Index: site-users.php =================================================================== --- site-users.php (revision 17113) +++ site-users.php (working copy) @@ -59,6 +59,7 @@ if ( $action ) { switch_to_blog( $id ); + $redirect = wp_get_referer(); switch ( $action ) { case 'newuser': @@ -98,25 +99,95 @@ } break; - case 'remove': + case 'doremove': + check_admin_referer('remove-users'); + if ( !current_user_can('remove_users') ) - die(__('You can’t remove users.')); - + die( __('You can’t remove users.') ); + $update = 'remove'; if ( isset( $_REQUEST['users'] ) ) { $userids = $_REQUEST['users']; foreach ( $userids as $user_id ) { $user_id = (int) $user_id; - remove_user_from_blog( $user_id, $id ); + switch ( $_REQUEST['delete_option'] ) { + case 'delete': + remove_user_from_blog( $user_id, $id ); + break; + case 'reassign': + remove_user_from_blog( $user_id, $id, $_REQUEST['user'] ); + break; + } } } elseif ( isset( $_GET['user'] ) ) { - remove_user_from_blog( $_GET['user'] ); + switch ( $_REQUEST['delete_option'] ) { + case 'delete': + remove_user_from_blog( $_GET['user'], $id ); + break; + case 'reassign': + remove_user_from_blog( $_GET['user'], $id, $_REQUEST['user'] ); + break; + } } else { $update = 'err_remove'; } + $redirect = remove_query_arg( 'action', $redirect ); break; + case 'remove': + if ( !current_user_can('remove_users') ) + die( __('You can’t remove users.') ); + + if ( empty($_REQUEST['users']) ) + $userids = array( intval($_REQUEST['user']) ); + else + $userids = $_REQUEST['users']; + + require('../admin-header.php'); ?> +