[wp-trac] [WordPress Trac] #36379: Saving post can remove its hierarchical terms if user cannot 'assign_terms'
WordPress Trac
noreply at wordpress.org
Wed Mar 30 22:52:59 UTC 2016
#36379: Saving post can remove its hierarchical terms if user cannot 'assign_terms'
-----------------------------------+-----------------------------
Reporter: dlh | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Future Release
Component: Taxonomy | Version:
Severity: normal | Resolution:
Keywords: 4.6-early needs-patch | Focuses: administration
-----------------------------------+-----------------------------
Changes (by boonebgorges):
* keywords: => 4.6-early needs-patch
* component: Administration => Taxonomy
* milestone: Awaiting Review => Future Release
Comment:
Oof, good find, @dlh.
A more appropriate approach, I think, is to do an 'assign_terms' cap check
before saving term data on the post. (The hidden input field trick can be
bypassed by manipulating the DOM.)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36379#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list