From 166014d76e2d69ea70cdc74cf887e28c8c1bc1be Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Thu, 13 Jan 2011 00:22:53 +0000 Subject: [PATCH] Move wp_redirect calls to the end of the switch in users.php. Fix unrelated bug where the user's cap should be check, rather than their role's cap. see #16166. git-svn-id: https://develop.svn.wordpress.org/trunk@17275 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/users.php | 63 ++++++++++++++++++++++------------------------ 1 file changed, 30 insertions(+), 33 deletions(-) diff --git a/wp-admin/users.php b/wp-admin/users.php index f0f3dc1046..b2292584d1 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -42,16 +42,16 @@ if ( empty($_REQUEST) ) { $update = ''; -switch ( $wp_list_table->current_action() ) { +if ( $doaction = $wp_list_table->current_action() ) { + +switch ( $doaction ) { /* Bulk Dropdown menu Role changes */ case 'promote': check_admin_referer('bulk-users'); - if ( empty($_REQUEST['users']) ) { - wp_redirect($redirect); - exit(); - } + if ( empty($_REQUEST['users']) ) + break; $editable_roles = get_editable_roles(); if ( empty( $editable_roles[$_REQUEST['new_role']] ) ) @@ -65,7 +65,7 @@ case 'promote': if ( ! current_user_can('promote_user', $id) ) wp_die(__('You can’t edit that user.')); // The new role of the current user must also have promote_users caps - if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) { + if ( $id == $current_user->ID && ! current_user_can('promote_users') ) { $update = 'err_admin_role'; continue; } @@ -78,8 +78,7 @@ case 'promote': $user->set_role($_REQUEST['new_role']); } - wp_redirect(add_query_arg('update', $update, $redirect)); - exit(); + $redirect = add_query_arg( 'update', $update, $redirect ); break; @@ -89,10 +88,8 @@ case 'dodelete': check_admin_referer('delete-users'); - if ( empty($_REQUEST['users']) ) { - wp_redirect($redirect); - exit(); - } + if ( empty($_REQUEST['users']) ) + break; if ( ! current_user_can( 'delete_users' ) ) wp_die(__('You can’t delete users.')); @@ -125,8 +122,6 @@ case 'dodelete': } $redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect); - wp_redirect($redirect); - exit(); break; @@ -136,10 +131,8 @@ case 'delete': check_admin_referer('bulk-users'); - if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { - wp_redirect($redirect); - exit(); - } + if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) + break; if ( ! current_user_can( 'delete_users' ) ) $errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) ); @@ -149,6 +142,8 @@ case 'delete': else $userids = $_REQUEST['users']; + $redirect = false; + include ('admin-header.php'); ?>
@@ -191,16 +186,15 @@ case 'delete':
$update), $redirect); - wp_redirect($redirect); - exit; break; @@ -231,10 +223,8 @@ case 'remove': check_admin_referer('bulk-users'); - if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { - wp_redirect($redirect); - exit(); - } + if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) + break; if ( !current_user_can('remove_users') ) $error = new WP_Error('edit_users', __('You can’t remove users.')); @@ -244,6 +234,8 @@ case 'remove': else $userids = $_REQUEST['users']; + $redirect = false; + include ('admin-header.php'); ?>
@@ -279,15 +271,23 @@ case 'remove':
prepare_items(); @@ -378,8 +378,5 @@ if ( is_multisite() ) {