Make WordPress Core


Ignore:
Timestamp:
11/30/2017 11:09:33 PM (7 years ago)
Author:
pento
Message:

Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/users.php

    r42228 r42343  
    1919}
    2020
    21 $wp_list_table = _get_list_table('WP_Users_List_Table');
    22 $pagenum = $wp_list_table->get_pagenum();
    23 $title = __('Users');
    24 $parent_file = 'users.php';
     21$wp_list_table = _get_list_table( 'WP_Users_List_Table' );
     22$pagenum       = $wp_list_table->get_pagenum();
     23$title         = __( 'Users' );
     24$parent_file   = 'users.php';
    2525
    2626add_screen_option( 'per_page' );
    2727
    2828// contextual help - choose Help on the top right of admin panel to preview this.
    29 get_current_screen()->add_help_tab( array(
    30     'id'      => 'overview',
    31     'title'   => __('Overview'),
    32     'content' => '<p>' . __('This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options in the dashboard navigation when they are logged in, based on their role.') . '</p>' .
    33                     '<p>' . __('To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.') . '</p>'
    34 ) ) ;
    35 
    36 get_current_screen()->add_help_tab( array(
    37     'id'      => 'screen-content',
    38     'title'   => __('Screen Content'),
    39     'content' => '<p>' . __('You can customize the display of this screen in a number of ways:') . '</p>' .
    40                     '<ul>' .
    41                     '<li>' . __('You can hide/display columns based on your needs and decide how many users to list per screen using the Screen Options tab.') . '</li>' .
    42                     '<li>' . __( 'You can filter the list of users by User Role using the text links above the users list to show All, Administrator, Editor, Author, Contributor, or Subscriber. The default view is to show all users. Unused User Roles are not listed.' ) . '</li>' .
    43                     '<li>' . __('You can view all posts made by a user by clicking on the number under the Posts column.') . '</li>' .
    44                     '</ul>'
    45 ) );
    46 
    47 $help = '<p>' . __('Hovering over a row in the users list will display action links that allow you to manage users. You can perform the following actions:') . '</p>' .
     29get_current_screen()->add_help_tab(
     30    array(
     31        'id'      => 'overview',
     32        'title'   => __( 'Overview' ),
     33        'content' => '<p>' . __( 'This screen lists all the existing users for your site. Each user has one of five defined roles as set by the site admin: Site Administrator, Editor, Author, Contributor, or Subscriber. Users with roles other than Administrator will see fewer options in the dashboard navigation when they are logged in, based on their role.' ) . '</p>' .
     34                        '<p>' . __( 'To add a new user for your site, click the Add New button at the top of the screen or Add New in the Users menu section.' ) . '</p>',
     35    )
     36);
     37
     38get_current_screen()->add_help_tab(
     39    array(
     40        'id'      => 'screen-content',
     41        'title'   => __( 'Screen Content' ),
     42        'content' => '<p>' . __( 'You can customize the display of this screen in a number of ways:' ) . '</p>' .
     43                        '<ul>' .
     44                        '<li>' . __( 'You can hide/display columns based on your needs and decide how many users to list per screen using the Screen Options tab.' ) . '</li>' .
     45                        '<li>' . __( 'You can filter the list of users by User Role using the text links above the users list to show All, Administrator, Editor, Author, Contributor, or Subscriber. The default view is to show all users. Unused User Roles are not listed.' ) . '</li>' .
     46                        '<li>' . __( 'You can view all posts made by a user by clicking on the number under the Posts column.' ) . '</li>' .
     47                        '</ul>',
     48    )
     49);
     50
     51$help = '<p>' . __( 'Hovering over a row in the users list will display action links that allow you to manage users. You can perform the following actions:' ) . '</p>' .
    4852    '<ul>' .
    49     '<li>' . __('<strong>Edit</strong> takes you to the editable profile screen for that user. You can also reach that screen by clicking on the username.') . '</li>';
    50 
    51 if ( is_multisite() )
     53    '<li>' . __( '<strong>Edit</strong> takes you to the editable profile screen for that user. You can also reach that screen by clicking on the username.' ) . '</li>';
     54
     55if ( is_multisite() ) {
    5256    $help .= '<li>' . __( '<strong>Remove</strong> allows you to remove a user from your site. It does not delete their content. You can also remove multiple users at once by using Bulk Actions.' ) . '</li>';
    53 else
     57} else {
    5458    $help .= '<li>' . __( '<strong>Delete</strong> brings you to the Delete Users screen for confirmation, where you can permanently remove a user from your site and delete their content. You can also delete multiple users at once by using Bulk Actions.' ) . '</li>';
     59}
    5560
    5661$help .= '</ul>';
    5762
    58 get_current_screen()->add_help_tab( array(
    59     'id'      => 'action-links',
    60     'title'   => __('Available Actions'),
    61     'content' => $help,
    62 ) );
     63get_current_screen()->add_help_tab(
     64    array(
     65        'id'      => 'action-links',
     66        'title'   => __( 'Available Actions' ),
     67        'content' => $help,
     68    )
     69);
    6370unset( $help );
    6471
    6572get_current_screen()->set_help_sidebar(
    66     '<p><strong>' . __('For more information:') . '</strong></p>' .
