To skippy:
Try this on WP 1.2 :
?? open menu.php and state ‘write’ level at 3.
?? create a ficticious user with (whatever) username and password; the new user will be placed at level 0 by the system. Logoff.
?? Login using the Admin user and password, and change the (whatever) new user level to 1. Logoff.
?? Login again with the (whatever) new user you’ve just created. The user level is standing at 1 now. You will see two menu links at the top of the screen: ‘Profile’ and ‘View Site’. Everything ok until now. Click on ‘View site’ and you’ll see the site on the same top screen. Look up for the ‘Login’ link on the weblog and click on it. You’ll be transported again to the ‘Login site’ BUT, this time, the ‘Write’ menu will appear at the screen, for a level one user, inspite of the fact that the ‘menu.php’ Write level was stated at 3.
Am I wrong or there’s a security bug here?
Anyone help? Thks!
