WP Merge to rev 4254

git-svn-id: http://svn.automattic.com/wordpress-mu/trunk@770 7be80a69-a1ef-0310-a953-fb0f7c49ff36

1 files changed, 10 insertions, 7 deletions

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 9583ddf..ccb8c78 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -15,6 +15,11 @@ $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashe
 if ( !is_site_admin() && ($user_id != $current_user->ID) )
 	$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
 
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+	wp_die(__('Invalid user ID.'));
+
 switch ($action) {
 case 'switchposts':
 
@@ -29,10 +34,9 @@ case 'update':
 check_admin_referer('update-user_' . $user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-	$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
+	wp_die(__('You do not have permission to edit this user.'));
 
-if ( !isset($errors) )
-	$errors = edit_user($user_id);
+$errors = edit_user($user_id);
 
 if( !is_wp_error( $errors ) ) {
 	$redirect = "user-edit.php?user_id=$user_id&updated=true";
@@ -42,13 +46,12 @@ if( !is_wp_error( $errors ) ) {
 }
 
 default:
-include ('admin-header.php');
-
 $profileuser = get_user_to_edit($user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-	if ( !is_wp_error( $errors ) )
-		$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
+		wp_die(__('You do not have permission to edit this user.'));
+
+include ('admin-header.php');
 ?>
 
 <?php if ( isset($_GET['updated']) ) : ?>