Skip to:
Content

BuddyPress.org

Changeset 11302


Ignore:
Timestamp:
12/16/2016 09:43:59 AM (8 years ago)
Author:
hnla
Message:

Xprofile: profile field visibility levels, 'enforce field visibility'

Corrects an issue where logged out users are allowed to change profile field visibility level for registration despite admin disabling setting, introduced in 2.7.1 (r: 11221) which fixed inability to change profile visibility by user but omitted check for admin enforced levels.

Add checks for $field->allow_custom_visibility to logged out user caps check in bp-xprofile-caps.php

Fixes #7391 ( for 2.7 branch )

Props maccast, boonebgorges, slaFFik, hnla

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.7/src/bp-xprofile/bp-xprofile-caps.php

    r11221 r11302  
    7979function bp_xprofile_grant_bp_xprofile_change_field_visibility_for_logged_out_users( $user_can, $user_id, $capability ) {
    8080    if ( 'bp_xprofile_change_field_visibility' === $capability && 0 === $user_id ) {
    81         $user_can = true;
     81        $field_id = bp_get_the_profile_field_id();
     82        if ( $field_id && $field = xprofile_get_field( $field_id ) ) {
     83            $user_can = 'allowed' === $field->allow_custom_visibility;
     84        }
    8285    }
    8386
Note: See TracChangeset for help on using the changeset viewer.