From 7b60544cce6372a4571bbc4f7e04c8595efc9d9a Mon Sep 17 00:00:00 2001
From: Sergey Biryukov <sergeybiryukov@git.wordpress.org>
Date: Sun, 15 Sep 2019 01:28:51 +0000
Subject: [PATCH] Docs: Clarify in `update_option()` description that it's
 plugin author's responsibility to check the current user's capabilities
 before saving any option changes.

Props dinhtungdu, lllor.
Fixes #47820.

git-svn-id: https://develop.svn.wordpress.org/trunk@46120 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-includes/option.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/wp-includes/option.php b/src/wp-includes/option.php
index 1c7c9fbf98..264d2ad9df 100644
--- a/src/wp-includes/option.php
+++ b/src/wp-includes/option.php
@@ -282,6 +282,9 @@ function wp_load_core_site_options( $network_id = null ) {
  *
  * If the option does not exist, then the option will be added with the option value,
  * with an `$autoload` value of 'yes'.
+
+ * This function is designed to work with or without a logged-in user. In terms of security, 
+ * plugin developers should check the current user's capabilities before updating any options.
  *
  * @since 1.0.0
  * @since 4.2.0 The `$autoload` parameter was added.