static function get_data_by( $field, $value ) {
global $wpdb;
- if ( 'id' == $field )
+ if ( 'id' == $field ) {
+ // Make sure the value is numeric to avoid casting objects, for example,
+ // to int 1.
+ if ( ! is_numeric( $value ) )
+ return false;
$value = absint( $value );
- else
+ } else {
$value = trim( $value );
+ }
if ( !$value )
return false;
$this->data->$key = $value;
}
+ /**
+ * Determine whether the user exists in the database.
+ *
+ * @since 3.4.0
+ * @access public
+ *
+ * @return bool True if user exists in the database, false if not.
+ */
+ function exists() {
+ return ! empty( $this->ID );
+ }
+
/**
* Retrieve the value of a property or meta key.
*
*
* This is useful for looking up whether the user has a specific role
* assigned to the user. The second optional parameter can also be used to
- * check for capabilities against a specific post.
+ * check for capabilities against a specific object, such as a post or user.
*
* @since 2.0.0
* @access public
*
* @param string|int $cap Capability or role name to search.
- * @param int $post_id Optional. Post ID to check capability against specific post.
* @return bool True, if user has capability; false, if user does not have capability.
*/
function has_cap( $cap ) {
break;
}
- if ( 'private' != $post->post_status ) {
+ $status_obj = get_post_status_object( $post->post_status );
+ if ( $status_obj->public ) {
$caps[] = $post_type->cap->read;
break;
}
if ( is_object( $post_author_data ) && $user_id == $post_author_data->ID )
$caps[] = $post_type->cap->read;
- else
+ elseif ( $status_obj->private )
$caps[] = $post_type->cap->read_private_posts;
+ else
+ $caps = map_meta_cap( 'edit_post', $user_id, $post->ID );
break;
case 'edit_post_meta':
case 'delete_post_meta':
else
$caps[] = 'do_not_allow';
break;
+ case 'unfiltered_html' :
+ // Disallow unfiltered_html for all users, even admins and super admins.
+ if ( defined( 'DISALLOW_UNFILTERED_HTML' ) && DISALLOW_UNFILTERED_HTML )
+ $caps[] = 'do_not_allow';
+ elseif ( is_multisite() && ! is_super_admin( $user_id ) )
+ $caps[] = 'do_not_allow';
+ else
+ $caps[] = $cap;
+ break;
case 'edit_files':
case 'edit_plugins':
case 'edit_themes':
break;
}
// Fall through if not DISALLOW_FILE_MODS.
- case 'unfiltered_html':
- // Disallow unfiltered_html for all users, even admins and super admins.
- if ( defined('DISALLOW_UNFILTERED_HTML') && DISALLOW_UNFILTERED_HTML ) {
- $caps[] = 'do_not_allow';
- break;
- }
- // Fall through if not DISALLOW_UNFILTERED_HTML
case 'delete_user':
case 'delete_users':
// If multisite these caps are allowed only for super admins.
// Create new object to avoid stomping the global current_user.
$user = new WP_User( $current_user->ID) ;
- // Set the blog id. @todo add blog id arg to WP_User constructor?
+ // Set the blog id. @todo add blog id arg to WP_User constructor?
$user->for_blog( $blog_id );
$args = array_slice( func_get_args(), 2 );
if ( ! is_object( $user ) )
$user = new WP_User( $user );
- if ( ! $user || ! $user->ID )
+ if ( ! $user || ! $user->exists() )
return false;
$args = array_slice( func_get_args(), 2 );
else
$user = wp_get_current_user();
- if ( empty( $user->ID ) )
+ if ( ! $user->exists() )
return false;
if ( is_multisite() ) {
return false;
}
-
-?>