Skip to:
Content

bbPress.org

Changeset 5188


Ignore:
Timestamp:
11/25/2013 03:35:27 AM (8 years ago)
Author:
johnjamesjacoby
Message:

In bbp_user_can_view_forum() check the $user_id before passing it into bbp_is_user_keymaster(). Prevents accidental role escalation if $user_id is empty. See #2393.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/includes/users/template.php

    r5180 r5188  
    17241724
    17251725    // User is a keymaster
    1726     if ( bbp_is_user_keymaster( $user_id ) ) {
     1726    if ( !empty( $user_id ) && bbp_is_user_keymaster( $user_id ) ) {
    17271727        $retval = true;
    17281728
Note: See TracChangeset for help on using the changeset viewer.