Changes between Initial Version and Version 2 of Ticket #31518
- Timestamp:
- 09/05/2015 11:46:41 PM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #31518
- Property Keywords dev-feedback added
-
Property
Component
changed from
UserstoRole/Capability
-
Ticket #31518 – Description
initial v2 1 {{{ 2 add_filter('map_meta_cap', function(){return array();}, 1,0 ); //<-backdoor virus or any plugin 3 var_dump( user_can( $admin_user_id = 1, 'unavailable cap' ) ); //return true 4 var_dump( user_can( $Subscriber_user_id = 3, 'remove_users' ) ); //return true 5 }}} 1 6 2 {{{ 3 add_filter('map_meta_cap', function(){return array();}, 1,0 ); //<-backdor virus or any plugin 4 var_dump( user_can( $admin_user_id = 1, 'unavailable cap' ) ); //return true 5 var_dump( user_can( $Subscriber_user_id = 3, 'remove_users' ) ); //return true 6 7 //The alternative I propose: 8 // insert if(!in_array($cap,$caps)) return false; inside WP_User::has_cap( $cap ) after 'map_meta_cap' filter 9 // OR 10 // inside if(empty((array)$caps)) return false; inside WP_User::has_cap( $cap ) before the foreach 7 The alternative I propose: 8 insert `if(!in_array($cap,$caps)) return false;` inside `WP_User::has_cap( $cap )` after 'map_meta_cap' filter 9 OR 10 insert `if(empty((array)$caps)) return false;` inside `WP_User::has_cap( $cap )` before the foreach 11 11 12 }}} 12 13 13 [https://core.trac.wordpress.org/browser/tags/4.1.1/src/wp-includes/capabilities.php#L965] 14 14 15 [https://www.diffchecker.com/9cjznf39]