id,summary,reporter,owner,description,type,status,priority,milestone,component,version,severity,resolution,keywords,cc
19373,wp_insert_post() should not contain current_user_can() checks,alexkingorg,,"wp_insert_post() is a utility function, it should not have a reliance on user capabilities. There are only two places in this function where there is a current_user_can() check - for updating custom taxonomies and for setting post slugs. All other checks (can user publish posts, etc.) are properly handled outside of the utility function.

wp_insert_post() should be safe to use in code that is run without a user context, for example via CRON. With the current code, this is the case *except* for the custom taxonomy feature. This inconsistency can cause a BrilliantDeveloperTM to lose a good deal of time debugging why the same data being passed in is coming back with different results.

For 3.4 (please!), perhaps we can figure out a way to move the checks for user capabilities on taxonomies out of the utility function and into the controller/procedural code. I'm happy to author and submit a patch once an approach has been determined.

For other developers who run into this and need to work around it, either of these 2 options work:

1. call wp_set_post_terms() to add your taxonomies after calling wp_insert_post()
2. set up a ""current user"" in your script before calling wp_insert_post()",enhancement,new,normal,Future Release,Taxonomy,3.0,major,,3.4-early has-patch,nacin rboren johnbillion@… steph@… mikeschinkel@… ashishsainiashfame@… nashwan.doaqan@… pippin@… sunnyratilal5@…