[wp-trac] [WordPress Trac] #26409: Non-Editors can create (non-hierarchical) terms even though they can't manage_terms
WordPress Trac
noreply at wordpress.org
Thu Jan 9 06:02:49 UTC 2014
#26409: Non-Editors can create (non-hierarchical) terms even though they can't
manage_terms
--------------------------+------------------
Reporter: westonruter | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.9
Component: Taxonomy | Version: 3.0
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------
Comment (by westonruter):
Replying to [comment:3 obenland]:
> We could also just not show the meta box in the first place and not give
them the opportunity to mess with it.
If we just hide the metabox, and don't add some cap checks into the
underyling API calls, then there could be other ways that a user could
illegally add terms (e.g. via quick edit)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/26409#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list