[wp-trac] [WordPress Trac] #15326: Always check capabilites in admin pages
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 9 03:27:55 UTC 2010
#15326: Always check capabilites in admin pages
-------------------------+--------------------------------------------------
Reporter: westi | Owner: westi
Type: enhancement | Status: new
Priority: high | Milestone: 3.1
Component: Security | Version: 3.1
Severity: normal | Keywords:
-------------------------+--------------------------------------------------
Comment(by nacin):
Also, what if we had check_permissions() instead just return a cap to
check? Then we can just call current_user_can( $wp_list_table->cap() ).
That cuts out redundant cycles and also makes it *very* clear what's going
on. (It's arguably confusing why we're doing it twice.) We're also no
longer really just using strings for capabilities, given the cap objects
for taxonomies and post types.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15326#comment:2>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list