Ticket #10763: check_authorization.patch
File check_authorization.patch, 17.9 KB (added by , 15 years ago) |
---|
-
wp-admin/options-privacy.php
9 9 /** Load WordPress Administration Bootstrap */ 10 10 require_once('./admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Privacy Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/includes/misc.php
638 638 unlink($path); 639 639 return true; 640 640 } 641 642 function check_authorization($capability, $message, $full_message=false){ 643 if ( ! current_user_can($capability) ){ 644 if ($full_message) 645 $message = __($message); 646 else 647 $message = __("You do not have sufficient permissions to") . ' ' . __($message); 648 649 wp_die($message); 650 } 651 } 652 641 653 ?> -
wp-admin/update.php
17 17 $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; 18 18 19 19 if ( 'upgrade-plugin' == $action ) { 20 if ( ! current_user_can('update_plugins') ) 21 wp_die(__('You do not have sufficient permissions to update plugins for this blog.')); 20 check_authorization('update_plugins', 'update plugins for this blog.'); 22 21 23 22 check_admin_referer('upgrade-plugin_' . $plugin); 24 23 … … 36 35 include('admin-footer.php'); 37 36 38 37 } elseif ('activate-plugin' == $action ) { 39 if ( ! current_user_can('update_plugins') ) 40 wp_die(__('You do not have sufficient permissions to update plugins for this blog.')); 38 check_authorization('update_plugins', 'update plugins for this blog.'); 41 39 42 40 check_admin_referer('activate-plugin_' . $plugin); 43 41 if( ! isset($_GET['failure']) && ! isset($_GET['success']) ) { … … 59 57 iframe_footer(); 60 58 } elseif ( 'install-plugin' == $action ) { 61 59 62 if ( ! current_user_can('install_plugins') ) 63 wp_die(__('You do not have sufficient permissions to install plugins for this blog.')); 60 check_authorization('install_plugins', 'install plugins for this blog.'); 64 61 65 62 include_once ABSPATH . 'wp-admin/includes/plugin-install.php'; //for plugins_api.. 66 63 … … 87 84 88 85 } elseif ( 'upload-plugin' == $action ) { 89 86 90 if ( ! current_user_can('install_plugins') ) 91 wp_die(__('You do not have sufficient permissions to install plugins for this blog.')); 87 check_authorization('install_plugins', 'install plugins for this blog.'); 92 88 93 89 check_admin_referer('plugin-upload'); 94 90 … … 111 107 112 108 } elseif ( 'upgrade-theme' == $action ) { 113 109 114 if ( ! current_user_can('update_themes') ) 115 wp_die(__('You do not have sufficient permissions to update themes for this blog.')); 110 check_authorization('update_themes', 'update themes for this blog.'); 116 111 117 112 check_admin_referer('upgrade-theme_' . $theme); 118 113 … … 133 128 134 129 } elseif ( 'install-theme' == $action ) { 135 130 136 if ( ! current_user_can('install_themes') ) 137 wp_die(__('You do not have sufficient permissions to install themes for this blog.')); 131 check_authorization('install_themes', 'install themes for this blog.'); 138 132 139 133 include_once ABSPATH . 'wp-admin/includes/theme-install.php'; //for themes_api.. 140 134 … … 163 157 164 158 } elseif ( 'upload-theme' == $action ) { 165 159 166 if ( ! current_user_can('install_themes') ) 167 wp_die(__('You do not have sufficient permissions to install themes for this blog.')); 160 check_authorization('install_themes', 'install themes for this blog.'); 168 161 169 162 check_admin_referer('theme-upload'); 170 163 -
wp-admin/theme-editor.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( !current_user_can('edit_themes') ) 13 wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>'); 12 check_authorization('edit_themes', 'edit templates for this blog.'); 14 13 15 14 $title = __("Edit Themes"); 16 15 $parent_file = 'themes.php'; -
wp-admin/options-general.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('./admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('General Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/options-media.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Media Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/options-misc.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Miscellaneous Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/edit-link-category-form.php
