last update causes wp-admin to be unaccessible

Fatal error: Uncaught Error: Call to undefined function wp_get_current_user() in …/wp-includes/capabilities.php:640 Stack trace:
#0 …/wp-content/plugins/cache-control/admin.php(3): current_user_can(‘manage_options’)
#1 …/wp-content/plugins/cache-control/cache-control.php(399): require_once(‘/var/www/vhosts…’)
#2 …/wp-settings.php(362): include_once(‘/var/www/vhosts…’)
#3 …/wp-config.php(80): require_once(‘/var/www/vhosts…’)
#4 …/wp-load.php(37): require_once(‘/var/www/vhosts…’)
#5 …/wp-admin/admin.php(34): require_once(‘/var/www/vhosts…’)
#6 …/wp-admin/index.php(10): require_once(‘/var/www/vhosts…’)
#7 {main} thrown in …/wp-includes/capabilities.php on line 640

• This reply was modified 5 years, 3 months ago by cantoute.

I have not seen that so far on any of the sites I have access to. I want to make sure I’m clear, this occurs during authentication at wp-login.php, correct?

Can you include WordPress version number and other plugins (+versions) you have installed?

When do you see this error?

The wp_get_current_user function is provided by WordPress Core. Are you running an up-to-date version? That function was added some 15 years ago and I assume you must have updated since then, right?

WordPress Version 5.2.2
Logging in with administrator account

Plugins that I have are (all at current version)

Companion Auto Update (so all is updated daily)
W3 Total Cache
WebP Express
Yoast SEO
Redirection
Wordfence Security (as this had been updated today, I first tried to disable it and had no effect)

• This reply was modified 5 years, 3 months ago by cantoute.

Where could I see what has changed on latest release ?

Perhaps I could spot what happened.

I get to see this error for any page in wp-admin/ and if I had the cookie “remember me”

Trying to get to /wp-admin/ from a “private navigation window” I get a 503 error and as it’s behind a varnish it’s all I get.

https://plugins.trac.www.ads-software.com/changeset?sfp_email=&sfph_mail=&reponame=&new=2143903%40cache-control&old=2008476%40cache-control&sfp_email=&sfph_mail=

Perhaps the call to current_user_can() comes too early… as it brakes login page, It should only be called when user is logged in no ?

removing the call to this function would solve the issue for now… and avoid crashing other websites ?

as for now the only way to recover this is wp-cli or to delete the plugin folder via FTP

• This reply was modified 5 years, 3 months ago by cantoute.
• This reply was modified 5 years, 3 months ago by cantoute.

It’s only called if is_admin() is true, so you should already be logged in and looking on the administration dashboard.

I’m also not able to reproduce the problem by logging out of a site and going to the login page, or trying to log in again.

The docs for that function also clearly states that “is_admin() will return false when trying to access wp-login.php.”

• This reply was modified 5 years, 3 months ago by Dan.
• This reply was modified 5 years, 3 months ago by Dan. Reason: clearer language
• This reply was modified 5 years, 3 months ago by Dan. Reason: refer to function documentation

if ( !defined(‘ABSPATH’) || !is_admin() || !current_user_can(‘manage_options’))

Seems that it is called if !is_admin here

very strange you can’t reproduce it…

using php7.2 here

and it’s happening on all my websites… ~80 of them

!is_admin() means the conditional is true if is_admin() returns false (as is the case on wp_login). So current_user_can() isn’t being called in that context because !is_admin() already returned true and PHP has stopped evaluating the conditional.

Ok… pardon you are right

but what brakes is the call to wp_get_current_user() that seems not to be available yet

What’s real curios is why is_admin() returns true on your login page …?. Could you try to confirm that somehow? Try calling error_log() or var_dump() on both $_SERVER['REQUEST_URI'] and is_admin() from the line above the one doing the three security checks so we know we’re on the same page.