security related user level problem
|Reported by:||Ihad||Owned by:||matt|
it is undesirable to let any user but the site admin see the database login and password info.
I suggest to add the following line to templates.php in wp-admin directory:
if (stristr($file, 'config') && $user_level < 10)
die(('<p>You do not have sufficient permissions to edit config files for this blog.</p>'));
I chose stristr since it is case insensitve.
Change History (7)
- fixed_in_version set to 1.3
- Owner changed from anonymous to matt
- Resolution changed from 10 to 20
- Status changed from assigned to closed