Opened 15 years ago
Closed 15 years ago
#11770 closed defect (bug) (fixed)
inconsistencies in the WPMU menu permissions
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | 3.0 | Priority: | normal |
| Severity: | normal | Version: | 3.0 |
| Component: | Multisite | Keywords: | 2nd-opinion |
| Focuses: | Cc: |
Description
in wpmu_menu(), we have:
unset( $submenu['plugins.php'][15] ); // always remove the plugin editor
but further down in list_activate_sitewide_plugins(), we have:
if ( current_user_can('edit_plugins') ...
firstly, if memory serves, the non-existence of the menu item should make this trigger an error if it's clicked. (if not, we should add some more CYA permission checks similar to those we introduced around WP 2.8.1 and 2.8.2.)
secondly, does it really make any sense to add this check on a MU site? it sounds like a recipe for breaking an installation.
Change History (2)
Note: See
TracTickets for help on using
tickets.
cherrie on the pie: disable_some_pages() explicitly disables the plugin editor.