#45146 closed defect (bug) (invalid)
Wrong use of function current_user_can on check_edit_permission
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | REST API | Keywords: | |
| Focuses: | Cc: |
Description
The function current_user_can is being called with an inexistent second parameter on check_edit_permission of "class-wp-rest-comments-controller.php". It's impossibility a logged in user delete their own comment on REST API.
<?php protected function check_edit_permission( $comment ) { if ( 0 === (int) get_current_user_id() ) { return false; } if ( ! current_user_can( 'moderate_comments' ) ) { return false; } return current_user_can( 'edit_comment', $comment->comment_ID ); }
Change History (3)
Note: See
TracTickets for help on using
tickets.
current_user_can may take a second parameter, $object_id. It's just not documented in the function signature. See documentationhttps://developer.wordpress.org/reference/functions/current_user_can/.