Make WordPress Core

Opened 7 years ago

#40214 new defect (bug)

Some WP instances prematurelly try to do capability tests, before the user object is loaded

Reported by: dffnbfee's profile dffnbfee Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 4.7.3
Component: Role/Capability Keywords:
Focuses: Cc:


What happens is that an empty deserialized stdObject is passed (probably too early) to the WP_user object and the _wp_get_current_user function mistakenly presumes the WP_user object to be properly initialized, thus it prevents the administrators (in fact anyone from doing anything that need capability checking) from accesing the protected page.

A quick fix for the solution was this:
users.php 2487
changed from:

if ( ! empty( $current_user )) {

changed to:

if ( ! empty( $current_user ) && isset($current_user->data->id)) {

This is a strange bug... it didn't effect my staging boxes running on 7.0.8 but it did effect all my boxes running 7.0.15+
It seems to me very unbeliavable that such little change can do harm, but I can reproduce it everytime I try to move the project to a box.
Sorry I'm not a WP boy but do move sites requllary and I haven't experienced such behavior with 4.6 or earlier.

Change History (0)

Note: See TracTickets for help on using tickets.