Make WordPress Core

Opened 5 weeks ago

Closed 5 weeks ago

#62786 closed defect (bug) (duplicate)

wp_insert_post should not check for current_user_can( $taxonomy_obj->cap->assign_terms )

Reported by: picocodes's profile picocodes Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Taxonomy Keywords:
Focuses: Cc:

Description

As in the title, the following line...

<?php
if ( current_user_can( $taxonomy_obj->cap->assign_terms ) ) {
  wp_set_post_terms( $post_id, $tags, $taxonomy );
}

... should instead be:-

<?php
wp_set_post_terms( $post_id, $tags, $taxonomy );

This helps when programmatically inserting posts (for example via webhooks). Anyone who needs to check capabilities should do so before calling the function.

Removing the check shouldn't cause any problems since earlier in the code we already set tags and categories without checking caps:-

<?php
if ( is_object_in_taxonomy( $post_type, 'category' ) ) {
   wp_set_post_categories( $post_id, $post_category );
}

if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $post_type, 'post_tag' ) ) {
    wp_set_post_tags( $post_id, $postarr['tags_input'] );
}

Change History (1)

#1 @ocean90
5 weeks ago

  • Keywords 2nd-opinion removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 6.7.1 deleted

Thanks for your report, this issue is already tracked in #19373.

Note: See TracTickets for help on using tickets.