[wpmu-trac] Re: [WordPress MU Trac] #211: Subscribers can delete
blog
WordPress MU Trac
wpmu-trac at lists.automattic.com
Sun Dec 31 21:54:03 GMT 2006
#211: Subscribers can delete blog
------------------------+---------------------------------------------------
Reporter: kkwangen | Owner: somebody
Type: defect | Status: new
Priority: high | Milestone: WPMU 2.0
Component: component1 | Version: 1.0
Severity: major | Resolution:
Keywords: |
------------------------+---------------------------------------------------
Changes (by lunabyte):
* priority: normal => high
* severity: normal => major
* milestone: WPMU 1.0 => WPMU 2.0
Comment:
Opps! Looks like someone set the user level that can see the link to that
as " 0 ". Which would allow anyone to see that tab under options.
Look up the file wp-content/mu-plugins/delete-blog.php.
At line 21, change:
{{{
add_submenu_page('options-general.php', __('Delete Blog'),
__('Delete Blog'), 0, $pfile, array(&$this, 'plugin_content'));
}}}
to
{{{
add_submenu_page('options-general.php', __('Delete Blog'),
__('Delete Blog'), 10, $pfile, array(&$this, 'plugin_content'));
}}}
Next, at line 24, look for:
{{{
function plugin_content() {
global $wpdb, $current_blog, $current_site;
$this->delete_blog_hash =
get_settings('delete_blog_hash');
}}}
Replace with:
{{{
function plugin_content() {
global $wpdb, $current_blog, $current_site, $user_level;
get_currentuserinfo();
if ($user_level < 10) {
die("I don't think so, Tim.");
}
$this->delete_blog_hash =
get_settings('delete_blog_hash');
}}}
That should fix it up so that only the blog's admin can see it, or use it.
--
Ticket URL: <http://trac.mu.wordpress.org/ticket/211#comment:1>
WordPress MU Trac <http://mu.wordpress.org/>
WordPress Multiuser
More information about the wpmu-trac
mailing list