[wp-trac] [WordPress Trac] #19373: wp_insert_post() should not contain current_user_can() checks

WordPress Trac wp-trac at lists.automattic.com
Tue Nov 29 06:56:32 UTC 2011


#19373: wp_insert_post() should not contain current_user_can() checks
---------------------------------+-----------------------------
 Reporter:  alexkingorg          |       Owner:
     Type:  enhancement          |      Status:  new
 Priority:  normal               |   Milestone:  Future Release
Component:  Taxonomy             |     Version:  3.0
 Severity:  major                |  Resolution:
 Keywords:  3.4-early has-patch  |
---------------------------------+-----------------------------

Comment (by alexkingorg):

 Replying to [comment:13 scribu]:
 > With the current path, is it true that sanitize_post() still runs as the
 current user?
 >
 > I would assume that's not trivial to fix, though.

 Exactly. This will allow bypassing it in "programmatic" mode, but the work
 the sanitization is doing is too far down the chain. Getting it inline
 with this approach would take more refactoring than is likely to be
 considered reasonable.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/19373#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list