[wp-trac] Re: [WordPress Trac] #6014: Hook needed on
wp_dropdown_roles() to
secure 'edit_users' capability (see last comment)
WordPress Trac
wp-trac at lists.automattic.com
Wed Oct 8 16:18:49 GMT 2008
#6014: Hook needed on wp_dropdown_roles() to secure 'edit_users' capability (see
last comment)
------------------------------------+---------------------------------------
Reporter: jeremyclarke | Owner: jeremyclarke
Type: defect | Status: new
Priority: high | Milestone: 2.9
Component: Security | Version:
Severity: major | Resolution:
Keywords: has-patch capabilities |
------------------------------------+---------------------------------------
Comment (by jeremyclarke):
The problem is probably just that the patch was written for 2.5 and the
user management page may have changed. CrazySerb, are you also running my
old patch to Role Manager? Cause it could be broken by now. This patch
doesn't actually fix anything without also using a plugin to hook in and
add the actual filtering logic, so you must be using something else if you
notice any difference from a vanilla install.
I actually never implemented this on my own live site because I was
waiting for this patch to be implemented, UGH!
If a core dev would come by and confirm that my concept is acceptable I'll
recheck my patch and make sure it works in 2.7 so that we can at least
depend on it working there.
--
Ticket URL: <http://trac.wordpress.org/ticket/6014#comment:20>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list