Changeset 43085 for trunk/src/wp-admin/includes/ajax-actions.php

Timestamp:

05/02/2018 01:07:00 AM (8 years ago)

Author:

iandunn

Message:

Privacy: Limit export and erasure to super admins on Multisite.

Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Fixes #43919.

File:

• trunk/src/wp-admin/includes/ajax-actions.php (modified) (2 diffs)

trunk/src/wp-admin/includes/ajax-actions.php

@@ -4345 +4345 @@
     }
 
-    if ( ! current_user_can( 'manage_options' ) ) {
+    if ( ! current_user_can( 'export_others_personal_data' ) ) {
         wp_send_json_error( __( 'Invalid request.' ) );
     }
@@ -4523 +4523 @@
     }
 
-    if ( ! current_user_can( 'delete_users' ) ) {
+    // Both capabilities are required to avoid confusion, see `_wp_personal_data_removal_page()`.
+    if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) {
         wp_send_json_error( __( 'Invalid request.' ) );
     }