WordPress.org

Make WordPress Core

Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#23861 closed defect (bug) (invalid)

Using current_user_can() inside a plugin causes a fatal error

Reported by: PhilippH Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Plugins Keywords:
Focuses: Cc:

Description (last modified by johnbillion)

I experienced that using the function current_user_can() causes an fatal error:
Fatal error: Call to undefined function wp_get_current_user() in /var/www/wp-includes/capabilities.php on line 1281

For reproducing the error:

or

  • add following line at the end of wp-content/plugins/hello.php:
    echo current_user_can("switch_themes");
    // any capability causes the error
    

My environment:

  • Debian wheezy
  • apache2 & php5 & mysql from official package mirror

I also noticed that this error is caused by using user_can() inside a plugin. (with an other error message indeed)
After adding include("pluggable.php") to capabilities.php, the problem seems to be resolved!

Change History (4)

comment:1 PhilippH13 months ago

The line to add to wp-content/plugins/hello.php shoud be:
echo current_user_can("switch_themes");

comment:2 johnbillion13 months ago

  • Description modified (diff)
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

The current_user_can() function, along with all the others in pluggable.php, are pluggable (hence the file name). This means they are explicitly defined after plugins are loaded so that plugins may override them (for example to implement a different authentication mechanism).

This means you cannot use any of the functions in pluggable.php directly in a plugin file (which you shouldn't do anyway). You must use them inside functions which are called on hooks.

For example:

function my_special_function() {
  if ( current_user_can( 'do_whatever' ) )
  // do your thing
}
add_action( 'plugins_loaded', 'my_special_function' );

comment:3 SergeyBiryukov13 months ago

  • Severity changed from blocker to normal

comment:4 nacin13 months ago

(A note, current_user_can() isn't pluggable, but it requires wp_get_current_user(), which is.)

Note: See TracTickets for help on using tickets.