[wp-trac] [WordPress Trac] #40950: wp_terms_checklist() does not pass $post_id to current_user_can()
WordPress Trac
noreply at wordpress.org
Thu Jun 8 15:00:38 UTC 2017
#40950: wp_terms_checklist() does not pass $post_id to current_user_can()
----------------------------+-----------------------------
Reporter: anigel | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: trunk
Severity: normal | Keywords:
Focuses: |
----------------------------+-----------------------------
An incorrect post_id gets passed in $args to a filter on map_meta_cap,
when wp_terms_checklist() does a capability check to see if category
checkboxes should get a disabled attribute.
`$args['disabled'] = ! current_user_can( $tax->cap->assign_terms );`
We had an issue where we were checking the post type in a map_meta_cap
filter and it was always showing a standard post type instead of the
appropriate custom post type leading to category checkboxes being
disabled.
Expected behaviour: The post_id passed in $args to the map_meta_cap
callback should relate to the post being edited / created
How to recreate:
1. Create a custom Post Type
2. Add a filter on map_meta_cap
3. Create or edit a post
4. Check the value passed in $args to your filter when wp_terms_checklist
does a capability check to see if categories should get a disabled
attribute.
Workaround: Use the global $post variable instead of the passed post_id
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40950>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list