WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 11 years ago

Last modified 13 months ago

#101 closed defect (bug) (fixed)

Security Breach: Editing off others posts with Level 1

Reported by: anonymousbugger Owned by: michel v
Milestone: Priority: normal
Severity: major Version: 1.2
Component: General Keywords:
Focuses: Cc:

Description

If there are several users set to level one they can edit all posts by every user at this level. On the blog there is always the "edit this" link and administration doesn't validate too.

Change History (6)

#2 @anonymousbugger
12 years ago

I have fixed it with adding something like:

if (($user_level == 1
$user_level == 2) && ($authordata->ID != $user_ID ))

return / die;

to wp-includes/template-functions-links.php function function edit_post_link and to file wp-admin/post.php in the edit-part.

#3 @michel v
11 years ago

  • Owner changed from anonymous to michel v
  • Resolution changed from 10 to 20
  • Status changed from new to closed

This ticket was mentioned in Slack in #forums by ipstenu. View the logs.


13 months ago

This ticket was mentioned in Slack in #forums by ipstenu. View the logs.


13 months ago

Note: See TracTickets for help on using tickets.