sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

On the Users list table, show all the roles of a user in a comma-separated list if they have more than one role. This prevents role obfuscation in situations where a user has had more than one role programmatically assigned to them.

Browse Source 
Fixes #22959
Props scribu, JustinSainton, DrewAPicture, johnbillion


git-svn-id: https://develop.svn.wordpress.org/trunk@34963 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
John Blackbourn 2015-10-08 21:58:34 +00:00
parent e05fb68289
commit b02c884370
1 changed files with 50 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

65
src/wp-admin/includes/class-wp-users-list-table.php
View File

@ -324,21 +324,11 @@ class WP_Users_List_Table extends WP_List_Table {
if ( ! $this->is_site_users ) if ( ! $this->is_site_users )
$post_counts = count_many_users_posts( array_keys( $this->items ) ); $post_counts = count_many_users_posts( array_keys( $this->items ) );
$editable_roles = array_keys( get_editable_roles() );
foreach ( $this->items as $userid => $user_object ) { foreach ( $this->items as $userid => $user_object ) {
if ( count( $user_object->roles ) <= 1 ) {
$role = reset( $user_object->roles );
} elseif ( $roles = array_intersect( array_values( $user_object->roles ), $editable_roles ) ) {
$role = reset( $roles );
} else {
$role = reset( $user_object->roles );
}
if ( is_multisite() && empty( $user_object->allcaps ) ) if ( is_multisite() && empty( $user_object->allcaps ) )
continue; continue;
echo "\n\t" . $this->single_row( $user_object, $style = '', $role, isset( $post_counts ) ? $post_counts[ $userid ] : 0 ); echo "\n\t" . $this->single_row( $user_object, '', '', isset( $post_counts ) ? $post_counts[ $userid ] : 0 );
} }
} }
@ -346,12 +336,13 @@ class WP_Users_List_Table extends WP_List_Table {
* Generate HTML for a single row on the users.php admin panel. * Generate HTML for a single row on the users.php admin panel.
* *
* @since 3.1.0 * @since 3.1.0
* @since 4.2.0 The `$style` argument was deprecated. * @since 4.2.0 The `$style` parameter was deprecated.
* @since 4.4.0 The `$role` parameter was deprecated.
* @access public * @access public
* *
* @param object $user_object The current user object. * @param object $user_object The current user object.
* @param string $style Deprecated. Not used. * @param string $style Deprecated. Not used.
* @param string $role Optional. Key for the $wp_roles array. Default empty. * @param string $role Deprecated. Not used.
* @param int $numposts Optional. Post count to display for this user. Defaults * @param int $numposts Optional. Post count to display for this user. Defaults
* to zero, as in, a new user has made zero posts. * to zero, as in, a new user has made zero posts.
* @return string Output for a single row. * @return string Output for a single row.
@ -370,6 +361,8 @@ class WP_Users_List_Table extends WP_List_Table {
else else
$url = 'users.php?'; $url = 'users.php?';
$user_roles = $this->get_role_list( $user_object );
// Set up the hover actions for this user // Set up the hover actions for this user
$actions = array(); $actions = array();
$checkbox = ''; $checkbox = '';
@ -402,9 +395,12 @@ class WP_Users_List_Table extends WP_List_Table {
*/ */
$actions = apply_filters( 'user_row_actions', $actions, $user_object ); $actions = apply_filters( 'user_row_actions', $actions, $user_object );
// Role classes.
$role_classes = esc_attr( implode( ' ', array_keys( $user_roles ) ) );
// Set up the checkbox ( because the user is editable, otherwise it's empty ) // Set up the checkbox ( because the user is editable, otherwise it's empty )
$checkbox = '<label class="screen-reader-text" for="user_' . $user_object->ID . '">' . sprintf( __( 'Select %s' ), $user_object->user_login ) . '</label>' $checkbox = '<label class="screen-reader-text" for="user_' . $user_object->ID . '">' . sprintf( __( 'Select %s' ), $user_object->user_login ) . '</label>'
. "<input type='checkbox' name='users[]' id='user_{$user_object->ID}' class='$role' value='{$user_object->ID}' />"; . "<input type='checkbox' name='users[]' id='user_{$user_object->ID}' class='{$role_classes}' value='{$user_object->ID}' />";
} else { } else {
$edit = '<strong>' . $user_object->user_login . '</strong>'; $edit = '<strong>' . $user_object->user_login . '</strong>';
@ -412,6 +408,9 @@ class WP_Users_List_Table extends WP_List_Table {
$role_name = isset( $wp_roles->role_names[$role] ) ? translate_user_role( $wp_roles->role_names[$role] ) : __( 'None' ); $role_name = isset( $wp_roles->role_names[$role] ) ? translate_user_role( $wp_roles->role_names[$role] ) : __( 'None' );
$avatar = get_avatar( $user_object->ID, 32 ); $avatar = get_avatar( $user_object->ID, 32 );
// Comma-separated list of user roles.
$roles_list = implode( ', ', $user_roles );
$r = "<tr id='user-$user_object->ID'>"; $r = "<tr id='user-$user_object->ID'>";
list( $columns, $hidden, $sortable, $primary ) = $this->get_column_info(); list( $columns, $hidden, $sortable, $primary ) = $this->get_column_info();
@ -448,7 +447,7 @@ class WP_Users_List_Table extends WP_List_Table {
$r .= "<a href='" . esc_url( "mailto:$email" ) . "'>$email</a>"; $r .= "<a href='" . esc_url( "mailto:$email" ) . "'>$email</a>";
break; break;
case 'role': case 'role':
$r .= $role_name; $r .= esc_html( $roles_list );
break; break;
case 'posts': case 'posts':
if ( $numposts > 0 ) { if ( $numposts > 0 ) {
@ -495,4 +494,40 @@ class WP_Users_List_Table extends WP_List_Table {
protected function get_default_primary_column_name() { protected function get_default_primary_column_name() {
return 'username'; return 'username';
} }
/**
* Returns an array of user roles for a given user object.
*
* @since 4.4.0
* @access protected
*
* @param WP_User $user_object The WP_User object.
* @return array An array of user roles.
*/
protected function get_role_list( $user_object ) {
global $wp_roles;
$role_list = array();
foreach ( $user_object->roles as $role ) {
if ( isset( $wp_roles->role_names[ $role ] ) ) {
$role_list[ $role ] = translate_user_role( $wp_roles->role_names[ $role ] );
}
}
if ( empty( $role_list ) ) {
$role_list['none'] = _x( 'None', 'no user roles' );
}
/**
* Filter the returned array of roles for a user.
*
* @since 4.4.0
*
* @param array $role_list An array of user roles.
* @param WP_User $user_object A WP_User object.
*/
return apply_filters( 'get_role_list', $role_list, $user_object );
}
} }