WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#15122 closed defect (bug) (fixed)

current_user_can_for_blog() doesn't use map_meta_cap for multisite user admins

Reported by: jamescollins Owned by:
Milestone: 3.0.2 Priority: normal
Severity: normal Version: 3.0
Component: Role/Capability Keywords:
Focuses: Cc:

Description

[12796] introduced a new current_user_can_for_blog() function, which was based on how the existing current_user_can() function was implemented.

This included this check:

if( is_multisite() && is_super_admin() ) 
    return true;

Then in [13270]/#12109, the current_user_can() function was modified so that map_meta_cap is always used for multisite user admins.

However this change didn't include the necessary change to the current_user_can_for_blog() function as well.

This means that currently the current_user_can_for_blog() will always return true for multisite user admins, without map_meta_cap ever being used.

Patch attached.

Attachments (1)

15122.diff (448 bytes) - added by jamescollins 6 years ago.
Patch against trunk r15811

Download all attachments as: .zip

Change History (11)

@jamescollins
6 years ago

Patch against trunk r15811

#1 @jamescollins
6 years ago

  • Keywords has-patch added

I realise we're close to 3.1 feature freeze, but it would be great if we could get this change committed so its included in 3.1.

Thanks.

#2 @nacin
6 years ago

  • Milestone changed from Awaiting Review to 3.0.2

This looks like a bug, so it would be unaffected by the freeze.

Setting to 3.0.2 actually.

#3 @nacin
6 years ago

(In [15812]) Use map_meta_cap for multisite super admins in current_user_can_for_blog. props jamescollins, see #15122.

#4 @jamescollins
6 years ago

nacin, if this has a 3.0.2 milestone doesn't it need to be committed to the 3.0 branch as well as trunk?

Thanks.

#5 @nacin
6 years ago

Wasn't sure if I wanted to apply it to 3.0.2. This isn't a function that's actually used in core, and it doesn't look like it's used in any plugins based on a quick site:plugins.svn.wordpress.org search on Google. I suppose we should apply it to 3.0, because it will return incorrect (though not truly disastrous) results.

#6 @jamescollins
6 years ago

nacin, it would be good to either set the milestone of this ticket to 3.1, or commit this fix to the 3.0 branch.

Thanks.

#7 @nacin
6 years ago

  • Milestone changed from 3.0.2 to 3.1
  • Resolution set to fixed
  • Status changed from new to closed

Sure thing.

#8 @nacin
6 years ago

  • Milestone changed from 3.1 to 3.0.2
  • Resolution fixed deleted
  • Status changed from closed to reopened

#9 @nacin
6 years ago

  • Resolution set to fixed
  • Status changed from reopened to closed

(In [16631]) Use map_meta_cap for multisite super admins in current_user_can_for_blog. props jamescollins, fixes #15122 for 3.0.

#10 @jamescollins
6 years ago

  • Keywords has-patch removed
Note: See TracTickets for help on using tickets.