From e7ae06f71f73c604a545147df849a95ea80ffd75 Mon Sep 17 00:00:00 2001
From: Ryan Boren <ryan@git.wordpress.org>
Date: Sun, 24 Sep 2006 10:08:58 +0000
Subject: [PATCH] Don't show user form without privs. Props westi. fixes #3142

git-svn-id: https://develop.svn.wordpress.org/trunk@4216 602fd350-edb4-49c9-b593-d223f7449a82
---
 wp-admin/user-edit.php | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/wp-admin/user-edit.php b/wp-admin/user-edit.php
index 9ccabc15c8..061d7c321e 100644
--- a/wp-admin/user-edit.php
+++ b/wp-admin/user-edit.php
@@ -12,6 +12,11 @@ wp_reset_vars(array('action', 'redirect', 'profile', 'user_id', 'wp_http_referer
 
 $wp_http_referer = remove_query_arg(array('update', 'delete_count'), stripslashes($wp_http_referer));
 
+$user_id = (int) $user_id;
+
+if ( !$user_id )
+	wp_die(__('Invalid user ID.'));
+
 switch ($action) {
 case 'switchposts':
 
@@ -26,9 +31,9 @@ case 'update':
 check_admin_referer('update-user_' . $user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-	$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
-else
-	$errors = edit_user($user_id);
+	wp_die(__('You do not have permission to edit this user.'));
+
+$errors = edit_user($user_id);
 
 if( !is_wp_error( $errors ) ) {
 	$redirect = "user-edit.php?user_id=$user_id&updated=true";
@@ -38,13 +43,12 @@ if( !is_wp_error( $errors ) ) {
 }
 
 default:
-include ('admin-header.php');
-
 $profileuser = get_user_to_edit($user_id);
 
 if ( !current_user_can('edit_user', $user_id) )
-	if ( !is_wp_error( $errors ) )
-		$errors = new WP_Error('head', __('You do not have permission to edit this user.'));
+		wp_die(__('You do not have permission to edit this user.'));
+
+include ('admin-header.php');
 ?>
 
 <?php if ( isset($_GET['updated']) ) : ?>