10 10 if ( !defined('ABSPATH') ) 11 11 die('-1'); 12 12 13 if ( !current_user_can('manage_categories') ) 14 wp_die(__('You do not have sufficient permissions to edit link categories for this blog.')); 13 check_authorization('manage_categories', 'edit link categories for this blog.'); 15 14 16 15 /** 17 16 * @var object -
wp-admin/edit-tag-form.php
10 10 if ( !defined('ABSPATH') ) 11 11 die('-1'); 12 12 13 if ( !current_user_can('manage_categories') ) 14 wp_die(__('You do not have sufficient permissions to edit tags for this blog.')); 13 check_authorization('manage_categories', 'edit tags for this blog.'); 15 14 16 15 if ( empty($tag_ID) ) { ?> 17 16 <div id="message" class="updated fade"><p><strong><?php _e('A tag was not selected for editing.'); ?></strong></p></div> -
wp-admin/plugin-install.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('install_plugins') ) 13 wp_die(__('You do not have sufficient permissions to install plugins on this blog.')); 12 check_authorization('install_plugins', 'install plugins on this blog.'); 14 13 15 14 include(ABSPATH . 'wp-admin/includes/plugin-install.php'); 16 15 -
wp-admin/options-discussion.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Discussion Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/plugins.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('activate_plugins') ) 13 wp_die(__('You do not have sufficient permissions to manage plugins for this blog.')); 12 check_authorization('activate_plugins', 'manage plugins for this blog.'); 14 13 15 14 if ( isset($_POST['clear-recent-list']) ) 16 15 $action = 'clear-recent-list'; … … 40 39 if ( !empty($action) ) { 41 40 switch ( $action ) { 42 41 case 'activate': 43 if ( ! current_user_can('activate_plugins') ) 44 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 42 check_authorization('activate_plugins', 'activate plugins for this blog.'); 45 43 46 44 check_admin_referer('activate-plugin_' . $plugin); 47 45 … … 59 57 exit; 60 58 break; 61 59 case 'activate-selected': 62 if ( ! current_user_can('activate_plugins') ) 63 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 60 check_authorization('activate_plugins', 'activate plugins for this blog.'); 64 61 65 62 check_admin_referer('bulk-manage-plugins'); 66 63 … … 84 81 exit; 85 82 break; 86 83 case 'error_scrape': 87 if ( ! current_user_can('activate_plugins') ) 88 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 84 check_authorization('activate_plugins', 'activate plugins for this blog.'); 89 85 90 86 check_admin_referer('plugin-activation-error_' . $plugin); 91 87 … … 100 96 exit; 101 97 break; 102 98 case 'deactivate': 103 if ( ! current_user_can('activate_plugins') ) 104 wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.')); 99 check_authorization('activate_plugins', 'deactivate plugins for this blog.'); 105 100 106 101 check_admin_referer('deactivate-plugin_' . $plugin); 107 102 deactivate_plugins($plugin); … … 110 105 exit; 111 106 break; 112 107 case 'deactivate-selected': 113 if ( ! current_user_can('activate_plugins') ) 114 wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.')); 108 check_authorization('activate_plugins', 'deactivate plugins for this blog.'); 115 109 116 110 check_admin_referer('bulk-manage-plugins'); 117 111 … … 133 127 exit; 134 128 break; 135 129 case 'delete-selected': 136 if ( ! current_user_can('delete_plugins') ) 137 wp_die(__('You do not have sufficient permissions to delete plugins for this blog.')); 130 check_authorization('delete_plugins', 'delete plugins for this blog.'); 138 131 139 132 check_admin_referer('bulk-manage-plugins'); 140 133 -
wp-admin/link-add.php
9 9 /** Load WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_links') ) 13 wp_die(__('You do not have sufficient permissions to add links to this blog.')); 12 check_authorization('manage_links', 'add links to this blog.'); 14 13 15 14 $title = __('Add New Link'); 16 15 $parent_file = 'link-manager.php'; -
