WordPress.org

Make WordPress Core

Ticket #13074: list-users.2.diff

File list-users.2.diff, 1.4 KB (added by josephscott, 4 years ago)

don't pass user id, don't link username if you can't edit_user

  • wp-admin/includes/template.php

     
    18121812                $short_url = substr( $short_url, 0, 32 ).'...'; 
    18131813        $checkbox = ''; 
    18141814        // Check if the user for this row is editable 
    1815         if ( current_user_can( 'list_users', $user_object->ID ) ) { 
     1815        if ( current_user_can( 'list_users' ) ) { 
    18161816                // Set up the user editing link 
    18171817                // TODO: make profile/user-edit determination a separate function 
    18181818                if ($current_user->ID == $user_object->ID) { 
     
    18251825                // Set up the hover actions for this user 
    18261826                $actions = array(); 
    18271827 
    1828                 if ( current_user_can('edit_user',  $user_object->ID) ) 
     1828                if ( current_user_can('edit_user',  $user_object->ID) ) { 
     1829                        $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />"; 
    18291830                        $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     1831                } else { 
     1832                        $edit = "<strong>$user_object->user_login</strong><br />"; 
     1833                } 
     1834 
    18301835                if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) ) 
    18311836                        $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>"; 
    18321837                if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )