<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" /><style type="text/css"><!--
#msg dl { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }
#msg dl a { font-weight: bold}
#msg dl a:link    { color:#fc3; }
#msg dl a:active  { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fc0 solid; padding: 6px; }
#msg ul, pre { overflow: auto; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<title>[14191] trunk/wp-admin/includes/template.php: - don'
 t pass user id to list_users check</title>
</head>
<body>

<div id="msg">
<dl>
<dt>Revision</dt> <dd><a href="http://trac.wordpress.org/changeset/14191">14191</a></dd>
<dt>Author</dt> <dd>josephscott</dd>
<dt>Date</dt> <dd>2010-04-22 22:53:44 +0000 (Thu, 22 Apr 2010)</dd>
</dl>

<h3>Log Message</h3>
<pre>- don't pass user id to list_users check
- only link the username if the edit_user cap check passes

see <a href="http://trac.wordpress.org/ticket/13074">#13074</a></pre>

<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkwpadminincludestemplatephp">trunk/wp-admin/includes/template.php</a></li>
</ul>

</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkwpadminincludestemplatephp"></a>
<div class="modfile"><h4>Modified: trunk/wp-admin/includes/template.php (14190 => 14191)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/wp-admin/includes/template.php        2010-04-22 21:39:37 UTC (rev 14190)
+++ trunk/wp-admin/includes/template.php        2010-04-22 22:53:44 UTC (rev 14191)
</span><span class="lines">@@ -1812,7 +1812,7 @@
</span><span class="cx">                 $short_url = substr( $short_url, 0, 32 ).'...';
</span><span class="cx">         $checkbox = '';
</span><span class="cx">         // Check if the user for this row is editable
</span><del>-        if ( current_user_can( 'list_users', $user_object-&gt;ID ) ) {
</del><ins>+        if ( current_user_can( 'list_users' ) ) {
</ins><span class="cx">                 // Set up the user editing link
</span><span class="cx">                 // TODO: make profile/user-edit determination a separate function
</span><span class="cx">                 if ($current_user-&gt;ID == $user_object-&gt;ID) {
</span><span class="lines">@@ -1825,8 +1825,13 @@
</span><span class="cx">                 // Set up the hover actions for this user
</span><span class="cx">                 $actions = array();
</span><span class="cx"> 
</span><del>-                if ( current_user_can('edit_user',  $user_object-&gt;ID) )
</del><ins>+                if ( current_user_can('edit_user',  $user_object-&gt;ID) ) {
+                        $edit = &quot;&lt;strong&gt;&lt;a href=\&quot;$edit_link\&quot;&gt;$user_object-&gt;user_login&lt;/a&gt;&lt;/strong&gt;&lt;br /&gt;&quot;;
</ins><span class="cx">                         $actions['edit'] = '&lt;a href=&quot;' . $edit_link . '&quot;&gt;' . __('Edit') . '&lt;/a&gt;';
</span><ins>+                } else {
+                        $edit = &quot;&lt;strong&gt;$user_object-&gt;user_login&lt;/strong&gt;&lt;br /&gt;&quot;;
+                }
+
</ins><span class="cx">                 if ( !is_multisite() &amp;&amp; $current_user-&gt;ID != $user_object-&gt;ID &amp;&amp; current_user_can('delete_user', $user_object-&gt;ID) )
</span><span class="cx">                         $actions['delete'] = &quot;&lt;a class='submitdelete' href='&quot; . wp_nonce_url(&quot;users.php?action=delete&amp;amp;user=$user_object-&gt;ID&quot;, 'bulk-users') . &quot;'&gt;&quot; . __('Delete') . &quot;&lt;/a&gt;&quot;;
</span><span class="cx">                 if ( is_multisite() &amp;&amp; $current_user-&gt;ID != $user_object-&gt;ID &amp;&amp; current_user_can('remove_user', $user_object-&gt;ID) )
</span></span></pre>
</div>
</div>

</body>
</html>