[wp-trac] [WordPress Trac] #21786: remove_cap can't unset a negative capability
WordPress Trac
wp-trac at lists.automattic.com
Tue Sep 4 09:17:14 UTC 2012
#21786: remove_cap can't unset a negative capability
-----------------------------+-----------------------------
Reporter: johnjamesjacoby | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version:
Severity: normal | Keywords: has-patch
-----------------------------+-----------------------------
WP_User::add_cap() accepts two parameters -- the second decides if a user
does or does not have the capability. I.E.:
{{{
$user->add_cap( 'foo', false );
}}}
means a user will not have a capability that any role otherwise allows.
WP_User::remove_cap( 'foo' ) incorrectly does an empty() check rather than
! isset(), preventing negative capabilities from being unset from a users
individual capabilities array.
This makes it impossible to revert negative capabilities without first
making them positive, and then removing them.
See: #9128
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21786>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list