Making WordPress.org

Changeset 12164


Ignore:
Timestamp:
10/31/2022 04:26:54 AM (2 years ago)
Author:
dd32
Message:

Plugin Directory: Prevent removing the owner of a plugin as a committer.

Plugin Admins (ie. the plugin review team) can still remove a committer, even if they are the owner of a plugin.

Fixes #5948.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • sites/trunk/wordpress.org/public_html/wp-content/plugins/plugin-directory/api/routes/class-plugin-committers.php

    r11373 r12164  
    139139
    140140        $plugin_slug = $request['plugin_slug'];
     141        $plugin_post = Plugin_Directory::get_plugin_post( $plugin_slug );
    141142
    142143        // Prevent a committer removing themselves, if they're the only committer.
     
    146147                return new WP_Error( 'failed', __( 'Sorry, you must have at least one committer.', 'wporg-plugins' ) );
    147148            }
     149        }
     150
     151        // Prevent a non-admin removing a committer who is the owner of the plugin.
     152        if ( ! current_user_can( 'plugin_approve' ) && $user->ID == $plugin_post->post_author ) {
     153            return new WP_Error( 'failed', __( 'Sorry, you cannot remove the owner of the plugin as a committer.', 'wporg-plugins' ) );
    148154        }
    149155
Note: See TracChangeset for help on using the changeset viewer.