diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index cce36ac856..2fb8679246 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -38,7 +38,93 @@ unset( $_redirect );
$doaction = $wp_list_table->current_action();
if ( $doaction ) {
- $wp_list_table->do_bulk_actions( $doaction );
+ check_admin_referer('bulk-posts');
+
+ $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() );
+ $sendback = $wp_list_table->add_query_args( $sendback );
+ if ( strpos($sendback, 'post.php') !== false )
+ $sendback = admin_url($post_new_file);
+
+ if ( 'delete_all' == $doaction ) {
+ $post_status = preg_replace('/[^a-z0-9_-]+/i', '', $_REQUEST['post_status']);
+ if ( get_post_status_object($post_status) ) // Check the post status exists first
+ $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_type=%s AND post_status = %s", $post_type, $post_status ) );
+ $doaction = 'delete';
+ } elseif ( isset( $_REQUEST['media'] ) ) {
+ $post_ids = $_REQUEST['media'];
+ } elseif ( isset( $_REQUEST['ids'] ) ) {
+ $post_ids = explode( ',', $_REQUEST['ids'] );
+ } elseif ( !empty( $_REQUEST['post'] ) ) {
+ $post_ids = array_map('intval', $_REQUEST['post']);
+ }
+
+ if ( !isset( $post_ids ) ) {
+ wp_redirect( admin_url("edit.php?post_type=$post_type") );
+ exit;
+ }
+
+ switch ( $doaction ) {
+ case 'trash':
+ $trashed = 0;
+ foreach( (array) $post_ids as $post_id ) {
+ if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
+ wp_die( __('You are not allowed to move this item to the Trash.') );
+
+ if ( !wp_trash_post($post_id) )
+ wp_die( __('Error in moving to Trash.') );
+
+ $trashed++;
+ }
+ $sendback = add_query_arg( array('trashed' => $trashed, 'ids' => join(',', $post_ids) ), $sendback );
+ break;
+ case 'untrash':
+ $untrashed = 0;
+ foreach( (array) $post_ids as $post_id ) {
+ if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
+ wp_die( __('You are not allowed to restore this item from the Trash.') );
+
+ if ( !wp_untrash_post($post_id) )
+ wp_die( __('Error in restoring from Trash.') );
+
+ $untrashed++;
+ }
+ $sendback = add_query_arg('untrashed', $untrashed, $sendback);
+ break;
+ case 'delete':
+ $deleted = 0;
+ foreach( (array) $post_ids as $post_id ) {
+ $post_del = & get_post($post_id);
+
+ if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
+ wp_die( __('You are not allowed to delete this item.') );
+
+ if ( $post_del->post_type == 'attachment' ) {
+ if ( ! wp_delete_attachment($post_id) )
+ wp_die( __('Error in deleting...') );
+ } else {
+ if ( !wp_delete_post($post_id) )
+ wp_die( __('Error in deleting...') );
+ }
+ $deleted++;
+ }
+ $sendback = add_query_arg('deleted', $deleted, $sendback);
+ break;
+ case 'edit':
+ $done = bulk_edit_posts($_REQUEST);
+
+ if ( is_array($done) ) {
+ $done['updated'] = count( $done['updated'] );
+ $done['skipped'] = count( $done['skipped'] );
+ $done['locked'] = count( $done['locked'] );
+ $sendback = add_query_arg( $done, $sendback );
+ }
+ break;
+ }
+
+ $sendback = remove_query_arg( array('action', 'action2', 'tags_input', 'post_author', 'comment_status', 'ping_status', '_status', 'post', 'bulk_edit', 'post_view'), $sendback );
+
+ wp_redirect($sendback);
+ exit();
} elseif ( ! empty($_REQUEST['_wp_http_referer']) ) {
wp_redirect( remove_query_arg( array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI']) ) );
exit;
diff --git a/wp-admin/includes/class-wp-posts-list-table.php b/wp-admin/includes/class-wp-posts-list-table.php
index 37fade5680..f25ca4bf9f 100644
--- a/wp-admin/includes/class-wp-posts-list-table.php
+++ b/wp-admin/includes/class-wp-posts-list-table.php
@@ -1013,105 +1013,6 @@ class WP_Posts_List_Table extends WP_List_Table {
current_action();
-
- if ( ! $doaction )
- return;
-
- check_admin_referer('bulk-posts');
-
- $sendback = remove_query_arg( array('trashed', 'untrashed', 'deleted', 'ids'), wp_get_referer() );
- if ( strpos($sendback, 'post.php') !== false )
- $sendback = admin_url($post_new_file);
-
- if ( 'delete_all' == $doaction ) {
- $post_status = preg_replace('/[^a-z0-9_-]+/i', '', $_REQUEST['post_status']);
- if ( get_post_status_object($post_status) ) // Check the post status exists first
- $post_ids = $wpdb->get_col( $wpdb->prepare( "SELECT ID FROM $wpdb->posts WHERE post_type=%s AND post_status = %s", $post_type, $post_status ) );
- $doaction = 'delete';
- } elseif ( isset( $_REQUEST['media'] ) ) {
- $post_ids = $_REQUEST['media'];
- } elseif ( isset( $_REQUEST['ids'] ) ) {
- $post_ids = explode( ',', $_REQUEST['ids'] );
- } elseif ( !empty( $_REQUEST['post'] ) ) {
- $post_ids = array_map('intval', $_REQUEST['post']);
- }
-
- if ( !isset( $post_ids ) ) {
- wp_redirect( admin_url("edit.php?post_type=$post_type") );
- exit;
- }
-
- switch ( $doaction ) {
- case 'trash':
- $trashed = 0;
