WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#42230 closed defect (bug) (fixed)

current_user_can( 'install_languages' ) calls a function which may not be defined

Reported by: johnbillion Owned by: flixos90
Milestone: 4.9 Priority: low
Severity: critical Version: 4.9
Component: Role/Capability Keywords: has-patch
Focuses: Cc:

Description

The following code causes a fatal error when used on the front end of a site:

add_action( 'init', function() {
	current_user_can( 'install_languages' );
} );

This is because the install_languages case inside map_meta_cap() calls wp_can_install_language_pack() which in turn instantiates the WP_Upgrader class and calls methods which call functions which are only available in the admin context. request_filesystem_credentials() is ultimately called and causes a fatal error because the function is only available in the admin context.

Attachments (1)

42230.diff (577 bytes) - added by flixos90 3 years ago.

Download all attachments as: .zip

Change History (6)

#1 @johnbillion
3 years ago

cc @flixos90

#2 @flixos90
3 years ago

  • Owner set to flixos90
  • Status changed from new to assigned

I suppose the easiest solution is to look at which exact files from wp-admin/includes are required and load them on demand before calling wp_can_install_language_pack() as well.

This is way sub-optimal (so already is calling wp_can_install_language_pack() from the frontend, since it is commonly only available in the admin), so it may be worth exploring possibilities in the future for generally including some of these things in the frontend - although, on the other hand, those would only be used in the frontend for edge-cases so we may need to be good with just loading the files on demand. Either way, such changes would be out of scope for this ticket and that late in the release cycle.

This ticket was mentioned in Slack in #core by melchoyce. View the logs.


3 years ago

@flixos90
3 years ago

#4 @flixos90
3 years ago

  • Keywords has-patch added; needs-patch removed

42230.diff loads wp-admin/includes/file.php before checking wp_can_install_language_pack() to prevent fatals when calling request_filesystem_credentials().

#5 @flixos90
3 years ago

  • Resolution set to fixed
  • Status changed from assigned to closed

In 41885:

Role/Capability: Prevent a fatal error when checking a language capability early or in the frontend.

The meta capabilities install_languages and update_languages rely on the admin function wp_can_install_language_pack(). That function in turn relies on request_filesystem_credentials(), so it needs to be ensured that this function is available as well.

Fixes #42230.

Note: See TracTickets for help on using tickets.