Skip to:
Content

bbPress.org

Changeset 4831


Ignore:
Timestamp:
03/29/2013 07:38:19 PM (9 years ago)
Author:
johnjamesjacoby
Message:

In bbp_get_user_id(), do not fallback to 'bbp_user_id' query variable, to prevent accidentally confusing a Guest (anonymous) user with the displayed user, in situations where empty bbp_get_user_id() checks are made. Fixes #2284.

Location:
trunk/includes/users
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/users/capabilities.php

    r4797 r4831  
    149149    $user      = get_userdata( $user_id );
    150150    $role      = false;
    151     $all_roles = apply_filters( 'editable_roles', $wp_roles->roles );
    152151
    153152    // User has roles so lets
    154153    if ( ! empty( $user->roles ) ) {
    155         $roles = array_intersect( array_values( $user->roles ), array_keys( $all_roles ) );
     154
     155        // Apply the WordPress 'editable_roles' filter to let plugins ride along
     156        $all_roles = apply_filters( 'editable_roles', $wp_roles->roles );
     157
     158        // Look for an intersection of user roles to available blog roles
     159        $roles     = array_intersect( array_values( $user->roles ), array_keys( $all_roles ) );
    156160
    157161        // If there's a role in the array, use the first one
  • trunk/includes/users/template-tags.php

    r4802 r4831  
    5555        // Failsafe
    5656        } else {
    57             $bbp_user_id = get_query_var( 'bbp_user_id' );
     57            $bbp_user_id = 0;
    5858        }
    5959
     
    481481
    482482        // Validate user id
    483         $user_id = bbp_get_user_id( $user_id, false, false );
     483        $user_id = bbp_get_user_id( $user_id, true, false );
    484484
    485485        // User is not registered
Note: See TracChangeset for help on using the changeset viewer.