WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#13934 closed defect (bug) (fixed)

$current_user unfounded assumptions

Reported by: filosofo Owned by: filosofo
Milestone: 3.0.1 Priority: normal
Severity: normal Version: 3.0
Component: Users Keywords: has-patch
Focuses: Cc:

Description

Currently, a number of places in the code (mainly in MS areas) assume that $current_user is a defined global object, when in fact that's not a safe assumption to make.

For most of the cases, $current_user is brought into scope just to get the current user's ID; in that case get_current_user_id() is much more reliable.

For the others, $current_user should be explicitly defined to make sure that

  • If it has not been instantiated, it now will be.
  • The pluggable functions get to instantiate it, if applicable.

Patch calls get_current_user_id() when that's what's desired; in the other instances it makes sure that it is defined appropriately.

Attachments (1)

current-user-assumptions.13934.diff (18.4 KB) - added by filosofo 4 years ago.

Download all attachments as: .zip

Change History (6)

comment:1 filosofo4 years ago

  • Owner set to filosofo
  • Status changed from new to accepted

comment:2 ryan4 years ago

(In [15315]) Use get_current_user() and get_current_user_id() instead of global . Props filofo. see #13934 for trunk

comment:3 ryan4 years ago

(In [15331]) Don't perform current user ops in switch_to_blog() or restore_current_blog() if init hasn't fired. Avoids wp_get_current_user() not defined error when those functions are run before init. Ops on current user prior to init are meaningless anyway. see #13934

comment:4 ryan4 years ago

(In [15332]) Fix inverted logic in [15331]. see #13934

comment:5 ryan4 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

(In [15452]) Use get_current_user() and get_current_user_id() instead of global current_user object. Props filofo. fixes #13934 for 3.0.1

Note: See TracTickets for help on using tickets.