Make WordPress Core


Ignore:
Timestamp:
05/15/2018 08:58:05 PM (7 years ago)
Author:
iandunn
Message:

Privacy: Require manage_privacy_options to edit policy page.

A user is required to have the manage_privacy_options capability in order to determine which page is set as the privacy policy (the wp_page_for_privacy_policy). Given that, it doesn't make sense to allow users without that capability to edit or delete the page.

A similar situation exists with the page_for_posts and page_on_front options, but Editors are allowed to edit those pages. The reason that this situation is different is because it is more likely that an administrator will want to restrict modifications to the privacy policy, than it is that they will want to allow modifications. Modifications to the policy often require specialized knowledge of local laws, and can have implications for compliance with those laws.

Props dlh, desrosj.
Merges [43286] to the 4.9 branch.
Fixes #44079.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/capabilities.php

    r43156 r43287  
    120120            }
    121121        }
     122
     123        /*
     124         * Setting the privacy policy page requires `manage_privacy_options`,
     125         * so deleting it should require that too.
     126         */
     127        if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
     128            $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
     129        }
     130
    122131        break;
    123132        // edit_post breaks down to edit_posts, edit_published_posts, or
     
    181190            }
    182191        }
     192
     193        /*
     194         * Setting the privacy policy page requires `manage_privacy_options`,
     195         * so editing it should require that too.
     196         */
     197        if ( (int) get_option( 'wp_page_for_privacy_policy' ) === $post->ID ) {
     198            $caps = array_merge( $caps, map_meta_cap( 'manage_privacy_options', $user_id ) );
     199        }
     200
    183201        break;
    184202    case 'read_post':
Note: See TracChangeset for help on using the changeset viewer.