diff options
author | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-10 15:44:03 +0000 |
---|---|---|
committer | donncha <donncha@7be80a69-a1ef-0310-a953-fb0f7c49ff36> | 2008-04-10 15:44:03 +0000 |
commit | 96a5a5255787e144c0e7eaa84526685a91baff45 (patch) | |
tree | 7d38a6ec564442e5b6993e2673faa3a55855ae31 /wp-admin/user-edit.php | |
parent | 01b2f099c449b9bea52fdc400043609edaf373fa (diff) | |
download | wordpress-mu-96a5a5255787e144c0e7eaa84526685a91baff45.tar.gz wordpress-mu-96a5a5255787e144c0e7eaa84526685a91baff45.tar.xz wordpress-mu-96a5a5255787e144c0e7eaa84526685a91baff45.zip |
Move check for site_admin, props bazza, fixes #584
git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@1227 7be80a69-a1ef-0310-a953-fb0f7c49ff36
Diffstat (limited to 'wp-admin/user-edit.php')
-rw-r--r-- | wp-admin/user-edit.php | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php index 3327c2d..8ee9c05 100644 --- a/wp-admin/user-edit.php +++ b/wp-admin/user-edit.php @@ -70,9 +70,6 @@ $parent_file = 'users.php'; wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer')); $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer)); -// Only allow site admins to edit every user. -if ( !is_site_admin() && ($user_id != $current_user->ID) ) - wp_die('You do not have permission to edit this user.'); $user_id = (int) $user_id; @@ -84,6 +81,10 @@ if ( !$user_id ) wp_die(__('Invalid user ID.')); } +// Only allow site admins to edit every user. +if ( !is_site_admin() && ($user_id != $current_user->ID) ) + wp_die('You do not have permission to edit this user.'); + switch ($action) { case 'switchposts': @@ -106,7 +107,7 @@ if ( $is_profile_page ) { $cap = $wpdb->get_var( "SELECT meta_value FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$wpdb->base_prefix}{$wpdb->blogid}_capabilities' AND meta_value = 'a:0:{}'" ); $errors = edit_user($user_id); -if( $cap == null ) +if( $cap == null ) // stops users being added to current blog when they are edited $wpdb->query( "DELETE FROM {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key = '{$wpdb->base_prefix}{$wpdb->blogid}_capabilities' AND meta_value = 'a:0:{}'" ); if( !is_wp_error( $errors ) ) { |