WordPress.org
Get WordPress

Make WordPress Core

Ticket #12387: 12387.diff

File 12387.diff, 862 bytes (added by dd32, 16 years ago)

  • wp-admin/includes/user.php

     
    7676
    7777        if ( isset( $_POST['role'] ) && current_user_can( 'edit_users' ) ) {
    7878                $new_role = sanitize_text_field( $_POST['role'] );
     79                $potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
    7980                // Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
    80                 if( $user_id != $current_user->id || $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ))
     81                if ( $user_id != $current_user->id || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
    8182                        $user->role = $new_role;
    8283
    8384                // If the new role isn't editable by the logged-in user die with error