Make WordPress Core


Ignore:
Timestamp:
09/24/2006 10:08:58 AM (18 years ago)
Author:
ryan
Message:

Don't show user form without privs. Props westi. fixes #3142

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/user-edit.php

    r4112 r4216  
    1313$wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
    1414
     15$user_id = (int) $user_id;
     16
     17if ( !$user_id )
     18    wp_die(__('Invalid user ID.'));
     19
    1520switch ($action) {
    1621case 'switchposts':
     
    2732
    2833if ( !current_user_can('edit_user', $user_id) )
    29     $errors = new WP_Error('head', __('You do not have permission to edit this user.'));
    30 else
    31     $errors = edit_user($user_id);
     34    wp_die(__('You do not have permission to edit this user.'));
     35
     36$errors = edit_user($user_id);
    3237
    3338if( !is_wp_error( $errors ) ) {
     
    3944
    4045default:
     46$profileuser = get_user_to_edit($user_id);
     47
     48if ( !current_user_can('edit_user', $user_id) )
     49        wp_die(__('You do not have permission to edit this user.'));
     50
    4151include ('admin-header.php');
    42 
    43 $profileuser = get_user_to_edit($user_id);
    44 
    45 if ( !current_user_can('edit_user', $user_id) )
    46     if ( !is_wp_error( $errors ) )
    47         $errors = new WP_Error('head', __('You do not have permission to edit this user.'));
    4852?>
    4953
Note: See TracChangeset for help on using the changeset viewer.