diff --git src/wp-admin/user-edit.php src/wp-admin/user-edit.php
index c5468cf937..6d6007a0f4 100644
|
|
|
$user_can_edit = current_user_can( 'edit_posts' ) || current_user_can( 'edit_pag |
| 94 | 94 | * @since 3.0.0 |
| 95 | 95 | * |
| 96 | 96 | * @param bool $allow Whether to allow editing of any user. Default true. |
| | 97 | * |
| | 98 | * @global wpdb $wpdb WordPress database abstraction object. |
| 97 | 99 | */ |
| | 100 | |
| | 101 | global $wpdb; |
| | 102 | |
| 98 | 103 | if ( is_multisite() |
| 99 | 104 | && ! current_user_can( 'manage_network_users' ) |
| 100 | 105 | && $user_id !== $current_user->ID |
| … |
… |
switch ( $action ) { |
| 262 | 267 | <?php endif; ?> |
| 263 | 268 | <p> |
| 264 | 269 | <input type="hidden" name="from" value="profile" /> |
| 265 | | <input type="hidden" name="checkuser_id" value="<?php echo get_current_user_id(); ?>" /> |
| | 270 | <input type="hidden" name="checkuser_id" value="<?php echo esc_attr( get_current_user_id() ); ?>" /> |
| 266 | 271 | </p> |
| 267 | 272 | |
| 268 | 273 | <h2><?php _e( 'Personal Options' ); ?></h2> |
| … |
… |
switch ( $action ) { |
| 504 | 509 | |
| 505 | 510 | ?> |
| 506 | 511 | <?php foreach ( $public_display as $id => $item ) : ?> |
| 507 | | <option <?php selected( $profile_user->display_name, $item ); ?>><?php echo $item; ?></option> |
| | 512 | <option <?php selected( $profile_user->display_name, $item ); ?>><?php echo esc_html( $item ); ?></option> |
| 508 | 513 | <?php endforeach; ?> |
| 509 | 514 | </select> |
| 510 | 515 | </td> |
| … |
… |
switch ( $action ) { |
| 552 | 557 | </tr> |
| 553 | 558 | |
| 554 | 559 | <?php foreach ( wp_get_user_contact_methods( $profile_user ) as $name => $desc ) : ?> |
| 555 | | <tr class="user-<?php echo $name; ?>-wrap"> |
| | 560 | <tr class="user-<?php echo esc_attr( $name ); ?>-wrap"> |
| 556 | 561 | <th> |
| 557 | | <label for="<?php echo $name; ?>"> |
| | 562 | <label for="<?php echo esc_attr( $name ); ?>"> |
| 558 | 563 | <?php |
| 559 | 564 | /** |
| 560 | 565 | * Filters a user contactmethod label. |
diff --git src/wp-admin/users.php src/wp-admin/users.php
index 2c635c543a..977d8fd9d7 100644
|
|
|
switch ( $wp_list_table->current_action() ) { |
| 307 | 307 | * |
| 308 | 308 | * @param bool $users_have_additional_content Whether the users have additional content. Default false. |
| 309 | 309 | * @param int[] $user_ids Array of IDs for users being deleted. |
| | 310 | * |
| | 311 | * @global wpdb $wpdb WordPress database abstraction object. |
| 310 | 312 | */ |
| | 313 | global $wpdb; |
| 311 | 314 | $users_have_content = (bool) apply_filters( 'users_have_additional_content', false, $user_ids ); |
| 312 | 315 | |
| 313 | 316 | if ( $user_ids && ! $users_have_content ) { |
| … |
… |
switch ( $wp_list_table->current_action() ) { |
| 507 | 510 | ?> |
| 508 | 511 | <form method="post" name="updateusers" id="updateusers"> |
| 509 | 512 | <?php wp_nonce_field( 'remove-users' ); ?> |
| 510 | | <?php echo $referer; ?> |
| | 513 | <?php echo esc_html( $referer ); ?> |
| 511 | 514 | |
| 512 | 515 | <div class="wrap"> |
| 513 | 516 | <h1><?php _e( 'Remove Users from Site' ); ?></h1> |
| … |
… |
switch ( $wp_list_table->current_action() ) { |
| 679 | 682 | |
| 680 | 683 | if ( ! empty( $messages ) ) { |
| 681 | 684 | foreach ( $messages as $msg ) { |
| 682 | | echo $msg; |
| | 685 | echo esc_html( $msg ); |
| 683 | 686 | } |
| 684 | 687 | } |
| 685 | 688 | ?> |