WordPress.org

Make WordPress Core

Ticket #36376: fix.36376.diff

File fix.36376.diff, 1.0 KB (added by mikejolley, 5 years ago)

Fix for 36376

  • wp-includes/class-wp-user.php

    diff --git wp-includes/class-wp-user.php wp-includes/class-wp-user.php
    index 210919d..d0069c2 100644
    class WP_User { 
    482482                if ( is_array( $this->caps ) )
    483483                        $this->roles = array_filter( array_keys( $this->caps ), array( $wp_roles, 'is_role' ) );
    484484
    485                 //Build $allcaps from role caps, overlay user's $caps
     485                /**
     486                 * Build $allcaps from role caps, overlaying user's $caps and caps from
     487                 * the user's roles. Role capabilities are filtered to only return caps
     488                 * which are true. This prevents false caps overwriting true caps.
     489                 */
    486490                $this->allcaps = array();
    487491                foreach ( (array) $this->roles as $role ) {
    488492                        $the_role = $wp_roles->get_role( $role );
    489                         $this->allcaps = array_merge( (array) $this->allcaps, (array) $the_role->capabilities );
     493                        $this->allcaps = array_merge( (array) $this->allcaps, array_filter( (array) $the_role->capabilities ) );
    490494                }
    491495                $this->allcaps = array_merge( (array) $this->allcaps, (array) $this->caps );
    492496