/var/www/wordpress/wp-admin/includes/admin.php
/var/www/wordpress/wp-admin/includes/bookmark.php
/var/www/wordpress/wp-admin/includes/class-ftp-pure.php
/var/www/wordpress/wp-admin/includes/class-ftp-sockets.php
/var/www/wordpress/wp-admin/includes/class-ftp.php
/var/www/wordpress/wp-admin/includes/class-pclzip.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-base.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-direct.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpext.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ftpsockets.php
/var/www/wordpress/wp-admin/includes/class-wp-filesystem-ssh2.php
/var/www/wordpress/wp-admin/includes/class-wp-importer.php
/var/www/wordpress/wp-admin/includes/class-wp-upgrader.php
/var/www/wordpress/wp-admin/includes/comment.php
/var/www/wordpress/wp-admin/includes/continents-cities.php
/var/www/wordpress/wp-admin/includes/dashboard.php
/var/www/wordpress/wp-admin/includes/deprecated.php
/var/www/wordpress/wp-admin/includes/export.php
/var/www/wordpress/wp-admin/includes/file.php
/var/www/wordpress/wp-admin/includes/image-edit.php
/var/www/wordpress/wp-admin/includes/image.php
/var/www/wordpress/wp-admin/includes/import.php
/var/www/wordpress/wp-admin/includes/manifest.php
/var/www/wordpress/wp-admin/includes/media.php
/var/www/wordpress/wp-admin/includes/meta-boxes.php
/var/www/wordpress/wp-admin/includes/misc.php
/var/www/wordpress/wp-admin/includes/ms-deprecated.php
/var/www/wordpress/wp-admin/includes/ms.php
/var/www/wordpress/wp-admin/includes/nav-menu.php
/var/www/wordpress/wp-admin/includes/plugin-install.php
/var/www/wordpress/wp-admin/includes/plugin.php
/var/www/wordpress/wp-admin/includes/post.php
/var/www/wordpress/wp-admin/includes/schema.php
/var/www/wordpress/wp-admin/includes/taxonomy.php
/var/www/wordpress/wp-admin/includes/template.php
/var/www/wordpress/wp-admin/includes/theme-install.php
/var/www/wordpress/wp-admin/includes/theme.php
/var/www/wordpress/wp-admin/includes/update-core.php
/var/www/wordpress/wp-admin/includes/update.php
/var/www/wordpress/wp-admin/includes/upgrade.php
/var/www/wordpress/wp-admin/includes/user.php
/var/www/wordpress/wp-admin/includes/widgets.php
/var/www/wordpress/wp-admin/js/revisions-js.php
/var/www/wordpress/wp-admin/maint/repair.php
/var/www/wordpress/wp-admin/admin-ajax.php
/var/www/wordpress/wp-admin/admin-footer.php
/var/www/wordpress/wp-admin/admin-functions.php
/var/www/wordpress/wp-admin/admin-header.php
/var/www/wordpress/wp-admin/admin-post.php
/var/www/wordpress/wp-admin/admin.php
/var/www/wordpress/wp-admin/async-upload.php
/var/www/wordpress/wp-admin/comment.php
/var/www/wordpress/wp-admin/custom-background.php
/var/www/wordpress/wp-admin/custom-header.php
/var/www/wordpress/wp-admin/edit-attachment-rows.php
/var/www/wordpress/wp-admin/edit-comments.php
/var/www/wordpress/wp-admin/edit-form-advanced.php
/var/www/wordpress/wp-admin/edit-form-comment.php
/var/www/wordpress/wp-admin/edit-link-categories.php
/var/www/wordpress/wp-admin/edit-link-category-form.php
/var/www/wordpress/wp-admin/edit-link-form.php
/var/www/wordpress/wp-admin/edit-post-rows.php
/var/www/wordpress/wp-admin/edit-tag-form.php
/var/www/wordpress/wp-admin/edit-tags.php
/var/www/wordpress/wp-admin/edit.php
/var/www/wordpress/wp-admin/export.php
/var/www/wordpress/wp-admin/gears-manifest.php
/var/www/wordpress/wp-admin/import.php
/var/www/wordpress/wp-admin/index-extra.php
/var/www/wordpress/wp-admin/index.php
/var/www/wordpress/wp-admin/install-helper.php
/var/www/wordpress/wp-admin/install.php
/var/www/wordpress/wp-admin/link-add.php
/var/www/wordpress/wp-admin/link-category.php
/var/www/wordpress/wp-admin/link-manager.php
/var/www/wordpress/wp-admin/link-parse-opml.php
/var/www/wordpress/wp-admin/link.php
