Ticket #20774: 20774.last.diff
| File 20774.last.diff, 6.8 KB (added by , 7 years ago) |
|---|
-
wp-admin/includes/class-wp-ms-users-list-table.php
186 186 $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>'; 187 187 188 188 if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) { 189 if ( 0 == $user->spam ) 190 $actions['spamuser'] = '<span class="spam"><a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'spamuser' ) . '&action=spamuser&id=' . $user->ID ) ) ) . '" class="spam">' . __( 'Spam' ) . '</a></span>'; 191 else 192 $actions['unspamuser'] = '<span class="spam"><a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'unspamuser' ) . '&action=unspamuser&id=' . $user->ID ) ) ) . '" class="spam">' . __( 'Not Spam' ) . '</a></span>'; 189 193 $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&action=deleteuser&id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>'; 190 194 } 191 195 -
wp-admin/network/users.php
88 88 89 89 if ( isset( $_GET['action'] ) ) { 90 90 do_action( 'wpmuadminedit' , '' ); 91 92 $mark_sites_for_spam_user = apply_filters( 'mark_sites_for_spam_user' , false , $val ); 91 93 92 94 switch ( $_GET['action'] ) { 95 93 96 case 'deleteuser': 94 97 if ( ! current_user_can( 'manage_network_users' ) ) 95 98 wp_die( __( 'You do not have permission to access this page.' ) ); 96 97 99 check_admin_referer( 'deleteuser' ); 98 100 99 101 $id = intval( $_GET['id'] ); … … 111 113 } 112 114 exit(); 113 115 break; 116 117 case 'spamuser': 118 119 if ( ! current_user_can( 'edit_users' ) ) 120 wp_die( __( 'You do not have permission to access this page.' ) ); 121 check_admin_referer( 'spamuser' ); 122 123 $id = intval( $_GET['id'] ); 124 $user = get_userdata( $id ); 125 if ( false === $user || is_super_admin( $user->ID ) ) 126 continue; 127 128 $blogs = get_blogs_of_user( $id, true ); 129 if ( $mark_sites_for_spam_user ) { 130 131 foreach ( (array) $blogs as $key => $details ) { 132 // do not mark main site 133 if ( $details->userblog_id == $current_site->blog_id ) 134 continue; 135 // only if admin email is same as user 136 if ( $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) ) 137 continue; 138 update_blog_status( $details->userblog_id, 'spam', '1' ); 139 } 140 } 141 update_user_status( $id, 'spam', '1' ); 142 wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) ); 143 144 break; 145 146 case 'unspamuser' : 147 148 if ( ! current_user_can( 'edit_users' ) ) 149 wp_die( __( 'You do not have permission to access this page.' ) ); 150 check_admin_referer( 'unspamuser' ); 151 152 $id = intval( $_GET['id'] ); 153 $user = get_userdata( $id ); 154 if ( false === $user || is_super_admin( $user->ID ) ) 155 continue; 156 157 $blogs = get_blogs_of_user( $id, true ); 158 if ( $mark_sites_for_spam_user ) { 159 foreach ( (array) $blogs as $key => $details ) { 160 // do not mark main site 161 if ( $details->userblog_id == $current_site->blog_id ) 162 continue; 163 // only if admin email is same as user 164 if ( $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) ) 165 continue; 166 update_blog_status( $details->userblog_id, 'spam', '0' ); 167 } 168 } 169 update_user_status( $id, 'spam', '0' ); 170 wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) ); 114 171 172 break; 173 115 174 case 'allusers': 116 175 if ( !current_user_can( 'manage_network_users' ) ) 117 176 wp_die( __( 'You do not have permission to access this page.' ) ); … … 123 182 $userfunction = ''; 124 183 125 184 foreach ( (array) $_POST['allusers'] as $key => $val ) { 185 126 186 if ( !empty( $val ) ) { 187 188 $user = get_userdata( $val ); 189 190 if ( false === $user || is_super_admin( $user->ID ) ) 191 continue; 192 127 193 switch ( $doaction ) { 128 194 case 'delete': 129 195 if ( ! current_user_can( 'delete_users' ) ) … … 139 205 break; 140 206 141 207 case 'spam': 142 $user = get_userdata( $val ); 143 if ( is_super_admin( $user->ID ) ) 144 wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) ); 145 208 if ( ! current_user_can( 'edit_users' ) ) 209 wp_die( __( 'You do not have permission to access this page.' ) ); 146 210 $userfunction = 'all_spam'; 147 211 $blogs = get_blogs_of_user( $val, true ); 148 foreach ( (array) $blogs as $key => $details ) { 149 if ( $details->userblog_id != $current_site->blog_id ) // main blog not a spam ! 212 if ( $mark_sites_for_spam_user ) { 213 foreach ( (array) $blogs as $key => $details ) { 214 // do not mark main site 215 if ( $details->userblog_id == $current_site->blog_id ) 216 continue; 217 // only if admin email is same as user 218 if ( $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) ) 219 continue; 150 220 update_blog_status( $details->userblog_id, 'spam', '1' ); 221 } 151 222 } 152 223 update_user_status( $val, 'spam', '1' ); 153 224 break; 154 225 155 226 case 'notspam': 227 if ( ! current_user_can( 'edit_users' ) ) 228 wp_die( __( 'You do not have permission to access this page.' ) ); 156 229 $userfunction = 'all_notspam'; 157 230 $blogs = get_blogs_of_user( $val, true ); 158 foreach ( (array) $blogs as $key => $details ) 159 update_blog_status( $details->userblog_id, 'spam', '0' ); 160 231 if ( $mark_sites_for_spam_user ) { 232 foreach ( (array) $blogs as $key => $details ) { 233 // do not mark main site 234 if ( $details->userblog_id == $current_site->blog_id ) 235 continue; 236 // only if admin email is same as user 237 if ( $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) ) 238 continue; 239 update_blog_status( $details->userblog_id, 'spam', '0' ); 240 } 241 } 161 242 update_user_status( $val, 'spam', '0' ); 162 243 break; 163 244 }