WordPress.org

Make WordPress Core

#37490 closed defect (bug) (fixed)

Improve capability checks in wp_ajax_update_plugin() and wp_ajax_delete_plugin()

Reported by: ocean90 Owned by: ocean90
Milestone: 4.6 Priority: normal
Severity: normal Version: 4.6
Component: Plugins Keywords:
Focuses: Cc:

Description

Looking at [37714] and noticed that the cap checks for both mentioned functions can be slightly improved so they match the other Ajax handlers like wp_ajax_delete_theme() or wp_ajax_install_plugin().

Change History (1)

#1 @ocean90
10 months ago

  • Owner set to ocean90
  • Resolution set to fixed
  • Status changed from new to closed

In 38168:

Plugins: Move capability checks further up in wp_ajax_update_plugin() and wp_ajax_delete_plugin().

Add tests for both Ajax handlers.

Props Yorick Koster, swissspidy.
Fixes #37490.

Note: See TracTickets for help on using tickets.