Make WordPress Core

Ticket #10763: check_authorization.patch

File check_authorization.patch, 17.9 KB (added by johnjosephbachir, 15 years ago)
  • wp-admin/options-privacy.php

     
    99/** Load WordPress Administration Bootstrap */
    1010require_once('./admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Privacy Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/includes/misc.php

     
    638638        unlink($path);
    639639    return true;
    640640}
     641
     642function check_authorization($capability, $message, $full_message=false){
     643        if ( ! current_user_can($capability) ){
     644                if ($full_message)
     645                        $message = __($message);
     646                else
     647                        $message = __("You do not have sufficient permissions to") . ' ' . __($message);
     648
     649                wp_die($message);
     650        }
     651}
     652
    641653?>
  • wp-admin/update.php

     
    1717        $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
    1818
    1919        if ( 'upgrade-plugin' == $action ) {
    20                 if ( ! current_user_can('update_plugins') )
    21                         wp_die(__('You do not have sufficient permissions to update plugins for this blog.'));
     20                check_authorization('update_plugins', 'update plugins for this blog.');
    2221
    2322                check_admin_referer('upgrade-plugin_' . $plugin);
    2423
     
    3635                include('admin-footer.php');
    3736
    3837        } elseif ('activate-plugin' == $action ) {
    39                 if ( ! current_user_can('update_plugins') )
    40                         wp_die(__('You do not have sufficient permissions to update plugins for this blog.'));
     38                check_authorization('update_plugins', 'update plugins for this blog.');
    4139
    4240                check_admin_referer('activate-plugin_' . $plugin);
    4341                if( ! isset($_GET['failure']) && ! isset($_GET['success']) ) {
     
    5957                iframe_footer();
    6058        } elseif ( 'install-plugin' == $action ) {
    6159
    62                 if ( ! current_user_can('install_plugins') )
    63                         wp_die(__('You do not have sufficient permissions to install plugins for this blog.'));
     60                check_authorization('install_plugins', 'install plugins for this blog.');
    6461
    6562                include_once ABSPATH . 'wp-admin/includes/plugin-install.php'; //for plugins_api..
    6663
     
    8784
    8885        } elseif ( 'upload-plugin' == $action ) {
    8986
    90                 if ( ! current_user_can('install_plugins') )
    91                         wp_die(__('You do not have sufficient permissions to install plugins for this blog.'));
     87                check_authorization('install_plugins', 'install plugins for this blog.');
    9288
    9389                check_admin_referer('plugin-upload');
    9490
     
    111107
    112108        } elseif ( 'upgrade-theme' == $action ) {
    113109
    114                 if ( ! current_user_can('update_themes') )
    115                         wp_die(__('You do not have sufficient permissions to update themes for this blog.'));
     110                check_authorization('update_themes', 'update themes for this blog.');
    116111
    117112                check_admin_referer('upgrade-theme_' . $theme);
    118113
     
    133128
    134129        } elseif ( 'install-theme' == $action ) {
    135130
    136                 if ( ! current_user_can('install_themes') )
    137                         wp_die(__('You do not have sufficient permissions to install themes for this blog.'));
     131                check_authorization('install_themes', 'install themes for this blog.');
    138132
    139133                include_once ABSPATH . 'wp-admin/includes/theme-install.php'; //for themes_api..
    140134
     
    163157
    164158        } elseif ( 'upload-theme' == $action ) {
    165159
    166                 if ( ! current_user_can('install_themes') )
    167                         wp_die(__('You do not have sufficient permissions to install themes for this blog.'));
     160                check_authorization('install_themes', 'install themes for this blog.');
    168161
    169162                check_admin_referer('theme-upload');
    170163
  • wp-admin/theme-editor.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( !current_user_can('edit_themes') )
    13         wp_die('<p>'.__('You do not have sufficient permissions to edit templates for this blog.').'</p>');
     12check_authorization('edit_themes', 'edit templates for this blog.');
    1413
    1514$title = __("Edit Themes");
    1615$parent_file = 'themes.php';
  • wp-admin/options-general.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('./admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('General Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/options-media.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Media Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/options-misc.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Miscellaneous Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/edit-link-category-form.php

     
    1010if ( !defined('ABSPATH') )
    1111        die('-1');
    1212
    13 if ( !current_user_can('manage_categories') )
    14         wp_die(__('You do not have sufficient permissions to edit link categories for this blog.'));
     13check_authorization('manage_categories', 'edit link categories for this blog.');
    1514
    1615/**
    1716 * @var object
  • wp-admin/edit-tag-form.php

