[wp-trac] [WordPress Trac] #31518: WP_User::has_cap and 'map_meta_cap' filter
WordPress Trac
noreply at wordpress.org
Sat Sep 5 23:46:42 UTC 2015
#31518: WP_User::has_cap and 'map_meta_cap' filter
-----------------------------+------------------------------
Reporter: dugi digitaly | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 2.0
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses:
-----------------------------+------------------------------
Description changed by johnbillion:
Old description:
> {{{
> add_filter('map_meta_cap', function(){return array();}, 1,0 );
> //<-backdor virus or any plugin
> var_dump( user_can( $admin_user_id = 1, 'unavailable cap' ) );
> //return true
> var_dump( user_can( $Subscriber_user_id = 3, 'remove_users' ) );
> //return true
>
> //The alternative I propose:
> // insert if(!in_array($cap,$caps)) return false; inside
> WP_User::has_cap( $cap ) after 'map_meta_cap' filter
> // OR
> // inside if(empty((array)$caps)) return false; inside
> WP_User::has_cap( $cap ) before the foreach
>
> }}}
> [https://core.trac.wordpress.org/browser/tags/4.1.1/src/wp-
> includes/capabilities.php#L965]
> [https://www.diffchecker.com/9cjznf39]
New description:
{{{
add_filter('map_meta_cap', function(){return array();}, 1,0 );
//<-backdoor virus or any plugin
var_dump( user_can( $admin_user_id = 1, 'unavailable cap' ) ); //return
true
var_dump( user_can( $Subscriber_user_id = 3, 'remove_users' ) ); //return
true
}}}
The alternative I propose:
insert `if(!in_array($cap,$caps)) return false;` inside `WP_User::has_cap(
$cap )` after 'map_meta_cap' filter
OR
insert `if(empty((array)$caps)) return false;` inside `WP_User::has_cap(
$cap )` before the foreach
[https://core.trac.wordpress.org/browser/tags/4.1.1/src/wp-
includes/capabilities.php#L965]
[https://www.diffchecker.com/9cjznf39]
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/31518#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list