Nonce checks for site-users. See #15969 props PeteMall.
git-svn-id: http://svn.automattic.com/wordpress/trunk@17136 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
westi
parent
b9c170c042
commit
faa07b6636
|
|
@ -62,6 +62,7 @@ if ( $action ) {
|
||||||
|
|
||||||
switch ( $action ) {
|
switch ( $action ) {
|
||||||
case 'newuser':
|
case 'newuser':
|
||||||
|
check_admin_referer( 'add-user', '_wpnonce_add-new-user' );
|
||||||
$user = $_POST['user'];
|
$user = $_POST['user'];
|
||||||
if ( !is_array( $_POST['user'] ) || empty( $user['username'] ) || empty( $user['email'] ) ) {
|
if ( !is_array( $_POST['user'] ) || empty( $user['username'] ) || empty( $user['email'] ) ) {
|
||||||
$update = 'err_new';
|
$update = 'err_new';
|
||||||
|
|
@ -80,6 +81,7 @@ if ( $action ) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'adduser':
|
case 'adduser':
|
||||||
|
check_admin_referer( 'add-user', '_wpnonce_add-user' );
|
||||||
if ( !empty( $_POST['newuser'] ) ) {
|
if ( !empty( $_POST['newuser'] ) ) {
|
||||||
$update = 'adduser';
|
$update = 'adduser';
|
||||||
$newuser = $_POST['newuser'];
|
$newuser = $_POST['newuser'];
|
||||||
|
|
@ -101,6 +103,7 @@ if ( $action ) {
|
||||||
case 'remove':
|
case 'remove':
|
||||||
if ( !current_user_can('remove_users') )
|
if ( !current_user_can('remove_users') )
|
||||||
die(__('You can’t remove users.'));
|
die(__('You can’t remove users.'));
|
||||||
|
check_admin_referer( 'bulk-users' );
|
||||||
|
|
||||||
$update = 'remove';
|
$update = 'remove';
|
||||||
if ( isset( $_REQUEST['users'] ) ) {
|
if ( isset( $_REQUEST['users'] ) ) {
|
||||||
|
|
@ -118,6 +121,7 @@ if ( $action ) {
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'promote':
|
case 'promote':
|
||||||
|
check_admin_referer( 'bulk-users' );
|
||||||
$editable_roles = get_editable_roles();
|
$editable_roles = get_editable_roles();
|
||||||
if ( empty( $editable_roles[$_REQUEST['new_role']] ) )
|
if ( empty( $editable_roles[$_REQUEST['new_role']] ) )
|
||||||
wp_die(__('You can’t give users that role.'));
|
wp_die(__('You can’t give users that role.'));
|
||||||
|
|
@ -258,6 +262,7 @@ endif; ?>
|
||||||
</select></td>
|
</select></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
|
<?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?>
|
||||||
<?php submit_button( __('Add User'), 'primary', 'add-user' ); ?>
|
<?php submit_button( __('Add User'), 'primary', 'add-user' ); ?>
|
||||||
</form>
|
</form>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
@ -293,7 +298,7 @@ endif; ?>
|
||||||
<td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td>
|
<td colspan="2"><?php _e( 'Username and password will be mailed to the above email address.' ) ?></td>
|
||||||
</tr>
|
</tr>
|
||||||
</table>
|
</table>
|
||||||
<?php wp_nonce_field( 'add-user', '_wpnonce_add-user' ) ?>
|
<?php wp_nonce_field( 'add-user', '_wpnonce_add-new-user' ) ?>
|
||||||
<?php submit_button( __('Add New User'), 'primary', 'add-user' ); ?>
|
<?php submit_button( __('Add New User'), 'primary', 'add-user' ); ?>
|
||||||
</form>
|
</form>
|
||||||
<?php endif; ?>
|
<?php endif; ?>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue