X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/9e77185fafaf4e60e2b73821e0e4b9b1a11fb85f..refs/tags/wordpress-4.2.3:/wp-includes/capabilities.php

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index 30c38b2c..8a3d3350 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -13,14 +13,12 @@
  * the name in value of the 'name' key. The capabilities are stored as an array
  * in the value of the 'capability' key.
  *
- * <code>
- * array (
- *		'rolename' => array (
- *			'name' => 'rolename',
- *			'capabilities' => array()
- *		)
- * )
- * </code>
+ *     array (
+ *    		'rolename' => array (
+ *    			'name' => 'rolename',
+ *    			'capabilities' => array()
+ *    		)
+ *     )
  *
  * @since 2.0.0
  * @package WordPress
@@ -92,7 +90,10 @@ class WP_Roles {
 	 * @return mixed|bool Return value of the callback, false otherwise.
 	 */
 	public function __call( $name, $arguments ) {
-		return call_user_func_array( array( $this, $name ), $arguments );
+		if ( '_init' === $name ) {
+			return call_user_func_array( array( $this, $name ), $arguments );
+		}
+		return false;
 	}
 
 	/**
@@ -104,7 +105,8 @@ class WP_Roles {
 	 *
 	 * @since 2.1.0
 	 * @access protected
-	 * @uses $wpdb Used to get the database prefix.
+	 *
+	 * @global wpdb  $wpdb          WordPress database abstraction object.
 	 * @global array $wp_user_roles Used to set the 'roles' property value.
 	 */
 	protected function _init() {
@@ -416,16 +418,31 @@ class WP_Role {
  * @since 2.0.0
  * @package WordPress
  * @subpackage User
+ *
+ * @property string $nickname
+ * @property string $user_description
+ * @property string $user_firstname
+ * @property string $user_lastname
+ * @property string $user_login
+ * @property string $user_pass
+ * @property string $user_nicename
+ * @property string $user_email
+ * @property string $user_url
+ * @property string $user_registered
+ * @property string $user_activation_key
+ * @property string $user_status
+ * @property string $display_name
+ * @property string $spam
+ * @property string $deleted
  */
 class WP_User {
 	/**
 	 * User data container.
 	 *
 	 * @since 2.0.0
-	 * @access private
-	 * @var array
+	 * @var object
 	 */
-	var $data;
+	public $data;
 
 	/**
 	 * The user's ID.
@@ -494,7 +511,6 @@ class WP_User {
 	 * @param int|string|stdClass|WP_User $id User's ID, a WP_User object, or a user object from the DB.
 	 * @param string $name Optional. User's username
 	 * @param int $blog_id Optional Blog ID, defaults to current blog.
-	 * @return WP_User
 	 */
 	public function __construct( $id = 0, $name = '', $blog_id = '' ) {
 		if ( ! isset( self::$back_compat_keys ) ) {
@@ -509,7 +525,7 @@ class WP_User {
 			);
 		}
 
-		if ( is_a( $id, 'WP_User' ) ) {
+		if ( $id instanceof WP_User ) {
 			$this->init( $id->data, $blog_id );
 			return;
 		} elseif ( is_object( $id ) ) {
@@ -522,13 +538,17 @@ class WP_User {
 			$id = 0;
 		}
 
-		if ( $id )
+		if ( $id ) {
 			$data = self::get_data_by( 'id', $id );
-		else
+		} else {
 			$data = self::get_data_by( 'login', $name );
+		}
 
-		if ( $data )
+		if ( $data ) {
 			$this->init( $data, $blog_id );
+		} else {
+			$this->data = new stdClass;
+		}
 	}
 
