[wp-trac] [WordPress Trac] #31470: Add user capability check to WordPress update nag

WordPress Trac noreply at wordpress.org
Thu Feb 26 20:29:51 UTC 2015

#31470: Add user capability check to WordPress update nag
 Reporter:  krogsgard        |      Owner:
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Role/Capability  |    Version:  4.1
 Severity:  normal           |   Keywords:
  Focuses:  administration   |
 The WordPress update nag has been in effect since the introduction of the
 WordPress admin update API as far as I can tell. In WordPress 2.3, with
 #4869, a check was added to differentiate between the language provided to
 users with `manage_options` and other logged-in users. In WordPress 3.0,
 the check was updated to utilize the new `update_core` permission.

 Today, WordPress users should not be assumed to have any form of
 relationship with the site owner or anyone with update permissions. The
 nag currently shows for any logged in users, even those with `read` only

 I don't think I should get update notifications on sites I'm only
 marginally attached to. Example A:


 An example use case is eCommerce. Pretty much anyone making an order will
 get added as at least a subscriber level, and therefore if they find their
 way to the WordPress admin (perhaps to edit a profile), they'll get a
 WordPress update nag.

 I'd propose that we limit the nag to users with at least some form of site
 management permissions.

 I'd personally prefer that only editors and above get the nag: perhaps
 using the permission for `publish_pages`. Alternatively, we could limit to
 admins and those with permission to `update_core` and ditch the secondary
 language to notify an administrator. At an absolute minimum, I think we
 should limit it to `edit_posts`, or the contributor role.

Ticket URL: <https://core.trac.wordpress.org/ticket/31470>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list