sergiotarxz/Wordpress
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Explicitly set the capability required in edit_users map_meta_cap branch, so we don't accidentally pass edit_user. props TheDeadMedic. fixes #13074, fixes #13137

Browse Source 
git-svn-id: https://develop.svn.wordpress.org/trunk@14256 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Andrew Nacin 2010-04-27 20:39:39 +00:00
parent 5dbebf6cfc
commit e2e2836ad5
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
wp-includes/capabilities.php
View File

@ -782,8 +782,8 @@ class WP_User {
*
* This does not actually compare whether the user ID has the actual capability,
* just what the capability or capabilities are. Meta capability list value can
* be 'delete_user', 'edit_user', 'delete_post', 'delete_page', 'edit_post',
* 'edit_page', 'read_post', or 'read_page'.
* be 'delete_user', 'edit_user', 'remove_user', 'promote_user', 'delete_post',
* 'delete_page', 'edit_post', 'edit_page', 'read_post', or 'read_page'.
*
* @since 2.0.0
*
@ -815,7 +815,7 @@ function map_meta_cap( $cap, $user_id ) {
if ( is_multisite() && !is_super_admin() )
$caps[] = 'do_not_allow';
else
$caps[] = $cap;
$caps[] = 'edit_users'; // Explicit due to primitive fall through
break;
case 'delete_post':
$author_data = get_userdata( $user_id );