[wp-trac] [WordPress Trac] #19131: setting $taxnow in POSTS
WordPress Trac
wp-trac at lists.automattic.com
Thu Nov 3 14:14:48 UTC 2011
#19131: setting $taxnow in POSTS
----------------------------+-----------------------------
Reporter: haayman | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.2.1
Severity: normal | Keywords:
----------------------------+-----------------------------
line 96 and 97 in wp-admin/admin.php:
{{{
if ( isset($_GET['taxonomy']) )
$taxnow = sanitize_key($_GET['taxonomy']);
else
$taxnow = '';
}}}
should be
{{{
if ( isset($_REQUEST['taxonomy']) )
$taxnow = sanitize_key($_REQUEST['taxonomy']);
else
$taxnow = '';
}}}
because in wp-admin/edit-tags.php lines 10, 11:
{{{
require_once('./admin.php');
$tax = get_taxonomy( $taxnow );
if ( !current_user_can( $tax->cap->manage_terms ) )
wp_die( __( 'Cheatin’ uh?' ) );
}}}
doesn't work when you edit a tag and POST the changes. The
current_user_can() is checked against 'tag_post' instead against the
actual taxonomy.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19131>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list