/var/www/wordpress/wp-admin/load-scripts.php
/var/www/wordpress/wp-admin/load-styles.php
/var/www/wordpress/wp-admin/media-new.php
/var/www/wordpress/wp-admin/media-upload.php
/var/www/wordpress/wp-admin/media.php
/var/www/wordpress/wp-admin/menu-header.php
/var/www/wordpress/wp-admin/menu.php
/var/www/wordpress/wp-admin/moderation.php
/var/www/wordpress/wp-admin/ms-admin.php
/var/www/wordpress/wp-admin/ms-delete-site.php
/var/www/wordpress/wp-admin/ms-edit.php
/var/www/wordpress/wp-admin/ms-options.php
/var/www/wordpress/wp-admin/ms-sites.php
/var/www/wordpress/wp-admin/ms-themes.php
/var/www/wordpress/wp-admin/ms-upgrade-network.php
/var/www/wordpress/wp-admin/ms-users.php
/var/www/wordpress/wp-admin/my-sites.php
/var/www/wordpress/wp-admin/nav-menus.php
/var/www/wordpress/wp-admin/network.php
/var/www/wordpress/wp-admin/options-discussion.php
/var/www/wordpress/wp-admin/options-general.php
/var/www/wordpress/wp-admin/options-head.php
/var/www/wordpress/wp-admin/options-media.php
/var/www/wordpress/wp-admin/options-permalink.php
/var/www/wordpress/wp-admin/options-privacy.php
/var/www/wordpress/wp-admin/options-reading.php
/var/www/wordpress/wp-admin/options-writing.php
/var/www/wordpress/wp-admin/options.php
/var/www/wordpress/wp-admin/plugin-editor.php
/var/www/wordpress/wp-admin/plugin-install.php
/var/www/wordpress/wp-admin/plugins.php
/var/www/wordpress/wp-admin/post-new.php
/var/www/wordpress/wp-admin/post.php
/var/www/wordpress/wp-admin/press-this.php
/var/www/wordpress/wp-admin/profile.php
/var/www/wordpress/wp-admin/revision.php
/var/www/wordpress/wp-admin/setup-config.php
/var/www/wordpress/wp-admin/sidebar.php
/var/www/wordpress/wp-admin/theme-editor.php
/var/www/wordpress/wp-admin/theme-install.php
/var/www/wordpress/wp-admin/themes.php
/var/www/wordpress/wp-admin/tools.php
/var/www/wordpress/wp-admin/update-core.php
/var/www/wordpress/wp-admin/update.php
/var/www/wordpress/wp-admin/upgrade-functions.php
/var/www/wordpress/wp-admin/upgrade.php
/var/www/wordpress/wp-admin/upload.php
/var/www/wordpress/wp-admin/user-edit.php
#CodeDescriptions
1<?php
2/**
3 * Edit user administration panel.
4 *
5 * @package WordPress
6 * @subpackage Administration
7 */
8
9/** WordPress Administration Bootstrap */
10require_once('./admin.php');
11
12wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer'));
13
14$user_id = (int) $user_id;
15$current_user = wp_get_current_user();
16if ( ! defined( 'IS_PROFILE_PAGE' ) )
17 define( 'IS_PROFILE_PAGE', ( $user_id == $current_user->ID ) );
18
19if ( ! $user_id && IS_PROFILE_PAGE )
20 $user_id = $current_user->ID;
21elseif ( ! $user_id && ! IS_PROFILE_PAGE )
22 wp_die(__( 'Invalid user ID.' ) );
23elseif ( ! get_userdata( $user_id ) )
24 wp_die( __('Invalid user ID.') );
25
26wp_enqueue_script('user-profile');
27wp_enqueue_script('password-strength-meter');
28
29$title = IS_PROFILE_PAGE ? __('Profile') : __('Edit User');
30if ( current_user_can('edit_users') && !IS_PROFILE_PAGE )
31 $submenu_file = 'users.php';
32else
33 $submenu_file = 'profile.php';
34$parent_file = 'users.php';
35
36// contextual help - choose Help on the top right of admin panel to preview this.
37add_contextual_help($current_screen,
38 '<p>' . __('Your profile contains information about you (your “account”) as well as some personal options related to using WordPress.') . '</p>' .
39 '<p>' . __('You can change your password, turn on keyboard shortcuts, change the color scheme of your WordPress administration screens, and turn off the WYSIWYG (Visual) editor, among other things.') . '</p>' .
40 '<p>' . __('Your username cannot be changed, but you can use other fields to enter your real name or a nickname, and change which name to display on your posts.') . '</p>' .
