Make WordPress Core

Opened 9 years ago

Closed 9 years ago

Last modified 8 years ago

#23861 closed defect (bug) (invalid)

Using current_user_can() inside a plugin causes a fatal error

Reported by: PhilippH Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.5.1
Component: Plugins Keywords:
Focuses: Cc:

Description (last modified by johnbillion)

I experienced that using the function current_user_can() causes an fatal error:
Fatal error: Call to undefined function wp_get_current_user() in /var/www/wp-includes/capabilities.php on line 1281

For reproducing the error:


  • add following line at the end of wp-content/plugins/hello.php:
    echo current_user_can("switch_themes");
    // any capability causes the error

My environment:

  • Debian wheezy
  • apache2 & php5 & mysql from official package mirror

I also noticed that this error is caused by using user_can() inside a plugin. (with an other error message indeed)
After adding include("pluggable.php") to capabilities.php, the problem seems to be resolved!

Change History (4)

#1 @PhilippH
9 years ago

The line to add to wp-content/plugins/hello.php shoud be:
echo current_user_can("switch_themes");

#2 @johnbillion
9 years ago

  • Description modified (diff)
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

The current_user_can() function, along with all the others in pluggable.php, are pluggable (hence the file name). This means they are explicitly defined after plugins are loaded so that plugins may override them (for example to implement a different authentication mechanism).

This means you cannot use any of the functions in pluggable.php directly in a plugin file (which you shouldn't do anyway). You must use them inside functions which are called on hooks.

For example:

function my_special_function() {
  if ( current_user_can( 'do_whatever' ) )
  // do your thing
add_action( 'plugins_loaded', 'my_special_function' );

#3 @SergeyBiryukov
9 years ago

  • Severity changed from blocker to normal

#4 @nacin
8 years ago

(A note, current_user_can() isn't pluggable, but it requires wp_get_current_user(), which is.)

Note: See TracTickets for help on using tickets.