id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
11770,inconsistencies in the WPMU menu permissions,Denis-de-Bernardy,,"in wpmu_menu(), we have:

{{{
unset( $submenu['plugins.php'][15] ); // always remove the plugin editor
}}}

but further down in list_activate_sitewide_plugins(), we have:

{{{
if ( current_user_can('edit_plugins') ...
}}}

firstly, if memory serves, the non-existence of the menu item should make this trigger an error if it's clicked. (if not, we should add some more CYA permission checks similar to those we introduced around WP 2.8.1 and 2.8.2.)

secondly, does it really make any sense to add this check on a MU site? it sounds like a recipe for breaking an installation.",defect (bug),closed,normal,3.0,Multisite,3.0,normal,fixed,2nd-opinion,