[wp-hackers] Removing admin-ajax.php hacks

Shelby, Harper harper.shelby at parivedasolutions.com
Wed Jun 30 22:27:17 UTC 2010

I've been asked to remove some hacks to an exisiting WPMU installation, and the one that's causing me the most grief are the edits to admin-ajax.php. The previous maintainer altered the security checks on several activities, changing

    if ( !current_user_can( 'edit_post', $pid ) )


    if ( !current_user_can( 'edit_post', $pid ) && !current_user_can( 'moderate_comments' ) )

I have been digging quite a bit, but can't seem to find a way to alter the admin-ajax.php scripts in the correct manner. The goal of the customization was to allow a "Comment Moderator" role that could moderate comments, but not edit blog posts (somewhat obvious, but I thought I'd spell it out). The role was created using Capability Manager, but these hacks were added to the ajax to allow the role to work as intended.

Any guidance on the right way to remove this customization would be greatly appreciated.


Harper Shelby
Pariveda Solutions
 4203 Montrose | Suite 100 | Houston, Texas 77006
 (F) 713.520.4290 | (M) 281.520.2817
The Business of IT(r)

The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from any computer.

More information about the wp-hackers mailing list