[wp-trac] [WordPress Trac] #62786: wp_insert_post should not check for current_user_can( $taxonomy_obj->cap->assign_terms )
WordPress Trac
noreply at wordpress.org
Wed Jan 8 09:17:17 UTC 2025
#62786: wp_insert_post should not check for current_user_can(
$taxonomy_obj->cap->assign_terms )
--------------------------+-----------------------------
Reporter: picocodes | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Taxonomy | Version: 6.7.1
Severity: normal | Keywords: 2nd-opinion
Focuses: |
--------------------------+-----------------------------
As in the title, the following line...
{{{#!php
<?php
if ( current_user_can( $taxonomy_obj->cap->assign_terms ) ) {
wp_set_post_terms( $post_id, $tags, $taxonomy );
}
}}}
... should instead be:-
{{{#!php
<?php
wp_set_post_terms( $post_id, $tags, $taxonomy );
}}}
This helps when programmatically inserting posts (for example via
webhooks). Anyone who needs to check capabilities should do so before
calling the function.
Removing the check shouldn't cause any problems since earlier in the code
we already set tags and categories without checking caps:-
{{{#!php
<?php
if ( is_object_in_taxonomy( $post_type, 'category' ) ) {
wp_set_post_categories( $post_id, $post_category );
}
if ( isset( $postarr['tags_input'] ) && is_object_in_taxonomy( $post_type,
'post_tag' ) ) {
wp_set_post_tags( $post_id, $postarr['tags_input'] );
}
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62786>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list