Elgg / Elgg

actions/admin/user/unban.php

<?php
/**
 * Unbans a user.
 */

$access_status = access_show_hidden_entities(true);

$guid = get_input('guid');
$user = get_user($guid);

It seems like $guid can also be of type string; however, parameter $guid of get_user() does only seem to accept integer, maybe add an additional type check?

if (!$user || !$user->canEdit()) {
	access_show_hidden_entities($access_status);
	return elgg_error_response(elgg_echo('admin:user:unban:no'));
}

if (!$user->unban()) {
	access_show_hidden_entities($access_status);
	return elgg_error_response(elgg_echo('admin:user:unban:no'));
}

access_show_hidden_entities($access_status);

return elgg_ok_response('', elgg_echo('admin:user:unban:yes'));