Changeset 55878
- Timestamp:
- 06/04/2023 02:33:32 AM (16 months ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/users.php
r55623 r55878 136 136 } 137 137 138 $userids = $_REQUEST['users']; 139 $update = 'promote'; 140 foreach ( $userids as $id ) { 141 $id = (int) $id; 142 138 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 139 $update = 'promote'; 140 141 foreach ( $user_ids as $id ) { 143 142 if ( ! current_user_can( 'promote_user', $id ) ) { 144 143 wp_die( __( 'Sorry, you are not allowed to edit this user.' ), 403 ); … … 146 145 147 146 // The new role of the current user must also have the promote_users cap or be a multisite super admin. 148 if ( $id === $current_user->ID && ! $wp_roles->role_objects[ $role ]->has_cap( 'promote_users' ) 149 && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) ) { 147 if ( $id === $current_user->ID 148 && ! $wp_roles->role_objects[ $role ]->has_cap( 'promote_users' ) 149 && ! ( is_multisite() && current_user_can( 'manage_network_users' ) ) 150 ) { 150 151 $update = 'err_admin_role'; 151 152 continue; … … 180 181 } 181 182 182 $user ids = array_map( 'intval', (array) $_REQUEST['users'] );183 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 183 184 184 185 if ( empty( $_REQUEST['delete_option'] ) ) { 185 $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $user ids ) . '&error=true' );186 $url = self_admin_url( 'users.php?action=delete&users[]=' . implode( '&users[]=', $user_ids ) . '&error=true' ); 186 187 $url = str_replace( '&', '&', wp_nonce_url( $url, 'bulk-users' ) ); 187 188 wp_redirect( $url ); … … 196 197 $delete_count = 0; 197 198 198 foreach ( $user ids as $id ) {199 foreach ( $user_ids as $id ) { 199 200 if ( ! current_user_can( 'delete_user', $id ) ) { 200 201 wp_die( __( 'Sorry, you are not allowed to delete that user.' ), 403 ); 201 202 } 202 203 203 if ( $id == $current_user->ID ) {204 if ( $id === $current_user->ID ) { 204 205 $update = 'err_admin_del'; 205 206 continue; 206 207 } 208 207 209 switch ( $_REQUEST['delete_option'] ) { 208 210 case 'delete': … … 213 215 break; 214 216 } 217 215 218 ++$delete_count; 216 219 } … … 228 231 case 'resetpassword': 229 232 check_admin_referer( 'bulk-users' ); 233 230 234 if ( ! current_user_can( 'edit_users' ) ) { 231 235 $errors = new WP_Error( 'edit_users', __( 'Sorry, you are not allowed to edit users.' ) ); 232 236 } 237 233 238 if ( empty( $_REQUEST['users'] ) ) { 234 239 wp_redirect( $redirect ); 235 240 exit(); 236 241 } 237 $userids = array_map( 'intval', (array) $_REQUEST['users'] ); 242 243 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 238 244 239 245 $reset_count = 0; 240 246 241 foreach ( $user ids as $id ) {247 foreach ( $user_ids as $id ) { 242 248 if ( ! current_user_can( 'edit_user', $id ) ) { 243 249 wp_die( __( 'Sorry, you are not allowed to edit this user.' ) ); … … 283 289 284 290 if ( empty( $_REQUEST['users'] ) ) { 285 $user ids = array( (int) $_REQUEST['user'] );291 $user_ids = array( (int) $_REQUEST['user'] ); 286 292 } else { 287 $user ids = array_map( 'intval', (array) $_REQUEST['users'] );288 } 289 290 $all_user ids = $userids;291 292 if ( in_array( $current_user->ID, $user ids, true ) ) {293 $user ids = array_diff( $userids, array( $current_user->ID ) );293 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 294 } 295 296 $all_user_ids = $user_ids; 297 298 if ( in_array( $current_user->ID, $user_ids, true ) ) { 299 $user_ids = array_diff( $user_ids, array( $current_user->ID ) ); 294 300 } 295 301 … … 301 307 * 302 308 * @param bool $users_have_additional_content Whether the users have additional content. Default false. 