Wordpress 2.0.11-scripts

[autoinstalls/wordpress.git] / wp-admin / user-edit.php

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index ac6d4d6e7ec97d38c76c6853237ddeb8b410bc02..1d5975872e977a8eb83282f7c9c88ec8b5f1be81 100644 (file)
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -21,6 +21,11 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
        }
 }
 
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+       die(__('Invalid user ID.'));
+
 switch ($action) {
 case 'switchposts':
 
@@ -37,7 +42,7 @@ check_admin_referer('update-user_' . $user_id);
 $errors = array();
 
 if (!current_user_can('edit_users'))
-       $errors['head'] = __('You do not have permission to edit this user.');
+       die(__('You do not have permission to edit this user.'));
 else
        $errors = edit_user($user_id);
 
@@ -49,9 +54,11 @@ if(count($errors) == 0) {
 default:
 include ('admin-header.php');
 
-$profileuser = new WP_User($user_id);
+$profileuser = get_user_to_edit($user_id);
+
+if (!current_user_can('edit_users')) 
+       die__('You do not have permission to edit this user.');
 
-if (!current_user_can('edit_users')) $errors['head'] = __('You do not have permission to edit this user.');
 ?>
 
 <?php if ( isset($_GET['updated']) ) : ?>
@@ -105,7 +112,7 @@ echo '</select>';
 <p><label><?php _e('Nickname:') ?><br />
 <input type="text" name="nickname" value="<?php echo $profileuser->nickname ?>" /></label></p>
 
-</p><label><?php _e('Display name publicly as:') ?> <br />
+<p><label><?php _e('Display name publicly as:') ?> <br />
 <select name="display_name">
 <option value="<?php echo $profileuser->display_name; ?>"><?php echo $profileuser->display_name; ?></option>
 <option value="<?php echo $profileuser->nickname ?>"><?php echo $profileuser->nickname ?></option>