err_admin_del'; 112 112 continue; 113 113 } 114 switch ( $_REQUEST['delete_option'] ) { 114 115 switch ( $_REQUEST['delete_option'][$id] ) { 115 116 case 'delete': 116 if ( current_user_can('delete_user', $id) ) 117 wp_delete_user($id); 117 wp_delete_user( $id ); 118 118 break; 119 119 case 'reassign': 120 if ( current_user_can('delete_user', $id) ) 121 wp_delete_user($id, $_REQUEST['reassign_user']); 120 wp_delete_user( $id, $_REQUEST['reassign'][$id] ); 122 121 break; 123 122 } 124 123 ++$delete_count; … … 142 141 } 143 142 144 143 if ( ! current_user_can( 'delete_users' ) ) 145 $errors = new WP_Error( 'edit_users', __( 'You can’t delete users.') );144 $errors = new WP_Error( 'edit_users', __('You can’t delete users.') ); 146 145 147 146 if ( empty($_REQUEST['users']) ) 148 $userids = array( intval($_REQUEST['user']));147 $userids = array( intval($_REQUEST['user']) ); 149 148 else 150 149 $userids = $_REQUEST['users']; 151 150 152 include ('admin-header.php'); 153 ?> 154 <form action="" method="post" name="updateusers" id="updateusers"> 155 <?php wp_nonce_field('delete-users') ?> 156 <?php echo $referer; ?> 151 include( 'admin-header.php' ); 152 _confirm_remove_users( $userids, 'delete' ); 157 153 158 <div class="wrap">159 <?php screen_icon(); ?>160 <h2><?php _e('Delete Users'); ?></h2>161 <p><?php _e('You have specified these users for deletion:'); ?></p>162 <ul>163 <?php164 $go_delete = false;165 foreach ( (array) $userids as $id ) {166 $id = (int) $id;167 $user = new WP_User($id);168 if ( $id == $current_user->ID ) {169 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";170 } else {171 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";172 $go_delete = true;173 }174 }175 ?>176 </ul>177 <?php if ( $go_delete ) : ?>178 <fieldset><p><legend><?php _e('What should be done with posts and links owned by this user?'); ?></legend></p>179 <ul style="list-style:none;">180 <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" />181 <?php _e('Delete all posts and links.'); ?></label></li>182 <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />183 <?php echo '<label for="delete_option1">'.__('Attribute all posts and links to:').'</label>';184 wp_dropdown_users( array( 'exclude' => array_diff( $userids, array($current_user->ID) ) ) ); ?></li>185 </ul></fieldset>186 <input type="hidden" name="action" value="dodelete" />187 <?php submit_button( __('Confirm Deletion'), 'secondary' ); ?>188 <?php else : ?>189 <p><?php _e('There are no valid users selected for deletion.'); ?></p>190 <?php endif; ?>191 </div>192 </form>193 <?php194 195 154 break; 196 155 197 156 case 'doremove': 198 check_admin_referer(' remove-users');157 check_admin_referer('bulk-users'); 199 158 200 159 if ( empty($_REQUEST['users']) ) { 201 160 wp_redirect($redirect); 202 161 exit; 203 162 } 204 163 205 if ( ! current_user_can('remove_users') )206 die( __('You can’t remove users.'));164 if ( ! current_user_can('remove_users') ) 165 die( __('You can’t remove users.') ); 207 166 208 167 $userids = $_REQUEST['users']; 209 168 210 169 $update = 'remove'; 211 foreach ( $userids as $id ) {170 foreach ( (array) $userids as $id ) { 212 171 $id = (int) $id; 213 if ( $id == $current_user->id && !is_super_admin() ) { 214 $update = 'err_admin_remove'; 172 173 if ( ! current_user_can('remove_user', $id) ) { 174 wp_die( __('You can’t remove that user.') ); 215 175 continue; 216 176 } 217 if ( !current_user_can('remove_user', $id) ) { 177 178 if ( $id == $current_user->id && !is_super_admin() ) { 218 179 $update = 'err_admin_remove'; 219 180 continue; 220 181 } 221 remove_user_from_blog($id, $blog_id); 182 183 switch ( $_REQUEST['delete_option'][$id] ) { 184 case 'delete': 185 remove_user_from_blog( $id, $blog_id ); 186 break; 187 case 'reassign': 188 remove_user_from_blog( $id, $blog_id, $_REQUEST['reassign'][$id] ); 189 break; 190 } 222 191 } 223 192 224 193 $redirect = add_query_arg( array('update' => $update), $redirect); … … 236 205 exit(); 237 206 } 238 207 239 if ( !current_user_can( 'remove_users') )240 $error = new WP_Error( 'edit_users', __('You can’t remove users.'));208 if ( !current_user_can( 'remove_users' ) ) 209 $error = new WP_Error( 'edit_users', __('You can’t remove users.') ); 241 210 242 211 if ( empty($_REQUEST['users']) ) 243 $userids = array( intval($_REQUEST['user']));212 $userids = array( intval($_REQUEST['user']) ); 244 213 else 245 214 $userids = $_REQUEST['users']; 246 215 247 include ('admin-header.php'); 248 ?> 249 <form action="" method="post" name="updateusers" id="updateusers"> 250 <?php wp_nonce_field('remove-users') ?> 251 <?php echo $referer; ?> 216 include( 'admin-header.php' ); 217 _confirm_remove_users( $userids, 'remove' ); 252 218 253 <div class="wrap">254 <?php screen_icon(); ?>255 <h2><?php _e('Remove Users from Site'); ?></h2>256 <p><?php _e('You have specified these users for removal:'); ?></p>257 <ul>258 <?php259 $go_remove = false;260 foreach ( $userids as $id ) {261 $id = (int) $id;262 $user = new WP_User($id);263 if ( $id == $current_user->id && !is_super_admin() ) {264 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>The current user will not be removed.</strong>'), $id, $user->user_login) . "</li>\n";265 } elseif ( !current_user_can('remove_user', $id) ) {266 echo "<li>" . sprintf(__('ID #%1s: %2s <strong>You don\'t have permission to remove this user.</strong>'), $id, $user->user_login) . "</li>\n";267 } else {268 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1s: %2s'), $id, $user->user_login) . "</li>\n";269 $go_remove = true;270 }271 }272 ?>273 <?php if ( $go_remove ) : ?>274 <input type="hidden" name="action" value="doremove" />275 <?php submit_button( __('Confirm Removal'), 'secondary' ); ?>276 <?php else : ?>277 <p><?php _e('There are no valid users selected for removal.'); ?></p>278 <?php endif; ?>279 </div>280 </form>281 <?php282 283 219 break; 284 220 285 221 default: