[wp-hackers] Removing admin-ajax.php hacks

mccormicky mccormicky at gmail.com
Thu Jul 1 11:58:09 UTC 2010


I'm guessing you don't want to override ALL the hacks in admin-ajax.php
which is why you don't just upload a fresh copy???





On Thu, Jul 1, 2010 at 7:53 AM, Nicolas Kuttler <
wp-hackers at nicolaskuttler.de> wrote:

> Am I missing something? Why don't you simply download wordpress and take
> the current ajax handler?
>
> Modifying the handler itelf is kind of pointless as you can check user
> capabilities inside your ajax action...
>
> Nicolas
>
> On Wed, Jun 30, 2010 at 05:27:17PM -0500, Shelby, Harper wrote:
> > I've been asked to remove some hacks to an exisiting WPMU installation,
> and the one that's causing me the most grief are the edits to
> admin-ajax.php. The previous maintainer altered the security checks on
> several activities, changing
> >
> >     if ( !current_user_can( 'edit_post', $pid ) )
> >
> > to
> >
> >     if ( !current_user_can( 'edit_post', $pid ) && !current_user_can(
> 'moderate_comments' ) )
> >
> > I have been digging quite a bit, but can't seem to find a way to alter
> the admin-ajax.php scripts in the correct manner. The goal of the
> customization was to allow a "Comment Moderator" role that could moderate
> comments, but not edit blog posts (somewhat obvious, but I thought I'd spell
> it out). The role was created using Capability Manager, but these hacks were
> added to the ajax to allow the role to work as intended.
> >
> > Any guidance on the right way to remove this customization would be
> greatly appreciated.
> >
> >
> > Thanks,
> >
> > Harper Shelby
> > Pariveda Solutions
> >  4203 Montrose | Suite 100 | Houston, Texas 77006
> >  (F) 713.520.4290 | (M) 281.520.2817
> > The Business of IT(r)
> > www.parivedasolutions.com<http://www.parivedasolutions.com/>
> >
> >
> > ________________________________
> > The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipient is prohibited. If you received
> this in error, please contact the sender and delete the material from any
> computer.
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
>
>
> --
> Nicolas Kuttler
> wp at nkuttler.de
>
> http://www.nkuttler.de
> http://www.nicolaskuttler.de (deutsch)
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list