From c16e8b56163f6be9285a377111dc4255e4393cfa Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Mon, 14 Sep 2015 04:43:48 +0000 Subject: [PATCH] Add sanity checks in `map_meta_cap()`, return `'do_not_allow'` when posts don't exist. Adds unit test. Props ocean90, nerrad, filosofo. Fixes #23162. git-svn-id: https://develop.svn.wordpress.org/trunk@34113 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/capabilities-functions.php | 37 ++++++++++++++++++++-- tests/phpunit/tests/user/mapMetaCap.php | 10 ++++++ 2 files changed, 45 insertions(+), 2 deletions(-) diff --git a/src/wp-includes/capabilities-functions.php b/src/wp-includes/capabilities-functions.php index 0c1be98c1d..693fe267b6 100644 --- a/src/wp-includes/capabilities-functions.php +++ b/src/wp-includes/capabilities-functions.php @@ -47,9 +47,17 @@ function map_meta_cap( $cap, $user_id ) { case 'delete_post': case 'delete_page': $post = get_post( $args[0] ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } if ( 'revision' == $post->post_type ) { $post = get_post( $post->post_parent ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } } $post_type = get_post_type_object( $post->post_type ); @@ -97,13 +105,17 @@ function map_meta_cap( $cap, $user_id ) { case 'edit_post': case 'edit_page': $post = get_post( $args[0] ); - if ( empty( $post ) ) { + if ( ! $post ) { $caps[] = 'do_not_allow'; break; } if ( 'revision' == $post->post_type ) { $post = get_post( $post->post_parent ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } } $post_type = get_post_type_object( $post->post_type ); @@ -149,9 +161,17 @@ function map_meta_cap( $cap, $user_id ) { case 'read_post': case 'read_page': $post = get_post( $args[0] ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } if ( 'revision' == $post->post_type ) { $post = get_post( $post->post_parent ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } } $post_type = get_post_type_object( $post->post_type ); @@ -186,6 +206,11 @@ function map_meta_cap( $cap, $user_id ) { break; case 'publish_post': $post = get_post( $args[0] ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } + $post_type = get_post_type_object( $post->post_type ); if ( ! $post_type ) { /* translators: 1: post type, 2: capability name */ @@ -200,6 +225,11 @@ function map_meta_cap( $cap, $user_id ) { case 'delete_post_meta': case 'add_post_meta': $post = get_post( $args[0] ); + if ( ! $post ) { + $caps[] = 'do_not_allow'; + break; + } + $caps = map_meta_cap( 'edit_post', $user_id, $post->ID ); $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false; @@ -229,8 +259,11 @@ function map_meta_cap( $cap, $user_id ) { break; case 'edit_comment': $comment = get_comment( $args[0] ); - if ( empty( $comment ) ) + if ( ! $comment ) { + $caps[] = 'do_not_allow'; break; + } + $post = get_post( $comment->comment_post_ID ); /* diff --git a/tests/phpunit/tests/user/mapMetaCap.php b/tests/phpunit/tests/user/mapMetaCap.php index 27b8b8fe75..09e61e2811 100644 --- a/tests/phpunit/tests/user/mapMetaCap.php +++ b/tests/phpunit/tests/user/mapMetaCap.php @@ -37,6 +37,16 @@ class Tests_User_MapMetaCap extends WP_UnitTestCase { parent::tearDown(); } + /** + * @ticket 13905 + */ + function test_capability_type_post_with_invalid_id() { + $this->assertEquals( + array( 'do_not_allow' ), + map_meta_cap( 'edit_post', $this->user_id, $this->post_id + 1 ) + ); + } + function test_capability_type_post_with_no_extra_caps() { register_post_type( $this->post_type, array(