[wp-hackers] Disabling Tools->Export

Harry Metcalfe harry at dxw.com
Wed Jun 27 12:52:40 UTC 2012


Yup, we've got something very similar that we'll be deploying soon. But 
the problem is that another plugin could very easily just remove that, 
or add its own filter with higher priority and override the first one. A 
constant that forces wp-admin/export.php to bail would be more robust.

Harry


On 27/06/12 13:50, Dion Hulse (dd32) wrote:
> you could just filter the capability and always return false on it?
> I think something like this would work: (i don't know the export cap
> off the top of my head though, and i'm sure there's a better hook for
> this..)
>
>
> add_filter( 'role_has_cap', function( $caps, $cap_searched_for ) {
> if ( 'export_cap_name' == $cap_searched_for)
>    return false;
> else
>    return $caps;
> }, 100, 2);
>
> On 27 June 2012 22:45, Harry Metcalfe<harry at dxw.com>  wrote:
>> Yup, that's what I'm suggesting - but agree that one-off core editing is
>> bad. Hence happy to write a patch, if it would be accepted.
>>
>> Harry
>>
>>
>>
>> On 27/06/12 13:31, Christopher Ross wrote:
>>> Harry, I hesitate to ever suggest changing core files but the only way I
>>> could think of to ensure the export can't run *ever* would be to edit
>>> /wp-admin/export.php and remove the functionality.
>>>
>>>
>>> On 2012-06-27, at 8:47 AM, Harry Metcalfe wrote:
>>>
>>>> Hello,
>>>>
>>>> We've found that some of our corporate clients have concerns about the
>>>> ability for their staff to mass-export data from the WP backend.
>>>>
>>>> I realise we can (and have) removed the administrator role's capability
>>>> to do that, but I wondered if it might be useful to add a constant that
>>>> disables it? There's a bit of concern that a plugin could re-add the
>>>> capability without us noticing. Something that works like DISALLOW_FILE_EDIT
>>>> would be more robust.
>>>>
>>>> Very happy to submit a patch if people think it's a good idea.
>>>>
>>>> Harry
>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>> --
>>>
>>> Christopher Ross : @thisismyurl : Pinterest : Facebook : LinkedIn :
>>> Google+
>>> Telephone: (506) 455-4122
>>>
>>> 399 King Street,
>>> Fredericton, New Brunswick
>>> E3B 3E5
>>>
>>> Photography : Blog
>>>
>>>
>>>
>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list