Make WordPress Core


Ignore:
Timestamp:
03/04/2021 12:12:55 AM (4 years ago)
Author:
peterwilsoncc
Message:

Roles/Caps: Return same result from current_user_can and user_can().

Ensure current_user_can() and user_can() return the same results for logged out users. For core capabilities this changes user_can( 0, 'exist' ) to return true rather than false in line with current_user_can( 'exist' ) for logged out users.

Convert current_user_can() and current_user_can_for_blog() to wrapper functions ultimately calling user_can().

Add anonymous user to primitive capability checks as appropriate. Convert Tests_User_Capabilities::test_other_caps_for_all_roles() to use a data provider and add tests to check whether user exists in the database (WP_User::exists()) as that intentionally differs from the exist capability.

Props jjj, johnbillion, peterwilsoncc, SergeyBiryukov, TimothyBlynJacobs.
Fixes #52076.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/class-wp-user.php

    r49790 r50490  
    168168     */
    169169    public function init( $data, $site_id = '' ) {
     170        if ( ! isset( $data->ID ) ) {
     171            $data->ID = 0;
     172        }
    170173        $this->data = $data;
    171174        $this->ID   = (int) $data->ID;
Note: See TracChangeset for help on using the changeset viewer.