Move wp_redirect calls to the end of the switch in users.php. Fix unrelated bug where the user's cap should be check, rather than their role's cap. see #16166.
git-svn-id: https://develop.svn.wordpress.org/trunk@17275 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
b6cd198d8e
commit
166014d76e
@ -42,16 +42,16 @@ if ( empty($_REQUEST) ) {
|
|||||||
|
|
||||||
$update = '';
|
$update = '';
|
||||||
|
|
||||||
switch ( $wp_list_table->current_action() ) {
|
if ( $doaction = $wp_list_table->current_action() ) {
|
||||||
|
|
||||||
|
switch ( $doaction ) {
|
||||||
|
|
||||||
/* Bulk Dropdown menu Role changes */
|
/* Bulk Dropdown menu Role changes */
|
||||||
case 'promote':
|
case 'promote':
|
||||||
check_admin_referer('bulk-users');
|
check_admin_referer('bulk-users');
|
||||||
|
|
||||||
if ( empty($_REQUEST['users']) ) {
|
if ( empty($_REQUEST['users']) )
|
||||||
wp_redirect($redirect);
|
break;
|
||||||
exit();
|
|
||||||
}
|
|
||||||
|
|
||||||
$editable_roles = get_editable_roles();
|
$editable_roles = get_editable_roles();
|
||||||
if ( empty( $editable_roles[$_REQUEST['new_role']] ) )
|
if ( empty( $editable_roles[$_REQUEST['new_role']] ) )
|
||||||
@ -65,7 +65,7 @@ case 'promote':
|
|||||||
if ( ! current_user_can('promote_user', $id) )
|
if ( ! current_user_can('promote_user', $id) )
|
||||||
wp_die(__('You can’t edit that user.'));
|
wp_die(__('You can’t edit that user.'));
|
||||||
// The new role of the current user must also have promote_users caps
|
// The new role of the current user must also have promote_users caps
|
||||||
if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
|
if ( $id == $current_user->ID && ! current_user_can('promote_users') ) {
|
||||||
$update = 'err_admin_role';
|
$update = 'err_admin_role';
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
@ -78,8 +78,7 @@ case 'promote':
|
|||||||
$user->set_role($_REQUEST['new_role']);
|
$user->set_role($_REQUEST['new_role']);
|
||||||
}
|
}
|
||||||
|
|
||||||
wp_redirect(add_query_arg('update', $update, $redirect));
|
$redirect = add_query_arg( 'update', $update, $redirect );
|
||||||
exit();
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -89,10 +88,8 @@ case 'dodelete':
|
|||||||
|
|
||||||
check_admin_referer('delete-users');
|
check_admin_referer('delete-users');
|
||||||
|
|
||||||
if ( empty($_REQUEST['users']) ) {
|
if ( empty($_REQUEST['users']) )
|
||||||
wp_redirect($redirect);
|
break;
|
||||||
exit();
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ! current_user_can( 'delete_users' ) )
|
if ( ! current_user_can( 'delete_users' ) )
|
||||||
wp_die(__('You can’t delete users.'));
|
wp_die(__('You can’t delete users.'));
|
||||||
@ -125,8 +122,6 @@ case 'dodelete':
|
|||||||
}
|
}
|
||||||
|
|
||||||
$redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect);
|
$redirect = add_query_arg( array('delete_count' => $delete_count, 'update' => $update), $redirect);
|
||||||
wp_redirect($redirect);
|
|
||||||
exit();
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -136,10 +131,8 @@ case 'delete':
|
|||||||
|
|
||||||
check_admin_referer('bulk-users');
|
check_admin_referer('bulk-users');
|
||||||
|
|
||||||
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
|
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) )
|
||||||
wp_redirect($redirect);
|
break;
|
||||||
exit();
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( ! current_user_can( 'delete_users' ) )
|
if ( ! current_user_can( 'delete_users' ) )
|
||||||
$errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) );
|
$errors = new WP_Error( 'edit_users', __( 'You can’t delete users.' ) );
