Don't show user form without privs. Props westi. fixes #3142

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4244 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2006-09-25 02:54:23 +00:00
parent 6b4ffb78eb
commit b793c730cd
1 changed files with 9 additions and 2 deletions

View File

@ -21,6 +21,11 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
} }
} }
$user_id = (int) $user_id;
if ( !$user_id )
die(__('Invalid user ID.'));
switch ($action) { switch ($action) {
case 'switchposts': case 'switchposts':
@ -37,7 +42,7 @@ check_admin_referer('update-user_' . $user_id);
$errors = array(); $errors = array();
if (!current_user_can('edit_users')) if (!current_user_can('edit_users'))
$errors['head'] = __('You do not have permission to edit this user.'); die(__('You do not have permission to edit this user.'));
else else
$errors = edit_user($user_id); $errors = edit_user($user_id);
@ -51,7 +56,9 @@ include ('admin-header.php');
$profileuser = get_user_to_edit($user_id); $profileuser = get_user_to_edit($user_id);
if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.'); if (!current_user_can('edit_users'))
die__('You do not have permission to edit this user.');
?> ?>
<?php if ( isset($_GET['updated']) ) : ?> <?php if ( isset($_GET['updated']) ) : ?>