[wp-trac] [WordPress Trac] #16956: Comments Being Pulled from Non-Existent Post Types

Thu Jul 2 11:51:53 UTC 2015

#16956: Comments Being Pulled from Non-Existent Post Types
-----------------------------------+-----------------------------
 Reporter:  sterlo                 |       Owner:
     Type:  defect (bug)           |      Status:  new
 Priority:  normal                 |   Milestone:  Future Release
Component:  Posts, Post Types      |     Version:  3.1
 Severity:  normal                 |  Resolution:
 Keywords:  has-patch 2nd-opinion  |     Focuses:
-----------------------------------+-----------------------------
Changes (by boonebgorges):

 * milestone:  4.3 => Future Release

Comment:

 > I have some concerns that this could lead to unexpected capability
 escalation

 Are your concerns related to a general squeamishness about cap mapping, or
 are you imagining specific scenarios where escalation could occur? I'm
 struggling to describe a situation where meaningful cap escalation could
 take place. There is perhaps a concern that a plugin registers a post type
 'foo' and provides custom logic for, eg, 'edit_foo'; when the plugin is
 then deactivated, the WP interface will fall back on 'edit_post'; and
 while currently `current_user_can( 'edit_post' )` will always return false
 in these cases, with my proposed fix it will obey the general logic for
 'edit_post'. I can imagine cases where this might be problematic, but I'm
 also not sure how much WP can be responsible for it, given that caps are
 registered and processed at runtime.

 I personally don't feel comfortable moving forward with this during beta,
 so I'm moving it out of the milestone.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/16956#comment:38>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform