WordPress.org

Make WordPress Core

Ticket #10763: check_authorization.patch

File check_authorization.patch, 17.9 KB (added by johnjosephbachir, 6 years ago)
  • wp-admin/options-privacy.php

     
    99/** Load WordPress Administration Bootstrap */ 
    1010require_once('./admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Privacy Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/includes/misc.php

     
    638638        unlink($path); 
    639639    return true; 
    640640} 
     641 
     642function check_authorization($capability, $message, $full_message=false){ 
     643        if ( ! current_user_can($capability) ){ 
     644                if ($full_message) 
     645                        $message = __($message); 
     646                else 
     647                        $message = __("You do not have sufficient permissions to") . ' ' . __($message); 
     648 
     649                wp_die($message); 
     650        } 
     651} 
     652 
    641653?> 
  • wp-admin/update.php

     
    1717        $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; 
    1818 
    1919        if ( 'upgrade-plugin' == $action ) { 
    20                 if ( ! current_user_can('update_plugins') ) 
    21                         wp_die(__('You do not have sufficient permissions to update plugins for this blog.')); 
     20                check_authorization('update_plugins', 'update plugins for this blog.'); 
    2221 
    2322                check_admin_referer('upgrade-plugin_' . $plugin); 
    2423 
     
    3635                include('admin-footer.php'); 
    3736 
    3837        } elseif ('activate-plugin' == $action ) { 
    39                 if ( ! current_user_can('update_plugins') ) 
    40                         wp_die(__('You do not have sufficient permissions to update plugins for this blog.')); 
     38                check_authorization('update_plugins', 'update plugins for this blog.'); 
    4139 
    4240                check_admin_referer('activate-plugin_' . $plugin); 
    4341                if( ! isset($_GET['failure']) && ! isset($_GET['success']) ) { 
     
    5957                iframe_footer(); 
    6058        } elseif ( 'install-plugin' == $action ) { 
    6159 
    62                 if ( ! current_user_can('install_plugins') ) 
    63                         wp_die(__('You do not have sufficient permissions to install plugins for this blog.')); 
     60                check_authorization('install_plugins', 'install plugins for this blog.'); 
    6461 
    6562                include_once ABSPATH . 'wp-admin/includes/plugin-install.php'; //for plugins_api.. 
    6663 
     
    8784 
    8885        } elseif ( 'upload-plugin' == $action ) { 
    8986 
    90                 if ( ! current_user_can('install_plugins') ) 
    91                         wp_die(__('You do not have sufficient permissions to install plugins for this blog.')); 
     87                check_authorization('install_plugins', 'install plugins for this blog.'); 
    9288 
    9389                check_admin_referer('plugin-upload'); 
    9490 
     
    111107 
    112108        } elseif ( 'upgrade-theme' == $action ) { 
    113109 
    114                 if ( ! current_user_can('update_themes') ) 
    115                         wp_die(__('You do not have sufficient permissions to update themes for this blog.')); 
     110                check_authorization('update_themes', 'update themes for this blog.'); 
    116111 
    117112                check_admin_referer('upgrade-theme_' . $theme); 
    118113 
     
    133128 
    134129        } elseif ( 'install-theme' == $action ) { 
    135130 
    136                 if ( ! current_user_can('install_themes') ) 
    137                         wp_die(__('You do not have sufficient permissions to install themes for this blog.')); 
     131                check_authorization('install_themes', 'install themes for this blog.'); 
    138132 
    139133                include_once ABSPATH . 'wp-admin/includes/theme-install.php'; //for themes_api.. 
    140134 
     
    163157 
    164158        } elseif ( 'upload-theme' == $action ) { 
    165159 
    166                 if ( ! current_user_can('install_themes') ) 
    167                         wp_die(__('You do not have sufficient permissions to install themes for this blog.')); 
     160                check_authorization('install_themes', 'install themes for this blog.'); 
    168161 
    169162                check_admin_referer('theme-upload'); 
    170163 
  • wp-admin/theme-editor.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( !current_user_can('edit_themes') ) 
    13         wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>'); 
     12check_authorization('edit_themes', 'edit templates for this blog.'); 
    1413 
    1514$title = __("Edit Themes"); 
    1615$parent_file = 'themes.php'; 
  • wp-admin/options-general.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('./admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('General Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/options-media.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Media Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/options-misc.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Miscellaneous Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/edit-link-category-form.php

