Changeset 149 for trunk/wp-admin/b2team.php

Timestamp:

06/03/2003 12:08:51 AM (23 years ago)

Author:

mikelittle

Message:

Fixed admin level security problem.
Plus an user -> a user

File:

• trunk/wp-admin/b2team.php (modified) (4 diffs)

trunk/wp-admin/b2team.php

@@ -34 +34 @@
 
     $user_data = get_userdata($id);
-    $usertopromote_level = $user_data[13];
+    $usertopromote_level = $user_data->user_level;
 
     if ($user_level <= $usertopromote_level) {
-        die('Can&#8217;t change the level of an user whose level is higher than yours.');
+        die('Can&#8217;t change the level of a user whose level is higher than yours.');
     }
 
@@ -66 +66 @@
 
     if ($user_level <= $usertodelete_level)
-        die('Can&#8217;t delete an user whose level is higher than yours.');
+        die('Can&#8217;t delete a user whose level is higher than yours.');
 
     $sql = "DELETE FROM $tableusers WHERE ID = $id";
@@ -84 +84 @@
     ?>
 
-<div class="wrap"><p>Click on an user&#8217;s login name to see his complete profile.<br />
+<div class="wrap"><p>Click on a user&#8217;s login name to see his complete profile.<br />
     To edit your profile, click on your login name.</p>
 </div>
@@ -192 +192 @@
     if ($user_level >= 3) { ?>
 <div class="wrap"> 
-  <p>To delete an user, bring his level to zero, then click on the red X.<br />
-    <strong>Warning:</strong> deleting an user also deletes all posts made by this user. 
+  <p>To delete a user, bring his level to zero, then click on the red X.<br />
+    <strong>Warning:</strong> deleting a user also deletes all posts made by this user. 
   </p>
 </div>