[wp-trac] [WordPress Trac] #27020: Use a safer capability default when post_author == 0
WordPress Trac
noreply at wordpress.org
Wed Feb 5 14:08:01 UTC 2014
#27020: Use a safer capability default when post_author == 0
-----------------------------+------------------
Reporter: danielbachhuber | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.9
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-----------------------------+------------------
Changes (by nacin):
* keywords: dev-feedback => needs-patch
* milestone: Awaiting Review => 3.9
Comment:
Yeah, I've never been sure why we've defaulted to the current user when
post_author = 0. I agree it should be edit_others_posts by default. I am
wondering if we can change this without causing problems, but given the
concerns of privilege escalation, I'm also not as worried about the side
effects. Let's try it out.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27020#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list