[Plugin: Shortcode Manager] Suggest increasing edit_pages to update_core | WordPress.org

Callum Macdonald
(@chmac)

12 years, 9 months ago

Hola Matt,

Thanks for sharing this plugin.

You filter the menu item based on the permission edit_pages. In my opinion, that is too low a permission. This means anyone with editor level permissions can run any PHP, javascript or other code almost anywhere on the site. That’s a *massive* security risk. In my opinion, this should be restricted to only the highest level admin on the blog.

I recommend instead of using edit_pages you use update_core. This requires only a single change of edit_pages to update_core on line 76 of index.php.

Love & joy – Callum.

http://wordpress.org/extend/plugins/shortbus/

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author logikal16
(@logikal16)

12 years, 8 months ago

Thanks, it’s been implemented into the latest version.

Thread Starter Callum Macdonald
(@chmac)

12 years, 8 months ago

Great, glad I was able to help. 🙂

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘[Plugin: Shortcode Manager] Suggest increasing edit_pages to update_core’ is closed to new replies.

In: Plugins
2 replies
2 participants
Last reply from: Callum Macdonald
Last activity: 12 years, 8 months ago
Status: not a support question