[wp-trac] [WordPress Trac] #15276: Ability to change/delete any post's meta if current user can edit any post.
WordPress Trac
wp-trac at lists.automattic.com
Mon Dec 20 12:39:17 UTC 2010
#15276: Ability to change/delete any post's meta if current user can edit any post.
--------------------------+---------------------
Reporter: karevn | Owner: ryan
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 3.1
Component: Security | Version: 3.0.1
Severity: normal | Resolution: fixed
Keywords: has-patch |
--------------------------+---------------------
Comment (by ryan):
I changed the patch slightly to restrict to the post ID rather than doing
a capability check. The edit_post check done at the top of the function
suffices.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15276#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list