Opened 8 years ago
#40214 new defect (bug)
Some WP instances prematurelly try to do capability tests, before the user object is loaded
Reported by: | dffnbfee | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 4.7.3 |
Component: | Role/Capability | Keywords: | |
Focuses: | Cc: |
Description
What happens is that an empty deserialized stdObject is passed (probably too early) to the WP_user object and the _wp_get_current_user function mistakenly presumes the WP_user object to be properly initialized, thus it prevents the administrators (in fact anyone from doing anything that need capability checking) from accesing the protected page.
A quick fix for the solution was this:
users.php 2487
changed from:
if ( ! empty( $current_user )) {
changed to:
if ( ! empty( $current_user ) && isset($current_user->data->id)) {
This is a strange bug... it didn't effect my staging boxes running on 7.0.8 but it did effect all my boxes running 7.0.15+
It seems to me very unbeliavable that such little change can do harm, but I can reproduce it everytime I try to move the project to a box.
Sorry I'm not a WP boy but do move sites requllary and I haven't experienced such behavior with 4.6 or earlier.