Opened 12 years ago
Closed 11 years ago
#23377 closed defect (bug) (duplicate)
map_meta_cap() throws error from has_cap() from current_user_can()
Reported by: | wpsmith | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Role/Capability | Keywords: | has-patch dev-feedback |
Focuses: | Cc: |
Description
Based on the current documentation, current_user_can() only requires one argument, a capability. However, if I call it from the save_post
hook with WP_DEBUG turned on, I will receive the following errors:
Notice: Undefined offset: 0 in /var/www/XXXX/htdocs/wp-includes/capabilities.php on line 1067 Notice: Undefined offset: 0 in /var/www/XXXX/htdocs/wp-includes/capabilities.php on line 1067 Notice: Undefined offset: 0 in /var/www/XXXX/htdocs/wp-includes/capabilities.php on line 1067 Warning: Cannot modify header information - headers already sent by (output started at /var/www/XXXX/htdocs/wp-includes/capabilities.php:1067) in /var/www/XXXX/htdocs/wp-includes/pluggable.php on line 876
As a result, the admin save post will die.
Basic Sample Code:
if ( ( 'page' == $post->post_type && ! current_user_can( 'edit_page' ) ) || ! current_user_can( 'edit_post' ) ) return;
As a result, in my opinion map_meta_cap()
should ensure that $args[0]
exists.
Attachments (1)
Change History (4)
#1
@
12 years ago
Your patch would provide a graceful fallback - but if anyone's using current_user_can()
to check permissions for a different $post
, and also forgets the second argument, then it hides the notice, and may actually give incorrect permissions, which may be considered worse than a PHP Notice.
Note: See
TracTickets for help on using
tickets.
First pass.