Groups allows bypass of DISALLOW_FILE_EDIT & DISALLOW_FILE_MODS constants

itthinx / groups

Groups provides group-based user membership management, group-based capabilities and content access control. It integrates standard WordPress capabilities and application-specific capabilities along with an extensive API.

GNU General Public License v3.0

49 stars 35 forks source link

Groups allows bypass of DISALLOW_FILE_EDIT & DISALLOW_FILE_MODS constants #58

Closed CatEntangler closed 8 years ago

CatEntangler commented 8 years ago

Hello,

I've set the following in my wp-config.php:

define( 'DISALLOW_FILE_EDIT', TRUE ); define( 'DISALLOW_FILE_MODS', TRUE );

These are being overridden by the Groups plugin. It's in place for security reasons.

When groups plugin is activated: Plugin/Theme Editing, Plugin installation/deletion/update display are allowed When groups plugin is deactivated: The above is unavailable.

proaktion commented 8 years ago

Hi,

Please make sure that you don't have the administrator override in place - under Groups > Options - see also http://www.itthinx.com/plugins/groups/comment-page-9/#comment-526027

CatEntangler commented 8 years ago

@proaktion thanks for the tip. I guess I always I assumed (I know, right?) that unchecking that option would disable administrator permissions in the dashboard.

Unchecked.

proaktion commented 8 years ago

:) Ah no, it's useful for testing some stuff but not really needed normally.