WordPress.org

Make WordPress Core

Changeset 14191


Ignore:
Timestamp:
04/22/10 22:53:44 (4 years ago)
Author:
josephscott
Message:
  • don't pass user id to list_users check
  • only link the username if the edit_user cap check passes

see #13074

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/template.php

    r14189 r14191  
    18131813    $checkbox = ''; 
    18141814    // Check if the user for this row is editable 
    1815     if ( current_user_can( 'list_users', $user_object->ID ) ) { 
     1815    if ( current_user_can( 'list_users' ) ) { 
    18161816        // Set up the user editing link 
    18171817        // TODO: make profile/user-edit determination a separate function 
     
    18261826        $actions = array(); 
    18271827 
    1828         if ( current_user_can('edit_user',  $user_object->ID) ) 
     1828        if ( current_user_can('edit_user',  $user_object->ID) ) { 
     1829            $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />"; 
    18291830            $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>'; 
     1831        } else { 
     1832            $edit = "<strong>$user_object->user_login</strong><br />"; 
     1833        } 
     1834 
    18301835        if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) ) 
    18311836            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>"; 
Note: See TracChangeset for help on using the changeset viewer.