[wp-trac] [WordPress Trac] #41059: Prevent `do_not_allow` from being added as a capability

WordPress Trac noreply at wordpress.org
Thu Jun 15 09:12:47 UTC 2017

#41059: Prevent `do_not_allow` from being added as a capability
 Reporter:  peterwilsoncc    |      Owner:
     Type:  enhancement      |     Status:  new
 Priority:  normal           |  Milestone:  Awaiting Review
Component:  Role/Capability  |    Version:
 Severity:  normal           |   Keywords:  needs-patch
  Focuses:                   |
 In meta capabilities, WordPress uses the keyword `do_not_allow` to
 indicate a user should be blocked from performing a particular action
 includes/capabilities.php?marks=34-37#L34 code ref]).

 `WP_User`, `WP_Role` and `WP_Roles` do not prevent a theme or plugin from
 adding `do_not_allow` as a capability. Adding this capability would cause
 unexpected behaviour so it should be blocked as a hardening measure.

Ticket URL: <https://core.trac.wordpress.org/ticket/41059>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list