remove_cap can't unset a negative capability
|Reported by:||johnjamesjacoby||Owned by:||ryan|
WP_User::add_cap() accepts two parameters -- the second decides if a user does or does not have the capability. I.E.:
$user->add_cap( 'foo', false );
means a user will not have a capability that any role otherwise allows.
WP_User::remove_cap( 'foo' ) incorrectly does an empty() check rather than ! isset(), preventing negative capabilities from being unset from a users individual capabilities array.
This makes it impossible to revert negative capabilities without first making them positive, and then removing them.
Change History (5)
- Milestone changed from Awaiting Review to 3.5
- Severity changed from normal to minor
- Owner set to ryan
- Resolution set to fixed
- Status changed from new to closed