303 * @param int[] $user idsArray of IDs for users being deleted.309 * @param int[] $user_ids Array of IDs for users being deleted. 304 310 */ 305 $users_have_content = (bool) apply_filters( 'users_have_additional_content', false, $userids ); 306 307 if ( $userids && ! $users_have_content ) { 308 if ( $wpdb->get_var( "SELECT ID FROM {$wpdb->posts} WHERE post_author IN( " . implode( ',', $userids ) . ' ) LIMIT 1' ) ) { 311 $users_have_content = (bool) apply_filters( 'users_have_additional_content', false, $user_ids ); 312 313 if ( $user_ids && ! $users_have_content ) { 314 if ( $wpdb->get_var( 315 "SELECT ID FROM {$wpdb->posts} 316 WHERE post_author IN( " . implode( ',', $user_ids ) . ' ) 317 LIMIT 1' 318 ) ) { 309 319 $users_have_content = true; 310 } elseif ( $wpdb->get_var( "SELECT link_id FROM {$wpdb->links} WHERE link_owner IN( " . implode( ',', $userids ) . ' ) LIMIT 1' ) ) { 320 } elseif ( $wpdb->get_var( 321 "SELECT link_id FROM {$wpdb->links} 322 WHERE link_owner IN( " . implode( ',', $user_ids ) . ' ) 323 LIMIT 1' 324 ) ) { 311 325 $users_have_content = true; 312 326 } … … 319 333 require_once ABSPATH . 'wp-admin/admin-header.php'; 320 334 ?> 321 <form method="post" name="updateusers" id="updateusers">335 <form method="post" name="updateusers" id="updateusers"> 322 336 <?php wp_nonce_field( 'delete-users' ); ?> 323 337 <?php echo $referer; ?> 324 338 325 <div class="wrap"> 326 <h1><?php _e( 'Delete Users' ); ?></h1> 339 <div class="wrap"> 340 <h1><?php _e( 'Delete Users' ); ?></h1> 341 327 342 <?php if ( isset( $_REQUEST['error'] ) ) : ?> 328 <div class="error">329 <p><strong><?php _e( 'Error:' ); ?></strong> <?php _e( 'Please select an option.' ); ?></p>330 </div>343 <div class="error"> 344 <p><strong><?php _e( 'Error:' ); ?></strong> <?php _e( 'Please select an option.' ); ?></p> 345 </div> 331 346 <?php endif; ?> 332 347 333 <?php if ( 1 === count( $all_user ids ) ) : ?>334 <p><?php _e( 'You have specified this user for deletion:' ); ?></p>348 <?php if ( 1 === count( $all_user_ids ) ) : ?> 349 <p><?php _e( 'You have specified this user for deletion:' ); ?></p> 335 350 <?php else : ?> 336 <p><?php _e( 'You have specified these users for deletion:' ); ?></p>351 <p><?php _e( 'You have specified these users for deletion:' ); ?></p> 337 352 <?php endif; ?> 338 353 339 <ul>354 <ul> 340 355 <?php 341 356 $go_delete = 0; 342 foreach ( $all_userids as $id ) { 357 358 foreach ( $all_user_ids as $id ) { 343 359 $user = get_userdata( $id ); 344 if ( $id == $current_user->ID ) { 345 /* translators: 1: User ID, 2: User login. */ 346 echo '<li>' . sprintf( __( 'ID #%1$s: %2$s <strong>The current user will not be deleted.</strong>' ), $id, $user->user_login ) . "</li>\n"; 360 361 if ( $id === $current_user->ID ) { 362 echo '<li>'; 363 printf( 364 /* translators: 1: User ID, 2: User login. */ 365 __( 'ID #%1$s: %2$s <strong>The current user will not be deleted.</strong>' ), 366 $id, 367 $user->user_login 368 ); 369 echo "</li>\n"; 347 370 } else { 348 /* translators: 1: User ID, 2: User login. */ 349 echo '<li><input type="hidden" name="users[]" value="' . esc_attr( $id ) . '" />' . sprintf( __( 'ID #%1$s: %2$s' ), $id, $user->user_login ) . "</li>\n"; 371 echo '<li>'; 372 printf( 373 '<input type="hidden" name="users[]" value="%s" />', 374 esc_attr( $id ) 375 ); 376 printf( 377 /* translators: 1: User ID, 2: User login. */ 378 __( 'ID #%1$s: %2$s' ), 379 $id, 380 $user->user_login 381 ); 382 echo "</li>\n"; 383 350 384 $go_delete++; 351 385 } 352 386 } 353 387 ?