[wp-trac] [WordPress Trac] #44972: wp_get_current_user() misbehavior
WordPress Trac
noreply at wordpress.org
Sun Sep 23 14:54:22 UTC 2018
#44972: wp_get_current_user() misbehavior
--------------------------+------------------------------
Reporter: tazotodua | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Users | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by SergeyBiryukov):
* component: General => Users
Old description:
> You might say that the problem is coming from plugins, but wanted to
> mention this:
>
> Sometimes, I've found that some plugins use:
>
> `$smth = get_bloginfo('language'...);`
>
> 1) directly in plugin php file (i mean out of the hook, just directly as
> a new line),
>
> 2) or sometimes that code is used in `class` __construct method (not
> different than first one - you know, constructor is executed directly
> too).
>
> to reproduce the problem, just place that line in any
> plugin/functions.php, then enter WP dashboard, and you get:
>
> `Sorry, you are not allowed to access this page.`
>
> yes, just using that code in XYZ plugin (without any further action, just
> that code), causes you to be blocked out from wp.
>
> I've researched and the chain goes like ->
> get_bloginfo()->get_user_locale() ->wp_get_current_user()---->
> `wp_set_current_user( $user_id );` <---- this one makes the issue i
> think.
>
> so, i dont know, but i think get_bloginfo function (or get_current user
> function) which may be **EVEN** fired incorrectly, shouldnt cause that
> problem.
New description:
You might say that the problem is coming from plugins, but wanted to
mention this:
Sometimes, I've found that some plugins use:
`$smth = get_bloginfo('language'...);`
1) directly in plugin php file (i mean out of the hook, just directly as a
new line),
2) or sometimes that code is used in `class` `__construct` method (not
different than first one - you know, constructor is executed directly
too).
to reproduce the problem, just place that line in any
plugin/functions.php, then enter WP dashboard, and you get:
`Sorry, you are not allowed to access this page.`
yes, just using that code in XYZ plugin (without any further action, just
that code), causes you to be blocked out from wp.
I've researched and the chain goes like ->
get_bloginfo()->get_user_locale() ->wp_get_current_user()---->
`wp_set_current_user( $user_id );` <---- this one makes the issue i think.
so, i dont know, but i think get_bloginfo function (or get_current user
function) which may be **EVEN** fired incorrectly, shouldnt cause that
problem.
--
Comment:
Related: #14024, #43869.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44972#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list