Changeset 17277
- Timestamp:
- 01/13/2011 12:50:35 AM (12 years ago)
- Location:
- trunk/wp-admin
- Files:
-
- 3 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/edit.php
r17276 r17277 39 39 40 40 if ( $doaction ) { 41 $wp_list_table->do_bulk_actions( $doaction ); 41 check_admin_referer('bulk-posts'); 42 43 $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() ); 44 $sendback = $wp_list_table->add_query_args( $sendback ); 45 if ( strpos($sendback, 'post.php') !== false ) 46 $sendback = admin_url($post_new_file); 47 48 if ( 'delete_all' == $doaction ) { 49 $post_status = preg_replace('/[^a-z0-9_-]+/i', '', $_REQUEST['post_status']); 50 if ( get_post_status_object($post_status) ) // Check the post status exists first 51 $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_type=%s AND post_status = %s", $post_type, $post_status ) ); 52 $doaction = 'delete'; 53 } elseif ( isset( $_REQUEST['media'] ) ) { 54 $post_ids = $_REQUEST['media']; 55 } elseif ( isset( $_REQUEST['ids'] ) ) { 56 $post_ids = explode( ',', $_REQUEST['ids'] ); 57 } elseif ( !empty( $_REQUEST['post'] ) ) { 58 $post_ids = array_map('intval', $_REQUEST['post']); 59 } 60 61 if ( !isset( $post_ids ) ) { 62 wp_redirect( admin_url("edit.php?post_type=$post_type") ); 63 exit; 64 } 65 66 switch ( $doaction ) { 67 case 'trash': 68 $trashed = 0; 69 foreach( (array) $post_ids as $post_id ) { 70 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) 71 wp_die( __('You are not allowed to move this item to the Trash.') ); 72 73 if ( !wp_trash_post($post_id) ) 74 wp_die( __('Error in moving to Trash.') ); 75 76 $trashed++; 77 } 78 $sendback = add_query_arg( array('trashed' => $trashed, 'ids' => join(',', $post_ids) ), $sendback ); 79 break; 80 case 'untrash': 81 $untrashed = 0; 82 foreach( (array) $post_ids as $post_id ) { 83 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) 84 wp_die( __('You are not allowed to restore this item from the Trash.') ); 85 86 if ( !wp_untrash_post($post_id) ) 87 wp_die( __('Error in restoring from Trash.') ); 88 89 $untrashed++; 90 } 91 $sendback = add_query_arg('untrashed', $untrashed, $sendback); 92 break; 93 case 'delete': 94 $deleted = 0; 95 foreach( (array) $post_ids as $post_id ) { 96 $post_del = & get_post($post_id); 97 98 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) ) 99 wp_die( __('You are not allowed to delete this item.') ); 100 101 if ( $post_del->post_type == 'attachment' ) { 102 if ( ! wp_delete_attachment($post_id) ) 103 wp_die( __('Error in deleting...') ); 104 } else { 105 if ( !wp_delete_post($post_id) ) 106 wp_die( __('Error in deleting...') ); 107 } 108 $deleted++; 109 } 110 $sendback = add_query_arg('deleted', $deleted, $sendback); 111 break; 112 case 'edit': 113 $done = bulk_edit_posts($_REQUEST); 114 115 if ( is_array($done) ) { 116 $done['updated'] = count( $done['updated'] ); 117 $done['skipped'] = count( $done['skipped'] ); 118 $done['locked'] = count( $done['locked'] ); 119 $sendback = add_query_arg( $done, $sendback ); 120 } 121 break; 122 } 123 124 $sendback = remove_query_arg( array('action', 'action2', 'tags_input', 'post_author', 'comment_status', 'ping_status', '_status', 'post', 'bulk_edit', 'post_view'), $sendback ); 125 126 wp_redirect($sendback); 127 exit(); 42 128 } elseif ( ! empty($_REQUEST['_wp_http_referer']) ) { 43 129 wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) ); -
trunk/wp-admin/includes/class-wp-posts-list-table.php
r17276 r17277 1014 1014 <?php 1015 1015 } 1016 1017 function do_bulk_actions( $doaction = null ) {1018 if ( null === $doaction )1019 $doaction = $this->current_action();1020 1021 if ( ! $doaction )1022 return;1023 1024 check_admin_referer('bulk-posts');1025 1026 $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() );1027 if ( strpos($sendback, 'post.php') !== false )1028 $sendback = admin_url($post_new_file);1029 1030 if ( 'delete_all' == $doaction ) {1031 $post_status = preg_replace('/[^a-z0-9_-]+/i', '', $_REQUEST['post_status']);1032 if ( get_post_status_object($post_status) ) // Check the post status exists first1033 $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_type=%s AND post_status = %s", $post_type, $post_status ) );1034 $doaction = 'delete';1035 } elseif ( isset( $_REQUEST['media'] ) ) {1036 $post_ids = $_REQUEST['media'];1037 } elseif ( isset( $_REQUEST['ids'] ) ) {1038 $post_ids = explode( ',', $_REQUEST['ids'] );1039 } elseif ( !empty( $_REQUEST['post'] ) ) {1040 $post_ids = array_map('intval', $_REQUEST['post']);1041 }1042 1043 if ( !isset( $post_ids ) ) {1044 wp_redirect( admin_url("edit.php?post_type=$post_type") );1045 exit;1046 }1047 1048 switch ( $doaction ) {1049 case 'trash':1050 $trashed = 0;1051 foreach( (array) $post_ids as $post_id ) {1052 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )1053 wp_die( __('You are not allowed to move this item to the Trash.') );1054 1055 if ( !wp_trash_post($post_id) )1056 wp_die( __('Error in moving to Trash.') );1057 1058 $trashed++;1059 }1060 $sendback = add_query_arg( array('trashed' => $trashed, 'ids' => join(',', $post_ids) ), $sendback );1061 break;1062 