> 354 </ul> 388 </ul> 389 355 390 <?php 356 391 if ( $go_delete ) : … … 358 393 if ( ! $users_have_content ) : 359 394 ?> 360 <input type="hidden" name="delete_option" value="delete" />395 <input type="hidden" name="delete_option" value="delete" /> 361 396 <?php else : ?> 397 <fieldset> 362 398 <?php if ( 1 === $go_delete ) : ?> 363 <fieldset><p><legend><?php _e( 'What should be done with content owned by this user?' ); ?></legend></p> 364 <?php else : ?> 365 <fieldset><p><legend><?php _e( 'What should be done with content owned by these users?' ); ?></legend></p> 366 <?php endif; ?> 367 <ul style="list-style:none;"> 368 <li><label><input type="radio" id="delete_option0" name="delete_option" value="delete" /> 369 <?php _e( 'Delete all content.' ); ?></label></li> 370 <li><input type="radio" id="delete_option1" name="delete_option" value="reassign" /> 399 <p><legend><?php _e( 'What should be done with content owned by this user?' ); ?></legend></p> 400 <?php else : ?> 401 <p><legend><?php _e( 'What should be done with content owned by these users?' ); ?></legend></p> 402 <?php endif; ?> 403 404 <ul style="list-style:none;"> 405 <li> 406 <input type="radio" id="delete_option0" name="delete_option" value="delete" /> 407 <label for="delete_option0"><?php _e( 'Delete all content.' ); ?></label> 408 </li> 409 <li> 410 <input type="radio" id="delete_option1" name="delete_option" value="reassign" /> 411 <label for="delete_option1"><?php _e( 'Attribute all content to:' ); ?></label> 412 <?php 413 wp_dropdown_users( 414 array( 415 'name' => 'reassign_user', 416 'exclude' => $user_ids, 417 'show' => 'display_name_with_login', 418 ) 419 ); 420 ?> 421 </li> 422 </ul> 423 </fieldset> 371 424 <?php 372 echo '<label for="delete_option1">' . __( 'Attribute all content to:' ) . '</label> '; 373 wp_dropdown_users( 374 array( 375 'name' => 'reassign_user', 376 'exclude' => $userids, 377 'show' => 'display_name_with_login', 378 ) 379 ); 380 ?> 381 </li> 382 </ul></fieldset> 383 <?php 384 endif; 425 endif; 426 385 427 /** 386 428 * Fires at the end of the delete users form prior to the confirm button. 387 429 * 388 430 * @since 4.0.0 389 * @since 4.5.0 The `$user ids` parameter was added.431 * @since 4.5.0 The `$user_ids` parameter was added. 390 432 * 391 433 * @param WP_User $current_user WP_User object for the current user. 392 * @param int[] $user idsArray of IDs for users being deleted.434 * @param int[] $user_ids Array of IDs for users being deleted. 393 435 */ 394 do_action( 'delete_user_form', $current_user, $user ids );436 do_action( 'delete_user_form', $current_user, $user_ids ); 395 437 ?> 396 <input type="hidden" name="action" value="dodelete" />438 <input type="hidden" name="action" value="dodelete" /> 397 439 <?php submit_button( __( 'Confirm Deletion' ), 'primary' ); ?> 398 <?php else : ?> 399 <p><?php _e( 'There are no valid users selected for deletion.' ); ?></p> 400 <?php endif; ?> 401 </div> 402 </form> 440 441 <?php else : ?> 442 443 <p><?php _e( 'There are no valid users selected for deletion.' ); ?></p> 444 445 <?php endif; ?> 446 </div><!-- .wrap --> 447 </form><!-- #updateusers --> 403 448 <?php 404 449 … … 421 466 } 422 467 423 $userids = $_REQUEST['users']; 424 425 $update = 'remove'; 426 foreach ( $userids as $id ) { 427 $id = (int) $id; 468 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 469 $update = 'remove'; 470 471 foreach ( $user_ids as $id ) { 428 472 if ( ! current_user_can( 'remove_user', $id ) ) { 429 473 $update = 'err_admin_remove'; 430 474 continue; 431 475 } 476 432 477 remove_user_from_blog( $id, $blog_id ); 433 478 } … … 454 499 455 500 if ( empty( $_REQUEST['users'] ) ) { 456 $user ids = array( (int) $_REQUEST['user'] );501 $user_ids = array( (int) $_REQUEST['user'] ); 457 502 } else { 458 $user ids = $_REQUEST['users'];503 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 459 504 } 460 505 461 506 require_once ABSPATH . 