[wp-trac] Re: [WordPress Trac] #8770: Add role filtering to user
editing code to secure edit_users capabiltity (security)
WordPress Trac
wp-trac at lists.automattic.com
Wed Dec 31 21:50:38 GMT 2008
#8770: Add role filtering to user editing code to secure edit_users capabiltity
(security)
--------------------------------------------------+-------------------------
Reporter: jeremyclarke | Owner: jeremyclarke
Type: defect (bug) | Status: new
Priority: normal | Milestone: 2.8
Component: Security | Version:
Severity: normal | Resolution:
Keywords: has-patch capabilities needs-testing |
--------------------------------------------------+-------------------------
Comment (by jeremyclarke):
Oh yeah, to see the effects of these patches (which are only relevant if
you have a user with 'edit_users' but who isn't an admin (doesnt' have all
other privileges), you also need to have the following plugin code running
somewhere (updated since the previous tickets to use the new filter name):
http://www.pastie.org/349868
You can use the Role Manager plugin (which will hopefully have that code
integrated) to set up a user who is an author or editor with the
edit_users capability.
--
Ticket URL: <http://trac.wordpress.org/ticket/8770#comment:1>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list