Users: Fail gracefully when checking mapped capabilities without providing the required object ID.
This avoids an `Undefined array key 0` PHP warning for `current_user_can()` capability checks that require a specific object to check against but an object ID was not passed. A `_doing_it_wrong()` notice is also added, so that developers and site administrators are aware that the capability mapping is failing in the absence of the required object ID. The list of mapped capabilities that require an object ID: * `delete_post` / `delete_page` * `edit_post` / `edit_page` * `read_post` / `read_page` * `publish_post` * `edit_(post|comment|term|user)_meta` / `delete_*_meta` / `add_*_meta` * `edit_comment` * `edit_term` / `delete_term` / `assign_term` Follow-up to [34091], [34113], [47178]. Props jeherve, peterwilsoncc, henry.wright, johnbillion, mattheweppelsheimer, hellofromTonya, JeffPaul, azouamauriac, Ninos Ego, TobiasBg, wpsmith, GaryJ, nacin, johnstonphilip, azaozz, SergeyBiryukov. Fixes #44591. Built from https://develop.svn.wordpress.org/trunk@53408 git-svn-id: http://core.svn.wordpress.org/trunk@52997 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
571e1e01b3
commit
2972db4ba5
|
@ -73,6 +73,25 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
break;
|
break;
|
||||||
case 'delete_post':
|
case 'delete_post':
|
||||||
case 'delete_page':
|
case 'delete_page':
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
if ( 'delete_post' === $cap ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
|
||||||
|
} else {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
|
||||||
|
}
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$post = get_post( $args[0] );
|
$post = get_post( $args[0] );
|
||||||
if ( ! $post ) {
|
if ( ! $post ) {
|
||||||
$caps[] = 'do_not_allow';
|
$caps[] = 'do_not_allow';
|
||||||
|
@ -92,7 +111,18 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
$post_type = get_post_type_object( $post->post_type );
|
$post_type = get_post_type_object( $post->post_type );
|
||||||
if ( ! $post_type ) {
|
if ( ! $post_type ) {
|
||||||
/* translators: 1: Post type, 2: Capability name. */
|
/* translators: 1: Post type, 2: Capability name. */
|
||||||
_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );
|
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf(
|
||||||
|
$message,
|
||||||
|
'<code>' . $post->post_type . '</code>',
|
||||||
|
'<code>' . $cap . '</code>'
|
||||||
|
),
|
||||||
|
'4.4.0'
|
||||||
|
);
|
||||||
|
|
||||||
$caps[] = 'edit_others_posts';
|
$caps[] = 'edit_others_posts';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -146,6 +176,25 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
// edit_others_posts.
|
// edit_others_posts.
|
||||||
case 'edit_post':
|
case 'edit_post':
|
||||||
case 'edit_page':
|
case 'edit_page':
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
if ( 'edit_post' === $cap ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
|
||||||
|
} else {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
|
||||||
|
}
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$post = get_post( $args[0] );
|
$post = get_post( $args[0] );
|
||||||
if ( ! $post ) {
|
if ( ! $post ) {
|
||||||
$caps[] = 'do_not_allow';
|
$caps[] = 'do_not_allow';
|
||||||
|
@ -163,7 +212,18 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
$post_type = get_post_type_object( $post->post_type );
|
$post_type = get_post_type_object( $post->post_type );
|
||||||
if ( ! $post_type ) {
|
if ( ! $post_type ) {
|
||||||
/* translators: 1: Post type, 2: Capability name. */
|
/* translators: 1: Post type, 2: Capability name. */
|
||||||
_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );
|
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf(
|
||||||
|
$message,
|
||||||
|
'<code>' . $post->post_type . '</code>',
|
||||||
|
'<code>' . $cap . '</code>'
|
||||||
|
),
|
||||||
|
'4.4.0'
|
||||||
|
);
|
||||||
|
|
||||||
$caps[] = 'edit_others_posts';
|
$caps[] = 'edit_others_posts';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -215,6 +275,25 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
break;
|
break;
|
||||||
case 'read_post':
|
case 'read_post':
|
||||||
case 'read_page':
|
case 'read_page':
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
if ( 'read_post' === $cap ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
|
||||||
|
} else {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific page.' );
|
||||||
|
}
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$post = get_post( $args[0] );
|
$post = get_post( $args[0] );
|
||||||
if ( ! $post ) {
|
if ( ! $post ) {
|
||||||
$caps[] = 'do_not_allow';
|
$caps[] = 'do_not_allow';
|
||||||
|
@ -232,7 +311,18 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
$post_type = get_post_type_object( $post->post_type );
|
$post_type = get_post_type_object( $post->post_type );
|
||||||
if ( ! $post_type ) {
|
if ( ! $post_type ) {
|
||||||
/* translators: 1: Post type, 2: Capability name. */
|
/* translators: 1: Post type, 2: Capability name. */
|
||||||
_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );
|
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf(
|
||||||
|
$message,
|
||||||
|
'<code>' . $post->post_type . '</code>',
|
||||||
