[wp-trac] [WordPress Trac] #52076: Checking anonymous user's exist capability returns inconsistent results across functions.
WordPress Trac
noreply at wordpress.org
Tue Dec 15 01:55:59 UTC 2020
#52076: Checking anonymous user's exist capability returns inconsistent results
across functions.
-----------------------------+-----------------------------
Reporter: peterwilsoncc | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
While looking at extending the capability checks to include the anonymous
users, I've noticed the `exist` capability returns different results
depending on how it is checked.
As noted in `WP_User`, all users are allowed to exist including the
anonymous and invalid user IDs. (An invalid user ID in
`wp_set_current_user()` sets the site to use the anonymous user).
Running the following in a WP CLI shell will demonstrate the problem:
{{{
wp> wp_set_current_user( 0 )
// Logs anon user object
wp> current_user_can( 'exist' );
bool(true)
wp> wp_get_current_user()->has_cap( 'exist' );
bool(true)
wp> user_can( 0, 'exist' );
bool(false)
wp> wp_get_current_user()->exist()
bool(false)
wp> user_can( wp_get_current_user(), 'exist' );
bool(false)
}}}
In an ideal world, each of these would return the correct result (`true`)
consistently.
Such changes have backward compatibility concerns so it would be good to
get other's thoughts on the ability to change this to be consistent.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52076>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list