41 '<p>' . __('Required fields are indicated; the rest are optional. Profile information will only be displayed if your theme is set up to do so.') . '</p>' .
42 '<p>' . __('Remember to click the Update Profile button when you are finished.') . '</p>' .
43 '<p><strong>' . __('For more information:') . '</strong></p>' .
44 '<p>' . __('<a href="http://codex.wordpress.org/Users_Your_Profile_SubPanel" target="_blank">Documentation on User Profiles</a>') . '</p>' .
45 '<p>' . __('<a href="http://wordpress.org/support/" target="_blank">Support Forums</a>') . '</p>'
46);
47
48
49$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
50
51$all_post_caps = array('posts', 'pages');
52$user_can_edit = false;
53foreach ( $all_post_caps as $post_cap )
54 $user_can_edit |= current_user_can("edit_$post_cap");
55
56/**
57 * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
58 *
59 * @since 2.7.0
60 *
61 * @param object $user User data object
62 */
63function use_ssl_preference($user) {
64?>
65 <tr>
66 <th scope="row"><?php _e('Use https')?></th>
67 <td><label for="use_ssl"><input name="use_ssl" type="checkbox" id="use_ssl" value="1" <?php checked('1', $user->use_ssl); ?> /> <?php _e('Always use https when visiting the admin'); ?></label></td>
68 </tr>
69<?php
70}
71
72
73// Only allow super admins on multisite to edit every user.
74if ( is_multisite() && ! current_user_can( 'manage_network_users' ) && $user_id != $current_user->ID && ! apply_filters( 'enable_edit_any_user_configuration', true ) )
75 wp_die( __( 'You do not have permission to edit this user.' ) );
76
77// Execute confirmed email change. See send_confirmation_on_profile_email().
78if ( is_multisite() && IS_PROFILE_PAGE && isset( $_GET[ 'newuseremail' ] ) && $current_user->ID ) {
79 $new_email = get_option( $current_user->ID . '_new_email' );
80 if ( $new_email[ 'hash' ] == $_GET[ 'newuseremail' ] ) {
81 $user->ID = $current_user->ID;
82 $user->user_email = esc_html( trim( $new_email[ 'newemail' ] ) );
83 if ( $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $current_user->user_login ) ) )
84 $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $user->user_email, $current_user->user_login ) );//Connection Handling
85 wp_update_user( get_object_vars( $user ) );
86 delete_option( $current_user->ID . '_new_email' );
87 wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
88 die();
89 }
90} elseif ( is_multisite() && IS_PROFILE_PAGE && !empty( $_GET['dismiss'] ) && $current_user->ID . '_new_email' == $_GET['dismiss'] ) {
91 delete_option( $current_user->ID . '_new_email' );
92 wp_redirect( add_query_arg( array('updated' => 'true'), admin_url( 'profile.php' ) ) );
93 die();
94}
95
96switch ($action) {
97case 'switchposts':
98
99check_admin_referer();
100
101/* TODO: Switch all posts from one user to another user */
102
103break;
104
105case 'update':
106
107check_admin_referer('update-user_' . $user_id);
108
109if ( !current_user_can('edit_user', $user_id) )
110 wp_die(__('You do not have permission to edit this user.'));
111
112if ( IS_PROFILE_PAGE )
113 do_action('personal_options_update', $user_id);
114else
115 do_action('edit_user_profile_update', $user_id);
116
117if ( !is_multisite() ) {
118 $errors = edit_user($user_id);
119} else {
120 $user = get_userdata( $user_id );
121
122 // Update the email address in signups, if present.
123 if ( $user->user_login && isset( $_POST[ 'email' ] ) && is_email( $_POST[ 'email' ] ) && $wpdb->get_var( $wpdb->prepare( "SELECT user_login FROM {$wpdb->signups} WHERE user_login = %s", $user->user_login ) ) )
124 $wpdb->query( $wpdb->prepare( "UPDATE {$wpdb->signups} SET user_email = %s WHERE user_login = %s", $_POST[ 'email' ], $user_login ) );//Connection Handling
125
126 // WPMU must delete the user from the current blog if WP added him after editing.
