Ticket #211 (closed defect: fixed)

Opened 3 years ago

Last modified 2 years ago

Subscribers can delete blog

Reported by: kkwangen Assigned to: somebody
Priority: high Milestone: WPMU 2.0
Component: component1 Version: 1.0
Severity: major Keywords:
Cc:

Description

I just found out that people that have the role of subscriber get the option to delete blog when logged in. This should be a option for the Administrator role only.

Change History

12/31/06 21:54:03 changed by lunabyte

  • priority changed from normal to high.
  • severity changed from normal to major.
  • milestone changed from WPMU 1.0 to WPMU 2.0.

Opps! Looks like someone set the user level that can see the link to that as " 0 ". Which would allow anyone to see that tab under options.

Look up the file wp-content/mu-plugins/delete-blog.php.

At line 21, change: 

		add_submenu_page('options-general.php', __('Delete Blog'), __('Delete Blog'), 0, $pfile, array(&$this, 'plugin_content'));

to 

		add_submenu_page('options-general.php', __('Delete Blog'), __('Delete Blog'), 10, $pfile, array(&$this, 'plugin_content'));

Next, at line 24, look for: 

	function plugin_content() {
		global $wpdb, $current_blog, $current_site;
		$this->delete_blog_hash = get_settings('delete_blog_hash');

Replace with: 

	function plugin_content() {
		global $wpdb, $current_blog, $current_site, $user_level;
	    get_currentuserinfo();
		if ($user_level <  10) {
			die("I don't think so, Tim.");
		}
		$this->delete_blog_hash = get_settings('delete_blog_hash');

That should fix it up so that only the blog's admin can see it, or use it.

01/09/07 09:56:21 changed by donncha

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in [833] by putting the perms in the add_submenu() function