[wp-trac] [WordPress Trac] #22698: Broken capability checks with current_user_can() + map_meta_cap()
WordPress Trac
noreply at wordpress.org
Mon Dec 3 18:06:26 UTC 2012
#22698: Broken capability checks with current_user_can() + map_meta_cap()
-----------------------------+--------------------------
Reporter: Veraxus | Type: defect (bug)
Status: new | Priority: normal
Milestone: Awaiting Review | Component: Validation
Version: trunk | Severity: critical
Keywords: needs-patch |
-----------------------------+--------------------------
Running the latest cutting-edge nightly of WordPress 3.5...
When calling '''current_user_can()''', if the second '''''optional'''''
argument is not provided, then '''map_meta_cap()''' breaks since certain
capability checks (''delete_page'', ''edit_post'', etc) ''assume'' that
$args[] is provided, despite being optional.
Here is the error when attempting
'''current_user_can('edit_post')''':[[BR]]
{{{Undefined offset: 0 in stuff/wp-includes/capabilities.php on line
1067}}}
The code in question is:
{{{
$args = array_slice( func_get_args(), 2 );
...
case 'edit_page':
$post = get_post( $args[0] );
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22698>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list