[wp-trac] [WordPress Trac] #24169: WP_Customize_Manager loads the current user too early
WordPress Trac
noreply at wordpress.org
Tue Jul 7 00:23:38 UTC 2015
#24169: WP_Customize_Manager loads the current user too early
-------------------------------------------+--------------------------
Reporter: johnjamesjacoby | Owner: westonruter
Type: defect (bug) | Status: accepted
Priority: normal | Milestone: 4.3
Component: Customize | Version: 3.4
Severity: major | Resolution:
Keywords: needs-patch reporter-feedback | Focuses:
-------------------------------------------+--------------------------
Changes (by westonruter):
* keywords: needs-patch => needs-patch reporter-feedback
Comment:
OK, the current user is getting set during the `setup_theme` action (and
the `WP_Customize_Manager::setup_theme()` method) when this call is done:
{{{#!php
if ( ! current_user_can( 'customize' ) ) {
$this->wp_die( -1 );
}
}}}
I don't know what can be done to change this securely from a Customizer
perspective. Can the plugin logic be changed to just do it thing later at
the `init`, `wp_loaded`, `parse_request`, or `wp` actions instead of at
the `set_current_user` action?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/24169#comment:16>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list