WordPress 3.9-scripts

[autoinstalls/wordpress.git] / wp-includes / capabilities.php
diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php

index 3503316ccfe5aad3bff752d3d4d897bdba6d022d..89e854b7a156ed5c4776f1bc3fcbef04264bf33b 100644 (file)
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -95,7 +95,7 @@ class WP_Roles {
          */
         function _init () {
                 global $wpdb, $wp_user_roles;
          */
         function _init () {
                 global $wpdb, $wp_user_roles;
-               $this->role_key = $wpdb->prefix . 'user_roles';
+               $this->role_key = $wpdb->get_blog_prefix() . 'user_roles';
                 if ( ! empty( $wp_user_roles ) ) {
                         $this->roles = $wp_user_roles;
                         $this->use_db = false;
                 if ( ! empty( $wp_user_roles ) ) {
                         $this->roles = $wp_user_roles;
                         $this->use_db = false;
@@ -131,7 +131,7 @@ class WP_Roles {
                 global $wpdb, $wp_user_roles;
  
                 // Duplicated from _init() to avoid an extra function call.
                 global $wpdb, $wp_user_roles;
  
                 // Duplicated from _init() to avoid an extra function call.
-               $this->role_key = $wpdb->prefix . 'user_roles';
+               $this->role_key = $wpdb->get_blog_prefix() . 'user_roles';
                 $this->roles = get_option( $this->role_key );
                 if ( empty( $this->roles ) )
                         return;
                 $this->roles = get_option( $this->role_key );
                 if ( empty( $this->roles ) )
                         return;
@@ -158,7 +158,7 @@ class WP_Roles {
          * @param string $role Role name.
          * @param string $display_name Role display name.
          * @param array $capabilities List of role capabilities in the above format.
          * @param string $role Role name.
          * @param string $display_name Role display name.
          * @param array $capabilities List of role capabilities in the above format.
-        * @return null|WP_Role WP_Role object if role is added, null if already exists.
+        * @return WP_Role|null WP_Role object if role is added, null if already exists.
          */
         function add_role( $role, $display_name, $capabilities = array() ) {
                 if ( isset( $this->roles[$role] ) )
          */
         function add_role( $role, $display_name, $capabilities = array() ) {
                 if ( isset( $this->roles[$role] ) )
@@ -193,6 +193,9 @@ class WP_Roles {
  
                 if ( $this->use_db )
                         update_option( $this->role_key, $this->roles );
  
                 if ( $this->use_db )
                         update_option( $this->role_key, $this->roles );
+
+               if ( get_option( 'default_role' ) == $role )
+                       update_option( 'default_role', 'subscriber' );
         }
  
         /**
         }
  
         /**
@@ -239,7 +242,7 @@ class WP_Roles {
          * @access public
          *
          * @param string $role Role name.
          * @access public
          *
          * @param string $role Role name.
-        * @return object|null Null, if role does not exist. WP_Role object, if found.
+        * @return WP_Role|null WP_Role object if found, null if the role does not exist.
          */
         function get_role( $role ) {
                 if ( isset( $this->role_objects[$role] ) )
          */
         function get_role( $role ) {
                 if ( isset( $this->role_objects[$role] ) )
@@ -375,6 +378,15 @@ class WP_Role {
          * @return bool True, if user has capability. False, if doesn't have capability.
          */
         function has_cap( $cap ) {
          * @return bool True, if user has capability. False, if doesn't have capability.
          */
         function has_cap( $cap ) {
+               /**
+                * Filter which capabilities a role has.
+                *
+                * @since 2.0.0
+                *
+                * @param array  $capabilities Array of role capabilities.
+                * @param string $cap          Capability name.
+                * @param string $name         Role name.
+                */
                 $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name );
                 if ( !empty( $capabilities[$cap] ) )
                         return $capabilities[$cap];
                 $capabilities = apply_filters( 'role_has_cap', $this->capabilities, $cap, $this->name );
                 if ( !empty( $capabilities[$cap] ) )
                         return $capabilities[$cap];
@@ -535,7 +547,9 @@ class WP_User {
                         // to int 1.
                         if ( ! is_numeric( $value ) )
                                 return false;
                         // to int 1.
                         if ( ! is_numeric( $value ) )
                                 return false;
-                       $value = absint( $value );
+                       $value = intval( $value );
+                       if ( $value < 1 )
+                               return false;
                 } else {
                         $value = trim( $value );
                 }
                 } else {
                         $value = trim( $value );
                 }
@@ -679,7 +693,7 @@ class WP_User {
                 return $this->__isset( $key );
         }
  
