[wp-trac] [WordPress Trac] #22698: Broken capability checks with current_user_can() + map_meta_cap()
WordPress Trac
noreply at wordpress.org
Mon Dec 3 18:08:41 UTC 2012
#22698: Broken capability checks with current_user_can() + map_meta_cap()
-----------------------------+------------------------------
Reporter: Veraxus | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 2.0
Severity: normal | Resolution:
Keywords: needs-patch |
-----------------------------+------------------------------
Changes (by nacin):
* version: trunk => 2.0
* component: Validation => Role/Capability
* severity: critical => normal
Comment:
The argument is not optional for the capability checks you are specifying:
edit_post, delete_post, etc.
These are "meta" capabilities and get mapped to primitive capabilities,
like edit_post'''s''', edit_others_posts, edit_published_posts,
edit_private_posts, based on the object being selected.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/22698#comment:1>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list