    67     '<p>' . __('<a href="https://codex.wordpress.org/Users_Screen">Documentation on Managing Users</a>') . '</p>' .
    68     '<p>' . __('<a href="https://codex.wordpress.org/Roles_and_Capabilities">Descriptions of Roles and Capabilities</a>') . '</p>' .
    69     '<p>' . __('<a href="https://wordpress.org/support/">Support Forums</a>') . '</p>'
     73    '<p><strong>' . __( 'For more information:' ) . '</strong></p>' .
     74    '<p>' . __( '<a href="https://codex.wordpress.org/Users_Screen">Documentation on Managing Users</a>' ) . '</p>' .
     75    '<p>' . __( '<a href="https://codex.wordpress.org/Roles_and_Capabilities">Descriptions of Roles and Capabilities</a>' ) . '</p>' .
     76    '<p>' . __( '<a href="https://wordpress.org/support/">Support Forums</a>' ) . '</p>'
    7077);
    7178
    72 get_current_screen()->set_screen_reader_content( array(
    73     'heading_views'      => __( 'Filter users list' ),
    74     'heading_pagination' => __( 'Users list navigation' ),
    75     'heading_list'       => __( 'Users list' ),
    76 ) );
    77 
    78 if ( empty($_REQUEST) ) {
    79     $referer = '<input type="hidden" name="wp_http_referer" value="'. esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
    80 } elseif ( isset($_REQUEST['wp_http_referer']) ) {
    81     $redirect = remove_query_arg(array('wp_http_referer', 'updated', 'delete_count'), wp_unslash( $_REQUEST['wp_http_referer'] ) );
    82     $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr($redirect) . '" />';
     79get_current_screen()->set_screen_reader_content(
     80    array(
     81        'heading_views'      => __( 'Filter users list' ),
     82        'heading_pagination' => __( 'Users list navigation' ),
     83        'heading_list'       => __( 'Users list' ),
     84    )
     85);
     86
     87if ( empty( $_REQUEST ) ) {
     88    $referer = '<input type="hidden" name="wp_http_referer" value="' . esc_attr( wp_unslash( $_SERVER['REQUEST_URI'] ) ) . '" />';
     89} elseif ( isset( $_REQUEST['wp_http_referer'] ) ) {
     90    $redirect = remove_query_arg( array( 'wp_http_referer', 'updated', 'delete_count' ), wp_unslash( $_REQUEST['wp_http_referer'] ) );
     91    $referer  = '<input type="hidden" name="wp_http_referer" value="' . esc_attr( $redirect ) . '" />';
    8392} else {
    8493    $redirect = 'users.php';
    85     $referer = '';
     94    $referer  = '';
    8695}
    8796
     
    9099switch ( $wp_list_table->current_action() ) {
    91100
    92 /* Bulk Dropdown menu Role changes */
    93 case 'promote':
    94     check_admin_referer('bulk-users');
    95 
    96     if ( ! current_user_can( 'promote_users' ) )
    97         wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
    98 
    99     if ( empty($_REQUEST['users']) ) {
    100         wp_redirect($redirect);
     101    /* Bulk Dropdown menu Role changes */
     102    case 'promote':
     103        check_admin_referer( 'bulk-users' );
     104
     105        if ( ! current_user_can( 'promote_users' ) ) {
     106            wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
     107        }
     108
     109        if ( empty( $_REQUEST['users'] ) ) {
     110            wp_redirect( $redirect );
     111            exit();
     112        }
     113
     114        $editable_roles = get_editable_roles();
     115        $role           = false;
     116        if ( ! empty( $_REQUEST['new_role2'] ) ) {
     117            $role = $_REQUEST['new_role2'];
     118        } elseif ( ! empty( $_REQUEST['new_role'] ) ) {
     119            $role = $_REQUEST['new_role'];
     120        }
     121
     122        if ( ! $role || empty( $editable_roles[ $role ] ) ) {
     123            wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
     124        }
     125
     126        $userids = $_REQUEST['users'];
     127        $update  = 'promote';
     128        foreach ( $userids as $id ) {
     129            $id = (int) $id;
     130
     131            if ( ! current_user_can( 'promote_user', $id ) ) {
     132                wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
     133            }
     134            // The new role of the current user must also have the promote_users cap or be a multisite super admin
     135            if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap( 'promote_users' )
     136            && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) {
     137                    $update = 'err_admin_role';
     138                    continue;
     139            }
     140
     141            // If the user doesn't already belong to the blog, bail.
