Make Plugin work for users without upload_files permission
#49
Comments
|
Concerning the multi-uploader the nonce to check this is actually coming from the profile page should probably go somewhere in AvatarRegisterMetaService |
|
The more I think about this the less I'm sure this should be handled by this plugin, but rather just a section in Readme on how to implement this. Reason is that we'd be messing with upload permissions which is a pretty serious thing. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently the plugin checks for
upload_fileseverywhere.Also when using the multi-uploader everything sits on top of
wp-admin/async-upload.phpwhich also checks for this permission.So to make this work we'd need to find a safe way to enable that. Especially for
async-upload.phpthis also needs to make sure that we only enable the upload for the avatar and not for everything. Maybe something like a nonce (a real one, not a WP nonce).Also this would probably be the point where we should really have some central helpers to determine these kind of things. See #37.
The text was updated successfully, but these errors were encountered: