From db6a40aa27dca4b65e06eb6d807106f71cabe963 Mon Sep 17 00:00:00 2001 From: Andrew Nacin Date: Fri, 2 Apr 2010 06:46:07 +0000 Subject: [PATCH] Move add/remove super admin out of bulk edit and into user-edit.php. Introduce grant_super_admin() and revoke_super_admin(). Link to profile.php in ms-users user row for current user. Add defensive check by forcing IS_PROFILE_PAGE on user-edit if trying to edit your own user_id. see #12460 git-svn-id: https://develop.svn.wordpress.org/trunk@13941 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/ms.php | 38 +++++++++++++++++++++++++++ wp-admin/ms-edit.php | 28 +++----------------- wp-admin/ms-users.php | 19 ++++---------- wp-admin/user-edit.php | 55 ++++++++++++++++++++++------------------ 4 files changed, 76 insertions(+), 64 deletions(-) diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php index d0f71576c8..76180b5407 100644 --- a/wp-admin/includes/ms.php +++ b/wp-admin/includes/ms.php @@ -793,4 +793,42 @@ function _admin_notice_multisite_activate_plugins_page() { echo "

$message

"; } +/** + * Grants super admin privileges. + * + * @since 3.0.0 + * @param $user_id + */ +function grant_super_admin( $user_id ) { + $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); + + $user = new WP_User( $user_id ); + if ( ! in_array( $user->user_login, $super_admins ) ) { + $super_admins[] = $user->user_login; + update_site_option( 'site_admins' , $super_admins ); + } +} + +/** + * Revokes super admin privileges. + * + * @since 3.0.0 + * @param $user_id + */ +function revoke_super_admin( $user_id ) { + $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); + $admin_email = get_site_option( 'admin_email' ); + + $user = new WP_User( $user_id ); + if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) { + foreach ( $super_admins as $key => $username ) { + if ( $username == $user->user_login ) { + unset( $super_admins[$key] ); + break; + } + } + } + + update_site_option( 'site_admins' , $super_admins ); +} ?> diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php index 9147649789..3780a8db61 100644 --- a/wp-admin/ms-edit.php +++ b/wp-admin/ms-edit.php @@ -524,7 +524,7 @@ switch ( $_GET['action'] ) { $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; foreach ( (array) $_POST['allusers'] as $key => $val ) { - if ( $val != '' || $val != '0' ) { + if ( !empty( $val ) ) { switch ( $doaction ) { case 'delete': $title = __( 'Users' ); @@ -539,34 +539,12 @@ switch ( $_GET['action'] ) { case 'superadmin': $userfunction = 'add_superadmin'; - $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); - - $user = new WP_User( $val ); - if ( ! in_array( $user->user_login, $super_admins ) ) { - if ( $current_site->blog_id ) - add_user_to_blog( $current_site->blog_id, $user->ID, 'administrator' ); - - $super_admins[] = $user->user_login; - update_site_option( 'site_admins' , $super_admins ); - } + grant_super_admin( $val ); break; case 'notsuperadmin': $userfunction = 'remove_superadmin'; - $super_admins = get_site_option( 'site_admins', array( 'admin' ) ); - $admin_email = get_site_option( 'admin_email' ); - - $user = new WP_User( $val ); - if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) { - foreach ( $super_admins as $key => $username ) { - if ( $username == $user->user_login ) { - unset( $super_admins[$key] ); - break; - } - } - } - - update_site_option( 'site_admins' , $super_admins ); + revoke_super_admin( $val ); break; case 'spam': diff --git a/wp-admin/ms-users.php b/wp-admin/ms-users.php index fec04054b7..6ea7d4c361 100644 --- a/wp-admin/ms-users.php +++ b/wp-admin/ms-users.php @@ -34,12 +34,6 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET[' case 'add': _e( 'User added.' ); break; - case 'add_superadmin': - _e( 'Network admin added.' ); - break; - case 'remove_superadmin': - _e( 'Network admin removed.' ); - break; } ?>

@@ -128,10 +122,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET[' @@ -227,15 +219,16 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET[' case 'login': $avatar = get_avatar( $user['user_email'], 32 ); + $edit_link = ( $current_user->ID == $user['ID'] ) ? 'profile.php' : 'user-edit.php?user_id=' . $user['ID']; ?> -
- + | @@ -323,10 +316,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index b2acbb2a29..37f5d289dc 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -9,8 +9,19 @@ /** WordPress Administration Bootstrap */ require_once('admin.php'); -if ( !defined('IS_PROFILE_PAGE') ) - define('IS_PROFILE_PAGE', false); +wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer')); + +$user_id = (int) $user_id; +$current_user = wp_get_current_user(); +if ( ! defined( 'IS_PROFILE_PAGE' ) ) + define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) ); + +if ( ! $user_id && IS_PROFILE_PAGE ) + $user_id = $current_user->ID; +elseif ( ! $user_id && ! IS_PROFILE_PAGE ) + wp_die(__( 'Invalid user ID.' ) ); +elseif ( ! get_userdata( $user_id ) ) + wp_die( __('Invalid user ID.') ); wp_enqueue_script('user-profile'); wp_enqueue_script('password-strength-meter'); @@ -22,23 +33,8 @@ else $submenu_file = 'profile.php'; $parent_file = 'users.php'; -wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer')); - $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); -$user_id = (int) $user_id; - -if ( !$user_id ) { - if ( IS_PROFILE_PAGE ) { - $current_user = wp_get_current_user(); - $user_id = $current_user->ID; - } else { - wp_die(__('Invalid user ID.')); - } -} elseif ( !get_userdata($user_id) ) { - wp_die( __('Invalid user ID.') ); -} - $all_post_caps = array('posts', 'pages'); $user_can_edit = false; foreach ( $all_post_caps as $post_cap ) @@ -123,7 +119,10 @@ if ( !is_multisite() ) { if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) ) $errors = edit_user($user_id); if ( $delete_role ) // stops users being added to current blog when they are edited - update_user_meta( $user_id, $blog_prefix . 'capabilities' , '' ); + delete_user_meta( $user_id, $blog_prefix . 'capabilities' ); + + if ( is_multisite() && is_super_admin() && !IS_PROFILE_PAGE ) + empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id ); } if ( !is_wp_error( $errors ) ) { @@ -142,6 +141,9 @@ if ( !current_user_can('edit_user', $user_id) ) include ('admin-header.php'); ?> +ID ) ) { ?> +

+

@@ -165,7 +167,7 @@ include ('admin-header.php');

-
+ @@ -232,7 +234,11 @@ if ( $user_role ) else echo ''; ?> - + + +

+ + @@ -331,11 +337,10 @@ if ( $show_password_fields ) : caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser) ) { ?>