Broken capability checks with current_user_can() + map_meta_cap()
|Reported by:||Veraxus||Owned by:|
Running the latest cutting-edge nightly of WordPress 3.5...
When calling current_user_can(), if the second optional argument is not provided, then map_meta_cap() breaks since certain capability checks (delete_page, edit_post, etc) assume that $args is provided, despite being optional.
Here is the error when attempting current_user_can('edit_post'):
Undefined offset: 0 in stuff/wp-includes/capabilities.php on line 1067
The code in question is:
$args = array_slice( func_get_args(), 2 ); ... case 'edit_page': $post = get_post( $args );
Change History (3)
- Component changed from Validation to Role/Capability
- Severity changed from critical to normal
- Version changed from trunk to 2.0
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed