bad choice for capability check

  • Steve Taylor

    (@gyrus)


    14 years, 9 months ago

    This plugin has a similar issue to this:

    http://ww.wp.xz.cn/support/topic/plugin-quick-cache-a-wp-super-cache-alternative-bad-choice-for-capability-check?replies=1

    Basically, edit_plugins is used as the capability to include the settings page. However, I like using this line in all my wp-config.php files:

    define( 'DISALLOW_FILE_EDIT', true );

    I never want any of my clients editing theme or plugin files via the admin interface, and after a nightmare experience bringing a client’s site down by careless use of it, I never want to give myself the temptation! It’s useless at best to me, so I turn it off.

    When edit_plugins is used as an “admin-only” check and the above constant is true, the plugin is rendered useless.

    Why not use manage_options? It’s admin-only, there’s no reason (as above) that it would be disabled, and it’s, let’s say “semantic” (i.e. it makes sense!).

Viewing 2 replies - 1 through 2 (of 2 total)
  • mc_nate

    (@mc_nate)

    14 years, 9 months ago

    Hey Steve!

    We’ll definitely put this question in front of the developers to have a peek at, as that goes a little above and beyond what we do here.

    If you do see any other weirdness, give us a shout!

    Cheers.

    Thread Starter Steve Taylor

    (@gyrus)

    14 years, 9 months ago

    Thanks Nate. I’ve just realized, it’s possible they weren’t seeing edit_plugins as a general “admin-only” capability. I’m finding more and more plugins that use edit_plugins as a check for editing the plugin settings, and I’ve realized that some people might be mistaken in thinking that edit_plugins refers to editing plugin settings. Let your developers know that this capability is meant to refer to editing the plugin files themselves (http://codex.ww.wp.xz.cn/Roles_and_Capabilities#edit_plugins). The capability for editing settings / options is manage_options.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘bad choice for capability check’ is closed to new replies.