127 $delete_role = false;
128 $blog_prefix = $wpdb->get_blog_prefix();
129 if ( $user_id != $current_user->ID ) {
130 $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
131 if ( null == $cap && $_POST[ 'role' ] == '' ) {
132 $_POST[ 'role' ] = 'contributor';
133 $delete_role = true;
134 }
135 }
136 if ( !isset( $errors ) || ( isset( $errors ) && is_object( $errors ) && false == $errors->get_error_codes() ) )
137 $errors = edit_user($user_id);
138 if ( $delete_role ) // stops users being added to current blog when they are edited
139 delete_user_meta( $user_id, $blog_prefix . 'capabilities' );
140
141 if ( is_multisite() && !IS_PROFILE_PAGE && current_user_can( 'manage_network_options' ) && !isset($super_admins) && empty( $_POST['super_admin'] ) == is_super_admin( $user_id ) )
142 empty( $_POST['super_admin'] ) ? revoke_super_admin( $user_id ) : grant_super_admin( $user_id );
143}
144
145if ( !is_wp_error( $errors ) ) {
146 $redirect = (IS_PROFILE_PAGE ? "profile.php?" : "user-edit.php?user_id=$user_id&"). "updated=true";
147 $redirect = add_query_arg('wp_http_referer', urlencode($wp_http_referer), $redirect);
148 wp_redirect($redirect);
149 exit;
150}
151
152default:
153$profileuser = get_user_to_edit($user_id);
154
155if ( !current_user_can('edit_user', $user_id) )
156 wp_die(__('You do not have permission to edit this user.'));
157
158include ('admin-header.php');
159?>
160
161<?php if ( !IS_PROFILE_PAGE && is_super_admin( $profileuser->ID ) && current_user_can( 'manage_network_options' ) ) { ?>
162 <div class="updated"><p><strong><?php _e('Important:'); ?></strong> <?php _e('This user has super admin privileges.'); ?></p></div>
163<?php } ?>
164<?php if ( isset($_GET['updated']) ) : ?>
165<div id="message" class="updated">
166 <p><strong><?php _e('User updated.') ?></strong></p>
167 <?php if ( $wp_http_referer && !IS_PROFILE_PAGE ) : ?>
168 <p><a href="users.php"><?php _e('← Back to Authors and Users'); ?></a></p>
169 <?php endif; ?>
170</div>
171<?php endif; ?>
172<?php if ( isset( $errors ) && is_wp_error( $errors ) ) : ?>
173<div class="error"><p><?php echo implode( "</p>\n<p>", $errors->get_error_messages() ); ?></p></div>
174<?php endif; ?>
175
176<div class="wrap" id="profile-page">
177<?php screen_icon(); ?>
178<h2><?php echo esc_html( $title ); ?></h2>
179
180<form id="your-profile" action="<?php echo esc_url( admin_url( IS_PROFILE_PAGE ? 'profile.php' : 'user-edit.php' ) ); ?>" method="post"<?php do_action('user_edit_form_tag'); ?>>
181<?php wp_nonce_field('update-user_' . $user_id) ?>
182<?php if ( $wp_http_referer ) : ?>
183 <input type="hidden" name="wp_http_referer" value="<?php echo esc_url($wp_http_referer); ?>" />
184<?php endif; ?>
185<p>
186<input type="hidden" name="from" value="profile" />
187<input type="hidden" name="checkuser_id" value="<?php echo $user_ID ?>" />
188</p>
189
190<h3><?php _e('Personal Options'); ?></h3>
191
192<table class="form-table">
193<?php if ( rich_edit_exists() && !( IS_PROFILE_PAGE && !$user_can_edit ) ) : // don't bother showing the option if the editor has been removed ?>
194 <tr>
195 <th scope="row"><?php _e('Visual Editor')?></th>
196 <td><label for="rich_editing"><input name="rich_editing" type="checkbox" id="rich_editing" value="false" <?php checked('false', $profileuser->rich_editing); ?> /> <?php _e('Disable the visual editor when writing'); ?></label></td>
197 </tr>
198<?php endif; ?>
199<?php if ( count($_wp_admin_css_colors) > 1 && has_action('admin_color_scheme_picker') ) : ?>
200<tr>
201<th scope="row"><?php _e('Admin Color Scheme')?></th>
202<td><?php do_action( 'admin_color_scheme_picker' ); ?></td>
203</tr>
204<?php
205endif; // $_wp_admin_css_colors
206if ( !( IS_PROFILE_PAGE && !$user_can_edit ) ) : ?>
207<tr>
208<th scope="row"><?php _e( 'Keyboard Shortcuts' ); ?></th>
209<td><label for="comment_shortcuts"><input type="checkbox" name="comment_shortcuts" id="comment_shortcuts" value="true" <?php if ( !empty($profileuser->comment_shortcuts) ) checked('true', $profileuser->comment_shortcuts); ?> /> <?php _e('Enable keyboard shortcuts for comment moderation.'); ?></label> <?php _e('<a href="http://codex.wordpress.org/Keyboard_Shortcuts">More information</a>'); ?></td>
210</tr>
211<?php
212endif;
213do_action('personal_options', $profileuser);
214?>
215</table>
216<?php
217 if ( IS_PROFILE_PAGE )
218 do_action('profile_personal_options', $profileuser);
219?>
220
221<h3><?php _e('Name') ?></h3>
222
223<table class="form-table">
224 <tr>
225 <th><label for="user_login"><?php _e('Username'); ?></label></th>
226 <td><input type="text" name="user_login" id="user_login" value="<?php echo esc_attr($profileuser->user_login); ?>" disabled="disabled" class="regular-text" /> <span class="description"><?php _e('Usernames cannot be changed.'); ?></span></td>
227 </tr>
228
229<?php if ( !IS_PROFILE_PAGE ): ?>
230<tr><th><label for="role"><?php _e('Role:') ?></label></th>
231<td><select name="role" id="role">
232<?php
233// Get the highest/primary role for this user
234// TODO: create a function that does this: wp_get_user_role()
235$user_roles = $profileuser->roles;
236$user_role = array_shift($user_roles);
237
238// print the full list of roles with the primary one selected.
