danielofthelions
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Prevent Roles that Manage Users from Accessing Higher Admin RolesThankyou Steven,
So your link says we need to create that “map_meta_cap” function
which was written in 2010.
There are a few concerns with that code, ranging from php version stability,
to long term compatabilty and Security in the wordpress ecosystem.
For such a vulnerability in WordPress Core, I would think that WordPress
would have a Standard Fix that could be Trusted for the long term future.
Do WordPress endorse this code in your link as a Reliable, stable solution
to the vulnerablility, and are certain it will Always be compatible,
and not suddenly be a major security risk if something changes in a future wordpress update ??
cheers !
DanielForum: Fixing WordPress
In reply to: Prevent Roles that Manage Users from Accessing Higher Admin RolesTo assist in understanding this core wordpress security risk,
here is a chart of our users with their roles and permissions:USER:———–ROLE:———–PERMISSION:
Bob————-Administrator—Everything
Jane————Staff———–Create and Edit Users
Samuel———-Customer——–Front end orderingIf Jane creates or edits a user,
she could accidentally assign Samuel as the Administrator role,
and Samuel could then delete the website,
even though he is just a customer.How do we prevent Jane with the Staff role,
from assigning Administrator or Staff roles
to the Customers ?- This reply was modified 7 years, 8 months ago by danielofthelions.
Forum: Plugins
In reply to: [Widget Context] Accessibility modeHi! Not another plugin. Just the Non-JS mode in WordPress Core. THe option where we go into Screen Options in the top right, then select “Enable Accessibility Mode”.
Can you fix your magnificent plugin so it will work in that mode ?
thanks !
Daniel