[wp-trac] [WordPress Trac] #45070: Entire Media Library & permissions available to subscribers by accessing wp-admin as a subscbriber only.
WordPress Trac
noreply at wordpress.org
Wed Oct 10 10:58:47 UTC 2018
#45070: Entire Media Library & permissions available to subscribers by accessing
wp-admin as a subscbriber only.
-----------------------------+----------------------
Reporter: tamramc | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: General | Version: 4.9.8
Severity: major | Resolution: invalid
Keywords: has-screenshots | Focuses:
-----------------------------+----------------------
Changes (by johnbillion):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Hi @tamramc! It sounds like you've made some customisations to the core
WordPress files (`wp-includes/admin-bar.php`). This is never a good idea
because it means you can't update to future versions of WordPress without
risking losing your changes. You should try to make these changes via a
plugin instead. In fact, you might find there is already a plugin
available on wordpress.org/plugins that addresses your needs.
Regarding the issue you're reporting, I've tested this with a brand new
installation of WordPress and a user with the Subscriber level role cannot
access the media library. You may have introduced some code on your site
which allows this (for example by modifying or granting the `upload_files`
user capability), or you may have a plugin or theme on your site which is
enabling this.
Your best bet is to try deactivating any plugins you've installed, and try
reverting the changes you've made to WordPress core files.
I'll close this ticket as this isn't an issue in core WordPress.
John
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45070#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list