 	/**
@@ -551,7 +571,7 @@ class WP_User {
 	 *
 	 * @param string $field The field to query against: 'id', 'slug', 'email' or 'login'
 	 * @param string|int $value The field value
-	 * @return object Raw user object
+	 * @return object|false Raw user object
 	 */
 	public static function get_data_by( $field, $value ) {
 		global $wpdb;
@@ -612,6 +632,8 @@ class WP_User {
 	 * Magic method for checking the existence of a certain custom field
 	 *
 	 * @since 3.3.0
+	 * @param string $key
+	 * @return bool
 	 */
 	public function __isset( $key ) {
 		if ( 'id' == $key ) {
@@ -632,6 +654,8 @@ class WP_User {
 	 * Magic method for accessing custom fields
 	 *
 	 * @since 3.3.0
+	 * @param string $key
+	 * @return mixed
 	 */
 	public function __get( $key ) {
 		if ( 'id' == $key ) {
@@ -915,6 +939,8 @@ class WP_User {
 	public function add_cap( $cap, $grant = true ) {
 		$this->caps[$cap] = $grant;
 		update_user_meta( $this->ID, $this->cap_key, $this->caps );
+		$this->get_role_caps();
+		$this->update_user_level_from_caps();
 	}
 
 	/**
@@ -926,10 +952,13 @@ class WP_User {
 	 * @param string $cap Capability name.
 	 */
 	public function remove_cap( $cap ) {
-		if ( ! isset( $this->caps[$cap] ) )
+		if ( ! isset( $this->caps[ $cap ] ) ) {
 			return;
-		unset( $this->caps[$cap] );
+		}
+		unset( $this->caps[ $cap ] );
 		update_user_meta( $this->ID, $this->cap_key, $this->caps );
+		$this->get_role_caps();
+		$this->update_user_level_from_caps();
 	}
 
 	/**
@@ -982,7 +1011,7 @@ class WP_User {
 		 * @since 2.0.0
 		 * @since 3.7.0 Added the user object.
 		 *
-		 * @param array   $allcaps An array of all the role's capabilities.
+		 * @param array   $allcaps An array of all the user's capabilities.
 		 * @param array   $caps    Actual capabilities for meta capability.
 		 * @param array   $args    Optional parameters passed to has_cap(), typically object ID.
 		 * @param WP_User $user    The user object.
@@ -1114,8 +1143,10 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'edit_post':
 	case 'edit_page':
 		$post = get_post( $args[0] );
-		if ( empty( $post ) )
+		if ( empty( $post ) ) {
+			$caps[] = 'do_not_allow';
 			break;
+		}
 
 		if ( 'revision' == $post->post_type ) {
 			$post = get_post( $post->post_parent );
@@ -1205,8 +1236,8 @@ function map_meta_cap( $cap, $user_id ) {
 			/**
 			 * Filter whether the user is allowed to add post meta to a post.
 			 *
-			 * The dynamic portion of the hook name, $meta_key, refers to the
-			 * meta key passed to map_meta_cap().
+			 * The dynamic portion of the hook name, `$meta_key`, refers to the
+			 * meta key passed to {@see map_meta_cap()}.
 			 *
 			 * @since 3.3.0
 			 *
@@ -1316,6 +1347,9 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'customize' :
 		$caps[] = 'edit_theme_options';
 		break;
+	case 'delete_site':
+		$caps[] = 'manage_options';
+		break;
 	default:
 		// Handle meta capabilities for custom post types.
 		$post_type_meta_caps = _post_type_meta_capabilities();
@@ -1371,21 +1405,25 @@ function current_user_can( $capability ) {
  * @return bool
  */
 function current_user_can_for_blog( $blog_id, $capability ) {
-	if ( is_multisite() )
-		switch_to_blog( $blog_id );
+	$switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
 
 	$current_user = wp_get_current_user();
 
-	if ( empty( $current_user ) )
+	if ( empty( $current_user ) ) {
+		if ( $switched ) {
+			restore_current_blog();
+		}
 		return false;
+	}
 
 	$args = array_slice( func_get_args(), 2 );
 	$args = array_merge( array( $capability ), $args );
 
 	$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );
 
-	if ( is_multisite() )
+	if ( $switched ) {
 		restore_current_blog();
+	}
 
 	return $can;
 }