     142            if ( is_multisite() && ! is_user_member_of_blog( $id ) ) {
     143                wp_die(
     144                    '<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
     145                    '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>',
     146                    403
     147                );
     148            }
     149
     150            $user = get_userdata( $id );
     151            $user->set_role( $role );
     152        }
     153
     154        wp_redirect( add_query_arg( 'update', $update, $redirect ) );
    101155        exit();
    102     }
    103 
    104     $editable_roles = get_editable_roles();
    105     $role = false;
    106     if ( ! empty( $_REQUEST['new_role2'] ) ) {
    107         $role = $_REQUEST['new_role2'];
    108     } elseif ( ! empty( $_REQUEST['new_role'] ) ) {
    109         $role = $_REQUEST['new_role'];
    110     }
    111 
    112     if ( ! $role || empty( $editable_roles[ $role ] ) ) {
    113         wp_die( __( 'Sorry, you are not allowed to give users that role.' ), 403 );
    114     }
    115 
    116     $userids = $_REQUEST['users'];
    117     $update = 'promote';
    118     foreach ( $userids as $id ) {
    119         $id = (int) $id;
    120 
    121         if ( ! current_user_can('promote_user', $id) )
    122             wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 );
    123         // The new role of the current user must also have the promote_users cap or be a multisite super admin
    124         if ( $id == $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap('promote_users')
    125             && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) {
    126                 $update = 'err_admin_role';
     156
     157    case 'dodelete':
     158        if ( is_multisite() ) {
     159            wp_die( __( 'User deletion is not allowed from this screen.' ), 400 );
     160        }
     161
     162        check_admin_referer( 'delete-users' );
     163
     164        if ( empty( $_REQUEST['users'] ) ) {
     165            wp_redirect( $redirect );
     166            exit();
     167        }
     168
     169        $userids = array_map( 'intval', (array) $_REQUEST['users'] );
     170
     171        if ( empty( $_REQUEST['delete_option'] ) ) {
     172            $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $userids ) . '&error=true' );
     173            $url = str_replace( '&amp;', '&', wp_nonce_url( $url, 'bulk-users' ) );
     174            wp_redirect( $url );
     175            exit;
     176        }
     177
     178        if ( ! current_user_can( 'delete_users' ) ) {
     179            wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
     180        }
     181
     182        $update       = 'del';
     183        $delete_count = 0;
     184
     185        foreach ( $userids as $id ) {
     186            if ( ! current_user_can( 'delete_user', $id ) ) {
     187                wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
     188            }
     189
     190            if ( $id == $current_user->ID ) {
     191                $update = 'err_admin_del';
    127192                continue;
    128         }
    129 
    130         // If the user doesn't already belong to the blog, bail.
    131         if ( is_multisite() && !is_user_member_of_blog( $id ) ) {
    132             wp_die(
    133                 '<h1>' . __( 'Cheatin&#8217; uh?' ) . '</h1>' .
