WordPress.org

Make WordPress Core

Ticket #8770: wpadmin-users_dec31-08.diff

File wpadmin-users_dec31-08.diff, 636 bytes (added by jeremyclarke, 5 years ago)

patch wp-admin/users.php to check editable_roles before saving bulk role changes

  • wp-admin/users.php

     
    3939 
    4040switch ($doaction) { 
    4141 
     42/* Bulk Dropdown menu Role changes */ 
    4243case 'promote': 
    4344        check_admin_referer('bulk-users'); 
    4445 
     
    4748                exit(); 
    4849        } 
    4950 
    50         if ( !current_user_can('edit_users') ) 
    51                 wp_die(__('You can’t edit users.')); 
     51        $editable_roles = get_editable_roles(); 
     52        if (!$editable_roles[$_REQUEST['new_role']]) 
     53                wp_die(__('You can’t give users that role.')); 
    5254 
    5355        $userids = $_REQUEST['users']; 
    5456        $update = 'promote';