current_user_can_for_blog() fatal errors in single site

[nacin]

It calls switch_to_blog() unconditionally. It should not.

We must do an audit of all other switch_to_blog() calls.

Note to plugin authors: If your plugin suddenly starts causing a fatal error in a new release of WordPress, for God's sakes, THAT IS NOT NORMAL. Report it as a bug. Don't just fix it on your own.

[markjaquith]

Completed an audit. current_user_can_for_blog() was the only serious one. WP_Theme->get_allowed_on_site(), was the only other one of note. I independently found it and came up with the same fix as in nacin's 22803.diff.

22803.2.diff includes nacin's fix and a simple 2x is_multisite() check for current_user_can_for_blog().

[nacin]

Note that the WP_Theme one is unchanged from 3.4, when that method was introduced, and requires calling get_allowed_on_site() with a blog_id of something other than the current blog, which doesn't occur in core outside of multisite. (wp_get_themes() will only pass a blog ID to it in multisite.) Haven't seen a single report of this error so far. But of course, it is good to fix.

[nacin]

To ryan for commit.

[ryan]

In 23117:

Make current_user_can_for_blog() safe to run single site.

Props nacin, MarkJaquith
fixes #22803