Changeset 10939 for sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-hooks.php

Timestamp:

04/30/2021 08:06:27 AM (5 years ago)

Author:

dd32

Message:

Support: Use an implementation of WP_User::has_role() instead of WP_User::has_cap().

WordPress doesn't have a WP_User::has_role() because you should always check for a cap instead, well, super admins have all caps, including bbp_blocked!

This caused a super admin being set to bbp_participant to end up with a broken password, as $user->has_cap( 'bbp_blocked' ) && ! $password_broken === true.

Follow up to [10918].

File:

• sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-hooks.php (modified) (2 diffs)

sites/trunk/wordpress.org/public_html/wp-content/plugins/support-forums/inc/class-hooks.php

@@ -1316 +1316 @@
         $note_text       = false;
 
+        // WP_User::has_role() does not exist, and WP_User::has_cap( 'bbp_blocked' ) will be truthful for super admins.
+        $user_has_blocked_role = ! empty( $user->roles ) && in_array( $blocked_role, $user->roles, true );
+
         if (
-            ( $blocked_role === $new_role || $user->has_cap( $blocked_role ) ) &&
+            ( $blocked_role === $new_role || $user_has_blocked_role ) &&
             ! $password_broken
         ) {
@@ -1345 +1348 @@
         } else if (
             $password_broken &&
-            ! $user->has_cap( $blocked_role )
+            ! $user_has_blocked_role
         ) {
             // User was blocked (broken password) but no longer is.