In Multisite, prevent plugins from unintentionally switching sites.
Props mdawaffe. git-svn-id: https://develop.svn.wordpress.org/trunk@32173 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Gary Pendergast
parent
332750a40d
commit
94f02ef8b1
|
|
@ -1403,21 +1403,25 @@ function current_user_can( $capability ) {
|
|||
* @return bool
|
||||
*/
|
||||
function current_user_can_for_blog( $blog_id, $capability ) {
|
||||
if ( is_multisite() )
|
||||
switch_to_blog( $blog_id );
|
||||
$switched = is_multisite() ? switch_to_blog( $blog_id ) : false;
|
||||
|
||||
$current_user = wp_get_current_user();
|
||||
|
||||
if ( empty( $current_user ) )
|
||||
if ( empty( $current_user ) ) {
|
||||
if ( $switched ) {
|
||||
restore_current_blog();
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
$args = array_slice( func_get_args(), 2 );
|
||||
$args = array_merge( array( $capability ), $args );
|
||||
|
||||
$can = call_user_func_array( array( $current_user, 'has_cap' ), $args );
|
||||
|
||||
if ( is_multisite() )
|
||||
if ( $switched ) {
|
||||
restore_current_blog();
|
||||
}
|
||||
|
||||
return $can;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -695,6 +695,39 @@ class Tests_User_Capabilities extends WP_UnitTestCase {
|
|||
wp_set_current_user( $old_uid );
|
||||
}
|
||||
|
||||
function test_borked_current_user_can_for_blog() {
|
||||
if ( ! is_multisite() ) {
|
||||
$this->markTestSkipped( 'Test only runs in multisite' );
|
||||
return;
|
||||
}
|
||||
|
||||
$orig_blog_id = get_current_blog_id();
|
||||
$blog_id = $this->factory->blog->create();
|
||||
|
||||
$nullify_current_user = function() {
|
||||
// Prevents fatal errors in ::tearDown()'s and other uses of restore_current_blog()
|
||||
$function_stack = wp_debug_backtrace_summary( null, 0, false );
|
||||
if ( in_array( 'restore_current_blog', $function_stack ) ) {
|
||||
return;
|
||||
}
|
||||
$GLOBALS['current_user'] = null;
|
||||
};
|
||||
|
||||
$nullify_current_user_and_keep_nullifying_user = function() use ( $nullify_current_user ) {
|
||||
$nullify_current_user();
|
||||
|
||||
add_action( 'set_current_user', $nullify_current_user );
|
||||
};
|
||||
|
||||
$nullify_current_user();
|
||||
|
||||
add_action( 'switch_blog', $nullify_current_user_and_keep_nullifying_user );
|
||||
|
||||
current_user_can_for_blog( $blog_id, 'edit_posts' );
|
||||
|
||||
$this->assertEquals( $orig_blog_id, get_current_blog_id() );
|
||||
}
|
||||
|
||||
/**
|
||||
* @ticket 28374
|
||||
*/
|
||||
|
|
|
|||
Loading…
Reference in New Issue