From c97705cd49c2d78942a2f8bee43fccedb38ae384 Mon Sep 17 00:00:00 2001 From: Joseph Scott Date: Thu, 22 Apr 2010 22:53:44 +0000 Subject: [PATCH] - don't pass user id to list_users check - only link the username if the edit_user cap check passes see #13074 git-svn-id: https://develop.svn.wordpress.org/trunk@14191 602fd350-edb4-49c9-b593-d223f7449a82 --- wp-admin/includes/template.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/wp-admin/includes/template.php b/wp-admin/includes/template.php index fbd0bb1d37..93e2be8147 100644 --- a/wp-admin/includes/template.php +++ b/wp-admin/includes/template.php @@ -1812,7 +1812,7 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) { $short_url = substr( $short_url, 0, 32 ).'...'; $checkbox = ''; // Check if the user for this row is editable - if ( current_user_can( 'list_users', $user_object->ID ) ) { + if ( current_user_can( 'list_users' ) ) { // Set up the user editing link // TODO: make profile/user-edit determination a separate function if ($current_user->ID == $user_object->ID) { @@ -1825,8 +1825,13 @@ function user_row( $user_object, $style = '', $role = '', $numposts = 0 ) { // Set up the hover actions for this user $actions = array(); - if ( current_user_can('edit_user', $user_object->ID) ) + if ( current_user_can('edit_user', $user_object->ID) ) { + $edit = "$user_object->user_login
"; $actions['edit'] = '' . __('Edit') . ''; + } else { + $edit = "$user_object->user_login
"; + } + if ( !is_multisite() && $current_user->ID != $user_object->ID && current_user_can('delete_user', $user_object->ID) ) $actions['delete'] = "" . __('Delete') . ""; if ( is_multisite() && $current_user->ID != $user_object->ID && current_user_can('remove_user', $user_object->ID) )