Commit Graph

248 Commits

Author SHA1 Message Date
Gary Pendergast
aaf99e6913 Code is Poetry.
WordPress' code just... wasn't.
This is now dealt with.

Props jrf, pento, netweb, GaryJ, jdgrimes, westonruter, Greg Sherwood from PHPCS, and everyone who's ever contributed to WPCS and PHPCS.
Fixes #41057.


Built from https://develop.svn.wordpress.org/trunk@42343


git-svn-id: http://core.svn.wordpress.org/trunk@42172 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-11-30 23:11:00 +00:00
Felix Arntz
021afced82 Role/Capability: Prevent a fatal error when checking a language capability early or in the frontend.
The meta capabilities `install_languages` and `update_languages` rely on the admin function `wp_can_install_language_pack()`. That function in turn relies on `request_filesystem_credentials()`, so it needs to be ensured that this function is available as well.

Fixes #42230.

Built from https://develop.svn.wordpress.org/trunk@41885


git-svn-id: http://core.svn.wordpress.org/trunk@41719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-16 22:54:57 +00:00
Adam Silverstein
ca30822541 Docs: add docs for meta authorization filters.
Add filter documentation for `auth_{$object_type}_meta_{$meta_key}` and `auth_{$object_type}_{$sub_type}_meta_{$meta_key}`.

Props ericlewis, johneckman, DrewAPicture.
Fixes #36319.

Built from https://develop.svn.wordpress.org/trunk@41800


git-svn-id: http://core.svn.wordpress.org/trunk@41634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 19:14:52 +00:00
John Blackbourn
d611184f4f Docs: Clarify descriptions and parameter types for various user capability checking functions.
See #41017

Built from https://develop.svn.wordpress.org/trunk@41322


git-svn-id: http://core.svn.wordpress.org/trunk@41153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-29 16:43:47 +00:00
John Blackbourn
c7a79b0e6a Plugins: Introduce singular capabilities for activating and deactivating individual plugins.
This introduces the following meta capabilities:

* `activate_plugin`
* `deactivate_plugin`
* `deactivate_plugins`

The singular `activate_plugin` and `deactivate_plugin` capabilities are used along with the corresponding plugin name when
determining whether or not a user can activate or deactivate an individual plugin.

The plural `deactivate_plugins` capability is used in place of the existing `activate_plugins` capability when determining
whether a user can deactivate plugins.

Each of these new meta capabilities map to the existing `activate_plugins` primitive capability, which means there is no
change in existing behaviour, but plugins can now filter the capabilities required to activate and deactivate individual
plugins.

Fixes #38652 

Built from https://develop.svn.wordpress.org/trunk@41290


git-svn-id: http://core.svn.wordpress.org/trunk@41130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 14:02:44 +00:00
Felix Arntz
f6ebc1a80c Role/Capability: Introduce capabilities dedicated to installing and updating language files.
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

Built from https://develop.svn.wordpress.org/trunk@41268


git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-18 18:31:44 +00:00
Boone Gorges
fa2f4b047a Avoid PHP notices when checking termmeta capabilities against a non-existent term.
Previously, checks like `current_user_can( 'edit_term_meta', $term_id )`
returned the proper value, but generated a PHP notice due to the fact
that `get_term( $term_id )` could, in certain instances, return
`WP_Error` objects.

Props caercam.
Fixes #40891.
Built from https://develop.svn.wordpress.org/trunk@40999


git-svn-id: http://core.svn.wordpress.org/trunk@40849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-04 19:59:40 +00:00
Pascal Birchler
33047ba14e Upgrade/Install: After [40394], rename wp_disallow_file_mods() to wp_is_file_mod_allowed().
This makes it more clear what this function is about.

Props Mte90.
Fixes #38673.

Built from https://develop.svn.wordpress.org/trunk@40638


git-svn-id: http://core.svn.wordpress.org/trunk@40499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 19:24:41 +00:00
Felix Arntz
9354ea683f Multisite: Introduce an upgrade_network capability.
Prior to this change, a mix of `is_super_admin()` calls and `manage_network` capability checks was used to determine whether the current user could upgrade the network. With this changeset a dedicated capability is introduced that allows more granular handling.

Props dhanendran for the original patch.
Fixes #39205. See #37616.

Built from https://develop.svn.wordpress.org/trunk@40404


git-svn-id: http://core.svn.wordpress.org/trunk@40311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-10 21:11:43 +00:00
Pascal Birchler
8473f9ef66 Upgrade/Install: Introduce wp_disallow_file_mods() helper function.
This is a wrapper around the checks for the `DISALLOW_FILE_MODS` constant to determine whether file modifications are disallowed.

Props MaximeCulea.
Fixes #38673.

