Make WordPress Core

Changeset 14191


Ignore:
Timestamp:
04/22/2010 10:53:44 PM (15 years ago)
Author:
josephscott
Message:
  • don't pass user id to list_users check
  • only link the username if the edit_user cap check passes

see #13074

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/template.php

    r14189 r14191  
    18131813    $checkbox = '';
    18141814    // Check if the user for this row is editable
    1815     if ( current_user_can( 'list_users', $user_object->ID ) ) {
     1815    if ( current_user_can( 'list_users' ) ) {
    18161816        // Set up the user editing link
    18171817        // TODO: make profile/user-edit determination a separate function
     
    18261826        $actions = array();
    18271827
    1828         if ( current_user_can('edit_user',  $user_object->ID) )
     1828        if ( current_user_can('edit_user',  $user_object->ID) ) {
     1829            $edit = "<strong><a href=\"$edit_link\">$user_object->user_login</a></strong><br />";
    18291830            $actions['edit'] = '<a href="' . $edit_link . '">' . __('Edit') . '</a>';
     1831        } else {
     1832            $edit = "<strong>$user_object->user_login</strong><br />";
     1833        }
     1834
    18301835        if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) )
    18311836            $actions['delete'] = "<a class='submitdelete' href='" . wp_nonce_url("users.php?action=delete&amp;user=$user_object->ID", 'bulk-users') . "'>" . __('Delete') . "</a>";
Note: See TracChangeset for help on using the changeset viewer.