     
    1010if ( !defined('ABSPATH') ) 
    1111        die('-1'); 
    1212 
    13 if ( !current_user_can('manage_categories') ) 
    14         wp_die(__('You do not have sufficient permissions to edit link categories for this blog.')); 
     13check_authorization('manage_categories', 'edit link categories for this blog.'); 
    1514 
    1615/** 
    1716 * @var object 
  • wp-admin/edit-tag-form.php

     
    1010if ( !defined('ABSPATH') ) 
    1111        die('-1'); 
    1212 
    13 if ( !current_user_can('manage_categories') ) 
    14         wp_die(__('You do not have sufficient permissions to edit tags for this blog.')); 
     13check_authorization('manage_categories', 'edit tags for this blog.'); 
    1514 
    1615if ( empty($tag_ID) ) { ?> 
    1716        <div id="message" class="updated fade"><p><strong><?php _e('A tag was not selected for editing.'); ?></strong></p></div> 
  • wp-admin/plugin-install.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('install_plugins') ) 
    13         wp_die(__('You do not have sufficient permissions to install plugins on this blog.')); 
     12check_authorization('install_plugins', 'install plugins on this blog.'); 
    1413 
    1514include(ABSPATH . 'wp-admin/includes/plugin-install.php'); 
    1615 
  • wp-admin/options-discussion.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Discussion Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/plugins.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('activate_plugins') ) 
    13         wp_die(__('You do not have sufficient permissions to manage plugins for this blog.')); 
     12check_authorization('activate_plugins', 'manage plugins for this blog.'); 
    1413 
    1514if ( isset($_POST['clear-recent-list']) ) 
    1615        $action = 'clear-recent-list'; 
     
    4039if ( !empty($action) ) { 
    4140        switch ( $action ) { 
    4241                case 'activate': 
    43                         if ( ! current_user_can('activate_plugins') ) 
    44                                 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 
     42                        check_authorization('activate_plugins', 'activate plugins for this blog.'); 
    4543 
    4644                        check_admin_referer('activate-plugin_' . $plugin); 
    4745 
     
    5957                        exit; 
    6058                        break; 
    6159                case 'activate-selected': 
    62                         if ( ! current_user_can('activate_plugins') ) 
    63                                 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 
     60                        check_authorization('activate_plugins', 'activate plugins for this blog.'); 
    6461                         
    6562                        check_admin_referer('bulk-manage-plugins'); 
    6663 
     
    8481                        exit; 
    8582                        break; 
    8683                case 'error_scrape': 
    87                         if ( ! current_user_can('activate_plugins') ) 
    88                                 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 
     84                        check_authorization('activate_plugins', 'activate plugins for this blog.'); 
    8985 
    9086                        check_admin_referer('plugin-activation-error_' . $plugin); 
    9187 
     
    10096                        exit; 
    10197                        break; 
    10298                case 'deactivate': 
    103                         if ( ! current_user_can('activate_plugins') ) 
    104                                 wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.')); 
     99                        check_authorization('activate_plugins', 'deactivate plugins for this blog.'); 
    105100 
    106101                        check_admin_referer('deactivate-plugin_' . $plugin); 
    107102                        deactivate_plugins($plugin); 
     
    110105                        exit; 
    111106                        break; 
    112107                case 'deactivate-selected': 
    113                         if ( ! current_user_can('activate_plugins') ) 
    114                                 wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.')); 
     108                        check_authorization('activate_plugins', 'deactivate plugins for this blog.'); 
    115109 
    116110                        check_admin_referer('bulk-manage-plugins'); 
    117111 
     
    133127                        exit; 
    134128                        break; 
    135129                case 'delete-selected': 
    136                         if ( ! current_user_can('delete_plugins') ) 
    137                                 wp_die(__('You do not have sufficient permissions to delete plugins for this blog.')); 
     130                        check_authorization('delete_plugins', 'delete plugins for this blog.'); 
    138131 
    139132                        check_admin_referer('bulk-manage-plugins'); 
    140133 
  • wp-admin/link-add.php

