[wp-trac] [WordPress Trac] #19824: Capability checks missing for some links after a plugin/theme upgrade
WordPress Trac
wp-trac at lists.automattic.com
Fri Jan 13 11:39:23 UTC 2012
#19824: Capability checks missing for some links after a plugin/theme upgrade
-----------------------------+-----------------------------
Reporter: linuxologos | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Upgrade/Install | Version: 3.0
Severity: normal | Keywords: has-patch
-----------------------------+-----------------------------
After a plugin's/theme's update has been finished through the Dashboard >
Updates (update-core.php) screen, the "Return to Plugins page" or "Return
to Themes page" links are offered, but there is no check if current user
can access those pages (plugins.php/themes.php).
This problem can show up, if a user is given the update_core and one or
both of update_plugins, update_themes capabilities, but doesn't have any
of activate_plugins, edit_theme_options, switch_themes capabilities.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19824>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list