case 'untrash':1063 $untrashed = 0;1064 foreach( (array) $post_ids as $post_id ) {1065 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )1066 wp_die( __('You are not allowed to restore this item from the Trash.') );1067 1068 if ( !wp_untrash_post($post_id) )1069 wp_die( __('Error in restoring from Trash.') );1070 1071 $untrashed++;1072 }1073 $sendback = add_query_arg('untrashed', $untrashed, $sendback);1074 break;1075 case 'delete':1076 $deleted = 0;1077 foreach( (array) $post_ids as $post_id ) {1078 $post_del = & get_post($post_id);1079 1080 if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )1081 wp_die( __('You are not allowed to delete this item.') );1082 1083 if ( $post_del->post_type == 'attachment' ) {1084 if ( ! wp_delete_attachment($post_id) )1085 wp_die( __('Error in deleting...') );1086 } else {1087 if ( !wp_delete_post($post_id) )1088 wp_die( __('Error in deleting...') );1089 }1090 $deleted++;1091 }1092 $sendback = add_query_arg('deleted', $deleted, $sendback);1093 break;1094 case 'edit':1095 $done = bulk_edit_posts($_REQUEST);1096 1097 if ( is_array($done) ) {1098 $done['updated'] = count( $done['updated'] );1099 $done['skipped'] = count( $done['skipped'] );1100 $done['locked'] = count( $done['locked'] );1101 $sendback = add_query_arg( $done, $sendback );1102 }1103 break;1104 default :1105 $sendback = apply_filters( "bulk_actions-posts-$doaction", $sendback, $doaction );1106 break;1107 }1108 1109 $sendback = remove_query_arg( array( 'action', 'action2', 'tags_input', 'post_author', 'comment_status', 'ping_status', '_status', 'post', 'bulk_edit', 'post_view' ), $sendback );1110 $sendback = $this->add_query_args( $sendback );1111 wp_redirect( $sendback );1112 exit();1113 }1114 1115 1016 } 1116 1017 -
trunk/wp-admin/users.php
r17275 r17277 43 43 $update = ''; 44 44 45 if ( $doaction = $wp_list_table->current_action() ) { 46 47 switch ( $doaction ) { 45 switch ( $wp_list_table->current_action() ) { 48 46 49 47 /* Bulk Dropdown menu Role changes */ … … 51 49 check_admin_referer('bulk-users'); 52 50 53 if ( empty($_REQUEST['users']) ) 54 break; 51 if ( empty($_REQUEST['users']) ) { 52 wp_redirect($redirect); 53 exit(); 54 } 55 55 56 56 $editable_roles = get_editable_roles(); … … 66 66 wp_die(__('You can’t edit that user.')); 67 67 // The new role of the current user must also have promote_users caps 68 if ( $id == $current_user->ID && ! current_user_can('promote_users') ) {68 if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) { 69 69 $update = 'err_admin_role'; 70 70 continue; … … 79 79 } 80 80 81 $redirect = add_query_arg( 'update', $update, $redirect ); 81 wp_redirect(add_query_arg('update', $update, $redirect)); 82 exit(); 82 83 83 84 break; … … 89 90 check_admin_referer('delete-users'); 90 91 91 if ( empty($_REQUEST['users']) ) 92 break; 92 if ( empty($_REQUEST['users']) ) { 93 wp_redirect($redirect); 94 exit(); 95 } 93 96 94 97 if ( ! current_user_can( 'delete_users' ) ) … … 123 126 124 127 $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect); 128 wp_redirect($redirect); 129 exit(); 125 130 126 131 break; … … 132 137 check_admin_referer('bulk-users'); 133 138 134 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) 135 break; 139 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 140 wp_redirect($redirect); 141 exit(); 142 } 136 143 137 144 if ( ! current_user_can( 'delete_users' ) ) … … 142 149 else 143 150 $userids = $_REQUEST['users']; 144 145 $redirect = false;146 151 147 152 include ('admin-header.php'); … … 187 192 </form> 188 193 <?php 189 include('./admin-footer.php');190 194 191 195 break; … … 194 198 check_admin_referer('remove-users'); 195 199 196 if ( empty($_REQUEST['users']) ) 197 break; 200 if ( empty($_REQUEST['users']) ) { 201 wp_redirect($redirect); 202 exit; 203 } 198 204 199 205 if ( !current_user_can('remove_users') ) … … 217 223 218 224 $redirect = add_query_arg( array('update' => $update), $redirect); 225 wp_redirect($redirect); 226 exit; 219 227 220 228 break; … … 224 232 check_admin_referer('bulk-users'); 225 233 226 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) 227 break; 234 if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { 235 wp_redirect($redirect); 236 exit(); 237 } 228 238 229 239 if ( !current_user_can('remove_users') ) … … 234 244 else 235 245 $userids = $_REQUEST['users']; 236 237 $redirect = false;238 246 239 247 include ('admin-header.php'); … … 272 280 </form> 273 281 <?php 274 include('./admin-footer.php');275 282 276 283 break; … … 278 285 default: 279 286 280 } // end of the $doaction switch 281 282 if ( $redirect ) 283 wp_redirect( $redirect ); 284 exit(); 285 286 } // end of the $doaction if 287 elseif ( !empty($_GET['_wp_http_referer']) ) { 287 if ( !empty($_GET['_wp_http_referer']) ) { 288 288 wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']))); 289 289 exit; 290 }290 } 291 291 292 292 $wp_list_table->prepare_items(); … … 379 379 </div> 380 380 <?php 381 break; 382 383 } // end of the $doaction switch 381 384 382 385 include('./admin-footer.php');
Note: See TracChangeset
for help on using the changeset viewer.