'wp-admin/admin-header.php'; 462 507 ?> 463 <form method="post" name="updateusers" id="updateusers">508 <form method="post" name="updateusers" id="updateusers"> 464 509 <?php wp_nonce_field( 'remove-users' ); ?> 465 510 <?php echo $referer; ?> 466 511 467 <div class="wrap">468 <h1><?php _e( 'Remove Users from Site' ); ?></h1>469 470 <?php if ( 1 === count( $user ids ) ) : ?>471 <p><?php _e( 'You have specified this user for removal:' ); ?></p>512 <div class="wrap"> 513 <h1><?php _e( 'Remove Users from Site' ); ?></h1> 514 515 <?php if ( 1 === count( $user_ids ) ) : ?> 516 <p><?php _e( 'You have specified this user for removal:' ); ?></p> 472 517 <?php else : ?> 473 <p><?php _e( 'You have specified these users for removal:' ); ?></p>518 <p><?php _e( 'You have specified these users for removal:' ); ?></p> 474 519 <?php endif; ?> 475 520 476 <ul>521 <ul> 477 522 <?php 478 523 $go_remove = false; 479 foreach ( $userids as $id ) { 480 $id = (int) $id;524 525 foreach ( $user_ids as $id ) { 481 526 $user = get_userdata( $id ); 527 482 528 if ( ! current_user_can( 'remove_user', $id ) ) { 483 /* translators: 1: User ID, 2: User login. */ 484 echo '<li>' . sprintf( __( 'ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>' ), $id, $user->user_login ) . "</li>\n"; 529 echo '<li>'; 530 printf( 531 /* translators: 1: User ID, 2: User login. */ 532 __( 'ID #%1$s: %2$s <strong>Sorry, you are not allowed to remove this user.</strong>' ), 533 $id, 534 $user->user_login 535 ); 536 echo "</li>\n"; 485 537 } else { 486 /* translators: 1: User ID, 2: User login. */ 487 echo "<li><input type=\"hidden\" name=\"users[]\" value=\"{$id}\" />" . sprintf( __( 'ID #%1$s: %2$s' ), $id, $user->user_login ) . "</li>\n"; 538 echo '<li>'; 539 printf( 540 '<input type="hidden" name="users[]" value="%s" />', 541 esc_attr( $id ) 542 ); 543 printf( 544 /* translators: 1: User ID, 2: User login. */ 545 __( 'ID #%1$s: %2$s' ), 546 $id, 547 $user->user_login 548 ); 549 echo "</li>\n"; 550 488 551 $go_remove = true; 489 552 } 490 553 } 491 554 ?> 492 </ul> 555 </ul> 556 493 557 <?php if ( $go_remove ) : ?> 494 <input type="hidden" name="action" value="doremove" /> 558 559 <input type="hidden" name="action" value="doremove" /> 495 560 <?php submit_button( __( 'Confirm Removal' ), 'primary' ); ?> 496 <?php else : ?> 497 <p><?php _e( 'There are no valid users selected for removal.' ); ?></p> 498 <?php endif; ?> 499 </div> 500 </form> 561 562 <?php else : ?> 563 564 <p><?php _e( 'There are no valid users selected for removal.' ); ?></p> 565 566 <?php endif; ?> 567 </div><!-- .wrap --> 568 </form><!-- #updateusers --> 501 569 <?php 502 570 … … 512 580 $screen = get_current_screen()->id; 513 581 $sendback = wp_get_referer(); 514 $user ids = $_REQUEST['users'];582 $user_ids = array_map( 'intval', (array) $_REQUEST['users'] ); 515 583 516 584 /** This action is documented in wp-admin/edit.php */ 517 $sendback = apply_filters( "handle_bulk_actions-{$screen}", $sendback, $wp_list_table->current_action(), $user ids ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores585 $sendback = apply_filters( "handle_bulk_actions-{$screen}", $sendback, $wp_list_table->current_action(), $user_ids ); // phpcs:ignore WordPress.NamingConventions.ValidHookName.UseUnderscores 518 586 519 587 