WordPress.org

Make WordPress Core

#22803 closed defect (bug) (fixed)

current_user_can_for_blog() fatal errors in single site

Reported by: nacin Owned by: ryan
Milestone: 3.5 Priority: highest omg bbq
Severity: blocker Version: 3.5
Component: Multisite Keywords: has-patch commit
Focuses: Cc:

Description

It calls switch_to_blog() unconditionally. It should not.

We must do an audit of all other switch_to_blog() calls.

Note to plugin authors: If your plugin suddenly starts causing a fatal error in a new release of WordPress, for God's sakes, THAT IS NOT NORMAL. Report it as a bug. Don't just fix it on your own.

Attachments (2)

22803.diff (484 bytes) - added by nacin 17 months ago.
22803.2.diff (1.2 KB) - added by markjaquith 17 months ago.

Download all attachments as: .zip

Change History (6)

nacin17 months ago

markjaquith17 months ago

comment:1 markjaquith17 months ago

Completed an audit. current_user_can_for_blog() was the only serious one. WP_Theme->get_allowed_on_site(), was the only other one of note. I independently found it and came up with the same fix as in nacin's 22803.diff.

22803.2.diff includes nacin's fix and a simple 2x is_multisite() check for current_user_can_for_blog().

comment:2 nacin17 months ago

Note that the WP_Theme one is unchanged from 3.4, when that method was introduced, and requires calling get_allowed_on_site() with a blog_id of something other than the current blog, which doesn't occur in core outside of multisite. (wp_get_themes() will only pass a blog ID to it in multisite.) Haven't seen a single report of this error so far. But of course, it is good to fix.

comment:3 nacin17 months ago

  • Keywords has-patch commit added
  • Owner set to ryan
  • Status changed from new to assigned

To ryan for commit.

comment:4 ryan17 months ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 23117:

Make current_user_can_for_blog() safe to run single site.

Props nacin, MarkJaquith
fixes #22803

Note: See TracTickets for help on using tickets.