[wp-trac] [WordPress Trac] #6052: edit.php private post filter does
not restrict by user
WordPress Trac
wp-trac at lists.automattic.com
Fri Feb 29 21:47:43 GMT 2008
#6052: edit.php private post filter does not restrict by user
---------------------+------------------------------------------------------
Reporter: ryan | Owner: anonymous
Type: defect | Status: new
Priority: normal | Milestone: 2.5
Component: General | Version:
Severity: normal | Keywords:
---------------------+------------------------------------------------------
edit.php?post_status=private can leak private post titles. We need to
check if the user can read_private_posts. If not, other people's private
posts should not be showned. The same restriction needs to be applied
when counting the number of private posts.
--
Ticket URL: <http://trac.wordpress.org/ticket/6052>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list