#19824 closed defect (bug) (fixed)
Capability checks missing for some links after a plugin/theme upgrade
Reported by: |
|
Owned by: |
|
---|---|---|---|
Milestone: | 3.5 | Priority: | normal |
Severity: | normal | Version: | 3.0 |
Component: | Upgrade/Install | Keywords: | has-patch |
Focuses: | Cc: |
Description
After a plugin's/theme's update has been finished through the Dashboard > Updates (update-core.php) screen, the "Return to Plugins page" or "Return to Themes page" links are offered, but there is no check if current user can access those pages (plugins.php/themes.php).
This problem can show up, if a user is given the update_core and one or both of update_plugins, update_themes capabilities, but doesn't have any of activate_plugins, edit_theme_options, switch_themes capabilities.
Attachments (1)
Change History (6)
Note: See
TracTickets for help on using
tickets.
Looks good.
Worth noting that update-core.php can only be accessed if you have the update_core cap. Perhaps that page should be changed to allow for someone to have only update_plugins and/or update_themes?