[wp-trac] [WordPress Trac] #23920: Revisions: clean up wp_ajax_revisions_data()
WordPress Trac
noreply at wordpress.org
Tue Apr 2 20:55:30 UTC 2013
#23920: Revisions: clean up wp_ajax_revisions_data()
--------------------+--------------------------
Reporter: azaozz | Type: defect (bug)
Status: new | Priority: normal
Milestone: 3.6 | Component: Revisions
Version: trunk | Severity: normal
Keywords: |
--------------------+--------------------------
See #23497. There are inconsistencies in wp_ajax_revisions_data(), mostly
when getting/sanitizing the $_GET values.
We would probably need to pass the main post's ID every time and do
`current_user_can( 'edit_post' ID )`. The code an the moment would show
all revisions data to any logged in user that has 'view_post' capability.
That cap is fine for the main post but not for revisions.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23920>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list