#22698 closed defect (bug) (duplicate)
Broken capability checks with current_user_can() + map_meta_cap()
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Priority: | normal | Milestone: | |
| Component: | Role/Capability | Version: | 2.0 |
| Severity: | normal | Keywords: | needs-patch |
| Cc: |
Description
Running the latest cutting-edge nightly of WordPress 3.5...
When calling current_user_can(), if the second optional argument is not provided, then map_meta_cap() breaks since certain capability checks (delete_page, edit_post, etc) assume that $args[] is provided, despite being optional.
Here is the error when attempting current_user_can('edit_post'):
Undefined offset: 0 in stuff/wp-includes/capabilities.php on line 1067
The code in question is:
$args = array_slice( func_get_args(), 2 ); ... case 'edit_page': $post = get_post( $args[0] );
Change History (3)
- Component changed from Validation to Role/Capability
- Severity changed from critical to normal
- Version changed from trunk to 2.0
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
Duplicate of #13905.
Note: See
TracTickets for help on using
tickets.
The argument is not optional for the capability checks you are specifying: edit_post, delete_post, etc.
These are "meta" capabilities and get mapped to primitive capabilities, like edit_posts, edit_others_posts, edit_published_posts, edit_private_posts, based on the object being selected.