[wp-trac] Re: [WordPress Trac] #5487: query.php mistakenly uses is_admin() to check for admin privileges

WordPress Trac wp-trac at lists.automattic.com
Wed Dec 19 17:19:28 GMT 2007


#5487: query.php mistakenly uses is_admin() to check for admin privileges
---------------------------------------------------+------------------------
 Reporter:  pishmishy                              |        Owner:  pishmishy
     Type:  defect                                 |       Status:  assigned 
 Priority:  high                                   |    Milestone:  2.4      
Component:  Security                               |      Version:  2.3.1    
 Severity:  major                                  |   Resolution:           
 Keywords:  query is_admin has-patch dev-feedback  |  
---------------------------------------------------+------------------------
Comment (by ryan):

 Actually, edit-pages.php and edit.php filter the results of the is_admin()
 query.  So I think all we need is a proper is_admin() check and not any
 cap checks.

-- 
Ticket URL: <http://trac.wordpress.org/ticket/5487#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list