[wp-trac] Re: [WordPress Trac] #8770: Add role filtering to user
editing code to secure edit_users capabiltity (security)
WordPress Trac
wp-trac at lists.automattic.com
Tue Jan 6 17:28:12 GMT 2009
#8770: Add role filtering to user editing code to secure edit_users capabiltity
(security)
--------------------------------------------------+-------------------------
Reporter: jeremyclarke | Owner: jeremyclarke
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch capabilities needs-testing |
--------------------------------------------------+-------------------------
Comment (by ryan):
Should get_editable_roles() return an empty array if the user can't
edit_users? The change to wp-admin/users.php seems like it would allow
promoting to any role even without edit_users.
--
Ticket URL: <http://trac.wordpress.org/ticket/8770#comment:2>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list