Opened 6 years ago
Last modified 6 years ago
#44972 new defect (bug)
wp_get_current_user() misbehavior
Reported by: | tazotodua | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Users | Keywords: | |
Focuses: | Cc: |
Description (last modified by )
You might say that the problem is coming from plugins, but wanted to mention this:
Sometimes, I've found that some plugins use:
$smth = get_bloginfo('language'...);
1) directly in plugin php file (i mean out of the hook, just directly as a new line),
2) or sometimes that code is used in class
__construct
method (not different than first one - you know, constructor is executed directly too).
to reproduce the problem, just place that line in any plugin/functions.php, then enter WP dashboard, and you get:
Sorry, you are not allowed to access this page.
yes, just using that code in XYZ plugin (without any further action, just that code), causes you to be blocked out from wp.
I've researched and the chain goes like -> get_bloginfo()->get_user_locale() ->wp_get_current_user()----> wp_set_current_user( $user_id );
<---- this one makes the issue i think.
so, i dont know, but i think get_bloginfo function (or get_current user function) which may be EVEN fired incorrectly, shouldnt cause that problem.
Please ignore above post, Here is simplified steps to reproduce that:
in clean WP installation,enter admin dashbord, then just use this code in plugin or fuctions.php
refresh dashboard page. you will see the error:
"Sorry, you are not allowed to access this page."
(with WP_DEBUG there shows also: Warning: Use of undefined constant AUTH_COOKIE - assumed 'AUTH_COOKIE' (this will throw an Error in a future version of PHP) in D:\SAQME\CODES\_install\wamp\installed\www\wp\3\wp-includes\pluggable.php on line 769 )
so, i think, many plugins are calling
get_user_locate
,get_bloginfo('language')
,load_default_textdomain
(or many many other functions, that callwp_get_current_user
finally), thus, also, many other plugins seems to use:require_once(ABSPATH . 'wp-includes/pluggable.php');
in their constructors (or directly in plain-code if not CLASS).
so, that breaks admin dashboards.