I’m writing a plugin to add in custom fields to the user profile, and going over old code I found I had the following at the start of the update function
if ( !current_user_can( 'edit_user', $user_id ) )
Looking online this seems to be what everyone uses. However, looking on at the function in the code and looking on the codex page for the current_user_can function, it doesn’t accept 2 parameters, and there isn’t a capability called ‘edit_user’
I feel like I’m missing something?! And if this is wrong, is there a suitable single function to check if the current user can edit the user’s profile in question? I know how to do it with two functions but figured I’d check if there was one.
Thanks in advance.
The topic ‘Protecting user profile edits’ is closed to new replies.