Commit Graph

214 Commits

Author SHA1 Message Date
Gary Pendergast fe5a844be5 Capabilities: When creating an auto-draft, ensure that the current user still has permission to do so.
Built from https://develop.svn.wordpress.org/trunk@33357


git-svn-id: http://core.svn.wordpress.org/trunk@33329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-22 04:02:25 +00:00
Drew Jaynes 665c3936d4 Fix summaries for for `WP_User->__call()` and `wp_roles()`, both added in 4.3.
See [32731], [32548]. See #32891.

Built from https://develop.svn.wordpress.org/trunk@33214


git-svn-id: http://core.svn.wordpress.org/trunk@33186 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-07-13 20:01:25 +00:00
John Blackbourn 4ad1dc2a1b Ensure the `create_users` capability check checks the super admin status of the user in question, rather than the current user.
Built from https://develop.svn.wordpress.org/trunk@32811


git-svn-id: http://core.svn.wordpress.org/trunk@32782 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-17 00:03:27 +00:00
Andrew Nacin 748b3763cb Add add_user_role and remove_user_role actions for WP_User::add_role() and remove_role().
props shooper.
fixes #32060.

Built from https://develop.svn.wordpress.org/trunk@32771


git-svn-id: http://core.svn.wordpress.org/trunk@32742 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-14 19:26:25 +00:00
Scott Taylor 3b1e434c3b Add the proper access modifier to `_init_caps()` in `WP_User`. Add `__call()` for BC.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32731


git-svn-id: http://core.svn.wordpress.org/trunk@32702 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-06-12 17:26:25 +00:00
Scott Taylor 19a3aacc94 Add `@static*` annotations where they are missing.
Initialize all static vars that are not, most to `null`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32650


git-svn-id: http://core.svn.wordpress.org/trunk@32620 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-29 15:43:29 +00:00
Scott Taylor bd8fafea54 Use `void` instead of `null` where appropriate when pipe-delimiting `@return` types. If a `@return` only contains `void`, remove it.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32568


git-svn-id: http://core.svn.wordpress.org/trunk@32538 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-24 05:40:25 +00:00
Drew Jaynes e90a327694 Add a missing `@since` version to a function introduced in [32541].
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32548


git-svn-id: http://core.svn.wordpress.org/trunk@32518 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 17:38:25 +00:00
Scott Taylor 1b52916239 Create a function, `wp_roles()`, to DRY the inline instantiation of the `$wp_roles` global.
Add missing doc blocks for `capabilities.php`.

See #32444.

Built from https://develop.svn.wordpress.org/trunk@32541


git-svn-id: http://core.svn.wordpress.org/trunk@32511 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-22 04:47:24 +00:00
Scott Taylor e724ed2b04 In `capabilities.php`, clarify/add some `return` docs.
See #32444.

Built from https://develop.svn.wordpress.org/trunk@32530


git-svn-id: http://core.svn.wordpress.org/trunk@32500 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-05-21 20:47:26 +00:00
Gary Pendergast 2bb5d8529f In Multisite, prevent plugins from unintentionally switching sites.
Props mdawaffe.


Built from https://develop.svn.wordpress.org/trunk@32173


git-svn-id: http://core.svn.wordpress.org/trunk@32148 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-04-20 07:27:27 +00:00
Jeremy Felt b5b5c98e0a Introduce delete_site meta capability.
Map `delete_site` as a meta capability to `manage_options` so that the ability to delete sites can be more granularly managed for individual site administrators on a multisite network.

Props thomaswm.

Fixes #30470.

