Don't allow promoting a user that doesn't already belong to the blog.

git-svn-id: http://svn.automattic.com/wordpress/trunk@15150 1a063a9b-81f0-0310-95a4-ce76da25c4cd

wp-admin/users.php

@@ -74,6 +74,10 @@ case 'promote':
 			continue;
 		}
 
+		// If the user doesn't already belong to the blog, bail.
+		if ( !is_user_member_of_blog( $id ) )
+			wp_die(__('Cheatin’ uh?'));
+
 		$user = new WP_User($id);
 		$user->set_role($_REQUEST['new_role']);
 	}