#18932 closed defect (bug) (fixed)
WP_User::set_role leaves user object without any caps when role does not change
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | normal | Milestone: | 3.5 |
| Component: | Role/Capability | Version: | 3.1 |
| Severity: | minor | Keywords: | has-patch |
| Cc: |
Description
The first thing WP_User::set_role does is clears out the user's existing caps array. Then it checks to see if the passed-in role is the user's current role, and quits the function if so. This is great if the role actually changes. If it does not, this leaves the user with the same role, but without any caps whatsoever for the remainder of the current page.
Core WordPress code may not use the function in this way, but plugins may.
Workaround:
Plugins calling set_role should wrap the call in the same-role check found inside the function.
Fix:
Do the same-role check prior to unsetting the caps.
Attachments (1)
Change History (8)
- Summary changed from WP_User::set_role to WP_User::set_role leaves user object without any caps when role does not change
- Component changed from General to Role/Capability
- Keywords has-patch added
- Severity changed from normal to minor
Version 0, edited 20 months ago
by scribu
(next)
- Version changed from 3.4 to 3.1
comment:5
wonderboymusic — 8 months ago
- Milestone changed from Awaiting Review to 3.5
This is small and useful
- Owner set to ryan
- Resolution set to fixed
- Status changed from new to closed
In 22418:
Note: See
TracTickets for help on using
tickets.
Confirmed:
add_action( 'admin_notices', function() { $user = new WP_User( 2 ); // 2 being the id of a user with the 'subscriber' role print_r($user->caps); $user->set_role( 'subscriber' ); print_r($user->caps); });