Opened 15 years ago
Closed 15 years ago
#12455 closed defect (bug) (fixed)
Options.php cleanup
Reported by: | dd32 | Owned by: | dd32 |
---|---|---|---|
Milestone: | 3.0 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | General | Keywords: | has-patch needs-testing |
Focuses: | Cc: |
Description
The 2.9 options.php only contained 2 cases where exiting was required, Specifically, if ( !current_user_can('manage_options') )
and if the whitelisted page was not available.
trunk currently contains a few Multisite additions for death of the loading, Some of these apply to non-MS installs as well.
Attached patch is an attempt at cleaning up some blocks of the code.
- Consolidates wp_die()'s to the top of the file
- Multisite checks allow for non-super-admins to update options, not to access the options.php page
- Code formatting
- Reduced if branching
- Removes single-case switch in favour of if
Attachments (1)
Change History (7)
#3
follow-up:
↓ 4
@
15 years ago
I'd like to suggest an additional enhancement: if the site is not multisite, only the user whose email corresponds to the admin email can browse that screen.
#4
in reply to:
↑ 3
@
15 years ago
Replying to Denis-de-Bernardy:
I'd like to suggest an additional enhancement: if the site is not multisite, only the user whose email corresponds to the admin email can browse that screen.
-1 for two reasons. One, this should be handled by capabilities. If manage_options isn't specific enough, then we can come up with another that can be removed by a plugin for certain users. Even then, a plugin should be able to deny options.php for certain holders of a manage_options cap.
Two, there's zero guarantee that there is a matching account to the admin email. If we ever start thinking about an owner/super-admin role that can be linked directly to the admin email, then this perhaps comes into play, but otherwise, you can't make that assumption.
Some testing under Multisite, and with various plugins would be appreciated.