239wp_dropdown_roles($user_role);
240
241// print the 'no role' option. Make it selected if the user has no role yet.
242if ( $user_role )
243 echo '<option value="">' . __('— No role for this site —') . '</option>';
244else
245 echo '<option value="" selected="selected">' . __('— No role for this site —') . '</option>';
246?>
247</select>
248<?php if ( is_multisite() && current_user_can( 'manage_network_options' ) && !isset($super_admins) ) { ?>
249<p><label><input type="checkbox" id="super_admin" name="super_admin"<?php checked( is_super_admin( $profileuser->ID ) ); ?> /> <?php _e( 'Grant this user super admin privileges for the Network.'); ?></label></p>
250<?php } ?>
251</td></tr>
252<?php endif; //!IS_PROFILE_PAGE ?>
253
254<tr>
255 <th><label for="first_name"><?php _e('First Name') ?></label></th>
256 <td><input type="text" name="first_name" id="first_name" value="<?php echo esc_attr($profileuser->first_name) ?>" class="regular-text" /></td>
257</tr>
258
259<tr>
260 <th><label for="last_name"><?php _e('Last Name') ?></label></th>
261 <td><input type="text" name="last_name" id="last_name" value="<?php echo esc_attr($profileuser->last_name) ?>" class="regular-text" /></td>
262</tr>
263
264<tr>
265 <th><label for="nickname"><?php _e('Nickname'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
266 <td><input type="text" name="nickname" id="nickname" value="<?php echo esc_attr($profileuser->nickname) ?>" class="regular-text" /></td>
267</tr>
268
269<tr>
270 <th><label for="display_name"><?php _e('Display name publicly as') ?></label></th>
271 <td>
272 <select name="display_name" id="display_name">
273 <?php
274 $public_display = array();
275 $public_display['display_username'] = $profileuser->user_login;
276 $public_display['display_nickname'] = $profileuser->nickname;
277 if ( !empty($profileuser->first_name) )
278 $public_display['display_firstname'] = $profileuser->first_name;
279 if ( !empty($profileuser->last_name) )
280 $public_display['display_lastname'] = $profileuser->last_name;
281 if ( !empty($profileuser->first_name) && !empty($profileuser->last_name) ) {
282 $public_display['display_firstlast'] = $profileuser->first_name . ' ' . $profileuser->last_name;
283 $public_display['display_lastfirst'] = $profileuser->last_name . ' ' . $profileuser->first_name;
284 }
285 if ( !in_array( $profileuser->display_name, $public_display ) ) // Only add this if it isn't duplicated elsewhere
286 $public_display = array( 'display_displayname' => $profileuser->display_name ) + $public_display;
287 $public_display = array_map( 'trim', $public_display );
288 $public_display = array_unique( $public_display );
289 foreach ( $public_display as $id => $item ) {
290 ?>
291 <option id="<?php echo $id; ?>" value="<?php echo esc_attr($item); ?>"<?php selected( $profileuser->display_name, $item ); ?>><?php echo $item; ?></option>//Cross Site Scripting
292 <?php
293 }
294 ?>
295 </select>
296 </td>
297</tr>
298</table>
299
300<h3><?php _e('Contact Info') ?></h3>
301
302<table class="form-table">
303<tr>
304 <th><label for="email"><?php _e('E-mail'); ?> <span class="description"><?php _e('(required)'); ?></span></label></th>
305 <td><input type="text" name="email" id="email" value="<?php echo esc_attr($profileuser->user_email) ?>" class="regular-text" />
306 <?php
307 $new_email = get_option( $current_user->ID . '_new_email' );
308 if ( $new_email && $new_email != $current_user->user_email ) : ?>
309 <div class="updated inline">
310 <p><?php printf( __('There is a pending change of your e-mail to <code>%1$s</code>. <a href="%2$s">Cancel</a>'), $new_email['newemail'], esc_url( admin_url( 'profile.php?dismiss=' . $current_user->ID . '_new_email' ) ) ); ?></p>
311 </div>
312 <?php endif; ?>
313 </td>
314</tr>
315
316<tr>
317 <th><label for="url"><?php _e('Website') ?></label></th>
