Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
canEdit() allows invalid $user_guid argument #8038
You can pass in GUIDs of non-users (e.g. 1), and it will function just fine, calling the plugin hook sending
Also you can pass in a non-existent/deleted GUID and it will silently convert this to the session user.
In both cases I doubt we want to silently let this pass this through.
referenced this issue
Mar 5, 2015
Also consider this comment https://github.com/Elgg/Elgg/pull/8031/files#r28133396