Built from https://develop.svn.wordpress.org/trunk@40394


git-svn-id: http://core.svn.wordpress.org/trunk@40301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-07 14:36:50 +00:00
Felix Arntz
00e8704288 Multisite: Introduce a setup_network capability for setting up multisite.
`setup_network` is a new meta capability that brings more granular control over the permissions to setup a multisite environment. In a non-multisite environment it falls back to `manage_options` while in a multisite it falls back to `manage_network_options`. The introduction of this capability furthermore allows replacing an `is_super_admin()` check.

Props ashokkumar24 for the original patch.
Fixes #39206. See #37616.

Built from https://develop.svn.wordpress.org/trunk@40390


git-svn-id: http://core.svn.wordpress.org/trunk@40297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-07 12:53:45 +00:00
Felix Arntz
f704fc808a Multisite: Handle capability check for removing oneself via map_meta_cap().
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.

Fixes #39063. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39588


git-svn-id: http://core.svn.wordpress.org/trunk@39528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 21:42:42 +00:00
John Blackbourn
597627fb92 Role/Capability: Don't assign the delete_site capability to anyone on single site installs.
This capability is not relevant on single site installs; it only applies to deleting a site on a multisite installation.

Fixes #38326

Built from https://develop.svn.wordpress.org/trunk@39494


git-svn-id: http://core.svn.wordpress.org/trunk@39434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 22:07:39 +00:00
Gary Pendergast
cc214a219b REST API: Capability check for editing a single term should use the singular form.
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.


Built from https://develop.svn.wordpress.org/trunk@39464


git-svn-id: http://core.svn.wordpress.org/trunk@39404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 05:08:41 +00:00
Ryan McCue
3a449ea543 Roles/Capabilities: Add meta-caps for comment, term, and user meta.
Additionally, use these meta-caps in the REST API endpoints.

Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.

Props tharsheblows, boonebgorges.
Fixes #38303, fixes #38412.

Built from https://develop.svn.wordpress.org/trunk@39179


git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 03:42:30 +00:00
Weston Ruter
08712b4baa Customize: Rename unfiltered_css meta capability to edit_css; add revisions support to custom_css post type.
Props lukecavanagh, georgestephanis, westonruter.
See #38672, #35395.

Built from https://develop.svn.wordpress.org/trunk@39175


git-svn-id: http://core.svn.wordpress.org/trunk@39115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 01:12:30 +00:00
John Blackbourn
2b6ceeb465 Customize: Correct the capability mapping and associated tests for the unfiltered_css capability.
Fixes #35395

Built from https://develop.svn.wordpress.org/trunk@39016


git-svn-id: http://core.svn.wordpress.org/trunk@38958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 12:47:31 +00:00
Weston Ruter
1ccd9e7a6c Customize: Introduce custom CSS for extending theme styles.
* Custom CSS is associated with a given theme and is displayed in an inline `style` element at the `wp_head` hook after the `wp_print_styles` is called so that it overrides any enqueued stylesheets.
* A `wp_get_custom_css()` function is used for accessing the CSS associated with the current theme (or another theme) and a `wp_get_custom_css` filter for manipulating it.
* CSS is managed in customizer via a new "Additional CSS" section with a single `textarea` control. 
* `WP_Customize_Section::$description_hidden` is introduced for hiding extended descriptions in customizer sections behind a help toggle as done with panels.
* CSS is stored in a `custom_css` post type with the theme (stylesheet) slug as the `post_name`.
* `WP_Customize_Custom_CSS_Setting` is introduced to handle validation of CSS, previewing, and persisting the CSS to the `custom_css` post type.
* The `custom_css` setting is tied to a new `unfiltered_css` capability which maps to `unfiltered_html` by default.
* Escaping the message in the notification template is removed to allow markup (`code` tags) to be rendered.

See https://make.wordpress.org/core/2016/10/11/feature-proposal-better-theme-customizations-via-custom-css-with-live-previews/

Props johnregan3, celloexpressions, folletto, westonruter.
Fixes #35395.

Built from https://develop.svn.wordpress.org/trunk@38829


git-svn-id: http://core.svn.wordpress.org/trunk@38772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 18:15:31 +00:00
John Blackbourn
b84023ea33 Taxonomy: Introduce more fine grained capabilities for managing taxonomy terms.
This introduces the singular `edit_term`, `delete_term`, and `assign_term` meta capabilities for terms, and switches the base capability name for tags from `manage_categories` to `manage_post_tags` and the corresponding `edit_post_tags`, `delete_post_tags`, and `assign_post_tags`.

All of these capabilities ultimately map to `manage_categories` so by default there is no change in the behaviour of the capabilities for categories, tags, or custom taxonomies. The `map_meta_cap` filter and the `capabilities` argument when registering a taxonomy now allow for control over editing, deleting, and assigning individual terms, as well as a separation of capabilities for tags from those of categories.

