[wp-trac] [WordPress Trac] #11306: Option to disable theme/plugin editor
WordPress Trac
wp-trac at lists.automattic.com
Thu Dec 3 08:24:42 UTC 2009
#11306: Option to disable theme/plugin editor
-----------------------------+----------------------------------------------
Reporter: kchrist | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: 3.0
Component: General | Version: 2.9
Severity: normal | Keywords: has-patch
-----------------------------+----------------------------------------------
Comment(by nacin):
When I saw "Wow, now that would be a regression!" via wp-trac, I thought
that was in reply to DISALLOW_FILE_EDIT and I was confused. Now I see what
the fuss was about.
The file editors are secure. What isn't necessarily secure is a user's
account, simply due to the problems that exist between keyboards and
chairs. That's no reason to disable a feature. It's a slippery slope when
features are considered in that context.
If we're going to do ALLOW_FILE_EDIT, then we should also add similar
hidden constants to prevent, by default, other controversial features
accessible with a user account password, including the ability to delete
posts, manage plugins, and import content.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11306#comment:11>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list