Changeset 15315 for trunk/wp-admin/includes/user.php
- Timestamp:
- 06/24/2010 03:01:29 PM (14 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/includes/user.php
r14608 r15315 22 22 function add_user() { 23 23 if ( func_num_args() ) { // The hackiest hack that ever did hack 24 global $ current_user, $wp_roles;24 global $wp_roles; 25 25 $user_id = (int) func_get_arg( 0 ); 26 26 … … 28 28 $new_role = sanitize_text_field( $_POST['role'] ); 29 29 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 30 if ( $user_id != $current_user->id|| $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ) ) {30 if ( $user_id != get_current_user_id() || $wp_roles->role_objects[$new_role]->has_cap( 'edit_users' ) ) { 31 31 // If the new role isn't editable by the logged-in user die with error 32 32 $editable_roles = get_editable_roles(); … … 55 55 */ 56 56 function edit_user( $user_id = 0 ) { 57 global $ current_user, $wp_roles, $wpdb;57 global $wp_roles, $wpdb; 58 58 if ( $user_id != 0 ) { 59 59 $update = true; … … 80 80 // Don't let anyone with 'edit_users' (admins) edit their own role to something without it. 81 81 // Multisite super admins can freely edit their blog roles -- they possess all caps. 82 if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != $current_user->id|| ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )82 if ( ( is_multisite() && current_user_can( 'manage_sites' ) ) || $user_id != get_current_user_id() || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) ) 83 83 $user->role = $new_role; 84 84
Note: See TracChangeset
for help on using the changeset viewer.