From 7bd9e93fefbd4a5fe39e41bbc5f11c8d012e5d71 Mon Sep 17 00:00:00 2001
From: Gary Pendergast <gary@pento.net>
Date: Mon, 20 Apr 2015 13:23:15 +0000
Subject: [PATCH] In Multisite, prevent plugins from unintentionally switching
 sites. Merge of [32173] to the 3.9 branch.

Props mdawaffe, pento.


Built from https://develop.svn.wordpress.org/branches/3.9@32200


git-svn-id: http://core.svn.wordpress.org/branches/3.9@32173 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-includes/capabilities.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/wp-includes/capabilities.php b/wp-includes/capabilities.php
index 89e854b7a1..aa28ee5e2d 100644
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@@ -1347,21 +1347,25 @@ function current_user_can( $capability ) {
  * @return bool
  */
 function current_user_can_for_blog( $blog_id, $capability ) {
-	if ( is_multisite() )
-		switch_to_blog( $blog_id );
+	$switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
 
 	$current_user = wp_get_current_user();
 
-	if ( empty( $current_user ) )
+	if ( empty( $current_user ) ) {
+		if ( $switched ) {
+			restore_current_blog();
+		}
 		return false;
+	}
 
 	$args = array_slice( func_get_args(), 2 );
 	$args = array_merge( array( $capability ), $args );
 
 	$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );
 
-	if ( is_multisite() )
+	if ( $switched ) {
 		restore_current_blog();
+	}
 
 	return $can;
 }