Make WordPress Core

Opened 11 years ago

Closed 11 years ago

#22803 closed defect (bug) (fixed)

current_user_can_for_blog() fatal errors in single site

Reported by: nacin's profile nacin Owned by: ryan's profile ryan
Milestone: 3.5 Priority: highest omg bbq
Severity: blocker Version: 3.5
Component: Multisite Keywords: has-patch commit
Focuses: Cc:


It calls switch_to_blog() unconditionally. It should not.

We must do an audit of all other switch_to_blog() calls.

Note to plugin authors: If your plugin suddenly starts causing a fatal error in a new release of WordPress, for God's sakes, THAT IS NOT NORMAL. Report it as a bug. Don't just fix it on your own.

Attachments (2)

22803.diff (484 bytes) - added by nacin 11 years ago.
22803.2.diff (1.2 KB) - added by markjaquith 11 years ago.

Download all attachments as: .zip

Change History (6)

11 years ago

11 years ago

#1 @markjaquith
11 years ago

Completed an audit. current_user_can_for_blog() was the only serious one. WP_Theme->get_allowed_on_site(), was the only other one of note. I independently found it and came up with the same fix as in nacin's 22803.diff.

22803.2.diff includes nacin's fix and a simple 2x is_multisite() check for current_user_can_for_blog().

#2 @nacin
11 years ago

Note that the WP_Theme one is unchanged from 3.4, when that method was introduced, and requires calling get_allowed_on_site() with a blog_id of something other than the current blog, which doesn't occur in core outside of multisite. (wp_get_themes() will only pass a blog ID to it in multisite.) Haven't seen a single report of this error so far. But of course, it is good to fix.

#3 @nacin
11 years ago

  • Keywords has-patch commit added
  • Owner set to ryan
  • Status changed from new to assigned

To ryan for commit.

#4 @ryan
11 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 23117:

Make current_user_can_for_blog() safe to run single site.

Props nacin, MarkJaquith
fixes #22803

Note: See TracTickets for help on using tickets.