[wp-trac] [WordPress Trac] #19373: wp_insert_post() should not contain current_user_can() checks
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 29 06:56:32 UTC 2011
#19373: wp_insert_post() should not contain current_user_can() checks
---------------------------------+-----------------------------
Reporter: alexkingorg | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Future Release
Component: Taxonomy | Version: 3.0
Severity: major | Resolution:
Keywords: 3.4-early has-patch |
---------------------------------+-----------------------------
Comment (by alexkingorg):
Replying to [comment:13 scribu]:
> With the current path, is it true that sanitize_post() still runs as the
current user?
>
> I would assume that's not trivial to fix, though.
Exactly. This will allow bypassing it in "programmatic" mode, but the work
the sanitization is doing is too far down the chain. Getting it inline
with this approach would take more refactoring than is likely to be
considered reasonable.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19373#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list