Upstream
/
WordPress
mirror of https://github.com/WordPress/WordPress.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Add multisite check on delete. Check promote_user cap. see #13074 

git-svn-id: http://svn.automattic.com/wordpress/trunk@14178 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2010-04-21 17:58:10 +00:00
parent 16989ec444
commit 73f0e2f334
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
wp-admin/users.php
View File

@ -55,9 +55,9 @@ case 'promote':
$userids = $_REQUEST['users'];
$update = 'promote';
foreach ( $userids as $id ) {
if ( ! current_user_can('edit_user', $id) )
if ( ! current_user_can('promote_user', $id) )
wp_die(__('You can’t edit that user.'));
// The new role of the current user must also have edit_users caps
// The new role of the current user must also have promote_users caps
if ( $id == $current_user->ID && !$wp_roles->role_objects[$_REQUEST['new_role']]->has_cap('promote_users') ) {
$update = 'err_admin_role';
continue;
@ -117,6 +117,9 @@ case 'dodelete':
break;
case 'delete':
if ( is_multisite() )
wp_die( __('User deletion is not allowed from this screen.') );
check_admin_referer('bulk-users');
if ( empty($_REQUEST['users']) && empty($_REQUEST['user']) ) {