Built from https://develop.svn.wordpress.org/trunk@31673


git-svn-id: http://core.svn.wordpress.org/trunk@31654 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-03-08 02:10:30 +00:00
Scott Taylor 4ce271ea86 Cleanup the `@property` annotations for `WP_User`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31555


git-svn-id: http://core.svn.wordpress.org/trunk@31536 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-02-26 05:54:24 +00:00
Scott Taylor cde4c83091 [31210] broke Supportflow on dotorg, which declares these methods as `protected`. Switch to `protected` for the noop methods. The subclasses can make them more visible using `public`.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@31211


git-svn-id: http://core.svn.wordpress.org/trunk@31192 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 18:37:24 +00:00
Scott Taylor 6f8e01adf2 In `WP_User`, `->get_role_caps()` and `->update_user_level_from_caps()` must be called inside `->add_cap()` and `->remove_cap()` after updating user meta. `->has_cap()` checks are currently failing directly after calling `->add_cap()`.
Adds unit test.

Props rachelbaker.
Fixes #28374.

Built from https://develop.svn.wordpress.org/trunk@31190


git-svn-id: http://core.svn.wordpress.org/trunk@31171 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:49:25 +00:00
Scott Taylor fe6b5983df In PHP 5.0.0, `is_a()` became deprecated in favour of the `instanceof` operator. Calling `is_a()` would result in an `E_STRICT` warning.
In PHP 5.3.0, `is_a()` is no longer deprecated, and will therefore no longer throw `E_STRICT` warnings.

To avoid warnings in PHP < 5.3.0, convert all `is_a()` calls to `$var instanceof WP_Class` calls.

`instanceof` does not throw any error if the variable being tested is not an object, it simply returns `false`.

Props markoheijnen, wonderboymusic.
Fixes #25672.

Built from https://develop.svn.wordpress.org/trunk@31188


git-svn-id: http://core.svn.wordpress.org/trunk@31169 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-16 01:06:24 +00:00
Scott Taylor a4092e90f0 In `WP_Roles`, only allow `__call()` to run against `->_init()`.
See #30891.

Built from https://develop.svn.wordpress.org/trunk@31147


git-svn-id: http://core.svn.wordpress.org/trunk@31128 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-11 22:23:23 +00:00
Scott Taylor 5547115dc2 Fix some `@param` docs that have chars too close them.
Add `@property` annotations to `WP_User` and `WP_Post`.
Remove erroneous `@param`s from image editor class methods.
Officially add the property `$_column_headers` to `WP_List_Table`.	

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31127


git-svn-id: http://core.svn.wordpress.org/trunk@31108 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-10 06:57:22 +00:00
Scott Taylor e029005847 Access Modifiers:
* In `WP_Plugin_Install_List_Table`, use `public` instead of `var`
* In `WP_User`, `->data` is accessed directly on an instance if the constructor receives it: make it `public`
* In `WP_Locale`, every property is exported to a global and is already `public` via `var`, half of the properties are accessed directly already, make them all `public`
* In `WP_Rewrite`, several properties are accessed publicly in functions via the `$wp_rewrite` global, make those props `public`.
* In `WP_Rewrite`, the property `->comment_feed_structure` was misspelled as `->comments_feed_structure`

See #30799.

Built from https://develop.svn.wordpress.org/trunk@31078


git-svn-id: http://core.svn.wordpress.org/trunk@31059 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-08 05:44:23 +00:00
Dion Hulse c975c8eeb0 Preinitialize WP_User::$data to an object in the event an empty user object is created. Avoids a "Creating default object from empty value" PHP Warning.
Fixes #28019

Built from https://develop.svn.wordpress.org/trunk@31049


git-svn-id: http://core.svn.wordpress.org/trunk@31030 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2015-01-05 01:41:23 +00:00
Scott Taylor 586c1ac7bc Fix docs for `WP_User::allcaps`:
The `allcaps` property of the `WP_User` class represents all of the caps of the user, not the caps of the user's role. Introduced in [26126].

Props dlh.
Fixes #30852.

Built from https://develop.svn.wordpress.org/trunk@31013


git-svn-id: http://core.svn.wordpress.org/trunk@30994 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-31 18:15:23 +00:00
Scott Taylor 42f5acd869 Improve some docs for `@param`. Remove an unneeded `$wpdb` global import.
See #30799.

