Skip to:
Content

BuddyPress.org

Changeset 8325


Ignore:
Timestamp:
04/26/2014 06:45:35 PM (11 years ago)
Author:
boonebgorges
Message:

Check bp_disable_account_deletion() setting in screen function rather than bp_core_delete_account() business function

The purpose of the disable-account-deletion setting is to prevent normal (ie
non-admin) BP users from deleting their own accounts through the front-end
interface. Locating the settings check in the business function
bp_core_delete_account() therefore caused problems when deleting accounts in
areas that were not meant to be covered by the setting, such as when accounts
are deleted in the Dashboard by an admin, or when the BP_Signup::delete()
method is called. This caused a particular problem in BP 2.0, because the
deletion of signups was no longer correctly cleaning up other data from the
database (xprofile, usermeta, etc).

Fixes #5575

Location:
branches/2.0
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/bp-members/bp-members-functions.php

    r8314 r8325  
    10541054    if ( empty( $user_id ) )
    10551055        $user_id = bp_loggedin_user_id();
    1056 
    1057     // Bail if account deletion is disabled
    1058     if ( bp_disable_account_deletion() )
    1059         return false;
    10601056
    10611057    // Site admins cannot be deleted
  • branches/2.0/bp-settings/bp-settings-actions.php

    r7586 r8325  
    334334    }
    335335
     336    // Bail if account deletion is disabled
     337    if ( bp_disable_account_deletion() && ! bp_current_user_can( 'delete_users' ) ) {
     338        return false;
     339    }
     340
    336341    // Nonce check
    337342    check_admin_referer( 'delete-account' );
Note: See TracChangeset for help on using the changeset viewer.