#101 closed defect (bug) (fixed)
Security Breach: Editing off others posts with Level 1
Reported by: | anonymousbugger | Owned by: | michel v |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | major | Version: | 1.2 |
Component: | General | Keywords: | |
Focuses: | Cc: |
Description
If there are several users set to level one they can edit all posts by every user at this level. On the blog there is always the "edit this" link and administration doesn't validate too.
Change History (7)
#3
@
20 years ago
- Owner changed from anonymous to michel v
- Resolution changed from 10 to 20
- Status changed from new to closed
This ticket was mentioned in Slack in #forums by ipstenu. View the logs.
10 years ago
This ticket was mentioned in Slack in #forums by ipstenu. View the logs.
10 years ago
This ticket was mentioned in Slack in #core-themes by netweb. View the logs.
5 years ago
Note: See
TracTickets for help on using
tickets.
I have fixed it with adding something like:
to wp-includes/template-functions-links.php function function edit_post_link and to file wp-admin/post.php in the edit-part.