Index: wp-admin/network/users.php =================================================================== --- wp-admin/network/users.php (revision 24809) +++ wp-admin/network/users.php (working copy) @@ -88,12 +88,14 @@ if ( isset( $_GET['action'] ) ) { do_action( 'wpmuadminedit' , '' ); + + $mark_sites_for_spam_user = apply_filters( 'mark_sites_for_spam_user' , false , $val ); switch ( $_GET['action'] ) { + case 'deleteuser': if ( ! current_user_can( 'manage_network_users' ) ) wp_die( __( 'You do not have permission to access this page.' ) ); - check_admin_referer( 'deleteuser' ); $id = intval( $_GET['id'] ); @@ -111,7 +113,52 @@ } exit(); break; + + case 'spamuser': + + if ( ! current_user_can( 'edit_users' ) ) + wp_die( __( 'You do not have permission to access this page.' ) ); + check_admin_referer( 'spamuser' ); + + $id = intval( $_GET['id'] ); + $user = get_userdata( $id ); + if ( false === $user || is_super_admin( $user->ID ) ) + continue; + + $blogs = get_blogs_of_user( $id, true ); + if ( $mark_sites_for_spam_user ) { + + foreach ( (array) $blogs as $key => $details ) { + // do not mark main site + if ( $details->userblog_id == $current_site->blog_id ) + continue; + // only if admin email is same as user + if ( $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) ) + continue; + update_blog_status( $details->userblog_id, 'spam', '1' ); + } + } + update_user_status( $id, 'spam', '1' ); + wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) ); + + break; + + case 'unspamuser' : + + if ( ! current_user_can( 'edit_users' ) ) + wp_die( __( 'You do not have permission to access this page.' ) ); + check_admin_referer( 'unspamuser' ); + + $id = intval( $_GET['id'] ); + $user = get_userdata( $id ); + if ( false === $user || is_super_admin( $user->ID ) ) + continue; + update_user_status( $id, 'spam', '0' ); + wp_safe_redirect( add_query_arg( array( 'updated' => 'true', 'action' => $userfunction ), wp_get_referer() ) ); + + break; + case 'allusers': if ( !current_user_can( 'manage_network_users' ) ) wp_die( __( 'You do not have permission to access this page.' ) ); @@ -123,7 +170,14 @@ $userfunction = ''; foreach ( (array) $_POST['allusers'] as $key => $val ) { + if ( !empty( $val ) ) { + + $user = get_userdata( intval( $val ) ); + + if ( false === $user || is_super_admin( $user->ID ) ) + continue; + switch ( $doaction ) { case 'delete': if ( ! current_user_can( 'delete_users' ) ) @@ -139,24 +193,28 @@ break; case 'spam': - $user = get_userdata( $val ); - if ( is_super_admin( $user->ID ) ) - wp_die( sprintf( __( 'Warning! User cannot be modified. The user %s is a network administrator.' ), esc_html( $user->user_login ) ) ); - + if ( ! current_user_can( 'edit_users' ) ) + wp_die( __( 'You do not have permission to access this page.' ) ); $userfunction = 'all_spam'; $blogs = get_blogs_of_user( $val, true ); - foreach ( (array) $blogs as $key => $details ) { - if ( $details->userblog_id != $current_site->blog_id ) // main blog not a spam ! + if ( $mark_sites_for_spam_user ) { + foreach ( (array) $blogs as $key => $details ) { + // do not mark main site + if ( $details->userblog_id == $current_site->blog_id ) + continue; + // only if admin email is same as user + if ( $user->data->user_email != get_blog_option ( $details->userblog_id , 'admin_email' ) ) + continue; update_blog_status( $details->userblog_id, 'spam', '1' ); + } } update_user_status( $val, 'spam', '1' ); break; case 'notspam': + if ( ! current_user_can( 'edit_users' ) ) + wp_die( __( 'You do not have permission to access this page.' ) ); $userfunction = 'all_notspam'; - $blogs = get_blogs_of_user( $val, true ); - foreach ( (array) $blogs as $key => $details ) - update_blog_status( $details->userblog_id, 'spam', '0' ); update_user_status( $val, 'spam', '0' ); break;