[wp-trac] [WordPress Trac] #15122: current_user_can_for_blog() doesn't use map_meta_cap for multisite user admins
WordPress Trac
wp-trac at lists.automattic.com
Fri Oct 15 05:56:43 UTC 2010
#15122: current_user_can_for_blog() doesn't use map_meta_cap for multisite user
admins
-----------------------------+----------------------------------------------
Reporter: jamescollins | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Role/Capability | Version: 3.0
Severity: normal | Keywords:
-----------------------------+----------------------------------------------
[12796] introduced a new current_user_can_for_blog() function, which was
based on how the existing current_user_can() function was implemented.
This included this check:
{{{
if( is_multisite() && is_super_admin() )
return true;
}}}
Then in [13270]/#12109, the current_user_can() function was modified so
that map_meta_cap is always used for multisite user admins.
However this change didn't include the necessary change to the
current_user_can_for_blog() function as well.
This means that currently the current_user_can_for_blog() will always
return true for multisite user admins, without map_meta_cap ever being
used.
Patch attached.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/15122>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list