wp_safe_redirect( $sendback ); … … 523 591 $wp_list_table->prepare_items(); 524 592 $total_pages = $wp_list_table->get_pagination_arg( 'total_pages' ); 593 525 594 if ( $pagenum > $total_pages && $total_pages > 0 ) { 526 595 wp_redirect( add_query_arg( 'paged', $total_pages ) ); … … 536 605 case 'del_many': 537 606 $delete_count = isset( $_GET['delete_count'] ) ? (int) $_GET['delete_count'] : 0; 538 if ( 1 == $delete_count ) {607 if ( 1 === $delete_count ) { 539 608 $message = __( 'User deleted.' ); 540 609 } else { … … 550 619 if ( $user_id && current_user_can( 'edit_user', $user_id ) ) { 551 620 $message .= sprintf( 552 ' <a href="% s">%s</a>',621 ' <a href="%1$s">%2$s</a>', 553 622 esc_url( 554 623 add_query_arg( … … 597 666 598 667 <?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?> 599 <div class="error"> 600 <ul> 668 <div class="error"> 669 <ul> 670 <?php 671 foreach ( $errors->get_error_messages() as $err ) { 672 echo "<li>$err</li>\n"; 673 } 674 ?> 675 </ul> 676 </div> 601 677 <?php 602 foreach ( $errors->get_error_messages() as $err ) { 603 echo "<li>$err</li>\n"; 604 } 605 ?> 606 </ul> 607 </div> 608 <?php 609 endif; 678 endif; 610 679 611 680 if ( ! empty( $messages ) ) { … … 616 685 ?> 617 686 618 <div class="wrap"> 619 <h1 class="wp-heading-inline"> 620 <?php 621 echo esc_html( $title ); 622 ?> 623 </h1> 687 <div class="wrap"> 688 <h1 class="wp-heading-inline"> 689 <?php echo esc_html( $title ); ?> 690 </h1> 624 691 625 692 <?php 626 693 if ( current_user_can( 'create_users' ) ) { 627 ?> 628 <a href="<?php echo esc_url( admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add New', 'user' ); ?></a> 629 <?php } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { ?> 630 <a href="<?php echo esc_url( admin_url( 'user-new.php' ) ); ?>" class="page-title-action"><?php echo esc_html_x( 'Add Existing', 'user' ); ?></a> 631 <?php 632 } 633 634 if ( strlen( $usersearch ) ) { 635 echo '<span class="subtitle">'; 636 printf( 637 /* translators: %s: Search query. */ 638 __( 'Search results for: %s' ), 639 '<strong>' . esc_html( $usersearch ) . '</strong>' 640 ); 641 echo '</span>'; 642 } 643 ?> 644 645 <hr class="wp-header-end"> 694 printf( 695 '<a href="%1$s" class="page-title-action">%2$s</a>', 696 esc_url( admin_url( 'user-new.php' ) ), 697 esc_html_x( 'Add New', 'user' ) 698 ); 699 } elseif ( is_multisite() && current_user_can( 'promote_users' ) ) { 700 printf( 701 '<a href="%1$s" class="page-title-action">%2$s</a>', 702 esc_url( admin_url( 'user-new.php' ) ), 703 esc_html_x( 'Add Existing', 'user' ) 704 ); 705 } 706 707 if ( strlen( $usersearch ) ) { 708 echo '<span class="subtitle">'; 709 printf( 710 /* translators: %s: Search query. */ 711 __( 'Search results for: %s' ), 712 '<strong>' . esc_html( $usersearch ) . '</strong>' 713 ); 714 echo '</span>'; 715 } 716 ?> 717 718 <hr class="wp-header-end"> 646 719 647 720 <?php $wp_list_table->views(); ?> 648 721 649 <form method="get">722 <form method="get"> 650 723 651 724 <?php $wp_list_table->search_box( __( 'Search Users' ), 'user' ); ?> 652 725 653 726 <?php if ( ! empty( $_REQUEST['role'] ) ) { ?> 654 <input type="hidden" name="role" value="<?php echo esc_attr( $_REQUEST['role'] ); ?>" />655 <?php } ?>727 <input type="hidden" name="role" value="<?php echo esc_attr( $_REQUEST['role'] ); ?>" /> 728 <?php } ?> 656 729 657 730 <?php $wp_list_table->display(); ?> 658 </form> 659 660 <div class="clear"></div> 661 </div> 731 732 </form> 733 734 <div class="clear"></div> 735 </div><!-- .wrap --> 662 736 <?php 663 737 break;
Note: See TracChangeset
for help on using the changeset viewer.