    134                 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>',
    135                 403
    136             );
    137         }
    138 
    139         $user = get_userdata( $id );
    140         $user->set_role( $role );
    141     }
    142 
    143     wp_redirect(add_query_arg('update', $update, $redirect));
    144     exit();
    145 
    146 case 'dodelete':
    147     if ( is_multisite() )
    148         wp_die( __('User deletion is not allowed from this screen.'), 400 );
    149 
    150     check_admin_referer('delete-users');
    151 
    152     if ( empty($_REQUEST['users']) ) {
    153         wp_redirect($redirect);
     193            }
     194            switch ( $_REQUEST['delete_option'] ) {
     195                case 'delete':
     196                    wp_delete_user( $id );
     197                    break;
     198                case 'reassign':
     199                    wp_delete_user( $id, $_REQUEST['reassign_user'] );
     200                    break;
     201            }
     202            ++$delete_count;
     203        }
     204
     205        $redirect = add_query_arg(
     206            array(
     207                'delete_count' => $delete_count,
     208                'update'       => $update,
     209            ), $redirect
     210        );
     211        wp_redirect( $redirect );
    154212        exit();
    155     }
    156 
    157     $userids = array_map( 'intval', (array) $_REQUEST['users'] );
    158 
    159     if ( empty( $_REQUEST['delete_option'] ) ) {
    160         $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $userids ) . '&error=true' );
    161         $url = str_replace( '&amp;', '&', wp_nonce_url( $url, 'bulk-users' ) );
    162         wp_redirect( $url );
    163         exit;
    164     }
    165 
    166     if ( ! current_user_can( 'delete_users' ) )
    167         wp_die( __( 'Sorry, you are not allowed to delete users.' ), 403 );
    168 
    169     $update = 'del';
    170     $delete_count = 0;
    171 
    172     foreach ( $userids as $id ) {
    173         if ( ! current_user_can( 'delete_user', $id ) )
    174             wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 );
    175 
    176         if ( $id == $current_user->ID ) {
    177             $update = 'err_admin_del';
    178             continue;
    179         }
    180         switch ( $_REQUEST['delete_option'] ) {
    181         case 'delete':
    182             wp_delete_user( $id );
    183             break;
    184         case 'reassign':
    185             wp_delete_user( $id, $_REQUEST['reassign_user'] );
    186             break;
    187         }
    188         ++$delete_count;
    189     }
    190 
    191     $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect);
    192     wp_redirect($redirect);
    193     exit();
    194 
    195 case 'delete':
    196     if ( is_multisite() )
    197         wp_die( __('User deletion is not allowed from this screen.'), 400 );
    198 
    199     check_admin_referer('bulk-users');
    200 
    201     if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
    202         wp_redirect($redirect);
    203         exit();
    204     }
    205 
    206     if ( ! current_user_can( 'delete_users' ) )
    207         $errors = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to delete users.' ) );
    208 
    209     if ( empty($_REQUEST['users']) )
    210         $userids = array( intval( $_REQUEST['user'] ) );
    211     else
    212         $userids = array_map( 'intval', (array) $_REQUEST['users'] );
    213 
    214     $users_have_content = false;
    215     if ( $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE post_author IN( " . implode( ',', $userids ) . " ) LIMIT 1" ) ) {
    216         $users_have_content = true;
    217     } elseif ( $wpdb->get_var( "SELECT link_id FROM {$wpdb->links} WHERE link_owner IN( " . implode( ',', $userids ) . " ) LIMIT 1" ) ) {
    218         $users_have_content = true;
    219     }
    220 
    221     if ( $users_have_content ) {
    222         add_action( 'admin_head', 'delete_users_add_js' );
    223     }
    224 
    225     include( ABSPATH . 'wp-admin/admin-header.php' );
    226 ?>
    227 <form method="post" name="updateusers" id="updateusers">
    228 <?php wp_nonce_field('delete-users') ?>
     213
     214    case 'delete':
     215        if ( is_multisite() ) {
     216            wp_die( __( 'User deletion is not allowed from this screen.' ), 400 );
     217        }
     218
     219        check_admin_referer( 'bulk-users' );
     220
     221        if ( empty( $_REQUEST['users'] ) && empty( $_REQUEST['user'] ) ) {
     222            wp_redirect( $redirect );
     223            exit();
     224        }
     225
     226        if ( ! current_user_can( 'delete_users' ) ) {
     227            $errors = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to delete users.' ) );
     228        }
     229
     230        if ( empty( $_REQUEST['users'] ) ) {
     231            $userids = array( intval( $_REQUEST['user'] ) );
     232        } else {
     233            $userids = array_map( 'intval', (array) $_REQUEST['users'] );
     234        }
     235
     236        $users_have_content = false;
     237        if ( $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE post_author IN( " . implode( ',', $userids ) . ' ) LIMIT 1' ) ) {
     238            $users_have_content = true;
