Ticket #17909 (closed enhancement: fixed)

Opened 11 months ago

Last modified 6 months ago

admin-ajax.php should use edit_comment capability

Reported by: ejdanderson Owned by:
Priority: normal Milestone: 3.3
Component: Administration Version: 3.2
Severity: normal Keywords: has-patch
Cc: devin@…

Description

admin-ajax.php is still using the 'edit_post' capability with respect to the handling of comments, this should be using the 'edit_comment' capability introduced in 3.1

Attachments

admin-ajax.diff Download (1.6 KB) - added by ejdanderson 11 months ago.
Replaces edit_post capability with edit_comment. I believe the 'edit_post' capability is appropriate in the 'get-comments' and 'replyto-comment' cases.

Change History

ejdanderson11 months ago

Replaces edit_post capability with edit_comment. I believe the 'edit_post' capability is appropriate in the 'get-comments' and 'replyto-comment' cases.

comment:1   scribu11 months ago

  • Keywords 3.3-early added
  • Milestone changed from Awaiting Review to Future Release

comment:2   nacin11 months ago

  • Keywords 3.3-early removed
  • Milestone changed from Future Release to 3.2.1

comment:3   nacin11 months ago

  • Milestone changed from 3.2.1 to 3.2.2

comment:4   nacin11 months ago

In [18435]:

Use edit_comment rather than edit_post in admin-ajax. props ejdanderson, see #17909. for trunk.

comment:5   nacin11 months ago

Leaving this one open for 3.2.x for possible hardening.

comment:6   nacin10 months ago

  • Keywords fixed-major added

comment:7   devinreams7 months ago

  • Cc devin@… added

comment:8   nacin6 months ago

  • Keywords fixed-major removed
  • Status changed from new to closed
  • Resolution set to fixed
  • Milestone changed from 3.2.2 to 3.3
Note: See TracTickets for help on using tickets.