[Plugin: Category Order and Taxonomy Terms Order] Unauthorized Viewing

  • Resolved Eric McNiece

    (@emcniece)


    14 years, 5 months ago

    Noticed while locking down the admin that the Taxonomy Order menu item for pages and posts was visible and unregulated. Fixed by editing lines 108 – 112 of taxonomy-terms-order.php.

    Old code:

    if ($post_type == 'post')
                            add_submenu_page('edit.php', 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );
                            else
                            add_submenu_page('edit.php?post_type='.$post_type, 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );

    New Code: 

    if ($post_type == 'post'){
					if(current_user_can('administrator')){
                            add_submenu_page('edit.php', 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );}
				}else{
					if(current_user_can('administrator')){
                            add_submenu_page('edit.php?post_type='.$post_type, 'Taxonomy Order', 'Taxonomy Order', 'level_'.$options['level'], 'to-interface-'.$post_type, 'TOPluginInterface' );}
				}

    Note that this could easily be adapted for a custom capability and managed with User Role Editor.

    Cheers!

    http://wordpress.org/extend/plugins/taxonomy-terms-order/

Viewing 1 replies (of 1 total)
  • Plugin Author nsp-code

    (@nsp-code)

    14 years, 5 months ago

    Thanks for your suggestion, but doing so, it will break the minimum user level capability which you can set within the settings page.

    i.e. If you want to allow for editor user to use the taxonomy order interface, will not be possible anymore.

    Hope it make sense.

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: Category Order and Taxonomy Terms Order] Unauthorized Viewing’ is closed to new replies.