Skip to:
Content

bbPress.org


Ignore:
Timestamp:
05/28/2020 04:24:34 PM (4 years ago)
Author:
johnjamesjacoby
Message:

Settings: Only allow users with the edit_users capability to toggle the Super Moderators option.

This commit also rearranges some settings for improved UX, and adds descriptive text to the "Super Moderators" and "Forum Moderators" settings for improved clarity.

This commit addresses a responsibly disclosed security concern, and does not have a public issue in Trac.

In trunk, for 2.7.0.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/includes/admin/classes/class-bbp-admin.php

    r7070 r7088  
    586586            // Loop through fields for this section
    587587            foreach ( (array) $fields as $field_id => $field ) {
     588
     589                // Skip field if user is not capable
     590                if ( ! empty( $field['capability'] ) && ! current_user_can( $field['capability'] ) ) {
     591                    continue;
     592                }
    588593
    589594                // Add the field
Note: See TracChangeset for help on using the changeset viewer.