WordPress.org

Make WordPress Core

Ticket #8770: wpadmin-users_dec31-08.diff

File wpadmin-users_dec31-08.diff, 636 bytes (added by jeremyclarke, 9 years ago)

patch wp-admin/users.php to check editable_roles before saving bulk role changes

  • wp-admin/users.php

     
    3939
    4040switch ($doaction) {
    4141
     42/* Bulk Dropdown menu Role changes */
    4243case 'promote':
    4344        check_admin_referer('bulk-users');
    4445
     
    4748                exit();
    4849        }
    4950
    50         if ( !current_user_can('edit_users') )
    51                 wp_die(__('You can’t edit users.'));
     51        $editable_roles = get_editable_roles();
     52        if (!$editable_roles[$_REQUEST['new_role']])
     53                wp_die(__('You can’t give users that role.'));
    5254
    5355        $userids = $_REQUEST['users'];
    5456        $update = 'promote';