Skip to:

Opened 7 years ago

Closed 7 years ago

#3186 closed enhancement (fixed)

bbp_check_for_duplicate() - Switch current_user_can() to user_can()?

Reported by: r-a-y's profile r-a-y Owned by: johnjamesjacoby's profile johnjamesjacoby
Milestone: 2.6 Priority: high
Severity: normal Version: 2.0
Component: General - Content Creation Keywords: has-patch commit


I use the bbp_check_for_duplicate() function in a plugin of mine. However, my plugin is mostly used in logged-out instances.

bbp_check_for_duplicate() has a check to see if the current user can bypass the throttle setting with current_user_can( 'throttle' ).

Would it be suitable to change this to user_can() instead? That way, this function can be used outside of logged-in instances.

Attached patch switches out current_user_can( 'throttle' ) for user_can( (int) $r['post_author'], 'throttle' ). Throttle check uses the post author ID.

Let me know what you think.

Attachments (1)

3186.01.patch (758 bytes) - added by r-a-y 7 years ago.

Download all attachments as: .zip

Change History (3)

7 years ago

#1 @johnjamesjacoby
7 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Review to 2.6
  • Owner set to johnjamesjacoby
  • Priority changed from normal to high

#2 @johnjamesjacoby
7 years ago

  • Resolution set to fixed
  • Status changed from new to closed

In 6753:

Duplicates: check post_author argument instead of current user.

This change brings duplicate checking up to speed with flood and blacklist checks by preferring user_can() over current_user_can(), and plays a bit more friendly with anonymous author IDs.

Props r-a-y. Fixes #3186.

Note: See TracTickets for help on using tickets.