Support » Plugin: Category Order and Taxonomy Terms Order » [Plugin: Category Order and Taxonomy Terms Order] Unauthorized Viewing

  • Resolved Eric McNiece

    (@emcniece)


    Noticed while locking down the admin that the Taxonomy Order menu item for pages and posts was visible and unregulated. Fixed by editing lines 108 – 112 of taxonomy-terms-order.php.

    Old code:

    if ($post_type == 'post')
                                add_submenu_page('edit.php', 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );
                                else
                                add_submenu_page('edit.php?post_type='.$post_type, 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );

    New Code:

    if ($post_type == 'post'){
    					if(current_user_can('administrator')){
                                add_submenu_page('edit.php', 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );}
    				}else{
    					if(current_user_can('administrator')){
                                add_submenu_page('edit.php?post_type='.$post_type, 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );}
    				}

    Note that this could easily be adapted for a custom capability and managed with User Role Editor.

    Cheers!

    http://wordpress.org/extend/plugins/taxonomy-terms-order/

Viewing 1 replies (of 1 total)
  • Plugin Author nsp-code

    (@nsp-code)

    Thanks for your suggestion, but doing so, it will break the minimum user level capability which you can set within the settings page.

    i.e. If you want to allow for editor user to use the taxonomy order interface, will not be possible anymore.

    Hope it make sense.

Viewing 1 replies (of 1 total)
  • The topic ‘[Plugin: Category Order and Taxonomy Terms Order] Unauthorized Viewing’ is closed to new replies.