Make WordPress Core

Changeset 17275


Ignore:
Timestamp:
01/13/2011 12:22:53 AM (14 years ago)
Author:
nacin
Message:

Move wp_redirect calls to the end of the switch in users.php. Fix unrelated bug where the user's cap should be check, rather than their role's cap. see #16166.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/users.php

    r17069 r17275  
    4343$update = '';
    4444
    45 switch ( $wp_list_table->current_action() ) {
     45if ( $doaction = $wp_list_table->current_action() ) {
     46
     47switch ( $doaction ) {
    4648
    4749/* Bulk Dropdown menu Role changes */
     
    4951    check_admin_referer('bulk-users');
    5052
    51     if ( empty($_REQUEST['users']) ) {
    52         wp_redirect($redirect);
    53         exit();
    54     }
     53    if ( empty($_REQUEST['users']) )
     54        break;
    5555
    5656    $editable_roles = get_editable_roles();
     
    6666            wp_die(__('You can’t edit that user.'));
    6767        // The new role of the current user must also have promote_users caps
    68         if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
     68        if ( $id == $current_user->ID && ! current_user_can('promote_users') ) {
    6969            $update = 'err_admin_role';
    7070            continue;
     
    7979    }
    8080
    81     wp_redirect(add_query_arg('update', $update, $redirect));
    82     exit();
     81    $redirect = add_query_arg( 'update', $update, $redirect );
    8382
    8483break;
     
    9089    check_admin_referer('delete-users');
    9190
    92     if ( empty($_REQUEST['users']) ) {
    93         wp_redirect($redirect);
    94         exit();
    95     }
     91    if ( empty($_REQUEST['users']) )
     92        break;
    9693
    9794    if ( ! current_user_can( 'delete_users' ) )
     
    126123
    127124    $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect);
    128     wp_redirect($redirect);
    129     exit();
    130125
    131126break;
     
    137132    check_admin_referer('bulk-users');
    138133
    139     if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
    140         wp_redirect($redirect);
    141         exit();
    142     }
     134    if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) )
     135        break;
    143136
    144137    if ( ! current_user_can( 'delete_users' ) )
     
    149142    else
    150143        $userids = $_REQUEST['users'];
     144
     145    $redirect = false;
    151146
    152147    include ('admin-header.php');
     
    192187</form>
    193188<?php
     189include('./admin-footer.php');
    194190
    195191break;
     
    198194    check_admin_referer('remove-users');
    199195
    200     if ( empty($_REQUEST['users']) ) {
    201         wp_redirect($redirect);
    202         exit;
    203     }
     196    if ( empty($_REQUEST['users']) )
     197        break;
    204198
    205199    if ( !current_user_can('remove_users')  )
     
    223217
    224218    $redirect = add_query_arg( array('update' => $update), $redirect);
    225     wp_redirect($redirect);
    226     exit;
    227219
    228220break;
     
    232224    check_admin_referer('bulk-users');
    233225
    234     if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
    235         wp_redirect($redirect);
    236         exit();
    237     }
     226    if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) )
     227        break;
    238228
    239229    if ( !current_user_can('remove_users') )
     
    244234    else
    245235        $userids = $_REQUEST['users'];
     236
     237    $redirect = false;
    246238
    247239    include ('admin-header.php');
     
    280272</form>
    281273<?php
     274include('./admin-footer.php');
    282275
    283276break;
     
    285278default:
    286279
    287     if ( !empty($_GET['_wp_http_referer']) ) {
     280} // end of the $doaction switch
     281
     282    if ( $redirect )
     283        wp_redirect( $redirect );
     284    exit();
     285
     286} // end of the $doaction if
     287elseif ( !empty($_GET['_wp_http_referer']) ) {
    288288        wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
    289289        exit;
    290     }
     290}
    291291
    292292    $wp_list_table->prepare_items();
     
    379379</div>
    380380<?php
    381 break;
    382 
    383 } // end of the $doaction switch
    384381
    385382include('./admin-footer.php');
Note: See TracChangeset for help on using the changeset viewer.