[wp-trac] [WordPress Trac] #58001: Lazy load user capabilities in WP_User object
WordPress Trac
noreply at wordpress.org
Thu Oct 9 20:15:39 UTC 2025
#58001: Lazy load user capabilities in WP_User object
--------------------------------------------+------------------------------
Reporter: spacedmonkey | Owner: flixos90
Type: enhancement | Status: reopened
Priority: normal | Milestone: 6.9
Component: Users | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests early | Focuses: multisite,
| performance
--------------------------------------------+------------------------------
Changes (by TimothyBlynJacobs):
* status: closed => reopened
* resolution: fixed =>
Comment:
Making those properties protected broke our tests. `get_object_vars` (and
similar functions) behave differently now that those properties are
protected. In `get_object_vars` they are completely stripped.
This also broke `WP_User::to_array()`, that's a straightforward fix which
is nice.
But considering how caps and roles are intrinsically security related,
this change seems particularly risky.
Reopening because I think we must fix the `WP_User::to_array()` behavior.
I'm less confident that the broader `get_object_vars` like issues are a
blocker. But it seems most of the discussion focused on folks writing to
those properties.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58001#comment:39>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list