From db6a40aa27dca4b65e06eb6d807106f71cabe963 Mon Sep 17 00:00:00 2001
From: Andrew Nacin
Date: Fri, 2 Apr 2010 06:46:07 +0000
Subject: [PATCH] Move add/remove super admin out of bulk edit and into
user-edit.php. Introduce grant_super_admin() and revoke_super_admin(). Link
to profile.php in ms-users user row for current user. Add defensive check by
forcing IS_PROFILE_PAGE on user-edit if trying to edit your own user_id. see
#12460
git-svn-id: https://develop.svn.wordpress.org/trunk@13941 602fd350-edb4-49c9-b593-d223f7449a82
---
wp-admin/includes/ms.php | 38 +++++++++++++++++++++++++++
wp-admin/ms-edit.php | 28 +++-----------------
wp-admin/ms-users.php | 19 ++++----------
wp-admin/user-edit.php | 55 ++++++++++++++++++++++------------------
4 files changed, 76 insertions(+), 64 deletions(-)
diff --git a/wp-admin/includes/ms.php b/wp-admin/includes/ms.php
index d0f71576c8..76180b5407 100644
--- a/wp-admin/includes/ms.php
+++ b/wp-admin/includes/ms.php
@@ -793,4 +793,42 @@ function _admin_notice_multisite_activate_plugins_page() {
echo "";
}
+/**
+ * Grants super admin privileges.
+ *
+ * @since 3.0.0
+ * @param $user_id
+ */
+function grant_super_admin( $user_id ) {
+ $super_admins = get_site_option( 'site_admins', array( 'admin' ) );
+
+ $user = new WP_User( $user_id );
+ if ( ! in_array( $user->user_login, $super_admins ) ) {
+ $super_admins[] = $user->user_login;
+ update_site_option( 'site_admins' , $super_admins );
+ }
+}
+
+/**
+ * Revokes super admin privileges.
+ *
+ * @since 3.0.0
+ * @param $user_id
+ */
+function revoke_super_admin( $user_id ) {
+ $super_admins = get_site_option( 'site_admins', array( 'admin' ) );
+ $admin_email = get_site_option( 'admin_email' );
+
+ $user = new WP_User( $user_id );
+ if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) {
+ foreach ( $super_admins as $key => $username ) {
+ if ( $username == $user->user_login ) {
+ unset( $super_admins[$key] );
+ break;
+ }
+ }
+ }
+
+ update_site_option( 'site_admins' , $super_admins );
+}
?>
diff --git a/wp-admin/ms-edit.php b/wp-admin/ms-edit.php
index 9147649789..3780a8db61 100644
--- a/wp-admin/ms-edit.php
+++ b/wp-admin/ms-edit.php
@@ -524,7 +524,7 @@ switch ( $_GET['action'] ) {
$doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2'];
foreach ( (array) $_POST['allusers'] as $key => $val ) {
- if ( $val != '' || $val != '0' ) {
+ if ( !empty( $val ) ) {
switch ( $doaction ) {
case 'delete':
$title = __( 'Users' );
@@ -539,34 +539,12 @@ switch ( $_GET['action'] ) {
case 'superadmin':
$userfunction = 'add_superadmin';
- $super_admins = get_site_option( 'site_admins', array( 'admin' ) );
-
- $user = new WP_User( $val );
- if ( ! in_array( $user->user_login, $super_admins ) ) {
- if ( $current_site->blog_id )
- add_user_to_blog( $current_site->blog_id, $user->ID, 'administrator' );
-
- $super_admins[] = $user->user_login;
- update_site_option( 'site_admins' , $super_admins );
- }
+ grant_super_admin( $val );
break;
case 'notsuperadmin':
$userfunction = 'remove_superadmin';
- $super_admins = get_site_option( 'site_admins', array( 'admin' ) );
- $admin_email = get_site_option( 'admin_email' );
-
- $user = new WP_User( $val );
- if ( $user->ID != $current_user->ID || $user->user_email != $admin_email ) {
- foreach ( $super_admins as $key => $username ) {
- if ( $username == $user->user_login ) {
- unset( $super_admins[$key] );
- break;
- }
- }
- }
-
- update_site_option( 'site_admins' , $super_admins );
+ revoke_super_admin( $val );
break;
case 'spam':
diff --git a/wp-admin/ms-users.php b/wp-admin/ms-users.php
index fec04054b7..6ea7d4c361 100644
--- a/wp-admin/ms-users.php
+++ b/wp-admin/ms-users.php
@@ -34,12 +34,6 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
case 'add':
_e( 'User added.' );
break;
- case 'add_superadmin':
- _e( 'Network admin added.' );
- break;
- case 'remove_superadmin':
- _e( 'Network admin removed.' );
- break;
}
?>
@@ -128,10 +122,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
-
+
-
-
@@ -227,15 +219,16 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
case 'login':
$avatar = get_avatar( $user['user_email'], 32 );
+ $edit_link = ( $current_user->ID == $user['ID'] ) ? 'profile.php' : 'user-edit.php?user_id=' . $user['ID'];
?>
-
-
+
|
@@ -323,10 +316,8 @@ if ( isset( $_GET['updated'] ) && $_GET['updated'] == 'true' && ! empty( $_GET['
-
+
-
-
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index b2acbb2a29..37f5d289dc 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -9,8 +9,19 @@
/** WordPress Administration Bootstrap */
require_once('admin.php');
-if ( !defined('IS_PROFILE_PAGE') )
- define('IS_PROFILE_PAGE', false);
+wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
+
+$user_id = (int) $user_id;
+$current_user = wp_get_current_user();
+if ( ! defined( 'IS_PROFILE_PAGE' ) )
+ define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) );
+
+if ( ! $user_id && IS_PROFILE_PAGE )
+ $user_id = $current_user->ID;
+elseif ( ! $user_id && ! IS_PROFILE_PAGE )
+ wp_die(__( 'Invalid user ID.' ) );
+elseif ( ! get_userdata( $user_id ) )
+ wp_die( __('Invalid user ID.') );
wp_enqueue_script('user-profile');
wp_enqueue_script('password-strength-meter');
@@ -22,23 +33,8 @@ else
$submenu_file = 'profile.php';
$parent_file = 'users.php';
-wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
-
$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
-$user_id = (int) $user_id;
-
-if ( !$user_id ) {
- if ( IS_PROFILE_PAGE ) {
- $current_user = wp_get_current_user();
- $user_id = $current_user->ID;
- } else {
- wp_die(__('Invalid user ID.'));
- }
-} elseif ( !get_userdata($user_id) ) {
- wp_die( __('Invalid user ID.') );
-}
-
$all_post_caps = array('posts', 'pages');
$user_can_edit = false;
foreach ( $all_post_caps as $post_cap )
@@ -123,7 +119,10 @@ if ( !is_multisite() ) {
if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
$errors = edit_user($user_id);
if ( $delete_role ) // stops users being added to current blog when they are edited
- update_user_meta( $user_id, $blog_prefix . 'capabilities' , '' );
+ delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
+
+ if ( is_multisite() && is_super_admin() && !IS_PROFILE_PAGE )
+ empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
}
if ( !is_wp_error( $errors ) ) {
@@ -142,6 +141,9 @@ if ( !current_user_can('edit_user', $user_id) )
include ('admin-header.php');
?>
+ID ) ) { ?>
+
+
@@ -165,7 +167,7 @@ include ('admin-header.php');
-
+
+
+ ID ) ); ?> />
+
+
@@ -331,11 +337,10 @@ if ( $show_password_fields ) :
caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser) ) { ?>