Commit Graph

247 Commits

Author SHA1 Message Date
Felix Arntz
021afced82 Role/Capability: Prevent a fatal error when checking a language capability early or in the frontend.
The meta capabilities `install_languages` and `update_languages` rely on the admin function `wp_can_install_language_pack()`. That function in turn relies on `request_filesystem_credentials()`, so it needs to be ensured that this function is available as well.

Fixes #42230.

Built from https://develop.svn.wordpress.org/trunk@41885


git-svn-id: http://core.svn.wordpress.org/trunk@41719 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-16 22:54:57 +00:00
Adam Silverstein
ca30822541 Docs: add docs for meta authorization filters.
Add filter documentation for `auth_{$object_type}_meta_{$meta_key}` and `auth_{$object_type}_{$sub_type}_meta_{$meta_key}`.

Props ericlewis, johneckman, DrewAPicture.
Fixes #36319.

Built from https://develop.svn.wordpress.org/trunk@41800


git-svn-id: http://core.svn.wordpress.org/trunk@41634 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-09 19:14:52 +00:00
John Blackbourn
d611184f4f Docs: Clarify descriptions and parameter types for various user capability checking functions.
See #41017

Built from https://develop.svn.wordpress.org/trunk@41322


git-svn-id: http://core.svn.wordpress.org/trunk@41153 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-29 16:43:47 +00:00
John Blackbourn
c7a79b0e6a Plugins: Introduce singular capabilities for activating and deactivating individual plugins.
This introduces the following meta capabilities:

* `activate_plugin`
* `deactivate_plugin`
* `deactivate_plugins`

The singular `activate_plugin` and `deactivate_plugin` capabilities are used along with the corresponding plugin name when
determining whether or not a user can activate or deactivate an individual plugin.

The plural `deactivate_plugins` capability is used in place of the existing `activate_plugins` capability when determining
whether a user can deactivate plugins.

Each of these new meta capabilities map to the existing `activate_plugins` primitive capability, which means there is no
change in existing behaviour, but plugins can now filter the capabilities required to activate and deactivate individual
plugins.

Fixes #38652 

Built from https://develop.svn.wordpress.org/trunk@41290


git-svn-id: http://core.svn.wordpress.org/trunk@41130 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-22 14:02:44 +00:00
Felix Arntz
f6ebc1a80c Role/Capability: Introduce capabilities dedicated to installing and updating language files.
The new meta capabilities are called `install_languages` and `update_languages`. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

Built from https://develop.svn.wordpress.org/trunk@41268


git-svn-id: http://core.svn.wordpress.org/trunk@41108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-08-18 18:31:44 +00:00
Boone Gorges
fa2f4b047a Avoid PHP notices when checking termmeta capabilities against a non-existent term.
Previously, checks like `current_user_can( 'edit_term_meta', $term_id )`
returned the proper value, but generated a PHP notice due to the fact
that `get_term( $term_id )` could, in certain instances, return
`WP_Error` objects.

Props caercam.
Fixes #40891.
Built from https://develop.svn.wordpress.org/trunk@40999


git-svn-id: http://core.svn.wordpress.org/trunk@40849 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-07-04 19:59:40 +00:00
Pascal Birchler
33047ba14e Upgrade/Install: After [40394], rename wp_disallow_file_mods() to wp_is_file_mod_allowed().
This makes it more clear what this function is about.

Props Mte90.
Fixes #38673.

Built from https://develop.svn.wordpress.org/trunk@40638


git-svn-id: http://core.svn.wordpress.org/trunk@40499 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-11 19:24:41 +00:00
Felix Arntz
9354ea683f Multisite: Introduce an upgrade_network capability.
Prior to this change, a mix of `is_super_admin()` calls and `manage_network` capability checks was used to determine whether the current user could upgrade the network. With this changeset a dedicated capability is introduced that allows more granular handling.

Props dhanendran for the original patch.
Fixes #39205. See #37616.

Built from https://develop.svn.wordpress.org/trunk@40404


git-svn-id: http://core.svn.wordpress.org/trunk@40311 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-10 21:11:43 +00:00
Pascal Birchler
8473f9ef66 Upgrade/Install: Introduce wp_disallow_file_mods() helper function.
This is a wrapper around the checks for the `DISALLOW_FILE_MODS` constant to determine whether file modifications are disallowed.

