I promote all my members to level 2 so they can Write Posts without saving them as Drafts, which would be confusing. Everything goes to me for moderation anyway.
WordPress 1.5.1 does not let my users see each other’s e-mails (or “real names”) through the User’s panel. But if someone makes a comment on the blog, any other Level 2 member can go to Site-Admin/Manage/Comments/View and they can see the e-mail address, IP, and any web site they provided. This is unacceptable and i had to put up a Privacy Warning on my blog until i can hack WP to fix the security hole.
Can anyone tell me the easiest way to fix this?
I want to check user-level and not display that private information (coming from edit-comments.php) if they have a user level less than admin status.
The easiest fix would be to just hack that display completely out of edit-comments.php but then it might be useful for site admin.
Where is that file that sets the initial permissions for various user levels and would it be possible to fix the problem there
- The topic ‘Level 2 Users who Comment expose their e-mails!’ is closed to new replies.