[buddypress-trac] [BuddyPress Trac] #8070: Missing 'edit_users' check in member_can_edit()
buddypress-trac
noreply at wordpress.org
Fri Mar 22 11:53:40 UTC 2019
#8070: Missing 'edit_users' check in member_can_edit()
--------------------------+-----------------------------
Reporter: Venutius | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Members | Version: 4.2.0
Severity: normal | Keywords:
--------------------------+-----------------------------
There seems to be a missing check for edit_users capability in the
member_can_edit function on line 329 of `bussypress/bp-members/classes
/class-bp-members-admin.php`:
`$retval = bp_current_user_can( 'bp_moderate' );`
This could be changed to:
`$retval = ( bp_current_user_can( 'bp_moderate' ) || current_user_can(
'edit_users' ) );`
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8070>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list