     239        } elseif ( $wpdb->get_var( "SELECT link_id FROM {$wpdb->links} WHERE link_owner IN( " . implode( ',', $userids ) . ' ) LIMIT 1' ) ) {
     240            $users_have_content = true;
     241        }
     242
     243        if ( $users_have_content ) {
     244            add_action( 'admin_head', 'delete_users_add_js' );
     245        }
     246
     247        include( ABSPATH . 'wp-admin/admin-header.php' );
     248    ?>
     249    <form method="post" name="updateusers" id="updateusers">
     250    <?php wp_nonce_field( 'delete-users' ); ?>
    229251<?php echo $referer; ?>
    230252
     
    246268<?php
    247269    $go_delete = 0;
    248     foreach ( $userids as $id ) {
    249         $user = get_userdata( $id );
    250         if ( $id == $current_user->ID ) {
    251             /* translators: 1: user id, 2: user login */
    252             echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>The current user will not be deleted.</strong>'), $id, $user->user_login) . "</li>\n";
    253         } else {
    254             /* translators: 1: user id, 2: user login */
    255             echo "<li><input type=\"hidden\" name=\"users[]\" value=\"" . esc_attr($id) . "\" />" . sprintf(__('ID #%1$s: %2$s'), $id, $user->user_login) . "</li>\n";
    256             $go_delete++;
    257         }
     270foreach ( $userids as $id ) {
     271    $user = get_userdata( $id );
     272    if ( $id == $current_user->ID ) {
     273        /* translators: 1: user id, 2: user login */
     274        echo '<li>' . sprintf( __( 'ID #%1$s: %2$s <strong>The current user will not be deleted.</strong>' ), $id, $user->user_login ) . "</li>\n";
     275    } else {
     276        /* translators: 1: user id, 2: user login */
     277        echo '<li><input type="hidden" name="users[]" value="' . esc_attr( $id ) . '" />' . sprintf( __( 'ID #%1$s: %2$s' ), $id, $user->user_login ) . "</li>\n";
     278        $go_delete++;
    258279    }
     280}
    259281    ?>
    260282    </ul>
    261 <?php if ( $go_delete ) :
    262 
    263     if ( ! $users_have_content ) : ?>
    264         <input type="hidden" name="delete_option" value="delete" />
    265     <?php else: ?>
     283    <?php
     284    if ( $go_delete ) :
     285
     286        if ( ! $users_have_content ) :
     287    ?>
     288            <input type="hidden" name="delete_option" value="delete" />
     289        <?php else : ?>
    266290        <?php if ( 1 == $go_delete ) : ?>
    267291            <fieldset><p><legend><?php _e( 'What should be done with content owned by this user?' ); ?></legend></p>
     
    271295        <ul style="list-style:none;">
    272296            <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" />
    273             <?php _e('Delete all content.'); ?></label></li>
     297            <?php _e( 'Delete all content.' ); ?></label></li>
    274298            <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" />
    275             <?php echo '<label for="delete_option1">' . __( 'Attribute all content to:' ) . '</label> ';
    276             wp_dropdown_users( array(
    277                 'name' => 'reassign_user',
    278                 'exclude' => array_diff( $userids, array( $current_user->ID ) ),
    279                 'show' => 'display_name_with_login',
    280             ) ); ?></li>
     299            <?php
     300            echo '<label for="delete_option1">' . __( 'Attribute all content to:' ) . '</label> ';
     301            wp_dropdown_users(
     302                array(
     303                    'name'    => 'reassign_user',
     304                    'exclude' => array_diff( $userids, array( $current_user->ID ) ),
     305                    'show'    => 'display_name_with_login',
     306                )
     307            );
     308            ?>
     309            </li>
    281310        </ul></fieldset>
    282     <?php endif;
     311    <?php
     312    endif;
    283313    /**
    284314     * Fires at the end of the delete users form prior to the confirm button.
     
    293323    ?>
    294324    <input type="hidden" name="action" value="dodelete" />
    295     <?php submit_button( __('Confirm Deletion'), 'primary' ); ?>
    296 <?php else : ?>
    297     <p><?php _e('There are no valid users selected for deletion.'); ?></p>
    298 <?php endif; ?>
    299 </div>
    300 </form>
    301 <?php
    302 
    303 break;
    304 
    305 case 'doremove':
    306     check_admin_referer('remove-users');
    307 
    308     if ( ! is_multisite() )
    309         wp_die( __( 'You can&#8217;t remove users.' ), 400 );
    310 
    311     if ( empty($_REQUEST['users']) ) {
    312         wp_redirect($redirect);
     325    <?php submit_button( __( 'Confirm Deletion' ), 'primary' ); ?>
     326    <?php else : ?>
     327    <p><?php _e( 'There are no valid users selected for deletion.' ); ?></p>
     328    <?php endif; ?>
     329    </div>
     330    </form>
     331    <?php
     332
     333        break;
     334
     335    case 'doremove':
     336        check_admin_referer( 'remove-users' );
     337
     338        if ( ! is_multisite() ) {
     339            wp_die( __( 'You can&#8217;t remove users.' ), 400 );
     340        }
     341
     342        if ( empty( $_REQUEST['users'] ) ) {
     343            wp_redirect( $redirect );
     344            exit;
     345        }
     346
     347        if ( ! current_user_can( 'remove_users' ) ) {