318 <td><input type="text" name="url" id="url" value="<?php echo esc_attr($profileuser->user_url) ?>" class="regular-text code" /></td>
319</tr>
320
321<?php
322 foreach (_wp_get_user_contactmethods() as $name => $desc) {
323?>
324<tr>
325 <th><label for="<?php echo $name; ?>"><?php echo apply_filters('user_'.$name.'_label', $desc); ?></label></th>//Cross Site Scripting
326 <td><input type="text" name="<?php echo $name; ?>" id="<?php echo $name; ?>" value="<?php echo esc_attr($profileuser->$name) ?>" class="regular-text" /></td>//Cross Site Scripting
327</tr>
328<?php
329 }
330?>
331</table>
332
333<h3><?php IS_PROFILE_PAGE ? _e('About Yourself') : _e('About the user'); ?></h3>
334
335<table class="form-table">
336<tr>
337 <th><label for="description"><?php _e('Biographical Info'); ?></label></th>
338 <td><textarea name="description" id="description" rows="5" cols="30"><?php echo esc_html($profileuser->description); ?></textarea><br />
339 <span class="description"><?php _e('Share a little biographical information to fill out your profile. This may be shown publicly.'); ?></span></td>
340</tr>
341
342<?php
343$show_password_fields = apply_filters('show_password_fields', true, $profileuser);
344if ( $show_password_fields ) :
345?>
346<tr id="password">
347 <th><label for="pass1"><?php _e('New Password'); ?></label></th>
348 <td><input type="password" name="pass1" id="pass1" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("If you would like to change the password type a new one. Otherwise leave this blank."); ?></span><br />
349 <input type="password" name="pass2" id="pass2" size="16" value="" autocomplete="off" /> <span class="description"><?php _e("Type your new password again."); ?></span><br />
350 <div id="pass-strength-result"><?php _e('Strength indicator'); ?></div>
351 <p class="description indicator-hint"><?php _e('Hint: The password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! " ? $ % ^ & ).'); ?></p>
352 </td>
353</tr>
354<?php endif; ?>
355</table>
356
357<?php
358 if ( IS_PROFILE_PAGE )
359 do_action( 'show_user_profile', $profileuser );//Arbitrary file disclosing
360 else
361 do_action( 'edit_user_profile', $profileuser );//Arbitrary file disclosing
362?>
363
364<?php if ( count($profileuser->caps) > count($profileuser->roles) && apply_filters('additional_capabilities_display', true, $profileuser) ) { ?>
365<br class="clear" />
366 <table width="99%" style="border: none;" cellspacing="2" cellpadding="3" class="editform">
367 <tr>
368 <th scope="row"><?php _e('Additional Capabilities') ?></th>
369 <td><?php
370 $output = '';
371 foreach ( $profileuser->caps as $cap => $value ) {
372 if ( !$wp_roles->is_role($cap) ) {
373 if ( $output != '' )
374 $output .= ', ';
375 $output .= $value ? $cap : "Denied: {$cap}";
376 }
377 }
378 echo $output;//Cross Site Scripting
379 ?></td>
380 </tr>
381 </table>
382<?php } ?>
383
384<p class="submit">
385 <input type="hidden" name="action" value="update" />
386 <input type="hidden" name="user_id" id="user_id" value="<?php echo esc_attr($user_id); ?>" />
387 <input type="submit" class="button-primary" value="<?php IS_PROFILE_PAGE ? esc_attr_e('Update Profile') : esc_attr_e('Update User') ?>" name="submit" />
388</p>
389</form>
390</div>
391<?php
392break;
393}
394?>
395<script type="text/javascript" charset="utf-8">
396 if (window.location.hash == '#password') {
397 document.getElementById('pass1').focus();
398 }
399</script>
400<?php
401include('./admin-footer.php');
402?>
403
/var/www/wordpress/wp-admin/user-new.php
/var/www/wordpress/wp-admin/users.php
/var/www/wordpress/wp-admin/widgets.php
/var/www/wordpress/wp-content/languages/ru_RU.php
/var/www/wordpress/wp-content/plugins/akismet/akismet.php
/var/www/wordpress/wp-content/plugins/rh/rh.php
/var/www/wordpress/wp-content/plugins/hello.php
/var/www/wordpress/wp-content/plugins/index.php
