--- a/wp/wp-admin/user-edit.php Fri Sep 05 18:40:08 2025 +0200
+++ b/wp/wp-admin/user-edit.php Fri Sep 05 18:52:52 2025 +0200
@@ -14,7 +14,7 @@
$action = ! empty( $_REQUEST['action'] ) ? sanitize_text_field( $_REQUEST['action'] ) : '';
$user_id = ! empty( $_REQUEST['user_id'] ) ? absint( $_REQUEST['user_id'] ) : 0;
-$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_text_field( $_REQUEST['wp_http_referer'] ) : '';
+$wp_http_referer = ! empty( $_REQUEST['wp_http_referer'] ) ? sanitize_url( $_REQUEST['wp_http_referer'] ) : '';
$current_user = wp_get_current_user();
@@ -214,12 +214,16 @@
if ( isset( $_GET['updated'] ) ) :
if ( IS_PROFILE_PAGE ) :
- $message = '<strong>' . __( 'Profile updated.' ) . '</strong>';
+ $message = '<p><strong>' . __( 'Profile updated.' ) . '</strong></p>';
else :
- $message = '<strong>' . __( 'User updated.' ) . '</strong>';
+ $message = '<p><strong>' . __( 'User updated.' ) . '</strong></p>';
endif;
if ( $wp_http_referer && ! str_contains( $wp_http_referer, 'user-new.php' ) && ! IS_PROFILE_PAGE ) :
- $message .= '<a href="' . esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), self_admin_url( 'users.php' ) ) ) . '">' . __( '← Go to Users' ) . '</a>';
+ $message .= sprintf(
+ '<p><a href="%1$s">%2$s</a></p>',
+ esc_url( wp_validate_redirect( sanitize_url( $wp_http_referer ), self_admin_url( 'users.php' ) ) ),
+ __( '← Go to Users' )
+ );
endif;
wp_admin_notice(
$message,
@@ -227,6 +231,7 @@
'id' => 'message',
'dismissible' => true,
'additional_classes' => array( 'updated' ),
+ 'paragraph_wrap' => false,
)
);
endif;
@@ -261,7 +266,7 @@
<?php if ( ! IS_PROFILE_PAGE ) : ?>
<?php if ( current_user_can( 'create_users' ) ) : ?>
- <a href="user-new.php" class="page-title-action"><?php echo esc_html__( 'Add New User' ); ?></a>
+ <a href="user-new.php" class="page-title-action"><?php echo esc_html__( 'Add User' ); ?></a>
<?php elseif ( is_multisite() && current_user_can( 'promote_users' ) ) : ?>
<a href="user-new.php" class="page-title-action"><?php echo esc_html__( 'Add Existing User' ); ?></a>
<?php endif; ?>
@@ -291,7 +296,7 @@
<h2><?php _e( 'Personal Options' ); ?></h2>
<table class="form-table" role="presentation">
- <?php if ( ! ( IS_PROFILE_PAGE && ! $user_can_edit ) ) : ?>
+ <?php if ( ! ( IS_PROFILE_PAGE && ! $user_can_edit ) && 'false' === $profile_user->rich_editing ) : ?>
<tr class="user-rich-editing-wrap">
<th scope="row"><?php _e( 'Visual Editor' ); ?></th>
<td>
@@ -540,11 +545,13 @@
<tr class="user-email-wrap">
<th><label for="email"><?php _e( 'Email' ); ?> <span class="description"><?php _e( '(required)' ); ?></span></label></th>
<td>
- <input type="email" name="email" id="email" aria-describedby="email-description" value="<?php echo esc_attr( $profile_user->user_email ); ?>" class="regular-text ltr" />
<?php if ( $profile_user->ID === $current_user->ID ) : ?>
+ <input type="email" name="email" id="email" aria-describedby="email-description" value="<?php echo esc_attr( $profile_user->user_email ); ?>" class="regular-text ltr" />
<p class="description" id="email-description">
<?php _e( 'If you change this, an email will be sent at your new address to confirm it. <strong>The new address will not become active until confirmed.</strong>' ); ?>
</p>
+ <?php else : ?>
+ <input type="email" name="email" id="email" value="<?php echo esc_attr( $profile_user->user_email ); ?>" class="regular-text ltr" />
<?php endif; ?>
<?php
@@ -623,7 +630,8 @@
$description = sprintf(
/* translators: %s: Gravatar URL. */
__( '<a href="%s">You can change your profile picture on Gravatar</a>.' ),
- __( 'https://en.gravatar.com/' )
+ /* translators: The localized Gravatar URL. */
+ __( 'https://gravatar.com/' )
);
} else {
$description = '';
@@ -826,7 +834,7 @@
do_action( 'wp_create_application_password_form', $profile_user );
?>
- <button type="button" name="do_new_application_password" id="do_new_application_password" class="button button-secondary"><?php _e( 'Add New Application Password' ); ?></button>
+ <button type="button" name="do_new_application_password" id="do_new_application_password" class="button button-secondary"><?php _e( 'Add Application Password' ); ?></button>
</div>
<?php
else :
@@ -853,7 +861,7 @@
<?php
printf(
/* translators: %s: Documentation URL. */
- __( 'If this is a development website you can <a href="%s" target="_blank">set the environment type accordingly</a> to enable application passwords.' ),
+ __( 'If this is a development website, you can <a href="%s">set the environment type accordingly</a> to enable application passwords.' ),
__( 'https://developer.wordpress.org/apis/wp-config-php/#wp-environment-type' )
);
?>
@@ -978,6 +986,8 @@
?>
</label>
<input id="new-application-password-value" type="text" class="code" readonly="readonly" value="{{ data.password }}" />
+ <button type="button" class="button copy-button" data-clipboard-text="{{ data.password }}"><?php _e( 'Copy' ); ?></button>
+ <span class="success hidden" aria-hidden="true"><?php _e( 'Copied!' ); ?></span>
</p>
<p><?php _e( 'Be sure to save this in a safe location. You will not be able to retrieve it.' ); ?></p>
<button type="button" class="notice-dismiss">