     348            wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
     349        }
     350
     351        $userids = $_REQUEST['users'];
     352
     353        $update = 'remove';
     354        foreach ( $userids as $id ) {
     355            $id = (int) $id;
     356            if ( ! current_user_can( 'remove_user', $id ) ) {
     357                $update = 'err_admin_remove';
     358                continue;
     359            }
     360            remove_user_from_blog( $id, $blog_id );
     361        }
     362
     363        $redirect = add_query_arg( array( 'update' => $update ), $redirect );
     364        wp_redirect( $redirect );
    313365        exit;
    314     }
    315 
    316     if ( ! current_user_can( 'remove_users' ) )
    317         wp_die( __( 'Sorry, you are not allowed to remove users.' ), 403 );
    318 
    319     $userids = $_REQUEST['users'];
    320 
    321     $update = 'remove';
    322     foreach ( $userids as $id ) {
    323         $id = (int) $id;
    324         if ( !current_user_can('remove_user', $id) ) {
    325             $update = 'err_admin_remove';
    326             continue;
    327         }
    328         remove_user_from_blog($id, $blog_id);
    329     }
    330 
    331     $redirect = add_query_arg( array('update' => $update), $redirect);
    332     wp_redirect($redirect);
    333     exit;
    334 
    335 case 'remove':
    336 
    337     check_admin_referer('bulk-users');
    338 
    339     if ( ! is_multisite() )
    340         wp_die( __( 'You can&#8217;t remove users.' ), 400 );
    341 
    342     if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
    343         wp_redirect($redirect);
    344         exit();
    345     }
    346 
    347     if ( !current_user_can('remove_users') )
    348         $error = new WP_Error('edit_users', __('Sorry, you are not allowed to remove users.'));
    349 
    350     if ( empty($_REQUEST['users']) )
    351         $userids = array(intval($_REQUEST['user']));
    352     else
    353         $userids = $_REQUEST['users'];
    354 
    355     include( ABSPATH . 'wp-admin/admin-header.php' );
    356 ?>
    357 <form method="post" name="updateusers" id="updateusers">
    358 <?php wp_nonce_field('remove-users') ?>
     366
     367    case 'remove':
     368        check_admin_referer( 'bulk-users' );
     369
     370        if ( ! is_multisite() ) {
     371            wp_die( __( 'You can&#8217;t remove users.' ), 400 );
     372        }
     373
     374        if ( empty( $_REQUEST['users'] ) && empty( $_REQUEST['user'] ) ) {
     375            wp_redirect( $redirect );
     376            exit();
     377        }
     378
     379        if ( ! current_user_can( 'remove_users' ) ) {
     380            $error = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to remove users.' ) );
     381        }
     382
     383        if ( empty( $_REQUEST['users'] ) ) {
     384            $userids = array( intval( $_REQUEST['user'] ) );
     385        } else {
     386            $userids = $_REQUEST['users'];
     387        }
     388
     389        include( ABSPATH . 'wp-admin/admin-header.php' );
     390    ?>
     391    <form method="post" name="updateusers" id="updateusers">
     392    <?php wp_nonce_field( 'remove-users' ); ?>
    359393<?php echo $referer; ?>
    360394
     
    371405<?php
    372406    $go_remove = false;
    373     foreach ( $userids as $id ) {
    374         $id = (int) $id;
    375         $user = get_userdata( $id );
    376         if ( ! current_user_can( 'remove_user', $id ) ) {
    377             /* translators: 1: user id, 2: user login */
    378             echo "<li>" . sprintf(__('ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>'), $id, $user->user_login) . "</li>\n";
    379         } else {
    380             /* translators: 1: user id, 2: user login */
    381             echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf(__('ID #%1$s: %2$s'), $id, $user->user_login) . "</li>\n";
    382             $go_remove = true;
    383         }
    384     }
    385     ?>
    386 </ul>
    387 <?php if ( $go_remove ) : ?>
     407foreach ( $userids as $id ) {
     408    $id  = (int) $id;
     409    $user = get_userdata( $id );
     410    if ( ! current_user_can( 'remove_user', $id ) ) {
     411        /* translators: 1: user id, 2: user login */
     412        echo '<li>' . sprintf( __( 'ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>' ), $id, $user->user_login ) . "</li>\n";
     413    } else {
     414        /* translators: 1: user id, 2: user login */
     415        echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf( __( 'ID #%1$s: %2$s' ), $id, $user->user_login ) . "</li>\n";
     416        $go_remove = true;
     417    }
     418}
     419    ?>
     420    </ul>
     421    <?php if ( $go_remove ) : ?>
    388422        <input type="hidden" name="action" value="doremove" />
    389         <?php submit_button( __('Confirm Removal'), 'primary' ); ?>
    390 <?php else : ?>
    391     <p><?php _e('There are no valid users selected for removal.'); ?></p>
    392 <?php endif; ?>
    393 </div>
    394 </form>
    395 <?php
    396 
    397 break;
    398 
    399 default:
    400 
    401     if ( !empty($_GET['_wp_http_referer']) ) {
    402         wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce'), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
    403         exit;