|
||||||
@ -149,6 +142,8 @@ case 'delete':
|
|||||||
else
|
else
|
||||||
$userids = $_REQUEST['users'];
|
$userids = $_REQUEST['users'];
|
||||||
|
|
||||||
|
$redirect = false;
|
||||||
|
|
||||||
include ('admin-header.php');
|
include ('admin-header.php');
|
||||||
?>
|
?>
|
||||||
<form action="" method="post" name="updateusers" id="updateusers">
|
<form action="" method="post" name="updateusers" id="updateusers">
|
||||||
@ -191,16 +186,15 @@ case 'delete':
|
|||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
<?php
|
<?php
|
||||||
|
include('./admin-footer.php');
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'doremove':
|
case 'doremove':
|
||||||
check_admin_referer('remove-users');
|
check_admin_referer('remove-users');
|
||||||
|
|
||||||
if ( empty($_REQUEST['users']) ) {
|
if ( empty($_REQUEST['users']) )
|
||||||
wp_redirect($redirect);
|
break;
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( !current_user_can('remove_users') )
|
if ( !current_user_can('remove_users') )
|
||||||
die(__('You can’t remove users.'));
|
die(__('You can’t remove users.'));
|
||||||
@ -222,8 +216,6 @@ case 'doremove':
|
|||||||
}
|
}
|
||||||
|
|
||||||
$redirect = add_query_arg( array('update' => $update), $redirect);
|
$redirect = add_query_arg( array('update' => $update), $redirect);
|
||||||
wp_redirect($redirect);
|
|
||||||
exit;
|
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@ -231,10 +223,8 @@ case 'remove':
|
|||||||
|
|
||||||
check_admin_referer('bulk-users');
|
check_admin_referer('bulk-users');
|
||||||
|
|
||||||
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {
|
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) )
|
||||||
wp_redirect($redirect);
|
break;
|
||||||
exit();
|
|
||||||
}
|
|
||||||
|
|
||||||
if ( !current_user_can('remove_users') )
|
if ( !current_user_can('remove_users') )
|
||||||
$error = new WP_Error('edit_users', __('You can’t remove users.'));
|
$error = new WP_Error('edit_users', __('You can’t remove users.'));
|
||||||
@ -244,6 +234,8 @@ case 'remove':
|
|||||||
else
|
else
|
||||||
$userids = $_REQUEST['users'];
|
$userids = $_REQUEST['users'];
|
||||||
|
|
||||||
|
$redirect = false;
|
||||||
|
|
||||||
include ('admin-header.php');
|
include ('admin-header.php');
|
||||||
?>
|
?>
|
||||||
<form action="" method="post" name="updateusers" id="updateusers">
|
<form action="" method="post" name="updateusers" id="updateusers">
|
||||||
@ -279,15 +271,23 @@ case 'remove':
|
|||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
<?php
|
<?php
|
||||||
|
include('./admin-footer.php');
|
||||||
|
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
|
||||||
if ( !empty($_GET['_wp_http_referer']) ) {
|
} // end of the $doaction switch
|
||||||
|
|
||||||
|
if ( $redirect )
|
||||||
|
wp_redirect( $redirect );
|
||||||
|
exit();
|
||||||
|
|
||||||
|
} // end of the $doaction if
|
||||||
|
elseif ( !empty($_GET['_wp_http_referer']) ) {
|
||||||
wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
|
wp_redirect(remove_query_arg(array('_wp_http_referer', '_wpnonce'), stripslashes($_SERVER['REQUEST_URI'])));
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
$wp_list_table->prepare_items();
|
$wp_list_table->prepare_items();
|
||||||
|
|
||||||
@ -378,8 +378,5 @@ if ( is_multisite() ) {
|
|||||||
<br class="clear" />
|
<br class="clear" />
|
||||||
</div>
|
</div>
|
||||||
<?php
|
<?php
|
||||||
break;
|
|
||||||
|
|
||||||
} // end of the $doaction switch
|
|
||||||
|
|
||||||
include('./admin-footer.php');
|
include('./admin-footer.php');
|
||||||
|
Loading…
Reference in New Issue
Block a user