Built from https://develop.svn.wordpress.org/trunk@30979


git-svn-id: http://core.svn.wordpress.org/trunk@30965 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-20 20:56:22 +00:00
Scott Taylor e619abda6e Improve various `@param` docs for `src/wp-includes/*`.
See #30224.

Built from https://develop.svn.wordpress.org/trunk@30681


git-svn-id: http://core.svn.wordpress.org/trunk@30671 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-12-01 01:34:24 +00:00
Drew Jaynes bffe95d34c Docs Formatting: Backtick-escape inline code for all remaining dynamic hook docs in wp-includes/*.
Affects DocBlocks for the following hooks:
* `auth_post_meta_{$meta_key}`
* `term_links-$taxonomy`
* `customize_render_control_ . $this->id`
* `customize_render_panel_{$this->id}`
* `customize_render_section_{$this->id}`
* `customize_preview_{$this->id}`
* `customize_save_ . $this->id_data[ 'base' ]`
* `customize_update_ . $this->type`
* `customize_value_ . $this->id_data[ 'base' ]`
* `customize_sanitize_js_{$this->id}`
* `comment_form_field_{$name}`
* `comment_{$old_status}_to_{$new_status}`
* `comment_{$new_status}_{$comment->comment_type}`
* `extra_{$context}_headers`
* `get_template_part_{$slug}`
* `get_the_generator_{$type}`
* `get_{$adjacent}_post_join`
* `get_{$adjacent}_post_where`
* `get_{$adjacent}_post_sort`
* `{$adjacent}_post_rel_link`
* `{$adjacent}_post_link`
* `{$adjacent}_image_link`
* `blog_option_{$option}`
* `$permastructname . _rewrite_rules`
* `{$type}_template`
* `theme_mod_{$name}`
* `pre_set_theme_mod_$name`
* `current_theme_supports-{$feature}`
* `get_user_option_{$option}`
* `edit_user_{$field}`
* `pre_user_{$field}`
* `user_{$field}`

See #30552.

Built from https://develop.svn.wordpress.org/trunk@30656


git-svn-id: http://core.svn.wordpress.org/trunk@30646 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-30 12:10:23 +00:00
Drew Jaynes 8f6188ae53 Ensure inline code is markdown-escaped as such, and that code snippets in descriptions are properly indented.
Affects DocBlocks for the following core elements:
* Two arguments in `_walk_bookmarks()`
* A code snippet in the class header for `WP_Roles`
* A code snippet in the class header for `WP_HTTP_Proxy`
* Inline code fixes in the summary and a parameter description for `WP_oEmbed::discover()`
* An argument description in `_WP_Editors::parse_settings()`
* Inline code fixes in the summary and a parameter description the `embed_oembed_discover` hook.

Props rarst.
See #30473.

Built from https://develop.svn.wordpress.org/trunk@30536


git-svn-id: http://core.svn.wordpress.org/trunk@30525 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-11-24 04:42:22 +00:00
Drew Jaynes 66c47f29bb Correct references of `@uses $wpdb` in core documentation to use `@global`.
See #30191, [30105].
Fixes #30217.

Built from https://develop.svn.wordpress.org/trunk@30122


git-svn-id: http://core.svn.wordpress.org/trunk@30122 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-10-31 17:56:22 +00:00
Andrew Nacin ac3dd27737 Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters.
Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes.
 
Also:
 * Use the same nice design for the plugin upload screen as the theme upload screen.
 * Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578.
 * Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button.
 * Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'.

fixes #29236.

Built from https://develop.svn.wordpress.org/trunk@29634


git-svn-id: http://core.svn.wordpress.org/trunk@29408 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-08-27 01:32:18 +00:00
Dominik Schilling 57c914f75a Customizer: Add meta capability `customize` which is mapped to `edit_theme_options`.
You can now allow users to access the Customizer, say for any user who can `edit_posts`, via `map_meta_cap` or `user_has_cap` filter. See ticket for examples.

props westonruter, nacin.
fixes #28605.
Built from https://develop.svn.wordpress.org/trunk@29170


git-svn-id: http://core.svn.wordpress.org/trunk@28954 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 19:01:16 +00:00
Drew Jaynes 52a8488a96 Fill out inline documentation for the `__call()` magic method added to the `WP_Roles` class in [28503].
See #22234 and #28885.