     423        <?php submit_button( __( 'Confirm Removal' ), 'primary' ); ?>
     424    <?php else : ?>
     425    <p><?php _e( 'There are no valid users selected for removal.' ); ?></p>
     426    <?php endif; ?>
     427    </div>
     428    </form>
     429    <?php
     430
     431        break;
     432
     433    default:
     434        if ( ! empty( $_GET['_wp_http_referer'] ) ) {
     435            wp_redirect( remove_query_arg( array( '_wp_http_referer', '_wpnonce' ), wp_unslash( $_SERVER['REQUEST_URI'] ) ) );
     436            exit;
     437        }
     438
     439        if ( $wp_list_table->current_action() && ! empty( $_REQUEST['users'] ) ) {
     440            $userids  = $_REQUEST['users'];
     441            $sendback = wp_get_referer();
     442
     443            /** This action is documented in wp-admin/edit-comments.php */
     444            $sendback = apply_filters( 'handle_bulk_actions-' . get_current_screen()->id, $sendback, $wp_list_table->current_action(), $userids );
     445
     446            wp_safe_redirect( $sendback );
     447            exit;
     448        }
     449
     450        $wp_list_table->prepare_items();
     451        $total_pages = $wp_list_table->get_pagination_arg( 'total_pages' );
     452        if ( $pagenum > $total_pages && $total_pages > 0 ) {
     453            wp_redirect( add_query_arg( 'paged', $total_pages ) );
     454            exit;
     455        }
     456
     457        include( ABSPATH . 'wp-admin/admin-header.php' );
     458
     459        $messages = array();
     460        if ( isset( $_GET['update'] ) ) :
     461            switch ( $_GET['update'] ) {
     462                case 'del':
     463                case 'del_many':
     464                    $delete_count = isset( $_GET['delete_count'] ) ? (int) $_GET['delete_count'] : 0;
     465                    if ( 1 == $delete_count ) {
     466                        $message = __( 'User deleted.' );
     467                    } else {
     468                        $message = _n( '%s user deleted.', '%s users deleted.', $delete_count );
     469                    }
     470                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . sprintf( $message, number_format_i18n( $delete_count ) ) . '</p></div>';
     471                    break;
     472                case 'add':
     473                    if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) {
     474                        /* translators: %s: edit page url */
     475                        $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . sprintf(
     476                            __( 'New user created. <a href="%s">Edit user</a>' ),
     477                            esc_url(
     478                                add_query_arg(
     479                                    'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
     480                                    self_admin_url( 'user-edit.php?user_id=' . $user_id )
     481                                )
     482                            )
     483                        ) . '</p></div>';
     484                    } else {
     485                        $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'New user created.' ) . '</p></div>';
     486                    }
     487                    break;
     488                case 'promote':
     489                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Changed roles.' ) . '</p></div>';
     490                    break;
     491                case 'err_admin_role':
     492                    $messages[] = '<div id="message" class="error notice is-dismissible"><p>' . __( 'The current user&#8217;s role must have user editing capabilities.' ) . '</p></div>';
     493                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Other user roles have been changed.' ) . '</p></div>';
     494                    break;
     495                case 'err_admin_del':
     496                    $messages[] = '<div id="message" class="error notice is-dismissible"><p>' . __( 'You can&#8217;t delete the current user.' ) . '</p></div>';
     497                    $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'Other users have been deleted.' ) . '</p></div>';
     498                    break;
     499                case 'remove':
     500                    $messages[] = '<div id="message" class="updated notice is-dismissible fade"><p>' . __( 'User removed from this site.' ) . '</p></div>';
     501                    break;
     502                case 'err_admin_remove':
     503                    $messages[] = '<div id="message" class="error notice is-dismissible"><p>' . __( "You can't remove the current user." ) . '</p></div>';
     504                    $messages[] = '<div id="message" class="updated notice is-dismissible fade"><p>' . __( 'Other users have been removed.' ) . '</p></div>';
     505                    break;
     506            }
     507        endif;
     508    ?>
     509
     510    <?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
     511        <div class="error">
     512            <ul>
     513            <?php
     514            foreach ( $errors->get_error_messages() as $err ) {
     515                echo "<li>$err</li>\n";
     516            }
     517            ?>
     518            </ul>
     519        </div>
     520    <?php
     521    endif;
     522
     523if ( ! empty( $messages ) ) {
