Make WordPress Core

Opened 20 years ago

Closed 20 years ago

Last modified 6 months ago

#101 closed defect (bug) (fixed)

Security Breach: Editing off others posts with Level 1

Reported by: anonymousbugger's profile anonymousbugger Owned by: michel-v's profile michel v
Milestone: Priority: normal
Severity: major Version: 1.2
Component: General Keywords:
Focuses: Cc:

Description

If there are several users set to level one they can edit all posts by every user at this level. On the blog there is always the "edit this" link and administration doesn't validate too.

Change History (7)

#2 @anonymousbugger
20 years ago

I have fixed it with adding something like:

if (($user_level == 1
$user_level == 2) && ($authordata->ID != $user_ID ))

return / die;

to wp-includes/template-functions-links.php function function edit_post_link and to file wp-admin/post.php in the edit-part.

#3 @michel v
20 years ago

  • Owner changed from anonymous to michel v
  • Resolution changed from 10 to 20
  • Status changed from new to closed

This ticket was mentioned in Slack in #forums by ipstenu. View the logs.


10 years ago

This ticket was mentioned in Slack in #forums by ipstenu. View the logs.


10 years ago

This ticket was mentioned in Slack in #core-themes by netweb. View the logs.


5 years ago

Note: See TracTickets for help on using tickets.