WordPress.org
Get WordPress

Make WordPress Core

Opened 21 months ago

Closed 17 months ago

Last modified 17 months ago

#61161 closed defect (bug) (duplicate)

current_user_can fatal error

Reported by: kkmuffme's profile kkmuffme Owned by:
Milestone: Priority: normal
Severity: normal Version: 2.0.3
Component: Role/Capability Keywords:
Focuses: Cc:

Description

current_user_can uses https://developer.wordpress.org/reference/functions/wp_get_current_user/ internally, however this function is only loaded only much after current_user_can is declared. This means using current_user_can on e.g. mu_plugins_loaded or plugin_loaded hook will result in a fatal error.

Changing the wp_get_current_user() call in there to _wp_get_current_user() fixes that issue, but then it fails on wp_set_current_user() which is pluggable too.

Change History (5)

#1 @siliconforks
21 months ago

Note that it has always been documented that the earliest you can access the current user is in the init action.

https://developer.wordpress.org/apis/hooks/action-reference/#actions-run-during-a-typical-request

So I would not expect it to work before init. (But it might make more sense to display a useful error message instead of crashing due to a missing function.)

#2 @kkmuffme
21 months ago

I know, but the problem is that this can accidentally make a plugin break another plugin or WP core alltogether with a fatal error.

e.g. plugin A:

<?php
function my_cb_a( $value ) {
    if ( isset( $_GET['foo'] ) && current_user_can( 'administrator' ) ) {
        return 'UTF-8';
    }

    return $value;
}
add_filter( 'pre_option_blog_charset', 'my_cb_a' );

plugin B:

<?php
function my_cb_b() {
    $example = get_option( 'blog_charset' );
}
add_action( 'plugins_loaded', 'my_cb_b' );

#3 @hellofromTonya
17 months ago

  • Version changed from 6.6 to 2.0.3

Changing the version that introduced this code. It was introduced WP 2.0.3 via [3566] (18 years ago).

#4 @hellofromTonya
17 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Severity changed from major to normal
  • Status changed from new to closed

Hello @kkmuffme,

Welcome back to WordPress Core Trac.

This has been discussed multiple times throughout the years. The first discussion and reasoning for it as well as using init was in #5265. More recently, it was discussed in #59000.

I'm closing this ticket as a duplicate of #5265. Doing so shifts the discussion into 1 ticket. After reviewing #5265, if there are new reasonings or concerns, please share those in that ticket and consider reopening it to restart and renew the discussion and considerations. Thanks.

Note: See TracTickets for help on using tickets.