← Back to branch summary

~ubuntu-branches/debian/sid/wordpress/sid

« back to all changes in this revision

Viewing changes to wp-admin/includes/class-wp-ms-users-list-table.php

  • Committer: Package Import Robot
  • Author(s): Raphaël Hertzog
  • Date: 2013-09-04 23:18:58 UTC
  • mfrom: (1.2.28)
  • Revision ID: package-import@ubuntu.com-20130904231858-nljmn1buzswh63jk
Tags: 3.6+dfsg-1
* New upstream release.
* Improve wp-settings to verify that $_SERVER['HTTP_X_FORWARDED_PROTO']
  exists before accessing it (avoids a PHP notice).
  Thanks to Paul Dreik <slask@pauldreik.se> for the report and the patch.
* Document in README.Debian the need to login to /wp-admin/ to complete
  an upgrade.
* Drop useless debian/README.source
* Drop 008CVE2008-2392.patch since upstream now disables unfiltered
  uploads by default. See http://core.trac.wordpress.org/ticket/10692
* Drop 009CVE2008-6767.patch since the backto parameter is validated
  against a whitelist, and externally triggered upgrades are not a
  security problem as long as they work.
* Update debian/missing-sources with latest versions.
* Update upstream l10n.

Show diffs side-by-side

added added

removed removed

Lines of Context:
wp-admin/includes/class-wp-ms-users-list-table.php
173
173
 
174
174
                                        case 'username':
175
175
                                                $avatar = get_avatar( $user->user_email, 32 );
176
 
                                                $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
 
176
                                                $edit_link = esc_url( add_query_arg( 'wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), get_edit_user_link( $user->ID ) ) );
177
177
 
178
178
                                                echo "<td $attributes>"; ?>
179
 
                                                        <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo stripslashes( $user->user_login ); ?></a><?php
 
179
                                                        <?php echo $avatar; ?><strong><a href="<?php echo $edit_link; ?>" class="edit"><?php echo $user->user_login; ?></a><?php
180
180
                                                        if ( in_array( $user->user_login, $super_admins ) )
181
181
                                                                echo ' - ' . __( 'Super Admin' );
182
182
                                                        ?></strong>
186
186
                                                                $actions['edit'] = '<a href="' . $edit_link . '">' . __( 'Edit' ) . '</a>';
187
187
 
188
188
                                                                if ( current_user_can( 'delete_user', $user->ID ) && ! in_array( $user->user_login, $super_admins ) ) {
189
 
                                                                        $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( stripslashes( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
 
189
                                                                        $actions['delete'] = '<a href="' . $delete = esc_url( network_admin_url( add_query_arg( '_wp_http_referer', urlencode( wp_unslash( $_SERVER['REQUEST_URI'] ) ), wp_nonce_url( 'users.php', 'deleteuser' ) . '&amp;action=deleteuser&amp;id=' . $user->ID ) ) ) . '" class="delete">' . __( 'Delete' ) . '</a>';
190
190
                                                                }
191
191
 
192
192
                                                                $actions = apply_filters( 'ms_user_row_actions', $actions, $user );