/var/www/wordpress/wp-content/themes/twentyten/404.php
/var/www/wordpress/wp-content/themes/twentyten/archive.php
/var/www/wordpress/wp-content/themes/twentyten/attachment.php
/var/www/wordpress/wp-content/themes/twentyten/author.php
/var/www/wordpress/wp-content/themes/twentyten/category.php
/var/www/wordpress/wp-content/themes/twentyten/comments.php
/var/www/wordpress/wp-content/themes/twentyten/footer.php
/var/www/wordpress/wp-content/themes/twentyten/functions.php
/var/www/wordpress/wp-content/themes/twentyten/header.php
/var/www/wordpress/wp-content/themes/twentyten/index.php
/var/www/wordpress/wp-content/themes/twentyten/loop.php
/var/www/wordpress/wp-content/themes/twentyten/onecolumn-page.php
/var/www/wordpress/wp-content/themes/twentyten/page.php
/var/www/wordpress/wp-content/themes/twentyten/search.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar-footer.php
/var/www/wordpress/wp-content/themes/twentyten/sidebar.php
/var/www/wordpress/wp-content/themes/twentyten/single.php
/var/www/wordpress/wp-content/themes/twentyten/tag.php
/var/www/wordpress/wp-content/themes/index.php
/var/www/wordpress/wp-content/index.php
/var/www/wordpress/wp-includes/js/tinymce/langs/wp-langs.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/JSON.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/utils/Logger.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/EnchantSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/GoogleSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/PSpellShell.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/classes/SpellChecker.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/includes/general.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/config.php
/var/www/wordpress/wp-includes/js/tinymce/plugins/spellchecker/rpc.php
/var/www/wordpress/wp-includes/js/tinymce/wp-mce-help.php
/var/www/wordpress/wp-includes/js/tinymce/wp-tinymce.php
/var/www/wordpress/wp-includes/pomo/entry.php
/var/www/wordpress/wp-includes/pomo/mo.php
/var/www/wordpress/wp-includes/pomo/po.php
/var/www/wordpress/wp-includes/pomo/streams.php
/var/www/wordpress/wp-includes/pomo/translations.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/native.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/shell.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/string.php
/var/www/wordpress/wp-includes/Text/Diff/Engine/xdiff.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer/inline.php
/var/www/wordpress/wp-includes/Text/Diff/Renderer.php
/var/www/wordpress/wp-includes/Text/Diff.php
/var/www/wordpress/wp-includes/theme-compat/comments-popup.php
/var/www/wordpress/wp-includes/theme-compat/comments.php
/var/www/wordpress/wp-includes/theme-compat/footer.php
/var/www/wordpress/wp-includes/theme-compat/header.php
/var/www/wordpress/wp-includes/theme-compat/sidebar.php
/var/www/wordpress/wp-includes/atomlib.php
/var/www/wordpress/wp-includes/author-template.php
/var/www/wordpress/wp-includes/bookmark-template.php
/var/www/wordpress/wp-includes/bookmark.php
/var/www/wordpress/wp-includes/cache.php
/var/www/wordpress/wp-includes/canonical.php
/var/www/wordpress/wp-includes/capabilities.php
/var/www/wordpress/wp-includes/category-template.php
/var/www/wordpress/wp-includes/category.php
/var/www/wordpress/wp-includes/class-feed.php
/var/www/wordpress/wp-includes/class-http.php
/var/www/wordpress/wp-includes/class-IXR.php
/var/www/wordpress/wp-includes/class-json.php
/var/www/wordpress/wp-includes/class-oembed.php
/var/www/wordpress/wp-includes/class-phpass.php
/var/www/wordpress/wp-includes/class-phpmailer.php
/var/www/wordpress/wp-includes/class-pop3.php
/var/www/wordpress/wp-includes/class-simplepie.php
/var/www/wordpress/wp-includes/class-smtp.php
/var/www/wordpress/wp-includes/class-snoopy.php
/var/www/wordpress/wp-includes/class.wp-dependencies.php
