Make WordPress Core


Ignore:
Timestamp:
07/02/2017 05:15:42 AM (8 years ago)
Author:
peterwilsoncc
Message:

Capabilities: Prevent users having the do_not_allow capability.

Meta capabilities use the capability do_not_allow to indicate a user should be blocked from performing a particular action. This ensures users can not have the capability as it would cause unexpected behaviour.

Props johnbillion.
Fixes #41059.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-user.php

    r39735 r40993  
    749749        $capabilities['exist'] = true;
    750750
     751        // Nobody is allowed to do things they are not allowed to do.
     752        unset( $capabilities['do_not_allow'] );
     753
    751754        // Must have ALL requested caps.
    752755        foreach ( (array) $caps as $cap ) {
Note: See TracChangeset for help on using the changeset viewer.