Make WordPress Core

Opened 13 years ago

Closed 12 years ago

Last modified 12 years ago

#18932 closed defect (bug) (fixed)

WP_User::set_role leaves user object without any caps when role does not change

Reported by: jammitch's profile jammitch Owned by: ryan's profile ryan
Milestone: 3.5 Priority: normal
Severity: minor Version: 3.1
Component: Role/Capability Keywords: has-patch
Focuses: Cc:

Description

The first thing WP_User::set_role does is clears out the user's existing caps array. Then it checks to see if the passed-in role is the user's current role, and quits the function if so. This is great if the role actually changes. If it does not, this leaves the user with the same role, but without any caps whatsoever for the remainder of the current page.

Core WordPress code may not use the function in this way, but plugins may.

Workaround:
Plugins calling set_role should wrap the call in the same-role check found inside the function.

Fix:
Do the same-role check prior to unsetting the caps.

Attachments (1)

18932.diff (629 bytes) - added by scribu 13 years ago.

Download all attachments as: .zip

Change History (8)

#1 @jammitch
13 years ago

  • Summary changed from WP_User::set_role to WP_User::set_role leaves user object without any caps when role does not change

@scribu
13 years ago

#2 @scribu
13 years ago

  • Component changed from General to Role/Capability
  • Keywords has-patch added
  • Severity changed from normal to minor

Confirmed:

add_action( 'admin_notices', function() {
	$user = new WP_User( 2 ); // 2 being the id of a user with the 'subscriber' role

	print_r( $user->caps );

	$user->set_role( 'subscriber' );

	print_r( $user->caps );
});
Last edited 13 years ago by scribu (previous) (diff)

#3 follow-up: @blueyed
13 years ago

  • Version changed from 3.2.1 to 3.4

#4 in reply to: ↑ 3 @duck_
13 years ago

  • Version changed from 3.4 to 3.1

Replying to blueyed:

The version number is earliest version in which the bug is confirmed and shouldn't normally be changed on existing tickets.

This code was introduced in 3.1 for #14708.

#5 @wonderboymusic
12 years ago

  • Milestone changed from Awaiting Review to 3.5

This is small and useful

#6 @ryan
12 years ago

  • Owner set to ryan
  • Resolution set to fixed
  • Status changed from new to closed

In 22418:

When using WP_User::set_role() to set the role, don't unset all caps when the requested role matches the current role.

Props scribu, jammitch
fixes #18932

Note: See TracTickets for help on using tickets.