Make WordPress Core


Ignore:
Timestamp:
10/10/2012 02:07:59 PM (12 years ago)
Author:
nacin
Message:

Force the user to explicitly choose between content deletion and reassignment when deleting users. props Dan Rivera, Ben Brooks, GhostToast. fixes #20045.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/users.php

    r21501 r22166  
    7676$update = '';
    7777
     78/**
     79 * @since 3.5.0
     80 * @access private
     81 */
     82function delete_users_add_js() { ?>
     83<script>
     84jQuery(document).ready( function($) {
     85    var submit = $('#submit').prop('disabled', true);
     86    $('input[name=delete_option]').one('change', function() {
     87        submit.prop('disabled', false);
     88    });
     89});
     90</script>
     91<?php
     92}
     93
    7894switch ( $wp_list_table->current_action() ) {
    7995
     
    132148    }
    133149
     150    $userids = array_map( 'intval', (array) $_REQUEST['users'] );
     151
     152    if ( empty( $_REQUEST['delete_option'] ) ) {
     153        $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $userids ) . '&error=true' );
     154        $url = str_replace( '&amp;', '&', wp_nonce_url( $url, 'bulk-users' ) );
     155        wp_redirect( $url );
     156        exit;
     157    }
     158
    134159    if ( ! current_user_can( 'delete_users' ) )
    135160        wp_die(__('You can&#8217;t delete users.'));
    136161
    137     $userids = $_REQUEST['users'];
    138162    $update = 'del';
    139163    $delete_count = 0;
    140164
    141     foreach ( (array) $userids as $id) {
    142         $id = (int) $id;
    143 
     165    foreach ( $userids as $id ) {
    144166        if ( ! current_user_can( 'delete_user', $id ) )
    145167            wp_die(__( 'You can&#8217;t delete that user.' ) );
     
    151173        switch ( $_REQUEST['delete_option'] ) {
    152174        case 'delete':
    153             if ( current_user_can('delete_user', $id) )
    154                 wp_delete_user($id);
     175            wp_delete_user( $id );
    155176            break;
    156177        case 'reassign':
    157             if ( current_user_can('delete_user', $id) )
    158                 wp_delete_user($id, $_REQUEST['reassign_user']);
     178            wp_delete_user( $id, $_REQUEST['reassign_user'] );
    159179            break;
    160180        }
     
    183203
    184204    if ( empty($_REQUEST['users']) )
    185         $userids = array(intval($_REQUEST['user']));
     205        $userids = array( intval( $_REQUEST['user'] ) );
    186206    else
    187         $userids = (array) $_REQUEST['users'];
     207        $userids = array_map( 'intval', (array) $_REQUEST['users'] );
     208
     209    add_action( 'admin_head', 'delete_users_add_js' );
    188210
    189211    include ('admin-header.php');
     
    196218<?php screen_icon(); ?>
    197219<h2><?php _e('Delete Users'); ?></h2>
     220<?php if ( isset( $_REQUEST['error'] ) ) : ?>
     221<div class="error">
     222    <p><strong><?php _e( 'ERROR:' ); ?></strong> <?php _e( 'Please select an option.' ); ?></p>
     223</div>
     224<?php endif; ?>
    198225<p><?php echo _n( 'You have specified this user for deletion:', 'You have specified these users for deletion:', count( $userids ) ); ?></p>
    199226<ul>
     
    201228    $go_delete = 0;
    202229    foreach ( $userids as $id ) {
    203         $id = (int) $id;
    204230        $user = get_userdata( $id );
    205231        if ( $id == $current_user->ID ) {
     
    215241    <fieldset><p><legend><?php echo _n( 'What should be done with posts owned by this user?', 'What should be done with posts owned by these users?', $go_delete ); ?></legend></p>
    216242    <ul style="list-style:none;">
    217         <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" checked="checked" />
     243        <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" />
    218244        <?php _e('Delete all posts.'); ?></label></li>
    219245        <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />
    220         <?php echo '<label for="delete_option1">'.__('Attribute all posts to:').'</label>';
     246        <?php echo '<label for="delete_option1">' . __( 'Attribute all posts to:' ) . '</label> ';
    221247        wp_dropdown_users( array( 'name' => 'reassign_user', 'exclude' => array_diff( $userids, array($current_user->ID) ) ) ); ?></li>
    222248    </ul></fieldset>
Note: See TracChangeset for help on using the changeset viewer.