[wp-trac] [WordPress Trac] #26409: Non-Editors can create (non-hierarchical) terms even though they can't manage_terms

WordPress Trac noreply at wordpress.org
Thu Jan 9 06:02:49 UTC 2014


#26409: Non-Editors can create (non-hierarchical) terms even though they can't
manage_terms
--------------------------+------------------
 Reporter:  westonruter   |       Owner:
     Type:  defect (bug)  |      Status:  new
 Priority:  normal        |   Milestone:  3.9
Component:  Taxonomy      |     Version:  3.0
 Severity:  normal        |  Resolution:
 Keywords:  has-patch     |
--------------------------+------------------

Comment (by westonruter):

 Replying to [comment:3 obenland]:
 > We could also just not show the meta box in the first place and not give
 them the opportunity to mess with it.

 If we just hide the metabox, and don't add some cap checks into the
 underyling API calls, then there could be other ways that a user could
 illegally add terms (e.g. via quick edit)

--
Ticket URL: <https://core.trac.wordpress.org/ticket/26409#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list