Bug with map_meta_cap filter

  • Resolved Robert O’Rourke

    (@sanchothefat)


    3 years, 6 months ago

    Hi, I’ve found some compatibility issues – there are cases where the security plugin wipes out admin menus and breaks capability checks.

    In some cases the map_meta_cap filter’s 2nd parameter $cap evaluates to true, so because the following code in the Editors Service does not do a strict comparison the condition will pass:

    
public function disable_file_edit( $caps, $cap ) {
	if ( in_array( $cap, array( 'edit_themes', 'edit_plugins', 'edit_files' ) ) ) {
		return array( 'sg-security' );
	}

	return $caps;
}

    The in_array() function should use the 3rd argument as true so it does a strict comparison rather than a loose one.

    Cheers!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Thread Starter Robert O’Rourke

    (@sanchothefat)

    3 years, 6 months ago

    Sorry, I found some other offending code that was calling current_user_can() instead of just passing a capability string.

    It’s still a good idea to use strict comparisons with in_array() though.

    Plugin Support Delyan Delov

    (@delyandelov)

    3 years, 6 months ago

    Thank you for the suggestion, @sanchothefat!

    I have passed it to our developers so they can consider making the code modification in some of the future plugin releases.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Bug with map_meta_cap filter’ is closed to new replies.