Props MaximeCulea.
Fixes #38673.

Built from https://develop.svn.wordpress.org/trunk@40394


git-svn-id: http://core.svn.wordpress.org/trunk@40301 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-07 14:36:50 +00:00
Felix Arntz
00e8704288 Multisite: Introduce a setup_network capability for setting up multisite.
`setup_network` is a new meta capability that brings more granular control over the permissions to setup a multisite environment. In a non-multisite environment it falls back to `manage_options` while in a multisite it falls back to `manage_network_options`. The introduction of this capability furthermore allows replacing an `is_super_admin()` check.

Props ashokkumar24 for the original patch.
Fixes #39206. See #37616.

Built from https://develop.svn.wordpress.org/trunk@40390


git-svn-id: http://core.svn.wordpress.org/trunk@40297 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-04-07 12:53:45 +00:00
Felix Arntz
f704fc808a Multisite: Handle capability check for removing oneself via map_meta_cap().
Site administrators should not be able to remove themselves from a site. This moves the enforcement of this rule from `wp-admin/users.php` to `remove_user_from_blog()` via the `remove_user` capability, which furthermore allows us to get rid of two additional clauses and their `is_super_admin()` checks in `wp-admin/users.php`. A unit test for the new behavior has been added.

Fixes #39063. See #37616.

Built from https://develop.svn.wordpress.org/trunk@39588


git-svn-id: http://core.svn.wordpress.org/trunk@39528 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-12 21:42:42 +00:00
John Blackbourn
597627fb92 Role/Capability: Don't assign the delete_site capability to anyone on single site installs.
This capability is not relevant on single site installs; it only applies to deleting a site on a multisite installation.

Fixes #38326

Built from https://develop.svn.wordpress.org/trunk@39494


git-svn-id: http://core.svn.wordpress.org/trunk@39434 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-04 22:07:39 +00:00
Gary Pendergast
cc214a219b REST API: Capability check for editing a single term should use the singular form.
As an extra level of sanity checking, the term ID should be cast as an int in `map_meta_cap()`.

Props johnbillion, nacin, dd32, pento.
See #35614.
Fixes #39012.


Built from https://develop.svn.wordpress.org/trunk@39464


git-svn-id: http://core.svn.wordpress.org/trunk@39404 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-12-03 05:08:41 +00:00
Ryan McCue
3a449ea543 Roles/Capabilities: Add meta-caps for comment, term, and user meta.
Additionally, use these meta-caps in the REST API endpoints.

Previously, register_meta()'s auth_callback had no effect for non-post meta. This introduces `{add,edit,delete}_{comment,term,user}_meta` meta-caps to match the existing post meta capabilities. These are currently only used in the REST API.

Props tharsheblows, boonebgorges.
Fixes #38303, fixes #38412.

Built from https://develop.svn.wordpress.org/trunk@39179


git-svn-id: http://core.svn.wordpress.org/trunk@39119 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 03:42:30 +00:00
Weston Ruter
08712b4baa Customize: Rename unfiltered_css meta capability to edit_css; add revisions support to custom_css post type.
Props lukecavanagh, georgestephanis, westonruter.
See #38672, #35395.

Built from https://develop.svn.wordpress.org/trunk@39175


git-svn-id: http://core.svn.wordpress.org/trunk@39115 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-11-09 01:12:30 +00:00
John Blackbourn
2b6ceeb465 Customize: Correct the capability mapping and associated tests for the unfiltered_css capability.
Fixes #35395

Built from https://develop.svn.wordpress.org/trunk@39016


git-svn-id: http://core.svn.wordpress.org/trunk@38958 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-30 12:47:31 +00:00
Weston Ruter
1ccd9e7a6c Customize: Introduce custom CSS for extending theme styles.
* Custom CSS is associated with a given theme and is displayed in an inline `style` element at the `wp_head` hook after the `wp_print_styles` is called so that it overrides any enqueued stylesheets.
* A `wp_get_custom_css()` function is used for accessing the CSS associated with the current theme (or another theme) and a `wp_get_custom_css` filter for manipulating it.
* CSS is managed in customizer via a new "Additional CSS" section with a single `textarea` control. 
* `WP_Customize_Section::$description_hidden` is introduced for hiding extended descriptions in customizer sections behind a help toggle as done with panels.
* CSS is stored in a `custom_css` post type with the theme (stylesheet) slug as the `post_name`.
* `WP_Customize_Custom_CSS_Setting` is introduced to handle validation of CSS, previewing, and persisting the CSS to the `custom_css` post type.
* The `custom_css` setting is tied to a new `unfiltered_css` capability which maps to `unfiltered_html` by default.
* Escaping the message in the notification template is removed to allow markup (`code` tags) to be rendered.

