WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/02/2018 03:48:27 AM (2 years ago)
Author:
SergeyBiryukov
Message:

Privacy: Limit export and erasure to super admins on Multisite.

Multisite networks have a variety of use cases, and in many of them single-site administrators are not trusted to take actions that affect the whole network, require making decisions about legal compliance, etc. By default, those actions should require super admin capabilities. Plugins can be used to override that behavior if a particular site's use case calls for it.

Props allendav, jeremyfelt, iandunn.
Merges [43085] to the 4.9 branch.
Fixes #43919.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-admin/includes/ajax-actions.php

    r43110 r43111  
    40354035    }
    40364036
    4037     if ( ! current_user_can( 'manage_options' ) ) {
     4037    if ( ! current_user_can( 'export_others_personal_data' ) ) {
    40384038        wp_send_json_error( __( 'Invalid request.' ) );
    40394039    }
     
    42134213    }
    42144214
    4215     if ( ! current_user_can( 'delete_users' ) ) {
     4215    // Both capabilities are required to avoid confusion, see `_wp_personal_data_removal_page()`.
     4216    if ( ! current_user_can( 'erase_others_personal_data' ) || ! current_user_can( 'delete_users' ) ) {
    42164217        wp_send_json_error( __( 'Invalid request.' ) );
    42174218    }
Note: See TracChangeset for help on using the changeset viewer.