[wp-trac] Re: [WordPress Trac] #5487: query.php mistakenly uses
is_admin() to check for admin privileges
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 19 16:47:19 GMT 2007
#5487: query.php mistakenly uses is_admin() to check for admin privileges
---------------------------------------------------+------------------------
Reporter: pishmishy | Owner: pishmishy
Type: defect | Status: assigned
Priority: high | Milestone: 2.4
Component: Security | Version: 2.3.1
Severity: major | Resolution:
Keywords: query is_admin has-patch dev-feedback |
---------------------------------------------------+------------------------
Comment (by docwhat):
What I did (Wordpress 2.3.1):
* Logged into wp-admin with Firefox.
* Created a new post called "DRAFT", with text "DRAFT"
* I saved it (but did not publish it)
* I opened another browser (Opera).
* I tried using the URL you had above (modified for my site) and it does
not show me drafts.
* I tried adding the p=<post number> get argument, but I just get a
blank page.
I cannot reproduce this problem.
Will the current_user_can() allow the author (possibly a non-admin) to
view the draft post that he/she just wrote?
Ciao!
--
Ticket URL: <http://trac.wordpress.org/ticket/5487#comment:4>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list