Opened 6 years ago
#2894 assigned defect
Plugin username-changer bug in username_changer_can_change_own_username
| Reported by: |
draker
|
Owned by: |
evertiro
|
|---|---|---|---|
| Priority: | normal | Severity: | normal |
| Plugin: | not-listed | Keywords: | username-changer username_changer_can_change_own_username |
| Cc: |
Description
In function username_changer_can_change_own_username():
$allowed_roles is an array of objects and $user_roles is an array of strings
The code that iterates through and tests equality treats $user_roles as an array of objects and $allowed_roles as an array of strings. This is incorrect. End result is that this function always returns false unless the current user is an administrator. Here is a patch that fixes this:
Index: includes/misc-functions.php
===================================================================
--- includes/misc-functions.php (revision 2352588)
+++ includes/misc-functions.php (working copy)
@@ -47,8 +47,8 @@
if ( in_array( 'administrator', $user_roles, true ) ) {
$allowed = true;
} elseif ( is_array( $user_roles ) ) {
- foreach ( $user_roles as $user_role => $role_name ) {
- if ( in_array( $user_role, $allowed_roles, true ) ) {
+ foreach ( $allowed_roles as $allowed_role => $role_name ) {
+ if ( in_array( $allowed_role, $user_roles, true ) ) {
$allowed = true;
}
}
Assigning this bug to the user who last updated this plugin. Not sure if it's the right person.
Note: See
TracTickets for help on using
tickets.