Built from https://develop.svn.wordpress.org/trunk@29153


git-svn-id: http://core.svn.wordpress.org/trunk@28937 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-07-14 00:12:14 +00:00
Scott Taylor b8d469600b These functions import `$wpdb` but do not use it.
See #27882.

Built from https://develop.svn.wordpress.org/trunk@28539


git-svn-id: http://core.svn.wordpress.org/trunk@28365 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-22 17:37:14 +00:00
Scott Taylor 7de0b2b2c8 Upgrade `_WP_List_Table_Compat` to PHP5-style constructor.
Add `public` to methods/members of `WP_Role`.
Add `public` to methods/members of `WP_User` where appropriate. Don't set `private` where indicated until more study has occurred and tests have been written for compatibiliy with existing magic methods.

See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28531


git-svn-id: http://core.svn.wordpress.org/trunk@28357 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 17:20:17 +00:00
Scott Taylor f172ef8ce2 Add access modifiers to methods/members in `WP_Roles`. Add a magic `__call()` method for BC.
See #27881, #22234.

Built from https://develop.svn.wordpress.org/trunk@28503


git-svn-id: http://core.svn.wordpress.org/trunk@28329 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-05-19 05:20:14 +00:00
Andrew Nacin c67c9565f1 Don't default to current user for capability checks when dealing with a post without an author (post_author = 0).
Undoes [12053]. While it risks breakage, this is a far safer and saner default for these situations.

props danielbachhuber.
fixes #27020.

Built from https://develop.svn.wordpress.org/trunk@27390


git-svn-id: http://core.svn.wordpress.org/trunk@27238 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2014-03-04 03:09:15 +00:00
Sergey Biryukov 1c8b834b0c Inline documentation for hooks in wp-includes/capabilities.php.
props ptahdunbar, kpdesign.
fixes #25531.
Built from https://develop.svn.wordpress.org/trunk@26126


git-svn-id: http://core.svn.wordpress.org/trunk@26038 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-13 04:39:08 +00:00
Sergey Biryukov 8d659b278c Fix docblock formatting. fixes #25893.
Built from https://develop.svn.wordpress.org/trunk@26081


git-svn-id: http://core.svn.wordpress.org/trunk@26001 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-11-11 13:32:10 +00:00
Andrew Nacin d93d8b850d Reverse the order of roles in wp_dropdown_roles(). Reset to 'subscriber' when the default role is removed and when a save is invalid.
props garyc40, wonderboymusic.
fixes #14578.

Built from https://develop.svn.wordpress.org/trunk@25695


git-svn-id: http://core.svn.wordpress.org/trunk@25610 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-06 10:56:09 +00:00
Scott Taylor 80bac8fe09 `WP_User::get_role_caps()` now returns the caps it was already setting. The method was previously just setting `$allprops` and requiring that property to be read.
Props nofearinc.
Fixes #24962.



Built from https://develop.svn.wordpress.org/trunk@25673


git-svn-id: http://core.svn.wordpress.org/trunk@25589 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-02 21:36:09 +00:00
Sergey Biryukov 8bda461ca9 Remove inaccurate @return value from remove_role(). props tivnet. fixes #25450.
Built from https://develop.svn.wordpress.org/trunk@25653


git-svn-id: http://core.svn.wordpress.org/trunk@25570 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-10-01 02:53:11 +00:00
Andrew Nacin 0e620877fd Use the wpdb method instead of $wpdb->prefix.
props hakre.
fixes #16756.

