Refactor user deletion form, improve UI.

derpaschi · derpaschi · commit b80f6f4d1246 · 2025-09-16T11:54:51.000+02:00
diff --git a/src/wp-admin/includes/deprecated.php b/src/wp-admin/includes/deprecated.php
@@ -1589,3 +1589,14 @@ function image_attachment_fields_to_save( $post, $attachment ) {
 
 	return $post;
 }
+
+/**
+ * Was used to add JavaScript to the delete users form.
+ *
+ * @since 3.5.0
+ * @deprecated 6.9.0
+ * @access private
+ */
+function delete_users_add_js() {
+	_deprecated_function( __FUNCTION__, '6.9.0' );
+}
diff --git a/src/wp-admin/includes/ms.php b/src/wp-admin/includes/ms.php
@@ -874,7 +874,7 @@ function confirm_delete_users( $users ) {
 		<p><?php _e( 'You have chosen to delete the following users from all networks and sites.' ); ?></p>
 	<?php endif; ?>
 
-	<form action="users.php?action=dodelete" method="post">
+	<form action="users.php?action=dodelete" method="post" class="delete-and-reassign-users-form">
 	<input type="hidden" name="dodelete" />
 	<?php
 	wp_nonce_field( 'ms-users-delete' );
@@ -949,22 +949,31 @@ function confirm_delete_users( $users ) {
 								printf( __( 'Site: %s' ), $user_site );
 								?>
 							</li>
-							<?php // TODO: Fix duplicate IDs ?>
-							<li><label><input type="radio" id="delete_option0" name="delete[<?php echo $details->userblog_id . '][' . $delete_user->ID; ?>]" value="delete" required />
-							<?php _e( 'Delete all content.' ); ?></label></li>
-							<li><label><input type="radio" id="delete_option1" name="delete[<?php echo $details->userblog_id . '][' . $delete_user->ID; ?>]" value="reassign" required />
-							<?php _e( 'Attribute all content to:' ); ?></label>
-							<?php
-							wp_dropdown_users(
-								array(
-									'name'    => "blog[$user_id][$key]",
-									'include' => $blog_users,
-									'show'    => 'display_name_with_login',
-								)
-							);
-							?>
+							<li>
+								<label>
+									<input type="radio" id="delete_option_<?php echo esc_attr( $details->userblog_id . '_' . $delete_user->ID ); ?>" name="delete[<?php echo $details->userblog_id . '][' . $delete_user->ID; ?>]" value="delete" required />
+									<?php _e( 'Delete all content.' ); ?>
+								</label>
+							</li>
+							<li>
+								<label>
+									<input type="radio" id="reassign_option_<?php echo esc_attr( $details->userblog_id . '_' . $delete_user->ID ); ?>" name="delete[<?php echo $details->userblog_id . '][' . $delete_user->ID; ?>]" value="reassign" required />
+									<?php _e( 'Attribute all content to:' ); ?>
+								</label>
 
+								<?php
+								wp_dropdown_users(
+									array(
+										'show_option_none' => __( 'Select a user' ),
+										'name'             => "blog[$user_id][$key]",
+										'include'          => $blog_users,
+										'show'             => 'display_name_with_login',
+										'id'               => "reassign_user_{$details->userblog_id}_{$delete_user->ID}",
+									)
+								);
+								?>
 
+							</li>
 						</li>
 						</ul>
 						<?php
diff --git a/src/wp-admin/includes/user.php b/src/wp-admin/includes/user.php
@@ -561,26 +561,6 @@ function default_password_nag() {
 	);
 }
 
-/**
- * @since 3.5.0
- * @access private
- */
-function delete_users_add_js() {
-	?>
-<script>
-jQuery( function($) {
-	var submit = $('#submit').prop('disabled', true);
-	$('input[name="delete_option"]').one('change', function() {
-		submit.prop('disabled', false);
-	});
-	$('#reassign_user').focus( function() {
-		$('#delete_option1').prop('checked', true).trigger('change');
-	});
-} );
-</script>
-	<?php
-}
-
 /**
  * Optional SSL preference that can be turned on by hooking to the 'personal_options' action.
  *
diff --git a/src/wp-admin/users.php b/src/wp-admin/users.php
@@ -206,12 +206,12 @@
 				continue;
 			}
 
-			switch ( $_REQUEST['delete_option'] ) {
+			switch ( $_REQUEST['delete_option'][ $id ] ) {
 				case 'delete':
 					wp_delete_user( $id );
 					break;
 				case 'reassign':
-					wp_delete_user( $id, $_REQUEST['reassign_user'] );
+					wp_delete_user( $id, $_REQUEST['reassign_user'][ $id ] );
 					break;
 			}
 
@@ -299,40 +299,9 @@
 			$user_ids = array_diff( $user_ids, array( $current_user->ID ) );
 		}
 
