[wp-trac] [WordPress Trac] #43877: Do not run unnecessary `user_has_cap` filter if the caps to check for include `do_not_allow` already
WordPress Trac
noreply at wordpress.org
Fri Apr 27 12:27:30 UTC 2018
#43877: Do not run unnecessary `user_has_cap` filter if the caps to check for
include `do_not_allow` already
-----------------------------+------------------------------------------
Reporter: flixos90 | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version:
Severity: normal | Keywords: needs-patch needs-unit-tests
Focuses: |
-----------------------------+------------------------------------------
`do_not_allow` is a fake capability used essentially as a blacklist,
saying that nobody can perform that action. It's typically returned in the
`map_meta_cap()` result for an actual capability check. If `do_not_allow`
is part of that array, it is immediately clear that the final result of
the `WP_User::has_cap()` method will be `false`.
Currently however, the following code in the function still executes,
including a `user_has_cap` filter. Since we already know the return value
if `do_not_allow` is present in the `$caps` array checked for, everything
happening afterwards is entirely unnecessary overhead. Especially since
[40993] it should be clear that nothing can get around a `do_not_allow`
being present.
For efficiency and possibly performance reasons, I suggest we check for
`do_not_allow` right after the `map_meta_cap()` call, and if it is
present, return false.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43877>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list