Fixes #35614
Props johnjamesjacoby for feedback

Built from https://develop.svn.wordpress.org/trunk@38698


git-svn-id: http://core.svn.wordpress.org/trunk@38641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 22:40:28 +00:00
John Blackbourn
52cf3d3d0f Role/Capability: Add explicit cases to map_meta_cap() for various meta capabilities that are used in core. This will allow more complete meta and primitive capability unit tests in #38191.
Fixes #38201

Built from https://develop.svn.wordpress.org/trunk@38695


git-svn-id: http://core.svn.wordpress.org/trunk@38638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 22:06:28 +00:00
John Blackbourn
32d5e7f31d Role/Capability: Only users who can manage options should be able to trash/delete the page for posts or the front page, as they are the only users who can restore it or subsequently alter the "Front page displays" setting.
Fixes #37580
Props JakePT

Built from https://develop.svn.wordpress.org/trunk@38378


git-svn-id: http://core.svn.wordpress.org/trunk@38319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 18:23:31 +00:00
Helen Hou-Sandí
69ccab3405 Introduce an expanded meta registration API.
`register_meta()` has been altered to accept an array of arguments as the third parameter in order to support its usage beyond XML-RPC, notably in the REST API and other projects that may build on top of meta, such as a potential Fields API. Arguments are whitelisted to reserve the right for core to add more later.

New functions added to complement this expansion are:
* `registered_meta_key_exists()`
* `unregister_meta_key()`
* `get_registered_meta_keys()`
* `get_registered_metadata()`
* A "private" function for the aforementioned whitelisting.

There still need to be lots of tests written for previous and new behaviors, and many things are subject to change. Maybe things will explode. #yolo

props jeremyfelt, ericlewis, sc0ttkclark, helen, rmccue, ocean90, voldemortensen.
see #35658.

Built from https://develop.svn.wordpress.org/trunk@37924


git-svn-id: http://core.svn.wordpress.org/trunk@37865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-30 01:02:29 +00:00
Drew Jaynes
9cb5247392 Docs: Standardize filter docs in remaining wp-includes/* files to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37518


git-svn-id: http://core.svn.wordpress.org/trunk@37486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:50:28 +00:00
Drew Jaynes
fe3b007fdd Docs: Remove inline @see tags from function, class, and method references in inline docs.
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.

Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@37342


git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Jeremy Felt
6cc19b5e2e Multisite: Relocate revoke_super_admin() and grant_super_admin()
Moving these functions to `wp-includes/capabilities.php` allows plugins to access more than just `is_super_admin()` and `get_super_admin()` from the front end without including a file via `wp-admin/`. Add an `is_multisite()` check to prevent use of these on single site environments now that they have left `ms.php`..

Props johnjamesjacoby.
Fixes #21788.

Built from https://develop.svn.wordpress.org/trunk@37200


git-svn-id: http://core.svn.wordpress.org/trunk@37166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-14 03:35:27 +00:00
Drew Jaynes
9daf7a88a3 Docs: Add a note to the DocBlock for current_user_can() to explain that it will always return true for super admins, unless specifically denied.
Props finnj.
Fixes #35551.

Built from https://develop.svn.wordpress.org/trunk@36492


git-svn-id: http://core.svn.wordpress.org/trunk@36459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-07 01:27:26 +00:00
Eric Lewis
22467e840f Networks and sites: Replace "blog" usage with "site" in docs.
Multisite functions use the term "blog" to refer to what we now call a "site," e.g. `get_current_blog_id()`. These functions are here to stay because of our commitment to backwards compatibility. What we can do is set the documentation straight.

See #35417.

Built from https://develop.svn.wordpress.org/trunk@36416


git-svn-id: http://core.svn.wordpress.org/trunk@36383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-28 03:35:27 +00:00
Pascal Birchler
68f12521c8 Post Types: Introduce unregister_post_type().
This new function can be used to completely unregister non built-in post types.

Fixes #14761.
Built from https://develop.svn.wordpress.org/trunk@36316


git-svn-id: http://core.svn.wordpress.org/trunk@36283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 12:20:27 +00:00
John Blackbourn
6f37afb6ec When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.
Fixes #33694

Built from https://develop.svn.wordpress.org/trunk@35747


git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:27:18 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Drew Jaynes
4ddb22bd09 Docs: The Users subpackage is plural.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34412


git-svn-id: http://core.svn.wordpress.org/trunk@34376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 13:46:25 +00:00
Drew Jaynes
b0749a1a06 Docs: Clarify the file header summary for wp-includes/capabilities.php, which was broken up into multiple files in [33752].
Also adds inline DocBlocks for files now brought in via `require_once()` from this file.

