WordPress.org
Get WordPress

Make WordPress Core

Opened 15 years ago

Closed 14 years ago

#17909 closed enhancement (fixed)

admin-ajax.php should use edit_comment capability

Reported by: ejdanderson's profile ejdanderson Owned by:
Milestone: 3.3 Priority: normal
Severity: normal Version: 3.2
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

admin-ajax.php is still using the 'edit_post' capability with respect to the handling of comments, this should be using the 'edit_comment' capability introduced in 3.1

Attachments (1)

admin-ajax.diff (1.6 KB) - added by ejdanderson 15 years ago.
Replaces edit_post capability with edit_comment. I believe the 'edit_post' capability is appropriate in the 'get-comments' and 'replyto-comment' cases.

Download all attachments as: .zip

Change History (9)

@ejdanderson
15 years ago

Replaces edit_post capability with edit_comment. I believe the 'edit_post' capability is appropriate in the 'get-comments' and 'replyto-comment' cases.

#1 @scribu
15 years ago

  • Keywords 3.3-early added
  • Milestone changed from Awaiting Review to Future Release

#2 @nacin
15 years ago

  • Keywords 3.3-early removed
  • Milestone changed from Future Release to 3.2.1

#3 @nacin
15 years ago

  • Milestone changed from 3.2.1 to 3.2.2

#4 @nacin
15 years ago

In [18435]:

Use edit_comment rather than edit_post in admin-ajax. props ejdanderson, see #17909. for trunk.

#5 @nacin
15 years ago

Leaving this one open for 3.2.x for possible hardening.

#6 @nacin
15 years ago

  • Keywords fixed-major added

#7 @devinreams
14 years ago

  • Cc devin@… added

#8 @nacin
14 years ago

  • Keywords fixed-major removed
  • Milestone changed from 3.2.2 to 3.3
  • Resolution set to fixed
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.