[wp-trac] [WordPress Trac] #11894: multisite permission checks should use caps when available
WordPress Trac
wp-trac at lists.automattic.com
Thu Jan 14 02:55:02 UTC 2010
#11894: multisite permission checks should use caps when available
-------------------------------+--------------------------------------------
Reporter: Denis-de-Bernardy | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.0
Component: Multisite | Version: 3.0
Severity: critical | Keywords:
-------------------------------+--------------------------------------------
Comment(by Denis-de-Bernardy):
r12722 should really be reversed outright, even. this kind of change makes
no sense whatsoever:
{{{
- if ( current_user_can('update_themes') )
+ if ( ( !is_multisite() && current_user_can('update_themes') ) ||
is_super_admin() )
}}}
the actual meta cap check should be changed instead if needed, and mu
sites should never grant update_themes to anyone *but* a super admin in
the first place.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/11894#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list