[wp-trac] [WordPress Trac] #19373: wp_insert_post() should not contain current_user_can() checks
WordPress Trac
noreply at wordpress.org
Tue Apr 2 12:36:53 UTC 2013
#19373: wp_insert_post() should not contain current_user_can() checks
---------------------------------+------------------
Reporter: alexkingorg | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.6
Component: Taxonomy | Version: 3.0
Severity: major | Resolution:
Keywords: 3.4-early has-patch |
---------------------------------+------------------
Comment (by kovshenin):
I'm -1 on this. I think everything that goes into the database, whether by
a logged in user action, anonymous user or cron, should be sanitized.
Every post should have an author, and post_author = 0 sucks. We ran into a
similar situation when allowing anonymous users to create draft posts, so
we created a new user with minimum required caps, and inserted all the new
posts on behalf of that user with `wp_set_current_user`, just don't forget
to `wp_set_current_user` back to 0 when you're done.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/19373#comment:20>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list