                 return $this->__isset( $key );
         }
  
-       /*
+       /**
          * Return an array representation.
          *
          * @since 3.5.0
          * Return an array representation.
          *
          * @since 3.5.0
@@ -707,7 +721,7 @@ class WP_User {
                 global $wpdb;
  
                 if ( empty($cap_key) )
                 global $wpdb;
  
                 if ( empty($cap_key) )
-                       $this->cap_key = $wpdb->prefix . 'capabilities';
+                       $this->cap_key = $wpdb->get_blog_prefix() . 'capabilities';
                 else
                         $this->cap_key = $cap_key;
  
                 else
                         $this->cap_key = $cap_key;
  
@@ -730,6 +744,8 @@ class WP_User {
          * @since 2.0.0
          * @uses $wp_roles
          * @access public
          * @since 2.0.0
          * @uses $wp_roles
          * @access public
+        *
+        * @return array List of all capabilities for the user.
          */
         function get_role_caps() {
                 global $wp_roles;
          */
         function get_role_caps() {
                 global $wp_roles;
@@ -748,6 +764,8 @@ class WP_User {
                         $this->allcaps = array_merge( (array) $this->allcaps, (array) $the_role->capabilities );
                 }
                 $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps );
                         $this->allcaps = array_merge( (array) $this->allcaps, (array) $the_role->capabilities );
                 }
                 $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps );
+
+               return $this->allcaps;
         }
  
         /**
         }
  
         /**
@@ -803,6 +821,7 @@ class WP_User {
                 foreach ( (array) $this->roles as $oldrole )
                         unset( $this->caps[$oldrole] );
  
                 foreach ( (array) $this->roles as $oldrole )
                         unset( $this->caps[$oldrole] );
  
+               $old_roles = $this->roles;
                 if ( !empty( $role ) ) {
                         $this->caps[$role] = true;
                         $this->roles = array( $role => true );
                 if ( !empty( $role ) ) {
                         $this->caps[$role] = true;
                         $this->roles = array( $role => true );
@@ -812,7 +831,18 @@ class WP_User {
                 update_user_meta( $this->ID, $this->cap_key, $this->caps );
                 $this->get_role_caps();
                 $this->update_user_level_from_caps();
                 update_user_meta( $this->ID, $this->cap_key, $this->caps );
                 $this->get_role_caps();
                 $this->update_user_level_from_caps();
-               do_action( 'set_user_role', $this->ID, $role );
+
+               /**
+                * Fires after the user's role has changed.
+                *
+                * @since 2.9.0
+                * @since 3.6.0 Added $old_roles to include an array of the user's previous roles.
+                *
+                * @param int    $user_id   The user ID.
+                * @param string $role      The new role.
+                * @param array  $old_roles An array of the user's previous roles.
+                */
+               do_action( 'set_user_role', $this->ID, $role, $old_roles );
         }
  
         /**
         }
  
         /**
@@ -856,7 +886,7 @@ class WP_User {
         function update_user_level_from_caps() {
                 global $wpdb;
                 $this->user_level = array_reduce( array_keys( $this->allcaps ), array( $this, 'level_reduction' ), 0 );
         function update_user_level_from_caps() {
                 global $wpdb;
                 $this->user_level = array_reduce( array_keys( $this->allcaps ), array( $this, 'level_reduction' ), 0 );
-               update_user_meta( $this->ID, $wpdb->prefix . 'user_level', $this->user_level );
+               update_user_meta( $this->ID, $wpdb->get_blog_prefix() . 'user_level', $this->user_level );
         }
  
         /**
         }
  
         /**
@@ -898,7 +928,7 @@ class WP_User {
                 global $wpdb;
                 $this->caps = array();
                 delete_user_meta( $this->ID, $this->cap_key );
                 global $wpdb;
                 $this->caps = array();
                 delete_user_meta( $this->ID, $this->cap_key );
-               delete_user_meta( $this->ID, $wpdb->prefix . 'user_level' );
+               delete_user_meta( $this->ID, $wpdb->get_blog_prefix() . 'user_level' );
                 $this->get_role_caps();
         }
  