/var/www/wordpress/wp-includes/class.wp-scripts.php
/var/www/wordpress/wp-includes/class.wp-styles.php
/var/www/wordpress/wp-includes/classes.php
/var/www/wordpress/wp-includes/comment-template.php
/var/www/wordpress/wp-includes/comment.php
/var/www/wordpress/wp-includes/compat.php
/var/www/wordpress/wp-includes/cron.php
/var/www/wordpress/wp-includes/default-constants.php
/var/www/wordpress/wp-includes/default-embeds.php
/var/www/wordpress/wp-includes/default-filters.php
/var/www/wordpress/wp-includes/default-widgets.php
/var/www/wordpress/wp-includes/deprecated.php
/var/www/wordpress/wp-includes/feed-atom-comments.php
/var/www/wordpress/wp-includes/feed-atom.php
/var/www/wordpress/wp-includes/feed-rdf.php
/var/www/wordpress/wp-includes/feed-rss.php
/var/www/wordpress/wp-includes/feed-rss2-comments.php
/var/www/wordpress/wp-includes/feed-rss2.php
/var/www/wordpress/wp-includes/feed.php
/var/www/wordpress/wp-includes/formatting.php
/var/www/wordpress/wp-includes/functions.php
/var/www/wordpress/wp-includes/functions.wp-scripts.php
/var/www/wordpress/wp-includes/functions.wp-styles.php
/var/www/wordpress/wp-includes/general-template.php
/var/www/wordpress/wp-includes/http.php
/var/www/wordpress/wp-includes/kses.php
/var/www/wordpress/wp-includes/l10n.php
/var/www/wordpress/wp-includes/link-template.php
/var/www/wordpress/wp-includes/load.php
/var/www/wordpress/wp-includes/locale.php
/var/www/wordpress/wp-includes/media.php
/var/www/wordpress/wp-includes/meta.php
/var/www/wordpress/wp-includes/ms-blogs.php
/var/www/wordpress/wp-includes/ms-default-constants.php
/var/www/wordpress/wp-includes/ms-default-filters.php
/var/www/wordpress/wp-includes/ms-deprecated.php
/var/www/wordpress/wp-includes/ms-files.php
/var/www/wordpress/wp-includes/ms-functions.php
/var/www/wordpress/wp-includes/ms-load.php
/var/www/wordpress/wp-includes/ms-settings.php
/var/www/wordpress/wp-includes/nav-menu-template.php
/var/www/wordpress/wp-includes/nav-menu.php
/var/www/wordpress/wp-includes/pluggable-deprecated.php
/var/www/wordpress/wp-includes/pluggable.php
/var/www/wordpress/wp-includes/plugin.php
/var/www/wordpress/wp-includes/post-template.php
/var/www/wordpress/wp-includes/post-thumbnail-template.php
/var/www/wordpress/wp-includes/post.php
/var/www/wordpress/wp-includes/query.php
/var/www/wordpress/wp-includes/registration-functions.php
/var/www/wordpress/wp-includes/registration.php
/var/www/wordpress/wp-includes/rewrite.php
/var/www/wordpress/wp-includes/rss-functions.php
/var/www/wordpress/wp-includes/rss.php
/var/www/wordpress/wp-includes/script-loader.php
/var/www/wordpress/wp-includes/shortcodes.php
/var/www/wordpress/wp-includes/taxonomy.php
/var/www/wordpress/wp-includes/template-loader.php
/var/www/wordpress/wp-includes/theme.php
/var/www/wordpress/wp-includes/update.php
/var/www/wordpress/wp-includes/user.php
/var/www/wordpress/wp-includes/vars.php
/var/www/wordpress/wp-includes/version.php
/var/www/wordpress/wp-includes/widgets.php
/var/www/wordpress/wp-includes/wp-db.php
/var/www/wordpress/wp-includes/wp-diff.php
/var/www/wordpress/index.php
/var/www/wordpress/wp-activate.php
/var/www/wordpress/wp-app.php
/var/www/wordpress/wp-atom.php
/var/www/wordpress/wp-blog-header.php
/var/www/wordpress/wp-comments-post.php
/var/www/wordpress/wp-commentsrss2.php
/var/www/wordpress/wp-config-sample.php
/var/www/wordpress/wp-cron.php
/var/www/wordpress/wp-feed.php
/var/www/wordpress/wp-links-opml.php
/var/www/wordpress/wp-load.php
/var/www/wordpress/wp-login.php
/var/www/wordpress/wp-mail.php
/var/www/wordpress/wp-pass.php
/var/www/wordpress/wp-rdf.php
/var/www/wordpress/wp-register.php
/var/www/wordpress/wp-rss.php
/var/www/wordpress/wp-rss2.php
/var/www/wordpress/wp-settings.php
/var/www/wordpress/wp-signup.php
/var/www/wordpress/wp-trackback.php
/var/www/wordpress/xmlrpc.php