Make WordPress Core

Opened 17 years ago

Closed 17 years ago

#865 closed defect (bug) (fixed)

Wrong arguments for user_can_edit_user() in wp-admin/edit.php

Reported by: Agent Orange Owned by: ryan
Milestone: Priority: normal
Severity: major Version: 1.5
Component: General Keywords:
Focuses: Cc:

Description

When the list of posts is displayed, there are lines like this:

case 'control_delete':

?>
<td><?php if ( user_can_edit_user($user_level,$authordata->user_level) ) { echo "<a href='post.php?action=delete&amp;post=$id' class='delete' onclick=\"return confirm('" . sprintf(("You are about to delete this post \'%s\'
n \'OK\' to delete, \'Cancel\' to stop."), wp_specialchars(get_the_title(, ), 1) ) . "')\">" .
('Delete') . "</a>"; } ?></td>
<?php
break;

The arguments for user_can_edit_user() are completely wrong here. The correct line would look like:

case 'control_edit':

?>
<td><?php if ( user_can_edit_user($user_ID,$authordata->ID) ) { echo "<a href='post.php?action=edit&amp;post=$id' class='edit'>" . ('Edit') . "</a>"; } ?></td>
<?php
break;

So, you have to submit the user id's to the function user_can_edit_user, not the levels.

Change History (3)

#1 @Agent Orange
17 years ago

  • Patch set to No

#2 @Agent Orange
17 years ago

Sorry, forgot to mention:
The Version I recognized this problem in was the wordpress-2005-02-13 nightly build.

#3 @ryan
17 years ago

  • fixed_in_version set to 1.5
  • Owner changed from anonymous to rboren
  • Resolution changed from 10 to 20
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.