                 $this->get_role_caps();
         }
  
@@ -932,8 +962,19 @@ class WP_User {
                         return true;
                 }
  
                         return true;
                 }
  
+               /**
+                * Dynamically filter a user's capabilities.
+                *
+                * @since 2.0.0
+                * @since 3.7.0 Added the user object.
+                *
+                * @param array   $allcaps An array of all the role's capabilities.
+                * @param array   $caps    Actual capabilities for meta capability.
+                * @param array   $args    Optional parameters passed to has_cap(), typically object ID.
+                * @param WP_User $user    The user object.
+                */
                 // Must have ALL requested caps
                 // Must have ALL requested caps
-               $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args );
+               $capabilities = apply_filters( 'user_has_cap', $this->allcaps, $caps, $args, $this );
                 $capabilities['exist'] = true; // Everyone is allowed to exist
                 foreach ( (array) $caps as $cap ) {
                         if ( empty( $capabilities[ $cap ] ) )
                 $capabilities['exist'] = true; // Everyone is allowed to exist
                 foreach ( (array) $caps as $cap ) {
                         if ( empty( $capabilities[ $cap ] ) )
@@ -1030,22 +1071,15 @@ function map_meta_cap( $cap, $user_id ) {
                         break;
                 }
  
                         break;
                 }
  
-               $post_author_id = $post->post_author;
-
-               // If no author set yet, default to current user for cap checks.
-               if ( ! $post_author_id )
-                       $post_author_id = $user_id;
-
-               $post_author_data = $post_author_id == get_current_user_id() ? wp_get_current_user() : get_userdata( $post_author_id );
-
-               // If the user is the author...
-               if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) {
+               // If the post author is set and the user is the author...
+               if ( $post->post_author && $user_id == $post->post_author ) {
                         // If the post is published...
                         if ( 'publish' == $post->post_status ) {
                                 $caps[] = $post_type->cap->delete_published_posts;
                         } elseif ( 'trash' == $post->post_status ) {
                         // If the post is published...
                         if ( 'publish' == $post->post_status ) {
                                 $caps[] = $post_type->cap->delete_published_posts;
                         } elseif ( 'trash' == $post->post_status ) {
-                               if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) )
+                               if ( 'publish' == get_post_meta( $post->ID, '_wp_trash_meta_status', true ) ) {
                                         $caps[] = $post_type->cap->delete_published_posts;
                                         $caps[] = $post_type->cap->delete_published_posts;
+                               }
                         } else {
                                 // If the post is draft...
                                 $caps[] = $post_type->cap->delete_posts;
                         } else {
                                 // If the post is draft...
                                 $caps[] = $post_type->cap->delete_posts;
@@ -1054,10 +1088,11 @@ function map_meta_cap( $cap, $user_id ) {
                         // The user is trying to edit someone else's post.
                         $caps[] = $post_type->cap->delete_others_posts;
                         // The post is published, extra cap required.
                         // The user is trying to edit someone else's post.
                         $caps[] = $post_type->cap->delete_others_posts;
                         // The post is published, extra cap required.
-                       if ( 'publish' == $post->post_status )
+                       if ( 'publish' == $post->post_status ) {
                                 $caps[] = $post_type->cap->delete_published_posts;
                                 $caps[] = $post_type->cap->delete_published_posts;
-                       elseif ( 'private' == $post->post_status )
+                       } elseif ( 'private' == $post->post_status ) {
                                 $caps[] = $post_type->cap->delete_private_posts;
                                 $caps[] = $post_type->cap->delete_private_posts;
+                       }
                 }
                 break;
                 // edit_post breaks down to edit_posts, edit_published_posts, or
                 }
                 break;
                 // edit_post breaks down to edit_posts, edit_published_posts, or
@@ -1065,6 +1100,8 @@ function map_meta_cap( $cap, $user_id ) {
         case 'edit_post':
         case 'edit_page':
                 $post = get_post( $args[0] );
         case 'edit_post':
         case 'edit_page':
                 $post = get_post( $args[0] );
+               if ( empty( $post ) )
+                       break;
  
                 if ( 'revision' == $post->post_type ) {
                         $post = get_post( $post->post_parent );
  
                 if ( 'revision' == $post->post_type ) {
                         $post = get_post( $post->post_parent );
@@ -1080,22 +1117,15 @@ function map_meta_cap( $cap, $user_id ) {
                         break;
                 }
  
