diff options
-rw-r--r-- | wp-inst/wp-admin/wpmu-blogs.php | 7 | ||||
-rw-r--r-- | wp-inst/wp-admin/wpmu-edit.php | 15 |
2 files changed, 12 insertions, 10 deletions
diff --git a/wp-inst/wp-admin/wpmu-blogs.php b/wp-inst/wp-admin/wpmu-blogs.php index daf7a9e..599e4a0 100644 --- a/wp-inst/wp-admin/wpmu-blogs.php +++ b/wp-inst/wp-admin/wpmu-blogs.php @@ -198,10 +198,11 @@ switch( $_GET[ 'action' ] ) { } print "<h3>Add a new user</h3>"; ?> +<?php autocomplete_css(); ?> <p>As you type WordPress will offer you a choice of usernames.<br /> Click them to select and hit <em>Update Options</em> to add the user.</p> <table> -<tr><th scope="row">User Login: </th><td><input type="text" name="newuser" id="newuser"></td><td><a href="javascript:doSearch();">Search</a></td></tr> -<tr><td></td><td colspan='2'><div style='display:none; height: 60px; width: 100px; overflow: auto; border: 1px solid #ccc; background: #eee; margin: 5px; padding: 5px;' id="searchresults"><?php _e( 'Search Results' ) ?></div></td> </tr> +<tr><th scope="row">User Login: </th><td><input type="text" name="newuser" id="newuser"></td></tr> +<tr><td></td><td><div id="searchresults" class="autocomplete"></div></td> </tr> <tr> <th scope="row"><?php _e('Role:') ?></th> <td><select name="new_role" id="new_role"><?php @@ -221,7 +222,7 @@ switch( $_GET[ 'action' ] ) { <p class="submit"> <input type="submit" name="Submit" value="<?php _e('Update Options') ?> »" /> </p> -<?php AJAX_search_box( "wpmu-edit.php?action=searchusers&search=", "newuser", "searchresults" ); ?> +<?php autocomplete_textbox( "wpmu-edit.php?action=searchusers&search=", "newuser", "searchresults" ); ?> </td> </table> diff --git a/wp-inst/wp-admin/wpmu-edit.php b/wp-inst/wp-admin/wpmu-edit.php index f9fe8a0..ee9913c 100644 --- a/wp-inst/wp-admin/wpmu-edit.php +++ b/wp-inst/wp-admin/wpmu-edit.php @@ -34,7 +34,7 @@ switch( $_GET[ 'action' ] ) { exit; break; case "searchcategories": - $search = $_POST[ 'search' ]; + $search = wp_specialchars( $_POST[ 'search' ] ); $query = "SELECT cat_name FROM " . $wpdb->sitecategories . " WHERE cat_name LIKE '%" . $search . "%' limit 0,10"; $cats = $wpdb->get_results( $query ); if( is_array( $cats ) ) { @@ -48,15 +48,16 @@ switch( $_GET[ 'action' ] ) { exit; break; case "searchusers": - $search = $_GET[ 'search' ]; - $id = $_GET[ 'id' ]; - $query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . ", " . $wpdb->usermeta . " WHERE " . $wpdb->users . ".ID = " . $wpdb->usermeta . ".user_id AND " . $wpdb->usermeta . ".meta_key = '" . $wpmuBaseTablePrefix . $id . "_capabilities'"; - $query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . " WHERE user_login LIKE '%" . $search . "%' limit 0,10"; + $search = wp_specialchars( $_POST[ 'search' ] ); + $query = "SELECT " . $wpdb->users . ".ID, " . $wpdb->users . ".user_login FROM " . $wpdb->users . " WHERE user_login LIKE '" . $search . "%' limit 0,10"; $users = $wpdb->get_results( $query ); if( is_array( $users ) ) { - while( list( $key, $val ) = each( $users ) ) { - print '<span onclick="javascript:return update_AJAX_search_box(\'' . $val->user_login . '\');"><a>' . $val->user_login . '</a></span><br>'; + print "<ul>"; + while( list( $key, $val ) = each( $users ) ) + { + print "<li>{$val->user_login}</li>"; } + print "</ul>"; } else { print "No Users Found"; } |