[buddypress-trac] [BuddyPress Trac] #8073: process_members_type_updte not checking for 1edit_users' capability
buddypress-trac
noreply at wordpress.org
Fri Mar 22 14:05:25 UTC 2019
#8073: process_members_type_updte not checking for 1edit_users' capability
--------------------------+-----------------------------
Reporter: Venutius | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Members | Version:
Severity: normal | Keywords:
--------------------------+-----------------------------
Whislt checking the permission checks in `buddypress/bp-members/classes
/class-bp-members-admin.php` I came across line 1228 which seems to omit
the capability check for 'edit_users':
`if ( ! bp_current_user_can( 'bp_moderate' ) && $user_id !=
bp_loggedin_user_id() ) {`
I think this should be changed to:
`if ( ! current_user_can( 'edit_users' ) && ! bp_current_user_can(
'bp_moderate' ) && $user_id != bp_loggedin_user_id() ) {`
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/8073>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list