                         break;
                 }
  
-               $post_author_id = $post->post_author;
-
-               // If no author set yet, default to current user for cap checks.
-               if ( ! $post_author_id )
-                       $post_author_id = $user_id;
-
-               $post_author_data = $post_author_id == get_current_user_id() ? wp_get_current_user() : get_userdata( $post_author_id );
-
-               // If the user is the author...
-               if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID ) {
+               // If the post author is set and the user is the author...
+               if ( $post->post_author && $user_id == $post->post_author ) {
                         // If the post is published...
                         if ( 'publish' == $post->post_status ) {
                                 $caps[] = $post_type->cap->edit_published_posts;
                         } elseif ( 'trash' == $post->post_status ) {
                         // If the post is published...
                         if ( 'publish' == $post->post_status ) {
                                 $caps[] = $post_type->cap->edit_published_posts;
                         } elseif ( 'trash' == $post->post_status ) {
-                               if ('publish' == get_post_meta($post->ID, '_wp_trash_meta_status', true) )
+                               if ( 'publish' == get_post_meta( $post->ID, '_wp_trash_meta_status', true ) ) {
                                         $caps[] = $post_type->cap->edit_published_posts;
                                         $caps[] = $post_type->cap->edit_published_posts;
+                               }
                         } else {
                                 // If the post is draft...
                                 $caps[] = $post_type->cap->edit_posts;
                         } else {
                                 // If the post is draft...
                                 $caps[] = $post_type->cap->edit_posts;
@@ -1104,10 +1134,11 @@ function map_meta_cap( $cap, $user_id ) {
                         // The user is trying to edit someone else's post.
                         $caps[] = $post_type->cap->edit_others_posts;
                         // The post is published, extra cap required.
                         // The user is trying to edit someone else's post.
                         $caps[] = $post_type->cap->edit_others_posts;
                         // The post is published, extra cap required.
-                       if ( 'publish' == $post->post_status )
+                       if ( 'publish' == $post->post_status ) {
                                 $caps[] = $post_type->cap->edit_published_posts;
                                 $caps[] = $post_type->cap->edit_published_posts;
-                       elseif ( 'private' == $post->post_status )
+                       } elseif ( 'private' == $post->post_status ) {
                                 $caps[] = $post_type->cap->edit_private_posts;
                                 $caps[] = $post_type->cap->edit_private_posts;
+                       }
                 }
                 break;
         case 'read_post':
                 }
                 break;
         case 'read_post':
@@ -1134,20 +1165,13 @@ function map_meta_cap( $cap, $user_id ) {
                         break;
                 }
  
                         break;
                 }
  
-               $post_author_id = $post->post_author;
-
-               // If no author set yet, default to current user for cap checks.
-               if ( ! $post_author_id )
-                       $post_author_id = $user_id;
-
-               $post_author_data = $post_author_id == get_current_user_id() ? wp_get_current_user() : get_userdata( $post_author_id );
-
-               if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID )
+               if ( $post->post_author && $user_id == $post->post_author ) {
                         $caps[] = $post_type->cap->read;
                         $caps[] = $post_type->cap->read;
-               elseif ( $status_obj->private )
+               } elseif ( $status_obj->private ) {
                         $caps[] = $post_type->cap->read_private_posts;
                         $caps[] = $post_type->cap->read_private_posts;
-               else
+               } else {
                         $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
                         $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
+               }
                 break;
         case 'publish_post':
                 $post = get_post( $args[0] );
                 break;
         case 'publish_post':
                 $post = get_post( $args[0] );
@@ -1159,12 +1183,26 @@ function map_meta_cap( $cap, $user_id ) {
         case 'delete_post_meta':
         case 'add_post_meta':
                 $post = get_post( $args[0] );
         case 'delete_post_meta':
         case 'add_post_meta':
                 $post = get_post( $args[0] );
-               $post_type_object = get_post_type_object( $post->post_type );
-               $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
+               $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
  
