[wp-trac] [WordPress Trac] #43043: WP Customizer checks current_user_can() too early
WordPress Trac
noreply at wordpress.org
Sat Nov 30 22:11:49 UTC 2019
#43043: WP Customizer checks current_user_can() too early
---------------------------+------------------------
Reporter: jamesmehorter | Owner: (none)
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Customize | Version: 3.4
Severity: normal | Resolution: duplicate
Keywords: | Focuses:
---------------------------+------------------------
Changes (by dlh):
* status: new => closed
* version: 4.9.1 => 3.4
* resolution: => duplicate
* milestone: Awaiting Review =>
Comment:
Having re-read both tickets, I think it would be fair to mark this ticket
as a duplicate of #24169. As I understand it, the security concern
described in ticket:24169#comment:4 that necessitates capability checks
before `after_setup_theme` also applies in the VIP scenario described
here.
If an approach becomes available to soften the blow of this limitation, as
was sought after in #24169, I would move that it be added there so as to
continue the previous discussion.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43043#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list