Don't allow promoting a user that doesn't already belong to the blog.

git-svn-id: https://develop.svn.wordpress.org/trunk@15150 602fd350-edb4-49c9-b593-d223f7449a82
2010-06-06 15:05:18 +00:00 · 2010-06-06 15:05:18 +00:00 · 596e012bbf
commit 596e012bbf
parent e8b955bd48
1 changed files with 4 additions and 0 deletions
--- a/wp-admin/users.php
+++ b/wp-admin/users.php
@ -74,6 +74,10 @@ case 'promote':
 			continue;
 		}

+		// If the user doesn't already belong to the blog, bail.
+		if ( !is_user_member_of_blog( $id ) )
+			wp_die(__('Cheatin&#8217; uh?'));
+
 		$user = new WP_User($id);
 		$user->set_role($_REQUEST['new_role']);
 	}