fix: add capability check to the legacy auth callback#1084
Open
vytisbulkevicius wants to merge 1 commit into
Open
fix: add capability check to the legacy auth callback#1084vytisbulkevicius wants to merge 1 commit into
vytisbulkevicius wants to merge 1 commit into
Conversation
legacy_auth() is hooked to admin_init (runs for any logged-in user) and handles the social-account OAuth callback, but had no capability check, so a lower-privilege user could trigger the account-authorization flow. Bail unless the user can manage_options. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
pirate-bot
added
the
pr-checklist-incomplete
Contributor
Soare-Robert-Daniel
approved these changes
Jun 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Follow-up hardening to the missing-authorization advisory.
Rop_Admin::legacy_auth()is hooked toadmin_init(which runs for any logged-in user, including Subscribers) and processes the social-account OAuth callback, but it had no capability check — so a lower-privilege user could reach the account-authorization flow. This adds amanage_optionscheck at the top of the method; connecting accounts is an administrator action and the legitimate flow always returns to an admin.Will affect the visual aspect of the product
NO
Test instructions
/wp-admin/?network=facebook&code=test— the OAuth/authorization flow must not run (the method returns early).Check before Pull Request is ready:
Closes https://github.com/Codeinwp/tweet-old-post-pro/issues/635