[wp-trac] [WordPress Trac] #27020: Use a safer capability default when post_author == 0
WordPress Trac
noreply at wordpress.org
Wed Feb 5 14:25:16 UTC 2014
#27020: Use a safer capability default when post_author == 0
-----------------------------+------------------
Reporter: danielbachhuber | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.9
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-----------------------------+------------------
Comment (by westi):
Replying to [comment:1 nacin]:
> Yeah, I've never been sure why we've defaulted to the current user when
post_author = 0. I agree it should be edit_others_posts by default. I am
wondering if we can change this without causing problems, but given the
concerns of privilege escalation, I'm also not as worried about the side
effects. Let's try it out.
It seems reasonable to try it out.
I'm not convinced that posts with an author of 0 work well in other ways
too - I have a feeling there are comment moderation issues, if we are
going to make them work better we should check all the different ways
capability checks interact with post objects and create test cases for how
we expect them to work.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27020#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list