golem
/
twentyGOLEM
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow MS cape-wearers to demote their blog roles to something without the edit_users cap. see #12387 

git-svn-id: http://svn.automattic.com/wordpress/trunk@13934 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
nacin 2010-04-02 04:30:00 +00:00
parent 8ef6c001b4
commit 6a1844f98e
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-admin/includes/user.php
View File

@ -78,7 +78,8 @@ function edit_user( $user_id = 0 ) {
$new_role = sanitize_text_field( $_POST['role'] );
$potential_role = isset($wp_roles->role_objects[$new_role]) ? $wp_roles->role_objects[$new_role] : false;
// Don't let anyone with 'edit_users' (admins) edit their own role to something without it.
if ( $user_id != $current_user->id || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
// Multisite super admins can freely edit their blog roles -- they possess all caps.
if ( ( is_multisite() && is_site_admin() ) || $user_id != $current_user->id || ($potential_role && $potential_role->has_cap( 'edit_users' ) ) )
$user->role = $new_role;
// If the new role isn't editable by the logged-in user die with error