Upstream/WordPress
1
0
Fork 0
mirror of https://github.com/WordPress/WordPress.git synced 2024-09-27 14:53:08 +02:00
Code Issues Projects Releases Wiki Activity

Capabilities: Prevent users having the do_not_allow capability.

Browse Source 
Meta capabilities use the capability `do_not_allow` to indicate a user should be blocked from performing a particular action. This ensures users can not have the capability as it would cause unexpected behaviour.

Props johnbillion.
Fixes #41059.


Built from https://develop.svn.wordpress.org/trunk@40993


git-svn-id: http://core.svn.wordpress.org/trunk@40843 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Peter Wilson 2017-07-02 05:16:45 +00:00
parent 6fda2e67b0
commit 2b25a87d1b
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
wp-includes/class-wp-user.php
View File

@ -748,6 +748,9 @@ class WP_User {
// Everyone is allowed to exist. // Everyone is allowed to exist.
$capabilities['exist'] = true; $capabilities['exist'] = true;
// Nobody is allowed to do things they are not allowed to do.
unset( $capabilities['do_not_allow'] );
// Must have ALL requested caps. // Must have ALL requested caps.
foreach ( (array) $caps as $cap ) { foreach ( (array) $caps as $cap ) {
if ( empty( $capabilities[ $cap ] ) ) if ( empty( $capabilities[ $cap ] ) )

2
wp-includes/version.php
View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9-alpha-40992'; $wp_version = '4.9-alpha-40993';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.