[wp-hackers] Disabling Tools->Export

Dion Hulse (dd32) wordpress at dd32.id.au
Wed Jun 27 12:56:50 UTC 2012


I think you're significantly over thinking things.. A plugin isn't
likely to force the export to be enabled, and in any sense, if you're
so worried about the security of the data you should be looking at
what the plugin does, and how it does it, more closer.

if you wanted to be paranoid, you could use some insanely high
priority that is unlikely to be matched, PHP_MAXINT if you so wish.

A constant is detrimental to most users of WordPress - well,
detrimental might be the wrong word, but un-needed for sure, A plugin
is where disabling exports should happen.

On 27 June 2012 22:52, Harry Metcalfe <harry at dxw.com> wrote:
> Yup, we've got something very similar that we'll be deploying soon. But the
> problem is that another plugin could very easily just remove that, or add
> its own filter with higher priority and override the first one. A constant
> that forces wp-admin/export.php to bail would be more robust.
>
> Harry
>
>
>
> On 27/06/12 13:50, Dion Hulse (dd32) wrote:
>>
>> you could just filter the capability and always return false on it?
>> I think something like this would work: (i don't know the export cap
>> off the top of my head though, and i'm sure there's a better hook for
>> this..)
>>
>>
>> add_filter( 'role_has_cap', function( $caps, $cap_searched_for ) {
>> if ( 'export_cap_name' == $cap_searched_for)
>>   return false;
>> else
>>   return $caps;
>> }, 100, 2);
>>
>> On 27 June 2012 22:45, Harry Metcalfe<harry at dxw.com>  wrote:
>>>
>>> Yup, that's what I'm suggesting - but agree that one-off core editing is
>>> bad. Hence happy to write a patch, if it would be accepted.
>>>
>>> Harry
>>>
>>>
>>>
>>> On 27/06/12 13:31, Christopher Ross wrote:
>>>>
>>>> Harry, I hesitate to ever suggest changing core files but the only way I
>>>> could think of to ensure the export can't run *ever* would be to edit
>>>> /wp-admin/export.php and remove the functionality.
>>>>
>>>>
>>>> On 2012-06-27, at 8:47 AM, Harry Metcalfe wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> We've found that some of our corporate clients have concerns about the
>>>>> ability for their staff to mass-export data from the WP backend.
>>>>>
>>>>> I realise we can (and have) removed the administrator role's capability
>>>>> to do that, but I wondered if it might be useful to add a constant that
>>>>> disables it? There's a bit of concern that a plugin could re-add the
>>>>> capability without us noticing. Something that works like
>>>>> DISALLOW_FILE_EDIT
>>>>> would be more robust.
>>>>>
>>>>> Very happy to submit a patch if people think it's a good idea.
>>>>>
>>>>> Harry
>>>>>
>>>>> _______________________________________________
>>>>> wp-hackers mailing list
>>>>> wp-hackers at lists.automattic.com
>>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>>
>>>>
>>>> --
>>>>
>>>> Christopher Ross : @thisismyurl : Pinterest : Facebook : LinkedIn :
>>>> Google+
>>>> Telephone: (506) 455-4122
>>>>
>>>> 399 King Street,
>>>> Fredericton, New Brunswick
>>>> E3B 3E5
>>>>
>>>> Photography : Blog
>>>>
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> wp-hackers mailing list
>>>> wp-hackers at lists.automattic.com
>>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>>
>>> _______________________________________________
>>> wp-hackers mailing list
>>> wp-hackers at lists.automattic.com
>>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers


More information about the wp-hackers mailing list