Changeset 8325 for branches/2.0/bp-settings/bp-settings-actions.php

Timestamp:

04/26/2014 06:45:35 PM (11 years ago)

Author:

boonebgorges

Message:

Check bp_disable_account_deletion() setting in screen function rather than bp_core_delete_account() business function

The purpose of the disable-account-deletion setting is to prevent normal (ie
non-admin) BP users from deleting their own accounts through the front-end
interface. Locating the settings check in the business function
bp_core_delete_account() therefore caused problems when deleting accounts in
areas that were not meant to be covered by the setting, such as when accounts
are deleted in the Dashboard by an admin, or when the BP_Signup::delete()
method is called. This caused a particular problem in BP 2.0, because the
deletion of signups was no longer correctly cleaning up other data from the
database (xprofile, usermeta, etc).

Fixes #5575

File:

• branches/2.0/bp-settings/bp-settings-actions.php (modified) (1 diff)

branches/2.0/bp-settings/bp-settings-actions.php

@@ -334 +334 @@
     }
 
+    // Bail if account deletion is disabled
+    if ( bp_disable_account_deletion() && ! bp_current_user_can( 'delete_users' ) ) {
+        return false;
+    }
+
     // Nonce check
     check_admin_referer( 'delete-account' );