|
'<code>' . $cap . '</code>'
|
||||||
|
),
|
||||||
|
'4.4.0'
|
||||||
|
);
|
||||||
|
|
||||||
$caps[] = 'edit_others_posts';
|
$caps[] = 'edit_others_posts';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -249,7 +339,18 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
$status_obj = get_post_status_object( get_post_status( $post ) );
|
$status_obj = get_post_status_object( get_post_status( $post ) );
|
||||||
if ( ! $status_obj ) {
|
if ( ! $status_obj ) {
|
||||||
/* translators: 1: Post status, 2: Capability name. */
|
/* translators: 1: Post status, 2: Capability name. */
|
||||||
_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post status %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post with that status.' ), get_post_status( $post ), $cap ), '5.4.0' );
|
$message = __( 'The post status %1$s is not registered, so it may not be reliable to check the capability %2$s against a post with that status.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf(
|
||||||
|
$message,
|
||||||
|
'<code>' . get_post_status( $post ) . '</code>',
|
||||||
|
'<code>' . $cap . '</code>'
|
||||||
|
),
|
||||||
|
'5.4.0'
|
||||||
|
);
|
||||||
|
|
||||||
$caps[] = 'edit_others_posts';
|
$caps[] = 'edit_others_posts';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -268,6 +369,20 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'publish_post':
|
case 'publish_post':
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$post = get_post( $args[0] );
|
$post = get_post( $args[0] );
|
||||||
if ( ! $post ) {
|
if ( ! $post ) {
|
||||||
$caps[] = 'do_not_allow';
|
$caps[] = 'do_not_allow';
|
||||||
|
@ -277,7 +392,18 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
$post_type = get_post_type_object( $post->post_type );
|
$post_type = get_post_type_object( $post->post_type );
|
||||||
if ( ! $post_type ) {
|
if ( ! $post_type ) {
|
||||||
/* translators: 1: Post type, 2: Capability name. */
|
/* translators: 1: Post type, 2: Capability name. */
|
||||||
_doing_it_wrong( __FUNCTION__, sprintf( __( 'The post type %1$s is not registered, so it may not be reliable to check the capability "%2$s" against a post of that type.' ), $post->post_type, $cap ), '4.4.0' );
|
$message = __( 'The post type %1$s is not registered, so it may not be reliable to check the capability %2$s against a post of that type.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf(
|
||||||
|
$message,
|
||||||
|
'<code>' . $post->post_type . '</code>',
|
||||||
|
'<code>' . $cap . '</code>'
|
||||||
|
),
|
||||||
|
'4.4.0'
|
||||||
|
);
|
||||||
|
|
||||||
$caps[] = 'edit_others_posts';
|
$caps[] = 'edit_others_posts';
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -297,7 +423,33 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
case 'delete_user_meta':
|
case 'delete_user_meta':
|
||||||
case 'add_user_meta':
|
case 'add_user_meta':
|
||||||
$object_type = explode( '_', $cap )[1];
|
$object_type = explode( '_', $cap )[1];
|
||||||
$object_id = (int) $args[0];
|
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
if ( 'post' === $object_type ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific post.' );
|
||||||
|
} elseif ( 'comment' === $object_type ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific comment.' );
|
||||||
|
} elseif ( 'term' === $object_type ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific term.' );
|
||||||
|
} else {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific user.' );
|
||||||
|
}
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
$object_id = (int) $args[0];
|
||||||
|
|
||||||
$object_subtype = get_object_subtype( $object_type, $object_id );
|
$object_subtype = get_object_subtype( $object_type, $object_id );
|
||||||
|
|
||||||
|
@ -392,6 +544,20 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case 'edit_comment':
|
case 'edit_comment':
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific comment.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$comment = get_comment( $args[0] );
|
$comment = get_comment( $args[0] );
|
||||||
if ( ! $comment ) {
|
if ( ! $comment ) {
|
||||||
$caps[] = 'do_not_allow';
|
$caps[] = 'do_not_allow';
|
||||||
|
@ -532,6 +698,20 @@ function map_meta_cap( $cap, $user_id, ...$args ) {
|
||||||
case 'edit_term':
|
case 'edit_term':
|
||||||
case 'delete_term':
|
case 'delete_term':
|
||||||
case 'assign_term':
|
case 'assign_term':
|
||||||
|
if ( ! isset( $args[0] ) ) {
|
||||||
|
/* translators: %s: Capability name. */
|
||||||
|
$message = __( 'When checking for the %s capability, you must always check it against a specific term.' );
|
||||||
|
|
||||||
|
_doing_it_wrong(
|
||||||
|
__FUNCTION__,
|
||||||
|
sprintf( $message, '<code>' . $cap . '</code>' ),
|
||||||
|
'6.1.0'
|
||||||
|
);
|
||||||
|
|
||||||
|
$caps[] = 'do_not_allow';
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
$term_id = (int) $args[0];
|
$term_id = (int) $args[0];
|
||||||
$term = get_term( $term_id );
|
$term = get_term( $term_id );
|
||||||
if ( ! $term || is_wp_error( $term ) ) {
|
if ( ! $term || is_wp_error( $term ) ) {
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '6.1-alpha-53404';
|
$wp_version = '6.1-alpha-53408';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue