[wp-hackers] Removing admin-ajax.php hacks

Shelby, Harper harper.shelby at parivedasolutions.com
Thu Jul 1 12:46:20 UTC 2010


What I'm concerned about is being able to upload a fresh copy, then reinstate the functionality without hacking the core code. I can't figure out the right way to implement this, but uploading a fresh copy of admin-ajax.php is part of my goal.


>Date: Thu, 1 Jul 2010 07:58:09 -0400
>From: mccormicky <mccormicky at gmail.com>
>Subject: Re: [wp-hackers] Removing admin-ajax.php hacks
>To: wp-hackers at lists.automattic.com
>Message-ID:
>       <AANLkTimI5uOfZyHMxDdeVQ-HZXAFWG_pPibA6RpQ4JbO at mail.gmail.com>
>Content-Type: text/plain; charset=UTF-8
>
>I'm guessing you don't want to override ALL the hacks in admin-ajax.php
>which is why you don't just upload a fresh copy???
>
>
>
>
>
>On Thu, Jul 1, 2010 at 7:53 AM, Nicolas Kuttler <
>wp-hackers at nicolaskuttler.de> wrote:
>
>> Am I missing something? Why don't you simply download wordpress and take
>> the current ajax handler?
>>
>> Modifying the handler itelf is kind of pointless as you can check user
>> capabilities inside your ajax action...
>>
>> Nicolas
>>
>> On Wed, Jun 30, 2010 at 05:27:17PM -0500, Shelby, Harper wrote:
>> > I've been asked to remove some hacks to an exisiting WPMU installation,
>> and the one that's causing me the most grief are the edits to
>> admin-ajax.php. The previous maintainer altered the security checks on
>> several activities, changing
>> >
>> >     if ( !current_user_can( 'edit_post', $pid ) )
>> >
>> > to
>> >
>> >     if ( !current_user_can( 'edit_post', $pid ) && !current_user_can(
>> 'moderate_comments' ) )
>> >
>> > I have been digging quite a bit, but can't seem to find a way to alter
>> the admin-ajax.php scripts in the correct manner. The goal of the
>> customization was to allow a "Comment Moderator" role that could moderate
>> comments, but not edit blog posts (somewhat obvious, but I thought I'd spell
>> it out). The role was created using Capability Manager, but these hacks were
>> added to the ajax to allow the role to work as intended.
>> >
>> > Any guidance on the right way to remove this customization would be
>> greatly appreciated.
>> >
>> >
>> > Thanks,
>> >
>> > Harper Shelby
>> > Pariveda Solutions
>> >  4203 Montrose | Suite 100 | Houston, Texas 77006
>> >  (F) 713.520.4290 | (M) 281.520.2817
>> > The Business of IT(r)
>> > www.parivedasolutions.com<http://www.parivedasolutions.com/>
>> >
>> >
>> > ________________________________
>> > The information transmitted is intended only for the person or entity to
>> which it is addressed and may contain confidential and/or privileged
>> material. Any review, retransmission, dissemination or other use of, or
>> taking of any action in reliance upon, this information by persons or
>> entities other than the intended recipient is prohibited. If you received
>> this in error, please contact the sender and delete the material from any
>> computer.
>> > _______________________________________________
>> > wp-hackers mailing list
>> > wp-hackers at lists.automattic.com
>> > http://lists.automattic.com/mailman/listinfo/wp-hackers
>> >
>>
>>
>> --
>> Nicolas Kuttler
>> wp at nkuttler.de
>>
>> http://www.nkuttler.de
>> http://www.nicolaskuttler.de (deutsch)
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers


The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.


More information about the wp-hackers mailing list