Ticket #16166: 16166.users-first-pass.diff
File 16166.users-first-pass.diff, 3.9 KB (added by , 14 years ago) |
---|
-
wp-admin/users.php
42 42 43 43 $update = ''; 44 44 45 switch ($wp_list_table->current_action() ) {45 if ( $doaction = $wp_list_table->current_action() ) { 46 46 47 switch ( $doaction ) { 48 47 49 /* Bulk Dropdown menu Role changes */ 48 50 case 'promote': 49 51 check_admin_referer('bulk-users'); 50 52 51 if ( empty($_REQUEST['users']) ) { 52 wp_redirect($redirect); 53 exit(); 54 } 53 if ( empty($_REQUEST['users']) ) 54 break; 55 55 56 56 $editable_roles = get_editable_roles(); 57 57 if ( empty( $editable_roles[$_REQUEST['new_role']] ) ) … … 65 65 if ( ! current_user_can('promote_user', $id) ) 66 66 wp_die(__('You can’t edit that user.')); 67 67 // The new role of the current user must also have promote_users caps 68 if ( $id == $current_user->ID && ! $wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {68 if ( $id == $current_user->ID && ! current_user_can('promote_users') ) { 69 69 $update = 'err_admin_role'; 70 70 continue; 71 71 } … … 78 78 $user->set_role($_REQUEST['new_role']); 79 79 } 80 80 81 wp_redirect(add_query_arg('update', $update, $redirect)); 82 exit(); 81 $redirect = add_query_arg( 'update', $update, $redirect ); 83 82 84 83 break; 85 84 … … 89 88 90 89 check_admin_referer('delete-users'); 91 90 92 if ( empty($_REQUEST['users']) ) { 93 wp_redirect($redirect); 94 exit(); 95 } 91 if ( empty($_REQUEST['users']) ) 92 break; 96 93 97 94 if ( ! current_user_can( 'delete_users' ) ) 98 95 wp_die(__('You can’t delete users.')); … … 125 122 } 126 123 127 124 $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect); 128 wp_redirect($redirect);129 exit();130 125 131 126 break; 132 127 … … 136 131 137 132 check_admin_referer('bulk-users'); 138 133 139 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 140 wp_redirect($redirect); 141 exit(); 142 } 134 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) 135 break; 143 136 144 137 if ( ! current_user_can( 'delete_users' ) ) 145 138 $errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) ); … … 149 142 else 150 143 $userids = $_REQUEST['users']; 151 144 145 $redirect = false; 146 152 147 include ('admin-header.php'); 153 148 ?> 154 149 <form action="" method="post" name="updateusers" id="updateusers"> … … 191 186 </div> 192 187 </form> 193 188 <?php 189 include('./admin-footer.php'); 194 190 195 191 break; 196 192 197 193 case 'doremove': 198 194 check_admin_referer('remove-users'); 199 195 200 if ( empty($_REQUEST['users']) ) { 201 wp_redirect($redirect); 202 exit; 203 } 196 if ( empty($_REQUEST['users']) ) 197 break; 204 198 205 199 if ( !current_user_can('remove_users') ) 206 200 die(__('You can’t remove users.')); … … 222 216 } 223 217 224 218 $redirect = add_query_arg( array('update' => $update), $redirect); 225 wp_redirect($redirect);226 exit;227 219 228 220 break; 229 221 … … 231 223 232 224 check_admin_referer('bulk-users'); 233 225 234 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 235 wp_redirect($redirect); 236 exit(); 237 } 226 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) 227 break; 238 228 239 229 if ( !current_user_can('remove_users') ) 240 230 $error = new WP_Error('edit_users', __('You can’t remove users.')); … … 244 234 else 245 235 $userids = $_REQUEST['users']; 246 236 237 $redirect = false; 238 247 239 include ('admin-header.php'); 248 240 ?> 249 241 <form action="" method="post" name="updateusers" id="updateusers"> … … 279 271 </div> 280 272 </form> 281 273 <?php 274 include('./admin-footer.php'); 282 275 283 276 break; 284 277 285 278 default: 286 279 287 if ( !empty($_GET['_wp_http_referer']) ) { 280 } // end of the $doaction switch 281 282 if ( $redirect ) 283 wp_redirect( $redirect ); 284 exit(); 285 286 } // end of the $doaction if 287 elseif ( !empty($_GET['_wp_http_referer']) ) { 288 288 wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); 289 289 exit; 290 290 } 291 291 292 292 $wp_list_table->prepare_items(); 293 293 … … 378 378 <br class="clear" /> 379 379 </div> 380 380 <?php 381 break;382 381 383 } // end of the $doaction switch384 385 382 include('./admin-footer.php');