[wp-trac] [WordPress Trac] #52076: Checking anonymous user's exist capability returns inconsistent results across functions.
WordPress Trac
noreply at wordpress.org
Mon Jan 18 16:09:12 UTC 2021
#52076: Checking anonymous user's exist capability returns inconsistent results
across functions.
-------------------------------------------------+-------------------------
Reporter: peterwilsoncc | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.7
Component: Role/Capability | Version:
Severity: normal | Resolution:
Keywords: early has-patch needs-unit-tests | Focuses:
needs-dev-note |
-------------------------------------------------+-------------------------
Comment (by TimothyBlynJacobs):
Though, thinking on that more. If someone is intentionally doing
`wp_get_current_user()->has_cap()` so that logged out users were handled.
If we do care about that risk, I guess we could pass a flag to `has_cap`
when called from `(current_)user_can` that would enable that stricter
checking. But that sounds a bit ugly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52076#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list