See https://make.wordpress.org/core/2016/10/11/feature-proposal-better-theme-customizations-via-custom-css-with-live-previews/

Props johnregan3, celloexpressions, folletto, westonruter.
Fixes #35395.

Built from https://develop.svn.wordpress.org/trunk@38829


git-svn-id: http://core.svn.wordpress.org/trunk@38772 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-10-19 18:15:31 +00:00
John Blackbourn
b84023ea33 Taxonomy: Introduce more fine grained capabilities for managing taxonomy terms.
This introduces the singular `edit_term`, `delete_term`, and `assign_term` meta capabilities for terms, and switches the base capability name for tags from `manage_categories` to `manage_post_tags` and the corresponding `edit_post_tags`, `delete_post_tags`, and `assign_post_tags`.

All of these capabilities ultimately map to `manage_categories` so by default there is no change in the behaviour of the capabilities for categories, tags, or custom taxonomies. The `map_meta_cap` filter and the `capabilities` argument when registering a taxonomy now allow for control over editing, deleting, and assigning individual terms, as well as a separation of capabilities for tags from those of categories.

Fixes #35614
Props johnjamesjacoby for feedback

Built from https://develop.svn.wordpress.org/trunk@38698


git-svn-id: http://core.svn.wordpress.org/trunk@38641 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 22:40:28 +00:00
John Blackbourn
52cf3d3d0f Role/Capability: Add explicit cases to map_meta_cap() for various meta capabilities that are used in core. This will allow more complete meta and primitive capability unit tests in #38191.
Fixes #38201

Built from https://develop.svn.wordpress.org/trunk@38695


git-svn-id: http://core.svn.wordpress.org/trunk@38638 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-09-30 22:06:28 +00:00
John Blackbourn
32d5e7f31d Role/Capability: Only users who can manage options should be able to trash/delete the page for posts or the front page, as they are the only users who can restore it or subsequently alter the "Front page displays" setting.
Fixes #37580
Props JakePT

Built from https://develop.svn.wordpress.org/trunk@38378


git-svn-id: http://core.svn.wordpress.org/trunk@38319 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-08-26 18:23:31 +00:00
Helen Hou-Sandí
69ccab3405 Introduce an expanded meta registration API.
`register_meta()` has been altered to accept an array of arguments as the third parameter in order to support its usage beyond XML-RPC, notably in the REST API and other projects that may build on top of meta, such as a potential Fields API. Arguments are whitelisted to reserve the right for core to add more later.

New functions added to complement this expansion are:
* `registered_meta_key_exists()`
* `unregister_meta_key()`
* `get_registered_meta_keys()`
* `get_registered_metadata()`
* A "private" function for the aforementioned whitelisting.

There still need to be lots of tests written for previous and new behaviors, and many things are subject to change. Maybe things will explode. #yolo

props jeremyfelt, ericlewis, sc0ttkclark, helen, rmccue, ocean90, voldemortensen.
see #35658.

Built from https://develop.svn.wordpress.org/trunk@37924


git-svn-id: http://core.svn.wordpress.org/trunk@37865 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-06-30 01:02:29 +00:00
Drew Jaynes
9cb5247392 Docs: Standardize filter docs in remaining wp-includes/* files to use third-person singular verbs per the inline documentation standards for PHP.
See #36913.

Built from https://develop.svn.wordpress.org/trunk@37518


git-svn-id: http://core.svn.wordpress.org/trunk@37486 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-22 18:50:28 +00:00
Drew Jaynes
fe3b007fdd Docs: Remove inline @see tags from function, class, and method references in inline docs.
Known functions, classes, and methods are now auto-linked in Code Reference pages following #meta1483.

Note: Hook references are still linked via inline `@see` tags due to the unlikelihood of reliably matching for known hooks based on a RegEx pattern.

See #32246.

