[wp-trac] [WordPress Trac] #44648: User creation even though an error is thrown

WordPress Trac noreply at wordpress.org
Mon Oct 8 13:59:29 UTC 2018

#44648: User creation even though an error is thrown
 Reporter:  apermo                        |       Owner:  (none)
     Type:  defect (bug)                  |      Status:  new
 Priority:  normal                        |   Milestone:  5.0
Component:  REST API                      |     Version:  4.9.7
 Severity:  normal                        |  Resolution:
 Keywords:  needs-patch needs-unit-tests  |     Focuses:

Comment (by apermo):

 I figured out what happens here.

 protected function update_meta_value( $object_id, $meta_key, $name, $value
 ) {
    $meta_type = $this->get_meta_type();
    if ( ! current_user_can(  "edit_{$meta_type}_meta", $object_id,
 $meta_key ) ) {

 Upon creating a new element $object_id is 0 when this function is called,
 and thus current_user_can will return false.

 This error also applies to setting meta for any other type like
 categories, post_tags... With the same impact, the element is created but
 a 403 is returned.

Ticket URL: <https://core.trac.wordpress.org/ticket/44648#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list