     
    99/** Load WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_links') ) 
    13         wp_die(__('You do not have sufficient permissions to add links to this blog.')); 
     12check_authorization('manage_links', 'add links to this blog.'); 
    1413 
    1514$title = __('Add New Link'); 
    1615$parent_file = 'link-manager.php'; 
  • wp-admin/link.php

     
    1414 
    1515wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]')); 
    1616 
    17 if ( ! current_user_can('manage_links') ) 
    18         wp_die( __('You do not have sufficient permissions to edit the links for this blog.') ); 
     17check_authorization('manage_links', 'edit the links for this blog.'); 
    1918 
    2019if ( !empty($_POST['deletebookmarks']) ) 
    2120        $action = 'deletebookmarks'; 
  • wp-admin/edit-category-form.php

     
    1010if ( !defined('ABSPATH') ) 
    1111        die('-1'); 
    1212 
    13 if ( !current_user_can('manage_categories') ) 
    14         wp_die(__('You do not have sufficient permissions to edit categories for this blog.')); 
     13check_authorization('manage_categories', 'edit categories for this blog. for this blog.'); 
    1514 
    1615/** 
    1716 * @var object 
  • wp-admin/options-reading.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Reading Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/link-manager.php

     
    1414        check_admin_referer('bulk-bookmarks'); 
    1515        $doaction = $_GET['action'] ? $_GET['action'] : $_GET['action2']; 
    1616 
    17         if ( ! current_user_can('manage_links') ) 
    18                 wp_die( __('You do not have sufficient permissions to edit the links for this blog.') ); 
     17        check_authorization('manage_links', 'edit the links for this blog.'); 
    1918 
    2019        if ( 'delete' == $doaction ) { 
    2120                foreach ( (array) $_GET['linkcheck'] as $link_id ) { 
     
    4443$this_file = $parent_file = 'link-manager.php'; 
    4544include_once ("./admin-header.php"); 
    4645 
    47 if (!current_user_can('manage_links')) 
    48         wp_die(__("You do not have sufficient permissions to edit the links for this blog.")); 
     46check_authorization('manage_links', 'edit the links for this blog.'); 
    4947 
    5048switch ($order_by) { 
    5149        case 'order_id' : 
  • wp-admin/theme-install.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('install_themes') ) 
    13         wp_die(__('You do not have sufficient permissions to install themes on this blog.')); 
     12check_authorization('install_themes', 'install themes on this blog.'); 
    1413 
    1514include(ABSPATH . 'wp-admin/includes/theme-install.php'); 
    1615 
  • wp-admin/update-core.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('update_plugins') ) 
    13         wp_die(__('You do not have sufficient permissions to update plugins for this blog.')); 
     12check_authorization('update_plugins', 'update plugins for this blog.'); 
    1413 
    1514function list_core_update( $update ) { 
    1615        global $wp_local_package; 
  • wp-admin/import.php

     
    99/** Load WordPress Bootstrap */ 
    1010require_once ('admin.php'); 
    1111 
    12 if ( !current_user_can('edit_files') ) 
    13         wp_die(__('You do not have sufficient permissions to import content in this blog.')); 
     12check_authorization('edit_files', 'import content in this blog.'); 
    1413 
    1514$title = __('Import'); 
    1615require_once ('admin-header.php'); 
  • wp-admin/options-permalink.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Permalink Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/options-writing.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( ! current_user_can('manage_options') ) 
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
     12check_authorization('manage_options', 'manage options for this blog.'); 
    1413 
    1514$title = __('Writing Settings'); 
    1615$parent_file = 'options-general.php'; 
  • wp-admin/export.php

     
    99/** Load WordPress Bootstrap */ 
    1010require_once ('admin.php'); 
    1111 
    12 if ( !current_user_can('edit_files') ) 
    13         wp_die(__('You do not have sufficient permissions to export the content of this blog.')); 
     12check_authorization('edit_files', 'export the content of this blog.'); 
    1413 
    1514/** Load WordPress export API */ 
    1615require_once('includes/export.php'); 
  • wp-admin/plugin-editor.php

     
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
    1111 
    12 if ( !current_user_can('edit_plugins') ) 
    13         wp_die('<p>'.__('You do not have sufficient permissions to edit plugins for this blog.').'</p>'); 
     12check_authorization('edit_plugins', 'edit plugins for this blog.'); 
    1413 
    1514$title = __("Edit Plugins"); 
    1615$parent_file = 'plugins.php';