Changeset 4831 for trunk/includes/users/capabilities.php

Timestamp:

03/29/2013 07:38:19 PM (12 years ago)

Author:

johnjamesjacoby

Message:

In bbp_get_user_id(), do not fallback to 'bbp_user_id' query variable, to prevent accidentally confusing a Guest (anonymous) user with the displayed user, in situations where empty bbp_get_user_id() checks are made. Fixes #2284.

File:

• trunk/includes/users/capabilities.php (modified) (1 diff)

trunk/includes/users/capabilities.php

@@ -149 +149 @@
     $user      = get_userdata( $user_id );
     $role      = false;
-    $all_roles = apply_filters( 'editable_roles', $wp_roles->roles );
 
     // User has roles so lets
     if ( ! empty( $user->roles ) ) {
-        $roles = array_intersect( array_values( $user->roles ), array_keys( $all_roles ) );
+
+        // Apply the WordPress 'editable_roles' filter to let plugins ride along
+        $all_roles = apply_filters( 'editable_roles', $wp_roles->roles );
+
+        // Look for an intersection of user roles to available blog roles
+        $roles     = array_intersect( array_values( $user->roles ), array_keys( $all_roles ) );
 
         // If there's a role in the array, use the first one