[wp-trac] Re: [WordPress Trac] #8770: Add role filtering to user editing code to secure edit_users capabiltity (security)

WordPress Trac wp-trac at lists.automattic.com
Wed Dec 31 21:50:38 GMT 2008


#8770: Add role filtering to user editing code to secure edit_users capabiltity
(security)
--------------------------------------------------+-------------------------
 Reporter:  jeremyclarke                          |        Owner:  jeremyclarke
     Type:  defect (bug)                          |       Status:  new         
 Priority:  normal                                |    Milestone:  2.8         
Component:  Security                              |      Version:              
 Severity:  normal                                |   Resolution:              
 Keywords:  has-patch capabilities needs-testing  |  
--------------------------------------------------+-------------------------
Comment (by jeremyclarke):

 Oh yeah, to see the effects of these patches (which are only relevant if
 you have a user with 'edit_users' but who isn't an admin (doesnt' have all
 other privileges), you also need to have the following plugin code running
 somewhere (updated since the previous tickets to use the new filter name):

 http://www.pastie.org/349868

 You can use the Role Manager plugin (which will hopefully have that code
 integrated) to set up a user who is an author or editor with the
 edit_users capability.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/8770#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list