diff --git a/wp-admin/includes/class-wp-users-list-table.php b/wp-admin/includes/class-wp-users-list-table.php index 9325d9a7f7..d52d75f092 100644 --- a/wp-admin/includes/class-wp-users-list-table.php +++ b/wp-admin/includes/class-wp-users-list-table.php @@ -121,10 +121,13 @@ class WP_Users_List_Table extends WP_List_Table { function get_bulk_actions() { $actions = array(); - if ( !is_multisite() && current_user_can( 'delete_users' ) ) - $actions['delete'] = __( 'Delete' ); - else - $actions['remove'] = __( 'Remove' ); + if ( is_multisite() ) { + if ( current_user_can( 'remove_users' ) ) + $actions['remove'] = __( 'Remove' ); + } else { + if ( current_user_can( 'delete_users' ) ) + $actions['delete'] = __( 'Delete' ); + } return $actions; } diff --git a/wp-admin/users.php b/wp-admin/users.php index 044c806c89..73ff238afa 100644 --- a/wp-admin/users.php +++ b/wp-admin/users.php @@ -200,13 +200,16 @@ break; case 'doremove': check_admin_referer('remove-users'); + if ( ! is_multisite() ) + wp_die( __( 'You can’t remove users.' ) ); + if ( empty($_REQUEST['users']) ) { wp_redirect($redirect); exit; } - if ( !current_user_can('remove_users') ) - die(__('You can’t remove users.')); + if ( ! current_user_can( 'remove_users' ) ) + wp_die( __( 'You can’t remove users.' ) ); $userids = $_REQUEST['users']; @@ -234,6 +237,9 @@ case 'remove': check_admin_referer('bulk-users'); + if ( ! is_multisite() ) + wp_die( __( 'You can’t remove users.' ) ); + if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) { wp_redirect($redirect); exit();