Built from https://develop.svn.wordpress.org/trunk@25615


git-svn-id: http://core.svn.wordpress.org/trunk@25532 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-24 23:41:10 +00:00
Scott Taylor daa4b531e8 Fix several esoteric errors related to AJAX unit tests for comments:
* `wp_ajax_get_comments()` relies on the `$post_id` global - even though `$_POST['p']` is passed to every action in the test methods. If `$post_id` is still lingering in between tests and doesn't match `p` in the request, the cap check might pass while the queries for comments will blow up. I added `unset( $GLOBALS['post_id'] )` to `Tests_Ajax_GetComments::setUp()`.
* If the global `$post_id` is empty, but `$_REQUEST['p']` is not, `$post_id` is now set to `absint( $_REQUEST['p'] )` and sanity-checked in `wp_ajax_get_comments()`.
* `map_meta_cap()` always assumes that `get_comment()` succeeds when checking for the `edit_comment` cap. It doesn't. I added sanity checks in a few places where it will break early if `get_post()` or `get_comment()` are empty.
* `wp_update_comment()` always assumes `get_comment()` succeeds. It doesn't. I added a check for empty.

All AJAX unit tests run and pass in debug mode. All general unit tests pass against these changes.

Fixes #25282.


Built from https://develop.svn.wordpress.org/trunk@25438


git-svn-id: http://core.svn.wordpress.org/trunk@25360 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-14 18:36:09 +00:00
Scott Taylor cb70e277af Add an additional available param (the `WP_User` instance) to the `user_has_cap` filter.
Props Viper007Bond.
Fixes #24490.


Built from https://develop.svn.wordpress.org/trunk@25329


git-svn-id: http://core.svn.wordpress.org/trunk@25291 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-09-10 22:23:10 +00:00
Andrew Nacin cbad0048a4 Don't set up $post_author_data in map_meta_cap() as we don't need it.
props duck_.
fixes #25177.

Built from https://develop.svn.wordpress.org/trunk@25177


git-svn-id: http://core.svn.wordpress.org/trunk@25150 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-08-30 04:01:08 +00:00
Andrew Nacin c2db94d10c Use meta caps edit_post, read_post, and delete_post directly, rather than consulting the post type object. map_meta_cap() handles that for us. props markjaquith, kovshenin. fixes #23226.
git-svn-id: http://core.svn.wordpress.org/trunk@24593 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-07-08 20:05:42 +00:00
Sergey Biryukov 81e2420c0a Correct return value for get_role() and WP_Roles::get_role(). props tivnet. fixes #24607.
git-svn-id: http://core.svn.wordpress.org/trunk@24491 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-06-21 13:01:55 +00:00
Ryan Boren 982694749b In WP_User::get_data_by(), don't abs int negative IDs. Instead, return false when an ID less than 1 is passed.
Props nacin, mordauk
fixes #23480


git-svn-id: http://core.svn.wordpress.org/trunk@24316 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-05-22 18:14:37 +00:00
Sergey Biryukov 362b41c33a Pass old roles to set_user_role action. props awellis13. fixes #19134.
git-svn-id: http://core.svn.wordpress.org/trunk@23358 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2013-01-31 01:15:25 +00:00
Ryan Boren 54ac1d939b Make current_user_can_for_blog() safe to run single site.
Props nacin, MarkJaquith
fixes #22803


git-svn-id: http://core.svn.wordpress.org/trunk@23117 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-12-07 09:53:27 +00:00
Andrew Nacin 61caecfa93 Use the create_posts post type cap in more places. Remove the janky create_posts meta cap. see #16714.
git-svn-id: http://core.svn.wordpress.org/trunk@22908 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-28 22:28:20 +00:00
Ryan Boren fac33f51fa When using WP_User::set_role() to set the role, don't unset all caps when the requested role matches the current role.
Props scribu, jammitch
fixes #18932


git-svn-id: http://core.svn.wordpress.org/trunk@22418 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-11-07 17:16:37 +00:00
Dion Hulse f4976f40b3 Fix a PHP Notice when attempting to Add or remove capabilities from nonexistant roles. Props SergeyBiryukov. Fixes #18461
git-svn-id: http://core.svn.wordpress.org/trunk@22354 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2012-10-31 23:18:33 +00:00