Changeset 39464 for trunk/src/wp-includes/capabilities.php

Timestamp:

12/03/2016 05:07:03 AM (10 years ago)

Author:

pento

Message:

REST API: Capability check for editing a single term should use the singular form.

As an extra level of sanity checking, the term ID should be cast as an int in map_meta_cap().

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.

File:

• trunk/src/wp-includes/capabilities.php (modified) (1 diff)

trunk/src/wp-includes/capabilities.php

@@ -428 +428 @@
     case 'delete_term':
     case 'assign_term':
-        $term_id = $args[0];
+        $term_id = (int) $args[0];
         $term = get_term( $term_id );
         if ( ! $term || is_wp_error( $term ) ) {