See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@34398


git-svn-id: http://core.svn.wordpress.org/trunk@34362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 13:06:25 +00:00
Scott Taylor
df1c0c2363 Roles: move classes into their own file. capbilities.php loads the new files, so this is 100% BC if someone is loading capbilities.php directly. New files created using svn cp.
Creates: 
`class-wp-roles.php` 
`class-wp-role.php` 
`class-wp-user.php` 
`capbilities-functions.php` 

`capbilities.php` contains only top-level code. Class files only contains classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33752


git-svn-id: http://core.svn.wordpress.org/trunk@33720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:58:21 +00:00
Dominik Schilling
f74a907eac Capabilities: Fall back to the edit_posts capability for orphaned comments.
Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.

props pento, dd32.
fixes #33154.
Built from https://develop.svn.wordpress.org/trunk@33614


git-svn-id: http://core.svn.wordpress.org/trunk@33581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 22:31:24 +00:00
Gary Pendergast
fe5a844be5 Capabilities: When creating an auto-draft, ensure that the current user still has permission to do so.
Built from https://develop.svn.wordpress.org/trunk@33357


git-svn-id: http://core.svn.wordpress.org/trunk@33329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 04:02:25 +00:00
Drew Jaynes
665c3936d4 Fix summaries for for WP_User->__call() and wp_roles(), both added in 4.3.
See [32731], [32548]. See #32891.

Built from https://develop.svn.wordpress.org/trunk@33214


git-svn-id: http://core.svn.wordpress.org/trunk@33186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 20:01:25 +00:00
John Blackbourn
4ad1dc2a1b Ensure the create_users capability check checks the super admin status of the user in question, rather than the current user.
Built from https://develop.svn.wordpress.org/trunk@32811


git-svn-id: http://core.svn.wordpress.org/trunk@32782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-17 00:03:27 +00:00
Andrew Nacin
748b3763cb Add add_user_role and remove_user_role actions for WP_User::add_role() and remove_role().
props shooper.
fixes #32060.

Built from https://develop.svn.wordpress.org/trunk@32771


git-svn-id: http://core.svn.wordpress.org/trunk@32742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 19:26:25 +00:00
Scott Taylor
3b1e434c3b Add the proper access modifier to _init_caps() in WP_User. Add __call() for BC.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32731


git-svn-id: http://core.svn.wordpress.org/trunk@32702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:26:25 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor
bd8fafea54 Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32568


git-svn-id: http://core.svn.wordpress.org/trunk@32538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-24 05:40:25 +00:00
Drew Jaynes
e90a327694 Add a missing @since version to a function introduced in [32541].
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32548


git-svn-id: http://core.svn.wordpress.org/trunk@32518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 17:38:25 +00:00
Scott Taylor
1b52916239 Create a function, wp_roles(), to DRY the inline instantiation of the $wp_roles global.
Add missing doc blocks for `capabilities.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32541


git-svn-id: http://core.svn.wordpress.org/trunk@32511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 04:47:24 +00:00
Scott Taylor
e724ed2b04 In capabilities.php, clarify/add some return docs.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32530


git-svn-id: http://core.svn.wordpress.org/trunk@32500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-21 20:47:26 +00:00
Gary Pendergast
2bb5d8529f In Multisite, prevent plugins from unintentionally switching sites.
Props mdawaffe.


Built from https://develop.svn.wordpress.org/trunk@32173


git-svn-id: http://core.svn.wordpress.org/trunk@32148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 07:27:27 +00:00
Jeremy Felt
b5b5c98e0a Introduce delete_site meta capability.
Map `delete_site` as a meta capability to `manage_options` so that the ability to delete sites can be more granularly managed for individual site administrators on a multisite network.

Props thomaswm.

Fixes #30470.

Built from https://develop.svn.wordpress.org/trunk@31673


git-svn-id: http://core.svn.wordpress.org/trunk@31654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-08 02:10:30 +00:00
Scott Taylor
4ce271ea86 Cleanup the @property annotations for WP_User.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31555


git-svn-id: http://core.svn.wordpress.org/trunk@31536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 05:54:24 +00:00
Scott Taylor
cde4c83091 [31210] broke Supportflow on dotorg, which declares these methods as protected. Switch to protected for the noop methods. The subclasses can make them more visible using public.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31211


git-svn-id: http://core.svn.wordpress.org/trunk@31192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 18:37:24 +00:00
Scott Taylor
6f8e01adf2 In WP_User, ->get_role_caps() and ->update_user_level_from_caps() must be called inside ->add_cap() and ->remove_cap() after updating user meta. ->has_cap() checks are currently failing directly after calling ->add_cap().
Adds unit test.

Props rachelbaker.
Fixes #28374.

Built from https://develop.svn.wordpress.org/trunk@31190


git-svn-id: http://core.svn.wordpress.org/trunk@31171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:49:25 +00:00
Scott Taylor
fe6b5983df In PHP 5.0.0, is_a() became deprecated in favour of the instanceof operator. Calling is_a() would result in an E_STRICT warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00