WordPress.org
Get WordPress

Plugin Directory

Changeset 2997941


Ignore:
Timestamp:
11/17/2023 10:43:55 PM (2 years ago)
Author:
ctltwp
Message:

Release to 1.4.2

File:
1 edited

Legend:

Unmodified
Added
Removed

  • user-avatar/tags/1.4.2/user-avatar.php

    r2996064 r2997941  
    143143    global $current_user;
    144144
    145     if(($_GET['uid'] == $current_user->ID || current_user_can('edit_users')) &&  is_numeric($_GET['uid']))
     145    $uid  = absint( $_GET['uid'] );
     146    $step = absint( $_GET['step'] );
     147
     148    if(($uid == $current_user->ID || current_user_can('edit_users')) &&  is_numeric($uid))
    146149    {
    147         $uid = absint( $_GET['uid'] );
    148150       
    149151    ?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    150152<html xmlns="http://www.w3.org/1999/xhtml" <?php do_action('admin_xml_ns'); ?> <?php language_attributes(); ?>>
    151153<head>
    152 <meta http-equiv="Content-Type" content="<?php bloginfo('html_type'); ?>; charset=<?php echo get_option('blog_charset'); ?>" />
    153 <title><?php bloginfo('name') ?> &rsaquo; <?php _e('Uploads'); ?> &#8212; <?php _e('WordPress'); ?></title>
     154<meta http-equiv="Content-Type" content="<?php esc_attr( bloginfo('html_type') ); ?>; charset=<?php echo esc_attr( get_option('blog_charset') ); ?>" />
     155<title><?php esc_textarea( bloginfo('name') ) ?> &rsaquo; <?php _e('Uploads'); ?> &#8212; <?php _e('WordPress'); ?></title>
    154156<script type="text/javascript">
    155157//<![CDATA[
     
    180182<body>
    181183<?php
    182     $step = absint( $_GET['step'] );
     184
    183185    switch($step)
    184186    {
     
    397399    $width  = floatval( $_POST['width'] );
    398400    $height = floatval( $_POST['height'] );
     401    $uid    = intval( $uid );
    399402
    400403    if ( $oitar > 1 ) {
     
    633636
    634637        $user_id = absint( $_GET['user_id'] );
     638        $u       = absint( $_GET['u'] );
    635639
    636640        // If user clicks the remove avatar button, in URL deleter_avatar=true
    637         if( isset($_GET['delete_avatar']) && wp_verify_nonce($_GET['_nononce'], 'user_avatar') && ( $_GET['u'] == $current_user->id || current_user_can('edit_users')) )
     641        if( isset($_GET['delete_avatar']) && wp_verify_nonce($_GET['_nononce'], 'user_avatar') && ( $u == $current_user->id || current_user_can('edit_users')) )
    638642        {
    639             $user_id = $_GET['user_id'];
    640643            if(is_numeric($user_id))
    641644                $user_id = "?user_id=".$user_id;
    642645
    643             user_avatar_delete_files((int) $_GET['u']);
     646            user_avatar_delete_files(absint( $u ));
    644647            wp_redirect(get_option('siteurl') . '/wp-admin/'. $pagenow. $user_id);
    645648
Note: See TracChangeset for help on using the changeset viewer.