[wp-trac] [WordPress Trac] #25395: Potential bug of uploading images using media-upload
WordPress Trac
noreply at wordpress.org
Mon Sep 23 10:48:14 UTC 2013
#25395: Potential bug of uploading images using media-upload
----------------------------+-----------------------------
Reporter: alucard001 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 3.6.1
Severity: normal | Keywords: needs-patch
----------------------------+-----------------------------
File: wp-admin/media-upload.php
Version: 3.6.1
Line: 37:
if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' ,
$_REQUEST['post_id'] ) )
In wordpress
documentaion:http://codex.wordpress.org/Roles_and_Capabilities#edit_posts
The name of this capabilities should be called "edit_posts", but in this
file the name of the right is called "edit_post" (without 's').
The result is that when an non-admin user wants to upload an image in a
theme that is using "option-tree", it will result in a "Cheating, ugh?"
message.
I am not sure if there are other places where the same thing happened,
therefore I suggest to do a simple full-code scan to verify that.
Thank you.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25395>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list