Built from https://develop.svn.wordpress.org/trunk@37342


git-svn-id: http://core.svn.wordpress.org/trunk@37308 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-05-02 04:00:28 +00:00
Jeremy Felt
6cc19b5e2e Multisite: Relocate revoke_super_admin() and grant_super_admin()
Moving these functions to `wp-includes/capabilities.php` allows plugins to access more than just `is_super_admin()` and `get_super_admin()` from the front end without including a file via `wp-admin/`. Add an `is_multisite()` check to prevent use of these on single site environments now that they have left `ms.php`..

Props johnjamesjacoby.
Fixes #21788.

Built from https://develop.svn.wordpress.org/trunk@37200


git-svn-id: http://core.svn.wordpress.org/trunk@37166 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-04-14 03:35:27 +00:00
Drew Jaynes
9daf7a88a3 Docs: Add a note to the DocBlock for current_user_can() to explain that it will always return true for super admins, unless specifically denied.
Props finnj.
Fixes #35551.

Built from https://develop.svn.wordpress.org/trunk@36492


git-svn-id: http://core.svn.wordpress.org/trunk@36459 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-02-07 01:27:26 +00:00
Eric Lewis
22467e840f Networks and sites: Replace "blog" usage with "site" in docs.
Multisite functions use the term "blog" to refer to what we now call a "site," e.g. `get_current_blog_id()`. These functions are here to stay because of our commitment to backwards compatibility. What we can do is set the documentation straight.

See #35417.

Built from https://develop.svn.wordpress.org/trunk@36416


git-svn-id: http://core.svn.wordpress.org/trunk@36383 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-28 03:35:27 +00:00
Pascal Birchler
68f12521c8 Post Types: Introduce unregister_post_type().
This new function can be used to completely unregister non built-in post types.

Fixes #14761.
Built from https://develop.svn.wordpress.org/trunk@36316


git-svn-id: http://core.svn.wordpress.org/trunk@36283 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2016-01-15 12:20:27 +00:00
John Blackbourn
6f37afb6ec When a post is scheduled for publication, treat it the same as a published post when calculating the capabilities required to edit or delete it.
Fixes #33694

Built from https://develop.svn.wordpress.org/trunk@35747


git-svn-id: http://core.svn.wordpress.org/trunk@35711 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-29 02:27:18 +00:00
Andrew Nacin
1579e45d41 Simplify the include graph after work to split out classes.
see #33413. More details there.

Built from https://develop.svn.wordpress.org/trunk@35718


git-svn-id: http://core.svn.wordpress.org/trunk@35682 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-11-20 07:24:30 +00:00
Drew Jaynes
4ddb22bd09 Docs: The Users subpackage is plural.
See #33701.

Built from https://develop.svn.wordpress.org/trunk@34412


git-svn-id: http://core.svn.wordpress.org/trunk@34376 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 13:46:25 +00:00
Drew Jaynes
b0749a1a06 Docs: Clarify the file header summary for wp-includes/capabilities.php, which was broken up into multiple files in [33752].
Also adds inline DocBlocks for files now brought in via `require_once()` from this file.

See #33413. See #33701.

Built from https://develop.svn.wordpress.org/trunk@34398


git-svn-id: http://core.svn.wordpress.org/trunk@34362 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-09-22 13:06:25 +00:00
Scott Taylor
df1c0c2363 Roles: move classes into their own file. capbilities.php loads the new files, so this is 100% BC if someone is loading capbilities.php directly. New files created using svn cp.
Creates: 
`class-wp-roles.php` 
`class-wp-role.php` 
`class-wp-user.php` 
`capbilities-functions.php` 

`capbilities.php` contains only top-level code. Class files only contains classes. Functions file only contains functions.

See #33413.

Built from https://develop.svn.wordpress.org/trunk@33752


git-svn-id: http://core.svn.wordpress.org/trunk@33720 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-26 04:58:21 +00:00
Dominik Schilling
f74a907eac Capabilities: Fall back to the edit_posts capability for orphaned comments.
Also avoid PHP notices because of orphaned comments in the comments list table.
Includes unit test.

props pento, dd32.
fixes #33154.
Built from https://develop.svn.wordpress.org/trunk@33614


git-svn-id: http://core.svn.wordpress.org/trunk@33581 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-08-13 22:31:24 +00:00
Gary Pendergast
fe5a844be5 Capabilities: When creating an auto-draft, ensure that the current user still has permission to do so.
Built from https://develop.svn.wordpress.org/trunk@33357


git-svn-id: http://core.svn.wordpress.org/trunk@33329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 04:02:25 +00:00
Drew Jaynes
665c3936d4 Fix summaries for for WP_User->__call() and wp_roles(), both added in 4.3.
See [32731], [32548]. See #32891.

