[wp-trac] [WordPress Trac] #47820: should update_option() check "manage_options" capability?
WordPress Trac
noreply at wordpress.org
Thu Aug 8 13:42:04 UTC 2019
#47820: should update_option() check "manage_options" capability?
--------------------------------+-----------------------------
Reporter: lllor | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Options, Meta APIs | Version:
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
--------------------------------+-----------------------------
Comment (by lllor):
Replying to [comment:2 SergeyBiryukov]:
> Hi @lllor, welcome to WordPress Trac! Thanks for the ticket!
>
> `update_option()` is a low-level utility function often used in contexts
when there's no logged-in user (Cron, CLI tools, etc.), so checking
capabilities is beyond its scope. See a similar discussion about
`wp_insert_post()` in #19373.
>
> > Or at least, write in the documentation that it's in the plugin
author's duty to verify it.
>
> We could definitely clarify that in the documentation.
Excellent! So, if I haven't misunderstood, update_option must be used only
in peculiar contexts and not as general-purpose interface to the wp-
options provided to the plugins.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/47820#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list