[wp-trac] [WordPress Trac] #18932: WP_User::set_role
WordPress Trac
wp-trac at lists.automattic.com
Thu Oct 13 19:19:11 UTC 2011
#18932: WP_User::set_role
--------------------------+-----------------------------
Reporter: jammitch | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.2.1
Severity: normal | Keywords:
--------------------------+-----------------------------
The first thing WP_User::set_role does is clears out the user's existing
caps array. Then it checks to see if the passed-in role is the user's
current role, and quits the function if so. This is great if the role
actually changes. If it does not, this leaves the user with the same role,
but '''without any caps whatsoever''' for the remainder of the current
page.
Core WordPress code may not use the function in this way, but plugins may.
Workaround:
Plugins calling set_role should wrap the call in the same-role check found
inside the function.
Fix:
Do the same-role check prior to unsetting the caps.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/18932>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list