[wp-trac] [WordPress Trac] #18934: Multisite issue cleaning up empty capabilities

WordPress Trac wp-trac at lists.automattic.com
Thu Oct 13 20:02:12 UTC 2011


#18934: Multisite issue cleaning up empty capabilities
--------------------------+-----------------------------
 Reporter:  jammitch      |      Owner:
     Type:  defect (bug)  |     Status:  new
 Priority:  normal        |  Milestone:  Awaiting Review
Component:  Multisite     |    Version:  3.2.1
 Severity:  normal        |   Keywords:
--------------------------+-----------------------------
 The following multisite-specific block of code in user-edit.php doesn't
 seem right:
 {{{
                 $cap = $wpdb->get_var( "SELECT meta_value FROM
 {$wpdb->usermeta} WHERE user_id = '{$user_id}' AND meta_key =
 '{$blog_prefix}capabilities' AND meta_value = 'a:0:{}'" );
                 if ( !is_network_admin() && null == $cap && $_POST[ 'role'
 ] == '' ) {
                         $_POST[ 'role' ] = 'contributor';
                         $delete_role = true;
                 }
 }}}

 The query appears to be checking whether the user in question specifically
 has no capabilities for the given blog. However, on the next line, it
 checks whether the result set from that query is null - that is, if the
 user does '''not''' have a no-capability entry. This includes users who
 don't have any capability entries at all (so there wouldn't be anything to
 delete) and users who actually have valid capabilities (whom I wouldn't
 think should be deleted).

 It's possible I'm misunderstanding this code, but my expectations here are
 that the line should read {{{null !== $cap}}}.

 I'm not sure if this occurs in standard workflows, but I ran into it when
 writing a plugin. To work around it, I back-populated {{{$_POST[ 'role'
 ]}}} with the user's current role.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/18934>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list