[wp-trac] [WordPress Trac] #5349: Admin permissions on Manage Posts
page
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 13 09:15:33 GMT 2007
#5349: Admin permissions on Manage Posts page
----------------------------+-----------------------------------------------
Reporter: cbandy | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone:
Component: Administration | Version: 2.3.1
Severity: normal | Keywords:
----------------------------+-----------------------------------------------
When logged in as admin, the Delete button on the Manage Posts page (wp-
admin/edit.php) always displays "You don't have permission to do that" and
does not delete a post.
Digging, I found that check_ajax_referer compares the current user_login
to the USER_COOKIE value passed in the request. The current user_login is
the plain string "admin" while the value in the request appears encoded in
some way, and the test ( $current_name != $user ) is always false.
Commenting out line 367-368 in wp-includes/pluggable.php solved for me.
--
Ticket URL: <http://trac.wordpress.org/ticket/5349>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list