[wp-trac] Re: [WordPress Trac] #5487: query.php mistakenly uses
is_admin() to check for admin privileges
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 19 16:10:18 GMT 2007
#5487: query.php mistakenly uses is_admin() to check for admin privileges
---------------------------------------------------+------------------------
Reporter: pishmishy | Owner: pishmishy
Type: defect | Status: assigned
Priority: high | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: major | Resolution:
Keywords: query is_admin has-patch dev-feedback |
---------------------------------------------------+------------------------
Changes (by pishmishy):
* keywords: query is_admin => query is_admin has-patch dev-feedback
Comment:
Attached patch replaces is_admin() check with
current_user_can('level_10'). Perhaps we could explicitly check the user's
capabilities but I wasn't sure from the documentation which capabilities
we should be looking at. Instead I've just checked if the user is the
administrator or not.
--
Ticket URL: <http://trac.wordpress.org/ticket/5487#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list