Ticket #43210: 43210.diff
| File 43210.diff, 3.1 KB (added by , 7 years ago) |
|---|
-
src/wp-includes/capabilities.php
248 248 249 249 $caps[] = $post_type->cap->publish_posts; 250 250 break; 251 case 'manage_option': 252 $caps[] = 'manage_options'; 253 $option = $args[0]; 254 255 if ( has_filter( "auth_option_{$option}" ) ) { 256 /** 257 * Filters whether the user is allowed to manage an option. 258 * 259 * @since 5.0.0 260 * 261 * @param bool $allowed Whether the user can manage the option. Default false. 262 * @param string $option The option name. 263 * @param int $user_id User ID. 264 */ 265 $allowed = apply_filters( "auth_option_{$option}", false, $option, $user_id ); 266 267 if ( ! $allowed ) { 268 $caps[] = $cap; 269 } 270 } 271 break; 251 272 case 'edit_post_meta': 252 273 case 'delete_post_meta': 253 274 case 'add_post_meta': -
src/wp-includes/option.php
2032 2032 * 2033 2033 * @since 2.7.0 2034 2034 * @since 4.7.0 `$args` can be passed to set flags on the setting, similar to `register_meta()`. 2035 * @since 5.0.0 Introduced the `$auth_callback` argument. 2035 2036 * 2036 2037 * @global array $new_whitelist_options 2037 2038 * @global array $wp_registered_settings … … 2046 2047 * Valid values are 'string', 'boolean', 'integer', and 'number'. 2047 2048 * @type string $description A description of the data attached to this setting. 2048 2049 * @type callable $sanitize_callback A callback function that sanitizes the option's value. 2050 * @type callable $auth_callback A callback function to use when performing a manage_option check. 2049 2051 * @type bool $show_in_rest Whether data associated with this setting should be included in the REST API. 2050 2052 * @type mixed $default Default value when calling `get_option()`. 2051 2053 * } … … 2058 2060 'group' => $option_group, 2059 2061 'description' => '', 2060 2062 'sanitize_callback' => null, 2063 'auth_callback' => null, 2061 2064 'show_in_rest' => false, 2062 2065 ); 2063 2066 … … 2113 2116 if ( ! empty( $args['sanitize_callback'] ) ) { 2114 2117 add_filter( "sanitize_option_{$option_name}", $args['sanitize_callback'] ); 2115 2118 } 2119 if ( ! empty( $args['auth_callback'] ) ) { 2120 add_filter( "auth_option_{$option_name}", $args['auth_callback'], 10, 3 ); 2121 } 2116 2122 if ( array_key_exists( 'default', $args ) ) { 2117 2123 add_filter( "default_option_{$option_name}", 'filter_default_option', 10, 3 ); 2118 2124 } … … 2182 2188 remove_filter( "sanitize_option_{$option_name}", $wp_registered_settings[ $option_name ]['sanitize_callback'] ); 2183 2189 } 2184 2190 2191 // Remove the auth callback if one was set during registration. 2192 if ( ! empty( $wp_registered_settings[ $option_name ]['auth_callback'] ) ) { 2193 remove_filter( "auth_option_{$option_name}", $wp_registered_settings[ $option_name ]['auth_callback'], 10 ); 2194 } 2195 2185 2196 unset( $wp_registered_settings[ $option_name ] ); 2186 2197 } 2187 2198 }