Built from https://develop.svn.wordpress.org/trunk@33214


git-svn-id: http://core.svn.wordpress.org/trunk@33186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 20:01:25 +00:00
John Blackbourn
4ad1dc2a1b Ensure the create_users capability check checks the super admin status of the user in question, rather than the current user.
Built from https://develop.svn.wordpress.org/trunk@32811


git-svn-id: http://core.svn.wordpress.org/trunk@32782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-17 00:03:27 +00:00
Andrew Nacin
748b3763cb Add add_user_role and remove_user_role actions for WP_User::add_role() and remove_role().
props shooper.
fixes #32060.

Built from https://develop.svn.wordpress.org/trunk@32771


git-svn-id: http://core.svn.wordpress.org/trunk@32742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 19:26:25 +00:00
Scott Taylor
3b1e434c3b Add the proper access modifier to _init_caps() in WP_User. Add __call() for BC.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32731


git-svn-id: http://core.svn.wordpress.org/trunk@32702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:26:25 +00:00
Scott Taylor
19a3aacc94 Add @static* annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor
bd8fafea54 Use void instead of null where appropriate when pipe-delimiting @return types. If a @return only contains void, remove it.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32568


git-svn-id: http://core.svn.wordpress.org/trunk@32538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-24 05:40:25 +00:00
Drew Jaynes
e90a327694 Add a missing @since version to a function introduced in [32541].
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32548


git-svn-id: http://core.svn.wordpress.org/trunk@32518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 17:38:25 +00:00
Scott Taylor
1b52916239 Create a function, wp_roles(), to DRY the inline instantiation of the $wp_roles global.
Add missing doc blocks for `capabilities.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32541


git-svn-id: http://core.svn.wordpress.org/trunk@32511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 04:47:24 +00:00
Scott Taylor
e724ed2b04 In capabilities.php, clarify/add some return docs.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32530


git-svn-id: http://core.svn.wordpress.org/trunk@32500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-21 20:47:26 +00:00
Gary Pendergast
2bb5d8529f In Multisite, prevent plugins from unintentionally switching sites.
Props mdawaffe.


Built from https://develop.svn.wordpress.org/trunk@32173


git-svn-id: http://core.svn.wordpress.org/trunk@32148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 07:27:27 +00:00
Jeremy Felt
b5b5c98e0a Introduce delete_site meta capability.
Map `delete_site` as a meta capability to `manage_options` so that the ability to delete sites can be more granularly managed for individual site administrators on a multisite network.

Props thomaswm.

Fixes #30470.

Built from https://develop.svn.wordpress.org/trunk@31673


git-svn-id: http://core.svn.wordpress.org/trunk@31654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-08 02:10:30 +00:00
Scott Taylor
4ce271ea86 Cleanup the @property annotations for WP_User.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31555


git-svn-id: http://core.svn.wordpress.org/trunk@31536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 05:54:24 +00:00
Scott Taylor
cde4c83091 [31210] broke Supportflow on dotorg, which declares these methods as protected. Switch to protected for the noop methods. The subclasses can make them more visible using public.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31211


git-svn-id: http://core.svn.wordpress.org/trunk@31192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 18:37:24 +00:00
Scott Taylor
6f8e01adf2 In WP_User, ->get_role_caps() and ->update_user_level_from_caps() must be called inside ->add_cap() and ->remove_cap() after updating user meta. ->has_cap() checks are currently failing directly after calling ->add_cap().
Adds unit test.

Props rachelbaker.
Fixes #28374.

Built from https://develop.svn.wordpress.org/trunk@31190


git-svn-id: http://core.svn.wordpress.org/trunk@31171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:49:25 +00:00
Scott Taylor
fe6b5983df In PHP 5.0.0, is_a() became deprecated in favour of the instanceof operator. Calling is_a() would result in an E_STRICT warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Scott Taylor
a4092e90f0 In WP_Roles, only allow __call() to run against ->_init().
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31147


git-svn-id: http://core.svn.wordpress.org/trunk@31128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:23:23 +00:00