Make WordPress Core

Opened 10 years ago

Closed 10 years ago

Last modified 10 years ago

#28451 closed defect (bug) (invalid)

current_user_can() not working properly in a network

Reported by: yurig's profile yurig Owned by:
Milestone: Priority: normal
Severity: normal Version: 3.9.1
Component: Role/Capability Keywords:
Focuses: Cc:


In a WP network installation the current_user_can() function returns false even if the current user actually has the capability.

printing the $current_user global variable shows:

WP_User Object

    [allcaps] => Array
            [read] => 1
            [publish_posts] => 1
            [edit_posts] => 1
            [delete_posts] => 1
            [edit_published_posts] => 1
            [delete_published_posts] => 1
            [upload_files] => 1
            [unfiltered_html] => 1
            [level_0] => 1
            [level_1] => 1
            [level_2] => 1
            [author] => 1

Which shows that the user has the 'unfiltered_html' capability, but current_user_can('unfiltered_html') returns false.

If it is useful, I am running this inside a 'mce_buttons' filter. The $current_user global is properly populated as shown above.

Works fine on a single-site installation.

Change History (3)

#1 @Denis-de-Bernardy
10 years ago

  • Resolution set to invalid
  • Status changed from new to closed

This is by design: only super-admins can use unfiltered html on MS setups.

#2 @nacin
10 years ago

See map_meta_cap() for where this occurs. What's stored in the DB and attached to the user is "raw," before it gets processed by the API.

#3 @TobiasBg
10 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.