[wp-trac] [WordPress Trac] #15341: current_user_can needs to be more defensive
WordPress Trac
wp-trac at lists.automattic.com
Mon Nov 8 16:05:49 UTC 2010
#15341: current_user_can needs to be more defensive
--------------------------+-------------------------------------------------
Reporter: OS1 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.0.1
Severity: normal | Keywords: current_user_can First argument is expected to be a valid callback
--------------------------+-------------------------------------------------
If current_user_can() is called for WP_Error, as in a failed login, it
causes the following to be output to the viewed page:
Warning: call_user_func_array() [function.call-user-func-array]: First
argument is expected to be a valid callback, 'WP_Error::has_cap' was given
in /home/httpd-81.171.44.131/www.igennus-an.com/html/wp-
includes/capabilities.php on line 1067
The function current_user_can() blindly calls call_user_func_array()
without checking the function exists in that object. I think that
something like this:
function current_user_can( $capability ) {
$current_user = wp_get_current_user();
if ( empty( $current_user ) )
return false;
$args = array_slice( func_get_args(), 1 );
$args = array_merge( array( $capability ), $args );
// Get the class of the user object
$userClass = get_class($current_user);
// Get public methods in the class
$methodArr = get_class_methods($userClass);
// Check the capability method is supported by the user object
if (in_array("has_cap" , $methodArr))
{
return call_user_func_array( array( &$current_user, 'has_cap' ),
$args );
}
return false;
}
needs to be done.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15341>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list