#22698 closed defect (bug) (duplicate)
Broken capability checks with current_user_can() + map_meta_cap()
Reported by: | Veraxus | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 2.0 |
Component: | Role/Capability | Keywords: | needs-patch |
Focuses: | Cc: |
Description
Running the latest cutting-edge nightly of WordPress 3.5...
When calling current_user_can(), if the second optional argument is not provided, then map_meta_cap() breaks since certain capability checks (delete_page, edit_post, etc) assume that $args[] is provided, despite being optional.
Here is the error when attempting current_user_can('edit_post'):
Undefined offset: 0 in stuff/wp-includes/capabilities.php on line 1067
The code in question is:
$args = array_slice( func_get_args(), 2 ); ... case 'edit_page': $post = get_post( $args[0] );
Change History (3)
Note: See
TracTickets for help on using
tickets.
The argument is not optional for the capability checks you are specifying: edit_post, delete_post, etc.
These are "meta" capabilities and get mapped to primitive capabilities, like edit_posts, edit_others_posts, edit_published_posts, edit_private_posts, based on the object being selected.