[wp-trac] Re: [WordPress Trac] #5265: current_user_can() can run
before wp_get_current_user() is defined
WordPress Trac
wp-trac at lists.automattic.com
Mon Dec 10 03:17:51 GMT 2007
#5265: current_user_can() can run before wp_get_current_user() is defined
----------------------------+-----------------------------------------------
Reporter: Viper007Bond | Owner: anonymous
Type: defect | Status: reopened
Priority: normal | Milestone: 2.4
Component: Administration | Version: 2.3.1
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------------------------------
Changes (by Viper007Bond):
* status: closed => reopened
* resolution: invalid =>
* milestone: => 2.4
Comment:
Replying to [comment:7 DD32]:
> I meant in normal operation, {{{current_user_can()}}} wouldnt be called
until after plugins and {{{pluggable.php}}} had been loaded.
Correct, and I fixed my plugin to do that, but you shouldn't be able to
call a '''defined function properly''' and get WordPress to make a fatal
PHP error as a result. It's bad coding practice in my book. Having the
function not work as intended (like returning a null result) is one thing,
but literally breaking is another.
`current_user_can()` should either be defined later (and therefore be an
undefined function at the time of plugin loading) or better yet, should
not use functions not loaded yet.
So three possible solutions:
* Load `pluggable.php` before any user script is able to run so that
`current_user_can()` won't throw a PHP error[[BR]]
* Put a `function_exists()` check inside of `current_user_can()` so that
it can't run until everything it needs to operate is loaded[[BR]]
* Move `capabilities.php` to after plugins are loaded (seems like a bad
idea)
I hate to get in an open/close war, but WordPress shouldn't throw PHP
errors if a plugin calls a defined function correctly, no matter what. It
needs abort gracefully.
--
Ticket URL: <http://trac.wordpress.org/ticket/5265#comment:8>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list