[wp-trac] [WordPress Trac] #15326: Always check capabilites in admin pages
WordPress Trac
wp-trac at lists.automattic.com
Sat Nov 6 09:57:19 UTC 2010
#15326: Always check capabilites in admin pages
-------------------------+--------------------------------------------------
Reporter: westi | Owner: westi
Type: enhancement | Status: new
Priority: high | Milestone: 3.1
Component: Security | Version: 3.1
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
WP_List_Table introduces a check_permissions() function which hides away
the capabilities check inside the list table class so that it is easy to
write a generic AJAX handler.
We should still have current_user_can() checks in the normal admin pages
as it makes it easier to review for security holes.
Still doing it in the table classes is good defence in depth.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15326>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list