wp-admin/link.php
14 14 15 15 wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]')); 16 16 17 if ( ! current_user_can('manage_links') ) 18 wp_die( __('You do not have sufficient permissions to edit the links for this blog.') ); 17 check_authorization('manage_links', 'edit the links for this blog.'); 19 18 20 19 if ( !empty($_POST['deletebookmarks']) ) 21 20 $action = 'deletebookmarks'; -
wp-admin/edit-category-form.php
10 10 if ( !defined('ABSPATH') ) 11 11 die('-1'); 12 12 13 if ( !current_user_can('manage_categories') ) 14 wp_die(__('You do not have sufficient permissions to edit categories for this blog.')); 13 check_authorization('manage_categories', 'edit categories for this blog. for this blog.'); 15 14 16 15 /** 17 16 * @var object -
wp-admin/options-reading.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Reading Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/link-manager.php
14 14 check_admin_referer('bulk-bookmarks'); 15 15 $doaction = $_GET['action'] ? $_GET['action'] : $_GET['action2']; 16 16 17 if ( ! current_user_can('manage_links') ) 18 wp_die( __('You do not have sufficient permissions to edit the links for this blog.') ); 17 check_authorization('manage_links', 'edit the links for this blog.'); 19 18 20 19 if ( 'delete' == $doaction ) { 21 20 foreach ( (array) $_GET['linkcheck'] as $link_id ) { … … 44 43 $this_file = $parent_file = 'link-manager.php'; 45 44 include_once ("./admin-header.php"); 46 45 47 if (!current_user_can('manage_links')) 48 wp_die(__("You do not have sufficient permissions to edit the links for this blog.")); 46 check_authorization('manage_links', 'edit the links for this blog.'); 49 47 50 48 switch ($order_by) { 51 49 case 'order_id' : -
wp-admin/theme-install.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('install_themes') ) 13 wp_die(__('You do not have sufficient permissions to install themes on this blog.')); 12 check_authorization('install_themes', 'install themes on this blog.'); 14 13 15 14 include(ABSPATH . 'wp-admin/includes/theme-install.php'); 16 15 -
wp-admin/update-core.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('update_plugins') ) 13 wp_die(__('You do not have sufficient permissions to update plugins for this blog.')); 12 check_authorization('update_plugins', 'update plugins for this blog.'); 14 13 15 14 function list_core_update( $update ) { 16 15 global $wp_local_package; -
wp-admin/import.php
9 9 /** Load WordPress Bootstrap */ 10 10 require_once ('admin.php'); 11 11 12 if ( !current_user_can('edit_files') ) 13 wp_die(__('You do not have sufficient permissions to import content in this blog.')); 12 check_authorization('edit_files', 'import content in this blog.'); 14 13 15 14 $title = __('Import'); 16 15 require_once ('admin-header.php'); -
wp-admin/options-permalink.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Permalink Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/options-writing.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( ! current_user_can('manage_options') ) 13 wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 12 check_authorization('manage_options', 'manage options for this blog.'); 14 13 15 14 $title = __('Writing Settings'); 16 15 $parent_file = 'options-general.php'; -
wp-admin/export.php
9 9 /** Load WordPress Bootstrap */ 10 10 require_once ('admin.php'); 11 11 12 if ( !current_user_can('edit_files') ) 13 wp_die(__('You do not have sufficient permissions to export the content of this blog.')); 12 check_authorization('edit_files', 'export the content of this blog.'); 14 13 15 14 /** Load WordPress export API */ 16 15 require_once('includes/export.php'); -
wp-admin/plugin-editor.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once('admin.php'); 11 11 12 if ( !current_user_can('edit_plugins') ) 13 wp_die('<p>'.__('You do not have sufficient permissions to edit plugins for this blog.').'</p>'); 12 check_authorization('edit_plugins', 'edit plugins for this blog.'); 14 13 15 14 $title = __("Edit Plugins"); 16 15 $parent_file = 'plugins.php';