function administerusersbyrole_user_update(&$edit, $account, $category) {
  if ($category === 'account') {
    if (!_administerusersbyrole_can_edit_user($account)) {
      if (isset($edit['status'])) {

The check for $edit['status'] should go before the call to _administerusersbyrole_can_edit_user(), because it's quicker. That means that if there's no 'status' key in the array, the function exits without bothering to check user access.


AdamPS’s picture

Issue summary:View changes
Status:Active» Closed (fixed)

I think this code has now gone from D7 dev version.