- foreach( (array) $post_ids as $post_id ) {
- if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
- wp_die( __('You are not allowed to move this item to the Trash.') );
-
- if ( !wp_trash_post($post_id) )
- wp_die( __('Error in moving to Trash.') );
-
- $trashed++;
- }
- $sendback = add_query_arg( array('trashed' => $trashed, 'ids' => join(',', $post_ids) ), $sendback );
- break;
- case 'untrash':
- $untrashed = 0;
- foreach( (array) $post_ids as $post_id ) {
- if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
- wp_die( __('You are not allowed to restore this item from the Trash.') );
-
- if ( !wp_untrash_post($post_id) )
- wp_die( __('Error in restoring from Trash.') );
-
- $untrashed++;
- }
- $sendback = add_query_arg('untrashed', $untrashed, $sendback);
- break;
- case 'delete':
- $deleted = 0;
- foreach( (array) $post_ids as $post_id ) {
- $post_del = & get_post($post_id);
-
- if ( !current_user_can($post_type_object->cap->delete_post, $post_id) )
- wp_die( __('You are not allowed to delete this item.') );
-
- if ( $post_del->post_type == 'attachment' ) {
- if ( ! wp_delete_attachment($post_id) )
- wp_die( __('Error in deleting...') );
- } else {
- if ( !wp_delete_post($post_id) )
- wp_die( __('Error in deleting...') );
- }
- $deleted++;
- }
- $sendback = add_query_arg('deleted', $deleted, $sendback);
- break;
- case 'edit':
- $done = bulk_edit_posts($_REQUEST);
-
- if ( is_array($done) ) {
- $done['updated'] = count( $done['updated'] );
- $done['skipped'] = count( $done['skipped'] );
- $done['locked'] = count( $done['locked'] );
- $sendback = add_query_arg( $done, $sendback );
- }
- break;
- default :
- $sendback = apply_filters( "bulk_actions-posts-$doaction", $sendback, $doaction );
- break;
- }
-
- $sendback = remove_query_arg( array( 'action', 'action2', 'tags_input', 'post_author', 'comment_status', 'ping_status', '_status', 'post', 'bulk_edit', 'post_view' ), $sendback );
- $sendback = $this->add_query_args( $sendback );
- wp_redirect( $sendback );
- exit();
- }
-
}
?>
diff --git a/wp-admin/users.php b/wp-admin/users.php
index b2292584d1..f0f3dc1046 100644
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@@ -42,16 +42,16 @@ if ( empty($_REQUEST) ) {
$update = '';
-if ( $doaction = $wp_list_table->current_action() ) {
-
-switch ( $doaction ) {
+switch ( $wp_list_table->current_action() ) {
/* Bulk Dropdown menu Role changes */
case 'promote':
check_admin_referer('bulk-users');
- if ( empty($_REQUEST['users']) )
- break;
+ if ( empty($_REQUEST['users']) ) {
+ wp_redirect($redirect);
+ exit();
+ }
$editable_roles = get_editable_roles();
if ( empty( $editable_roles[$_REQUEST['new_role']] ) )
@@ -65,7 +65,7 @@ case 'promote':
if ( ! current_user_can('promote_user', $id) )
wp_die(__('You can’t edit that user.'));
// The new role of the current user must also have promote_users caps
- if ( $id == $current_user->ID && ! current_user_can('promote_users') ) {
+ if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
$update = 'err_admin_role';
continue;
}
@@ -78,7 +78,8 @@ case 'promote':
$user->set_role($_REQUEST['new_role']);
}
- $redirect = add_query_arg( 'update', $update, $redirect );
+ wp_redirect(add_query_arg('update', $update, $redirect));
+ exit();
break;
@@ -88,8 +89,10 @@ case 'dodelete':
check_admin_referer('delete-users');
- if ( empty($_REQUEST['users']) )
- break;
+ if ( empty($_REQUEST['users']) ) {
+ wp_redirect($redirect);
+ exit();
+ }
if ( ! current_user_can( 'delete_users' ) )
wp_die(__('You can’t delete users.'));
@@ -122,6 +125,8 @@ case 'dodelete':
}
$redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect);
+ wp_redirect($redirect);
+ exit();
break;
@@ -131,8 +136,10 @@ case 'delete':
check_admin_referer('bulk-users');
- if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) )
- break;
+ if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
+ wp_redirect($redirect);
+ exit();
+ }
if ( ! current_user_can( 'delete_users' ) )
$errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) );
@@ -142,8 +149,6 @@ case 'delete':
else
$userids = $_REQUEST['users'];
- $redirect = false;
-
include ('admin-header.php');
?>
$update), $redirect);
+ wp_redirect($redirect);
+ exit;
break;
@@ -223,8 +231,10 @@ case 'remove':
check_admin_referer('bulk-users');
- if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) )
- break;
+ if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
+ wp_redirect($redirect);
+ exit();
+ }
if ( !current_user_can('remove_users') )
$error = new WP_Error('edit_users', __('You can’t remove users.'));
@@ -234,8 +244,6 @@ case 'remove':
else
$userids = $_REQUEST['users'];
- $redirect = false;
-
include ('admin-header.php');
?>
prepare_items();
@@ -378,5 +378,8 @@ if ( is_multisite() ) {