#37436 closed defect (bug) (fixed)
"Popular Plugin" UI in WordPress News dashboard widget doesn't respect DISALLOW_FILE_MODS
Reported by: | danielbachhuber | Owned by: | swissspidy |
---|---|---|---|
Milestone: | 4.7 | Priority: | normal |
Severity: | normal | Version: | |
Component: | Administration | Keywords: | has-patch commit |
Focuses: | Cc: |
Description
Specifically, this conditional in wp_dashboard_primary()
:
if ( ( ! is_multisite() && is_blog_admin() && current_user_can( 'install_plugins' ) ) || ( is_network_admin() && current_user_can( 'manage_network_plugins' ) && current_user_can( 'install_plugins' ) ) ) {
If I have DISALLOW_FILE_MODS
defined in my wp-config.php
, then this particular component in the widget shouldn't be exposed.
Attachments (5)
Change History (23)
#3
@
8 years ago
Ignore the 37436.patch, the 37436.2.patch do the check only for the plugin part and not for all the widget.
#4
@
8 years ago
- Keywords has-patch added; dev-feedback reporter-feedback removed
- Milestone changed from Awaiting Review to 4.7
37436.2.patch works after the cache has been cleared (usually 1 day).
#5
@
8 years ago
37436.diff adds a function, wp_disallow_file_mods()
#7
@
8 years ago
Sure. 37436.3.diff adds a db upgrade method to delete the transient once.
However, as soon as the constant changes, the output is wrong again for a short period of time.
This ticket was mentioned in Slack in #core by aaroncampbell. View the logs.
8 years ago
This ticket was mentioned in Slack in #core by stevenkword. View the logs.
8 years ago
#11
@
8 years ago
Wondering how unit tests could be applied here... There aren't really any filters or something we could hook into and I don't want to fetch feeds during tests.
This ticket was mentioned in Slack in #core by jeffpaul. View the logs.
8 years ago
#13
@
8 years ago
@swissspidy I don't see a straightforward way to test this change either. Do you think it would also make sense to make a wrapper function for defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT
as well?
#14
@
8 years ago
- Keywords needs-unit-tests removed
@rachelbaker wp_disallow_file_mods()
is surely nice to have, but needs a filter to be actually useful. That way we could more easily write unit tests for the code using it. We should do that in a separate ticket though. For this ticket, I'd go with 37436.2.patch and the upgrade routine.
#15
@
8 years ago
I don't think we need an upgrade routine for this. 37436.2.patch looks good enough (with a space after !).
The patch contain the check for that constants in the
wp_dashboard_primary()
function.