[wp-trac] [WordPress Trac] #19415: wp_nav_menu showing private/conctepts posts without rights
WordPress Trac
wp-trac at lists.automattic.com
Fri Dec 2 18:11:06 UTC 2011
#19415: wp_nav_menu showing private/conctepts posts without rights
--------------------------+-----------------------------
Reporter: thomask | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.3
Severity: major | Keywords:
--------------------------+-----------------------------
when you are using wordpress menus and you got your post/page in a menu
(e.g. using Automatically add new top-level pages) and then change the
post/page to concept or set it private, the link to post/page stays in the
menu for all users, what may have some negative security concerns
this error in all versions, including todays nightly
IMO it should show only visible posts (if someone disagrees and need it
for some backward compatibility, there may be some parameter, but imo
hidding private/concept should be default)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19415>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list