                 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false;
  
                 if ( $meta_key && has_filter( "auth_post_meta_{$meta_key}" ) ) {
  
                 $meta_key = isset( $args[ 1 ] ) ? $args[ 1 ] : false;
  
                 if ( $meta_key && has_filter( "auth_post_meta_{$meta_key}" ) ) {
+                       /**
+                        * Filter whether the user is allowed to add post meta to a post.
+                        *
+                        * The dynamic portion of the hook name, $meta_key, refers to the
+                        * meta key passed to map_meta_cap().
+                        *
+                        * @since 3.3.0
+                        *
+                        * @param bool   $allowed  Whether the user can add the post meta. Default false.
+                        * @param string $meta_key The meta key.
+                        * @param int    $post_id  Post ID.
+                        * @param int    $user_id  User ID.
+                        * @param string $cap      Capability name.
+                        * @param array  $caps     User capabilities.
+                        */
                         $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps );
                         if ( ! $allowed )
                                 $caps[] = $cap;
                         $allowed = apply_filters( "auth_post_meta_{$meta_key}", false, $meta_key, $post->ID, $user_id, $cap, $caps );
                         if ( ! $allowed )
                                 $caps[] = $cap;
@@ -1174,10 +1212,10 @@ function map_meta_cap( $cap, $user_id ) {
                 break;
         case 'edit_comment':
                 $comment = get_comment( $args[0] );
                 break;
         case 'edit_comment':
                 $comment = get_comment( $args[0] );
+               if ( empty( $comment ) )
+                       break;
                 $post = get_post( $comment->comment_post_ID );
                 $post = get_post( $comment->comment_post_ID );
-               $post_type_object = get_post_type_object( $post->post_type );
-
-               $caps = map_meta_cap( $post_type_object->cap->edit_post, $user_id, $post->ID );
+               $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
                 break;
         case 'unfiltered_upload':
                 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )
                 break;
         case 'unfiltered_upload':
                 if ( defined('ALLOW_UNFILTERED_UPLOADS') && ALLOW_UNFILTERED_UPLOADS && ( !is_multisite() || is_super_admin( $user_id ) )  )
@@ -1266,7 +1304,17 @@ function map_meta_cap( $cap, $user_id ) {
                 $caps[] = $cap;
         }
  
                 $caps[] = $cap;
         }
  
-       return apply_filters('map_meta_cap', $caps, $cap, $user_id, $args);
+       /**
+        * Filter a user's capabilities depending on specific context and/or privilege.
+        *
+        * @since 2.8.0
+        *
+        * @param array  $caps    Returns the user's actual capabilities.
+        * @param string $cap     Capability name.
+        * @param int    $user_id The user ID.
+        * @param array  $args    Adds the context to the cap. Typically the object ID.
+        */
+       return apply_filters( 'map_meta_cap', $caps, $cap, $user_id, $args );
  }
  
  /**
  }
  
  /**
@@ -1371,7 +1419,7 @@ function user_can( $user, $capability ) {
   * @since 2.0.0
   *
   * @param string $role Role name.
   * @since 2.0.0
   *
   * @param string $role Role name.
- * @return object
+ * @return WP_Role|null WP_Role object if found, null if the role does not exist.
   */
  function get_role( $role ) {
         global $wp_roles;
   */
  function get_role( $role ) {
         global $wp_roles;
@@ -1391,7 +1439,7 @@ function get_role( $role ) {
   * @param string $role Role name.
   * @param string $display_name Display name for role.
   * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false );
   * @param string $role Role name.
   * @param string $display_name Display name for role.
   * @param array $capabilities List of capabilities, e.g. array( 'edit_posts' => true, 'delete_posts' => false );
- * @return null|WP_Role WP_Role object if role is added, null if already exists.
+ * @return WP_Role|null WP_Role object if role is added, null if already exists.
   */
  function add_role( $role, $display_name, $capabilities = array() ) {
         global $wp_roles;
   */
  function add_role( $role, $display_name, $capabilities = array() ) {
         global $wp_roles;
@@ -1409,7 +1457,6 @@ function add_role( $role, $display_name, $capabilities = array() ) {
   * @since 2.0.0
   *
   * @param string $role Role name.
   * @since 2.0.0
   *
   * @param string $role Role name.
- * @return null
   */
  function remove_role( $role ) {
         global $wp_roles;
   */
  function remove_role( $role ) {
         global $wp_roles;
@@ -1417,7 +1464,7 @@ function remove_role( $role ) {
         if ( ! isset( $wp_roles ) )
                 $wp_roles = new WP_Roles();
  
         if ( ! isset( $wp_roles ) )
                 $wp_roles = new WP_Roles();
  
-       return $wp_roles->remove_role( $role );
+       $wp_roles->remove_role( $role );
  }
  
  /**
  }
  
  /**