[wp-trac] [WordPress Trac] #52076: Checking anonymous user's exist capability returns inconsistent results across functions.
WordPress Trac
noreply at wordpress.org
Tue Dec 15 02:01:03 UTC 2020
#52076: Checking anonymous user's exist capability returns inconsistent results
across functions.
-----------------------------+------------------------------
Reporter: peterwilsoncc | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Description changed by peterwilsoncc:
Old description:
> While looking at extending the capability checks to include the anonymous
> users, I've noticed the `exist` capability returns different results
> depending on how it is checked.
>
> As noted in `WP_User`, all users are allowed to exist including the
> anonymous and invalid user IDs. (An invalid user ID in
> `wp_set_current_user()` sets the site to use the anonymous user).
>
> Running the following in a WP CLI shell will demonstrate the problem:
>
> {{{
> wp> wp_set_current_user( 0 )
> // Logs anon user object
> wp> current_user_can( 'exist' );
> bool(true)
> wp> wp_get_current_user()->has_cap( 'exist' );
> bool(true)
> wp> user_can( 0, 'exist' );
> bool(false)
> wp> wp_get_current_user()->exist()
> bool(false)
> wp> user_can( wp_get_current_user(), 'exist' );
> bool(false)
> }}}
>
> In an ideal world, each of these would return the correct result (`true`)
> consistently.
>
> Such changes have backward compatibility concerns so it would be good to
> get other's thoughts on the ability to change this to be consistent.
New description:
While looking at extending the capability checks to include the anonymous
users, I've noticed the `exist` capability returns different results
depending on how it is checked.
As noted in `WP_User`, all users are allowed to exist including the
anonymous and invalid user IDs. (An invalid user ID in
`wp_set_current_user()` sets the site to use the anonymous user).
Running the following in a WP CLI shell will demonstrate the problem:
{{{
wp> wp_set_current_user( 0 )
// Logs anon user object
wp> current_user_can( 'exist' );
bool(true)
wp> wp_get_current_user()->has_cap( 'exist' );
bool(true)
wp> user_can( 0, 'exist' );
bool(false)
wp> wp_get_current_user()->exists()
bool(false)
wp> user_can( wp_get_current_user(), 'exist' );
bool(false)
}}}
In an ideal world, each of these would return the correct result (`true`)
consistently.
Such changes have backward compatibility concerns so it would be good to
get other's thoughts on the ability to change this to be consistent.
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52076#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list