WordPress.org

Make WordPress Core

Ticket #16860: 16860.patch

File 16860.patch, 3.6 KB (added by chriscct7, 5 years ago)

Removed rogue line remove in the media-upload.php file from combined patch (the media-upload.php file was otherwise untouched by the patch)

  • src/wp-admin/user-new.php

     
    7070        if ( ( $username != null && !is_super_admin( $user_id ) ) && ( array_key_exists($blog_id, get_blogs_of_user($user_id)) ) ) {
    7171                $redirect = add_query_arg( array('update' => 'addexisting'), 'user-new.php' );
    7272        } else {
    73                 if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
     73                if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
    7474                        add_existing_user_to_blog( array( 'user_id' => $user_id, 'role' => $_REQUEST[ 'role' ] ) );
    7575                        $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
    7676                } else {
     
    127127                         * @param string $user_login The sanitized username.
    128128                         */
    129129                        $new_user_login = apply_filters( 'pre_user_login', sanitize_user( wp_unslash( $_REQUEST['user_login'] ), true ) );
    130                         if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
     130                        if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
    131131                                add_filter( 'wpmu_signup_user_notification', '__return_false' ); // Disable confirmation email
    132132                                add_filter( 'wpmu_welcome_user_notification', '__return_false' ); // Disable welcome email
    133133                        }
    134134                        wpmu_signup_user( $new_user_login, $new_user_email, array( 'add_to_blog' => $wpdb->blogid, 'new_role' => $_REQUEST['role'] ) );
    135                         if ( isset( $_POST[ 'noconfirmation' ] ) && is_super_admin() ) {
     135                        if ( isset( $_POST[ 'noconfirmation' ] ) && current_user_can( 'manage_network_users' ) ) {
    136136                                $key = $wpdb->get_var( $wpdb->prepare( "SELECT activation_key FROM {$wpdb->signups} WHERE user_login = %s AND user_email = %s", $new_user_login, $new_user_email ) );
    137137                                wpmu_activate_signup( $key );
    138138                                $redirect = add_query_arg( array('update' => 'addnoconfirmation'), 'user-new.php' );
     
    308308                        </select>
    309309                </td>
    310310        </tr>
    311 <?php if ( is_super_admin() ) { ?>
     311<?php if ( current_user_can( 'manage_network_users' ) ) { ?>
    312312        <tr>
    313313                <th scope="row"><label for="adduser-noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
    314314                <td><label for="adduser-noconfirmation"><input type="checkbox" name="noconfirmation" id="adduser-noconfirmation" value="1" /> <?php _e( 'Add the user without sending an email that requires their confirmation.' ); ?></label></td>
     
    445445                        </select>
    446446                </td>
    447447        </tr>
    448         <?php if ( is_multisite() && is_super_admin() ) { ?>
     448        <?php if ( is_multisite() && current_user_can( 'manage_network_users' ) ) { ?>
    449449        <tr>
    450450                <th scope="row"><label for="noconfirmation"><?php _e('Skip Confirmation Email') ?></label></th>
    451451                <td><label for="noconfirmation"><input type="checkbox" name="noconfirmation" id="noconfirmation" value="1" <?php checked( $new_user_ignore_pass ); ?> /> <?php _e( 'Add the user without sending an email that requires their confirmation.' ); ?></label></td>
  • src/wp-includes/capabilities.php

     
    11351135                if ( 'edit_user' == $cap && isset( $args[0] ) && $user_id == $args[0] )
    11361136                        break;
    11371137
    1138                 // If multisite these caps are allowed only for super admins.
    1139                 if ( is_multisite() && !is_super_admin( $user_id ) )
     1138                // If multisite these caps are allowed only if user can manage_network_users.
     1139                if ( is_multisite() && !user_can( $user_id, 'manage_network_users' ) )
    11401140                        $caps[] = 'do_not_allow';
    11411141                else
    11421142                        $caps[] = 'edit_users'; // edit_user maps to edit_users.