Ticket #15920: 15920.2.patch

wp-admin/network/edit.php

@@ -185 +185 @@
         break;
 
         case 'allblogs':
-                if ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) {
+                if ( ( isset( $_POST['doaction'] ) || isset( $_POST['doaction2'] ) ) && isset( $_POST['allblogs'] ) ) {
                         check_admin_referer( 'bulk-sites' );
 
                         if ( ! current_user_can( 'manage_sites' ) )
@@ -194 +194 @@
                         if ( $_GET['action'] != -1 || $_POST['action2'] != -1 )
                                 $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
 
+                        $blogfunction = '';
 
                         foreach ( (array) $_POST['allblogs'] as $key => $val ) {
                                 if ( $val != '0' && $val != $current_site->blog_id ) {
@@ -374 +375 @@
                 if ( !current_user_can( 'manage_network_users' ) )
                         wp_die( __( 'You do not have permission to access this page.' ) );
 
-                if ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) {
+                if ( ( isset( $_POST['doaction']) || isset($_POST['doaction2'] ) ) && isset( $_POST['allusers'] ) ) {
                         check_admin_referer( 'bulk-users-network' );
 
                         if ( $_GET['action'] != -1 || $_POST['action2'] != -1 )
                                 $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
 
+                        $userfunction = '';
+
                         foreach ( (array) $_POST['allusers'] as $key => $val ) {
                                 if ( !empty( $val ) ) {
                                         switch ( $doaction ) {