I've just recently started to use OpenZeppelin and when going through some testing locally I noticed the safeTransferFrom method (located within ERC721.sol) is using _msgSender() to verify ownership/approval of a transfer. Was wondering why it wasn't using the "from" address parameter that is being passed in.
function safeTransferFrom(
address from,
address to,
uint256 tokenId,
bytes memory _data
) public virtual override {
require(_isApprovedOrOwner(_msgSender(), tokenId), "ERC721: transfer caller is not owner nor approved");
_safeTransfer(from, to, tokenId, _data);
}
Environment
Solidity 8.6.0
OpenZeppelin 4.2.0