Ticket #20774: 20774.noquicklinks.diff

wp-admin/network/users.php

@@ -88 +88 @@
 
 if ( isset( $_GET['action'] ) ) {
         do_action( 'wpmuadminedit' , '' );
+        
+        $mark_sites_for_spam_user = apply_filters( 'mark_sites_for_spam_user' , false , $val );
 
         switch ( $_GET['action'] ) {
+
                 case 'deleteuser':
                         if ( ! current_user_can( 'manage_network_users' ) )
                                 wp_die( __( 'You do not have permission to access this page.' ) );
-
                         check_admin_referer( 'deleteuser' );
 
                         $id = intval( $_GET['id'] );
@@ -111 +113 @@
                         }
                         exit();
                 break;
+                
+                case 'spamuser':
+                        
+                        if ( ! current_user_can( 'edit_users' ) ) 
+                                wp_die( __( 'You do not have permission to access this page.' ) ); 
+                        check_admin_referer( 'spamuser' );
+                        
+                        $id = intval( $_GET['id'] );                    
+                        $user = get_userdata( $id );
+                        if ( false === $user || is_super_admin( $user->ID ) ) 
+                                continue;
+                                
+                        $blogs = get_blogs_of_user( $id, true );
+                        if ( $mark_sites_for_spam_user ) {
+                        
+                                foreach ( (array) $blogs as $key => $details ) {
+                                        // do not mark main site
+                                        if ( $details->userblog_id == $current_site->blog_id )
+                                                continue;
+                                        // only if admin email is same as user
+                                        if (  $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) )
+                                                continue;
+                                        update_blog_status( $details->userblog_id, 'spam', '1' );
+                                }
+                        }
+                        update_user_status( $id, 'spam', '1' );
+                        wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
+                
+                break;
+                
+                case 'unspamuser' :     
+                        
+                        if ( ! current_user_can( 'edit_users' ) ) 
+                                wp_die( __( 'You do not have permission to access this page.' ) ); 
+                        check_admin_referer( 'unspamuser' );
+                        
+                        $id = intval( $_GET['id'] );
+                        $user = get_userdata( $id );
+                        if ( false === $user || is_super_admin( $user->ID ) ) 
+                                continue;
 
+                        update_user_status( $id, 'spam', '0' );
+                        wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) );
+
+                break;
+                
                 case 'allusers':
                         if ( !current_user_can( 'manage_network_users' ) )
                                 wp_die( __( 'You do not have permission to access this page.' ) );
@@ -123 +170 @@
                                 $userfunction = '';
 
                                 foreach ( (array) $_POST['allusers'] as $key => $val ) {
+                        
                                         if ( !empty( $val ) ) {
+                                
+                                                $user = get_userdata( intval( $val ) );
+
+                                                if ( false === $user || is_super_admin( $user->ID ) ) 
+                                                        continue;
+
                                                 switch ( $doaction ) {
                                                         case 'delete':
                                                                 if ( ! current_user_can( 'delete_users' ) )
@@ -139 +193 @@
                                                         break;
 
                                                         case 'spam':
-                                                                $user = get_userdata( $val );
-                                                                if ( is_super_admin( $user->ID ) )
-                                                                        wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) );
-
+                                                                if ( ! current_user_can( 'edit_users' ) ) 
+                                                                        wp_die( __( 'You do not have permission to access this page.' ) ); 
                                                                 $userfunction = 'all_spam';
                                                                 $blogs = get_blogs_of_user( $val, true );
-                                                                foreach ( (array) $blogs as $key => $details ) {
-                                                                        if ( $details->userblog_id != $current_site->blog_id ) // main blog not a spam !
+                                                                if ( $mark_sites_for_spam_user ) {
+                                                                        foreach ( (array) $blogs as $key => $details ) {
+                                                                                // do not mark main site
+                                                                                if ( $details->userblog_id == $current_site->blog_id )
+                                                                                        continue;
+                                                                                // only if admin email is same as user
+                                                                                if (  $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) )
+                                                                                        continue;
                                                                                 update_blog_status( $details->userblog_id, 'spam', '1' );
+                                                                        }
                                                                 }
                                                                 update_user_status( $val, 'spam', '1' );
                                                         break;
 
                                                         case 'notspam':
+                                                                if ( ! current_user_can( 'edit_users' ) ) 
+                                                                        wp_die( __( 'You do not have permission to access this page.' ) ); 
                                                                 $userfunction = 'all_notspam';
-                                                                $blogs = get_blogs_of_user( $val, true );
-                                                                foreach ( (array) $blogs as $key => $details )
-                                                                        update_blog_status( $details->userblog_id, 'spam', '0' );
 
                                                                 update_user_status( $val, 'spam', '0' );
                                                         break;