‘preview’ mode should respect allowed roles as well
-
‘preview’ mode from __construct() function should perform capabilities check the same way as when mm is enabled. Because check
if ($is_enabled || isset($_GET['ljmm']) && $_GET['ljmm'] == 'preview')
allows any one on site to add ?ljmm=preview in URL to see the mm page.This should be like this
if ($is_enabled || isset($_GET['ljmm']) && $_GET['ljmm'] == 'preview' && current_user_can(...) )
Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
- The topic ‘‘preview’ mode should respect allowed roles as well’ is closed to new replies.