-		/**
-		 * Filters whether the users being deleted have additional content
-		 * associated with them outside of the `post_author` and `link_owner` relationships.
-		 *
-		 * @since 5.2.0
-		 *
-		 * @param bool  $users_have_additional_content Whether the users have additional content. Default false.
-		 * @param int[] $user_ids                      Array of IDs for users being deleted.
-		 */
-		$users_have_content = (bool) apply_filters( 'users_have_additional_content', false, $user_ids );
-
-		if ( $user_ids && ! $users_have_content ) {
-			if ( $wpdb->get_var(
-				"SELECT ID FROM {$wpdb->posts}
-				WHERE post_author IN( " . implode( ',', $user_ids ) . ' )
-				LIMIT 1'
-			) ) {
-				$users_have_content = true;
-			} elseif ( $wpdb->get_var(
-				"SELECT link_id FROM {$wpdb->links}
-				WHERE link_owner IN( " . implode( ',', $user_ids ) . ' )
-				LIMIT 1'
-			) ) {
-				$users_have_content = true;
-			}
-		}
-
-		if ( $users_have_content ) {
-			add_action( 'admin_head', 'delete_users_add_js' );
-		}
-
 		require_once ABSPATH . 'wp-admin/admin-header.php';
 		?>
-		<form method="post" name="updateusers" id="updateusers">
+		<form method="post" name="updateusers" id="updateusers" class="delete-and-reassign-users-form">
 		<?php wp_nonce_field( 'delete-users' ); ?>
 		<?php echo $referer; ?>
 
@@ -359,6 +328,7 @@
 		<ul>
 		<?php
 		$go_delete = 0;
+		$users_have_content = false;
 
 		foreach ( $all_user_ids as $id ) {
 			$user = get_userdata( $id );
@@ -384,6 +354,76 @@
 					$id,
 					$user->user_login
 				);
+
+				/**
+				 * Filters whether the users being deleted have additional content
+				 * associated with them outside of the `post_author` and `link_owner` relationships.
+				 *
+				 * @since 5.2.0
+				 *
+				 * @param bool  $users_have_additional_content Whether the users have additional content. Default false.
+				 * @param int[] $user_ids                      Array of IDs for users being deleted.
+				 */
+				$user_has_content = (bool) apply_filters( 'users_have_additional_content', false, array( $id ) );
+
+				if ( ! $user_has_content ) {
+					if ( $wpdb->get_var(
+						$wpdb->prepare(
+							"SELECT ID FROM {$wpdb->posts}
+							WHERE post_author = %d
+							LIMIT 1",
+							$id
+						)
+					) ) {
+						$user_has_content = true;
+					} elseif ( $wpdb->get_var(
+						$wpdb->prepare(
+							"SELECT link_id FROM {$wpdb->links}
+							WHERE link_owner = %d
+							LIMIT 1",
+							$id
+						)
+					) ) {
+						$user_has_content = true;
+					}
+				}
+
+				if ( ! $user_has_content ) {
+					?>
+					<input type="hidden" name="delete_option[<?php echo esc_attr( $id ); ?>]" value="delete" required />
+					<p><legend><?php _e( 'This user does not have any content.' ); ?></legend></p>
+					<?php
+				} else {
+					?>
+					<fieldset>
+					<p><legend><?php _e( 'What should be done with content owned by this user?' ); ?></legend></p>
+
+					<ul style="list-style:none;">
+						<li>
+							<input type="radio" id="delete_option_<?php echo esc_attr( $id ); ?>" name="delete_option[<?php echo esc_attr( $id ); ?>]" value="delete" required />
+							<label for="delete_option_<?php echo esc_attr( $id ); ?>"><?php _e( 'Delete all content.' ); ?></label>
+						</li>
+						<li>
+							<input type="radio" id="reassign_option_<?php echo esc_attr( $id ); ?>" name="delete_option[<?php echo esc_attr( $id ); ?>]" value="reassign" required />
+							<label for="reassign_option_<?php echo esc_attr( $id ); ?>"><?php _e( 'Attribute all content to:' ); ?></label>
+							<?php
+							wp_dropdown_users(
+								array(
+									'show_option_none' => __( 'Select a user' ),
+									'name'             => 'reassign_user[' . $id . ']',
+									'id'               => 'reassign_user_' . $id,
+									'exclude'          => $user_ids,
+									'show'             => 'display_name_with_login',
+								)
+							);
+							?>
+						</li>
+					</ul>
+					</fieldset>
+					<?php
+					$users_have_content = true;
+				}
+
 				echo "</li>\n";
 
 				++$go_delete;
@@ -394,41 +434,6 @@
 
 		<?php
 		if ( $go_delete ) :
-
-			if ( ! $users_have_content ) :
-				?>
-				<input type="hidden" name="delete_option" value="delete" />
-			<?php else : ?>
-				<fieldset>
-				<?php if ( 1 === $go_delete ) : ?>
-					<p><legend><?php _e( 'What should be done with content owned by this user?' ); ?></legend></p>
-				<?php else : ?>
-					<p><legend><?php _e( 'What should be done with content owned by these users?' ); ?></legend></p>
-				<?php endif; ?>
-
-				<ul style="list-style:none;">
-					<li>
-						<input type="radio" id="delete_option0" name="delete_option" value="delete" />
-						<label for="delete_option0"><?php _e( 'Delete all content.' ); ?></label>
-					</li>
-					<li>
-						<input type="radio" id="delete_option1" name="delete_option" value="reassign" />
-						<label for="delete_option1"><?php _e( 'Attribute all content to:' ); ?></label>
-						<?php
-						wp_dropdown_users(
-							array(
-								'name'    => 'reassign_user',
-								'exclude' => $user_ids,
-								'show'    => 'display_name_with_login',
-							)
-						);
-						?>
-					</li>
-				</ul>
-				</fieldset>
-				<?php
-			endif;
-
 			/**
 			 * Fires at the end of the delete users form prior to the confirm button.
 			 *
