static function ajax_add_access_area() { if (wp_verify_nonce(@$_POST['_wp_ajax_nonce'], 'userlabel-new') && current_user_can('promote_users')) { $cap_title = trim($_POST['cap_title']); if (!$_POST['blog_id'] && !is_super_admin() || $_POST['blog_id'] && $_POST['blog_id'] != get_current_blog_id()) { ?> <span class="disclosure-label-item error"><?php _e('Insufficient privileges.', 'wp-access-areas'); ?> </span><?php // throw_error: insufficient privileges } else { if (empty($cap_title)) { ?> <span class="disclosure-label-item error"><?php _e('Empty name.', 'wp-access-areas'); ?> </span><?php // throw_error: empty name } else { $create_id = UndisclosedUserlabel::create_userlabel(array('cap_title' => $_POST['cap_title'], 'blog_id' => $_POST['blog_id'])); if ($create_id) { $label = UndisclosedUserlabel::get_userlabel($create_id); self::_select_label_formitem($label, true); } else { switch (UndisclosedUserlabel::what_went_wrong()) { case 4: // Error: area exists ?> <span class="disclosure-label-item error"><?php _e('Access Area exists.', 'wp-access-areas'); ?> </span><?php // throw_error: insufficient privileges break; } } } } } else { ?> <span class="disclosure-label-item error"><?php _e('Insufficient privileges.', 'wp-access-areas'); ?> </span><?php // throw_error: insufficient privileges } die; }
static function do_userlabel_actions() { if (!current_user_can('promote_users')) { wp_die(__('You do not have permission to do this.', 'wp-access-areas')); } wp_enqueue_style('disclosure-admin'); $table = new UserLabel_List_Table(); $table->process_bulk_action(); $redirect_url = false; if (isset($_REQUEST['action'])) { // do actions $data = self::_sanitize_userlabel_data($_POST); // integrity check. if (!empty($_POST) && !$data['cap_title']) { wp_die(__('Please enter a Label.', 'wp-access-areas')); } if (!empty($_POST) && !wp_verify_nonce(@$_REQUEST['_wpnonce'], 'userlabel-' . $_REQUEST['action']) || !$data['blog_id'] && !current_user_can('manage_network_users')) { wp_die(__('You do not have permission to edit network wide user labels.', 'wp-access-areas')); } switch ($_REQUEST['action']) { case 'new': // do create action if (!empty($_POST)) { if ($edit_id = UndisclosedUserlabel::create_userlabel($data)) { $redirect_url = add_query_arg(array('page' => 'user_labels', 'action' => 'new', 'message' => 1), $_SERVER['SCRIPT_NAME']); } else { $redirect_url = add_query_arg(array('page' => 'user_labels', 'action' => 'new', 'message' => UndisclosedUserlabel::what_went_wrong(), 'cap_title' => $_POST['cap_title']), $_SERVER['SCRIPT_NAME']); } } break; case 'edit': // update and redirect if (!empty($_POST)) { if ($edit_id = UndisclosedUserlabel::update_userlabel($data)) { $redirect_url = add_query_arg(array('id' => $edit_id, 'message' => 2)); } else { $redirect_url = add_query_arg(array('id' => $edit_id, 'message' => UndisclosedUserlabel::what_went_wrong(), 'cap_title' => $_POST['cap_title'])); } } if (!isset($_GET['id'])) { $redirect_url = add_query_arg(array('page' => 'user_labels'), $_SERVER['SCRIPT_NAME']); } break; case 'delete': // delete and redirect if (isset($_REQUEST['id'])) { if ($deleted = UndisclosedUserlabel::delete_userlabel($_REQUEST['id'])) { $redirect_url = add_query_arg(array('page' => 'user_labels', 'message' => 3, 'deleted' => $deleted), $_SERVER['SCRIPT_NAME']); } else { $redirect_url = add_query_arg(array('page' => 'user_labels', 'message' => UndisclosedUserlabel::what_went_wrong()), $_SERVER['SCRIPT_NAME']); } } break; default: wp_redirect(remove_query_arg('action')); } } if ($redirect_url) { wp_redirect($redirect_url); } }