search

jakobbouchard / hestia-nginx-cache

Hestia Nginx Cache Integration for WordPress.
https://wordpress.org/plugins/hestia-nginx-cache/
GNU General Public License v3.0
11 stars 4 forks source link

Fix allow only users with "can edit posts" to reset cache #9

Closed jaapmarcus closed 2 years ago

jaapmarcus commented 2 years ago

Manual clear cache button can be abused if subscribers have access to the wp admin page to manage their profiles for example. To prevent users abusing the cache purge function an potentially causing extra load the button should be removed

jaapmarcus commented 2 years ago

Fixes #8

jaapmarcus commented 2 years ago

For example "User" with no permissions:

2.1.0

Screenshot 2022-06-24 at 13 08 59

vs "2.1.1"

Screenshot 2022-06-24 at 13 07 53
jakobbouchard commented 2 years ago

I didn't think about that! Thanks a lot :)

jaapmarcus commented 2 years ago

I accidentally discovered when an other user changes my permission to subscriber