     524    foreach ( $messages as $msg ) {
     525        echo $msg;
    404526    }
    405 
    406     if ( $wp_list_table->current_action() && ! empty( $_REQUEST['users'] ) ) {
    407         $userids = $_REQUEST['users'];
    408         $sendback = wp_get_referer();
    409 
    410         /** This action is documented in wp-admin/edit-comments.php */
    411         $sendback = apply_filters( 'handle_bulk_actions-' . get_current_screen()->id, $sendback, $wp_list_table->current_action(), $userids );
    412 
    413         wp_safe_redirect( $sendback );
    414         exit;
    415     }
    416 
    417     $wp_list_table->prepare_items();
    418     $total_pages = $wp_list_table->get_pagination_arg( 'total_pages' );
    419     if ( $pagenum > $total_pages && $total_pages > 0 ) {
    420         wp_redirect( add_query_arg( 'paged', $total_pages ) );
    421         exit;
    422     }
    423 
    424     include( ABSPATH . 'wp-admin/admin-header.php' );
    425 
    426     $messages = array();
    427     if ( isset($_GET['update']) ) :
    428         switch($_GET['update']) {
    429         case 'del':
    430         case 'del_many':
    431             $delete_count = isset($_GET['delete_count']) ? (int) $_GET['delete_count'] : 0;
    432             if ( 1 == $delete_count ) {
    433                 $message = __( 'User deleted.' );
    434             } else {
    435                 $message = _n( '%s user deleted.', '%s users deleted.', $delete_count );
    436             }
    437             $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . sprintf( $message, number_format_i18n( $delete_count ) ) . '</p></div>';
    438             break;
    439         case 'add':
    440             if ( isset( $_GET['id'] ) && ( $user_id = $_GET['id'] ) && current_user_can( 'edit_user', $user_id ) ) {
    441                 /* translators: %s: edit page url */
    442                 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . sprintf( __( 'New user created. <a href="%s">Edit user</a>' ),
    443                     esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ),
    444                         self_admin_url( 'user-edit.php?user_id=' . $user_id ) ) ) ) . '</p></div>';
    445             } else {
    446                 $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __( 'New user created.' ) . '</p></div>';
    447             }
    448             break;
    449         case 'promote':
    450             $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __('Changed roles.') . '</p></div>';
    451             break;
    452         case 'err_admin_role':
    453             $messages[] = '<div id="message" class="error notice is-dismissible"><p>' . __('The current user&#8217;s role must have user editing capabilities.') . '</p></div>';
    454             $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __('Other user roles have been changed.') . '</p></div>';
    455             break;
    456         case 'err_admin_del':
    457             $messages[] = '<div id="message" class="error notice is-dismissible"><p>' . __('You can&#8217;t delete the current user.') . '</p></div>';
    458             $messages[] = '<div id="message" class="updated notice is-dismissible"><p>' . __('Other users have been deleted.') . '</p></div>';
    459             break;
    460         case 'remove':
    461             $messages[] = '<div id="message" class="updated notice is-dismissible fade"><p>' . __('User removed from this site.') . '</p></div>';
    462             break;
    463         case 'err_admin_remove':
    464             $messages[] = '<div id="message" class="error notice is-dismissible"><p>' . __("You can't remove the current user.") . '</p></div>';
    465             $messages[] = '<div id="message" class="updated notice is-dismissible fade"><p>' . __('Other users have been removed.') . '</p></div>';
    466             break;
    467         }
    468     endif; ?>
    469 
    470 <?php if ( isset($errors) && is_wp_error( $errors ) ) : ?>
    471     <div class="error">
    472         <ul>
    473         <?php
    474             foreach ( $errors->get_error_messages() as $err )
    475                 echo "<li>$err</li>\n";
    476         ?>
    477         </ul>
    478     </div>
    479 <?php endif;
    480 
    481 if ( ! empty($messages) ) {
    482     foreach ( $messages as $msg )
    483         echo $msg;
    484 } ?>
    485 
    486 <div class="wrap">
    487 <h1 class="wp-heading-inline"><?php
     527}
     528?>
     529
     530    <div class="wrap">
     531    <h1 class="wp-heading-inline">
     532<?php
    488533echo esc_html( $title );
    489 ?></h1>
    490 
    491 <?php
    492 if ( current_user_can( 'create_users' ) ) { ?>
     534?>
     535</h1>
     536
     537<?php
     538if ( current_user_can( 'create_users' ) ) {
     539?>
    493540    <a href="<?php echo admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a>
    494541<?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?>
    495542    <a href="<?php echo admin_url( 'user-new.php' ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add Existing', 'user' ); ?></a>
    496 <?php }
     543<?php
     544}
    497545
    498546if ( strlen( $usersearch ) ) {
     
    520568</div>
    521569<?php
    522 break;
     570        break;
    523571
    524572} // end of the $doaction switch
Note: See TracChangeset for help on using the changeset viewer.