#75 closed defect (bug) (fixed)
security related user level problem
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | major | Version: | |
| Component: | Administration | Keywords: | |
| Focuses: | Cc: |
Description
it is undesirable to let any user but the site admin see the database login and password info.
I suggest to add the following line to templates.php in wp-admin directory:
line 18:
if (stristr($file, 'config') && $user_level < 10)
die(('<p>You do not have sufficient permissions to edit config files for this blog.</p>'));
I chose stristr since it is case insensitve.
Attachments (3)
Change History (9)
#3
@
21 years ago
Directly related to bug #69 (Almost a duplicate except this is really a patch for it...)
#6
@
21 years ago
- fixed_in_version set to 1.3
- Owner changed from anonymous to matt
- Resolution changed from 10 to 20
- Status changed from assigned to closed
This ticket was mentioned in Slack in #core-fields by tlovett1. View the logs.
10 years ago
This ticket was mentioned in Slack in #core-fields by tlovett1. View the logs.
10 years ago
Note: See
TracTickets for help on using
tickets.
addendum: i added the if clause at the wrong spot. the second file is the correct one.
add:
---
if (stristr($file, 'config') && $user_level <= 9) {
---
at line 87 under require_once('admin-header.php'); in teh default: section
cheers
ai