[wp-trac] [WordPress Trac] #23939: Wrong capability check in wp_ajax_replyto_comment
WordPress Trac
noreply at wordpress.org
Fri Apr 5 00:52:57 UTC 2013
#23939: Wrong capability check in wp_ajax_replyto_comment
--------------------------+------------------------------
Reporter: fgauthier | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Comments | Version: 2.7
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------------------
Comment (by fgauthier):
Replying to [comment:8 SergeyBiryukov]:
> Has been this way since the feature was introduced in [8720].
Yeah, but in ticket:14520 and [15596], the edit_comment capability was
introduced in edit-comment.php to replace edit_post. The
wp_ajax_replyto_comment function performs similar operations but is still
protected by the edit_post capability.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/23939#comment:9>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list