Changeset 4831

Timestamp:

03/29/2013 07:38:19 PM (12 years ago)

Author:

johnjamesjacoby

Message:

In bbp_get_user_id(), do not fallback to 'bbp_user_id' query variable, to prevent accidentally confusing a Guest (anonymous) user with the displayed user, in situations where empty bbp_get_user_id() checks are made. Fixes #2284.

Location:

trunk/includes/users

Files:

• capabilities.php (modified) (1 diff)
• template-tags.php (modified) (2 diffs)

trunk/includes/users/capabilities.php

@@ -149 +149 @@
     $user      = get_userdata( $user_id );
     $role      = false;
-    $all_roles = apply_filters( 'editable_roles', $wp_roles->roles );
 
     // User has roles so lets
     if ( ! empty( $user->roles ) ) {
-        $roles = array_intersect( array_values( $user->roles ), array_keys( $all_roles ) );
+
+        // Apply the WordPress 'editable_roles' filter to let plugins ride along
+        $all_roles = apply_filters( 'editable_roles', $wp_roles->roles );
+
+        // Look for an intersection of user roles to available blog roles
+        $roles     = array_intersect( array_values( $user->roles ), array_keys( $all_roles ) );
 
         // If there's a role in the array, use the first one

trunk/includes/users/template-tags.php

@@ -55 +55 @@
         // Failsafe
         } else {
-            $bbp_user_id = get_query_var( 'bbp_user_id' );
+            $bbp_user_id = 0;
         }
 
@@ -481 +481 @@
 
         // Validate user id
-        $user_id = bbp_get_user_id( $user_id, false, false );
+        $user_id = bbp_get_user_id( $user_id, true, false );
 
         // User is not registered