#41744 closed defect (bug) (duplicate)
wp_insert_post() function doesn`t set the taxonomies from AJAX call
Reported by: | WeddyWood | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | Posts, Post Types | Keywords: | |
Focuses: | Cc: |
Description
wp_insert_post() function doesn`t set the taxonomies from AJAX call because of:
<?php if ( current_user_can( $taxonomy_obj->cap->assign_terms ) ) { wp_set_post_terms( $post_ID, $tags, $taxonomy ); }
current_user_can() does not work with AJAX
Reference: wp-includes/post.php:3357
Change History (3)
#2
@
7 years ago
- Milestone Awaiting Review deleted
- Resolution set to duplicate
- Status changed from new to closed
- Version 4.8.1 deleted
Hello @WeddyWood, welcome to WordPress Trac!
Thanks for your report, this issue is already tracked in #19373.
#3
in reply to:
↑ 1
@
7 years ago
Replying to joyously:
current_user_can()
does not work with AJAX
That's a broad statement (AJAX is generic). If you use the REST API, you have to do authentication differently than if you use an ajax_action hook. The ajax_action hooks will only work from the WP site because of the authentication cookies. Those ajax_action hooks can (and do in core admin pages) use
current_user_can()
.
Could you explain a test case?
I expressed inaccurately. Function current_user_can() does not work (return false) when parent function wp_insert_post() was called by not-logged-in user. through 'wp_ajax_nopriv' hook
That's a broad statement (AJAX is generic). If you use the REST API, you have to do authentication differently than if you use an ajax_action hook. The ajax_action hooks will only work from the WP site because of the authentication cookies. Those ajax_action hooks can (and do in core admin pages) use
current_user_can()
.Could you explain a test case?