Support » Plugin: MonsterInsights - Google Analytics Dashboard for WordPress (Website Stats Made Easy) » calling current_user_can() function incorrectly.

  • Resolved Paul Menard


    I posted this to another thread but then noticed it was already marked as resolved. So this might be seen as a duplicate. Apologies.

    In version 6.2.7 of your plugin. In the file class-am-notifications.php in the function get_remote_notifications() line 92 you have the following:

    if ( ! current_user_can( apply_filters( ‘am_notifications_display’, is_super_admin() ) ) ) {

    In the inner command you have a filter which will return true or false.
    apply_filters( ‘am_notifications_display’, is_super_admin() )

    Then you are passing this true/false into the current_user_can() as the first parameter. This is wrong. You should be passing a string like ‘manage_options’ or ‘edit_posts’ etc. a capability.

    Down the line when other plugins who are subscribed to the ‘map_meta_cap’ filter receive true or false as the $cap parameter (second) instead of a string.

Viewing 5 replies - 1 through 5 (of 5 total)
Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘calling current_user_can() function incorrectly.’ is closed to new replies.