[wp-trac] [WordPress Trac] #27137: Remove required user context from `get_edit_post_link()`
WordPress Trac
noreply at wordpress.org
Fri Feb 21 17:56:39 UTC 2014
#27137: Remove required user context from `get_edit_post_link()`
------------------------------------+------------------------------
Reporter: danielbachhuber | Owner:
Type: defect (bug) | Status: new
Priority: low | Milestone: Awaiting Review
Component: Posts, Post Types | Version:
Severity: minor | Resolution:
Keywords: dev-feedback has-patch | Focuses: template
------------------------------------+------------------------------
Changes (by ericlewis):
* focuses: => template
Comment:
This makes sense and looks good to me.
Daniel said
> Removing the capability check won't introduce a security hole because
WordPress institutes a capability check when loading the link.
To add on to that, even if a plugin/theme outputs the link without proper
caps checking, it's just a link. Caps check would keep them out of the wp-
admin page on click-through.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/27137#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list