     
    1010if ( !defined('ABSPATH') )
    1111        die('-1');
    1212
    13 if ( !current_user_can('manage_categories') )
    14         wp_die(__('You do not have sufficient permissions to edit tags for this blog.'));
     13check_authorization('manage_categories', 'edit tags for this blog.');
    1514
    1615if ( empty($tag_ID) ) { ?>
    1716        <div id="message" class="updated fade"><p><strong><?php _e('A tag was not selected for editing.'); ?></strong></p></div>
  • wp-admin/plugin-install.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('install_plugins') )
    13         wp_die(__('You do not have sufficient permissions to install plugins on this blog.'));
     12check_authorization('install_plugins', 'install plugins on this blog.');
    1413
    1514include(ABSPATH . 'wp-admin/includes/plugin-install.php');
    1615
  • wp-admin/options-discussion.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Discussion Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/plugins.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('activate_plugins') )
    13         wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
     12check_authorization('activate_plugins', 'manage plugins for this blog.');
    1413
    1514if ( isset($_POST['clear-recent-list']) )
    1615        $action = 'clear-recent-list';
     
    4039if ( !empty($action) ) {
    4140        switch ( $action ) {
    4241                case 'activate':
    43                         if ( ! current_user_can('activate_plugins') )
    44                                 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     42                        check_authorization('activate_plugins', 'activate plugins for this blog.');
    4543
    4644                        check_admin_referer('activate-plugin_' . $plugin);
    4745
     
    5957                        exit;
    6058                        break;
    6159                case 'activate-selected':
    62                         if ( ! current_user_can('activate_plugins') )
    63                                 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     60                        check_authorization('activate_plugins', 'activate plugins for this blog.');
    6461                       
    6562                        check_admin_referer('bulk-manage-plugins');
    6663
     
    8481                        exit;
    8582                        break;
    8683                case 'error_scrape':
    87                         if ( ! current_user_can('activate_plugins') )
    88                                 wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     84                        check_authorization('activate_plugins', 'activate plugins for this blog.');
    8985
    9086                        check_admin_referer('plugin-activation-error_' . $plugin);
    9187
     
    10096                        exit;
    10197                        break;
    10298                case 'deactivate':
    103                         if ( ! current_user_can('activate_plugins') )
    104                                 wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
     99                        check_authorization('activate_plugins', 'deactivate plugins for this blog.');
    105100
    106101                        check_admin_referer('deactivate-plugin_' . $plugin);
    107102                        deactivate_plugins($plugin);
     
    110105                        exit;
    111106                        break;
    112107                case 'deactivate-selected':
    113                         if ( ! current_user_can('activate_plugins') )
    114                                 wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
     108                        check_authorization('activate_plugins', 'deactivate plugins for this blog.');
    115109
    116110                        check_admin_referer('bulk-manage-plugins');
    117111
     
    133127                        exit;
    134128                        break;
    135129                case 'delete-selected':
    136                         if ( ! current_user_can('delete_plugins') )
    137                                 wp_die(__('You do not have sufficient permissions to delete plugins for this blog.'));
     130                        check_authorization('delete_plugins', 'delete plugins for this blog.');
    138131
    139132                        check_admin_referer('bulk-manage-plugins');
    140133
  • wp-admin/link-add.php

     
    99/** Load WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_links') )
    13         wp_die(__('You do not have sufficient permissions to add links to this blog.'));
     12check_authorization('manage_links', 'add links to this blog.');
    1413
    1514$title = __('Add New Link');
    1615$parent_file = 'link-manager.php';
  • wp-admin/link.php

     
    1414
    1515wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]'));
    1616
    17 if ( ! current_user_can('manage_links') )
    18         wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
     17check_authorization('manage_links', 'edit the links for this blog.');
    1918
    2019if ( !empty($_POST['deletebookmarks']) )
    2120        $action = 'deletebookmarks';
  • wp-admin/edit-category-form.php

     
    1010if ( !defined('ABSPATH') )
    1111        die('-1');
    1212
    13 if ( !current_user_can('manage_categories') )
    14         wp_die(__('You do not have sufficient permissions to edit categories for this blog.'));
     13check_authorization('manage_categories', 'edit categories for this blog. for this blog.');
    1514
    1615/**
    1716 * @var object
  • wp-admin/options-reading.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Reading Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/link-manager.php

     
    1414        check_admin_referer('bulk-bookmarks');
    1515        $doaction = $_GET['action'] ? $_GET['action'] : $_GET['action2'];
    1616
    17         if ( ! current_user_can('manage_links') )
    18                 wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
     17        check_authorization('manage_links', 'edit the links for this blog.');
    1918
    2019        if ( 'delete' == $doaction ) {
    2120                foreach ( (array) $_GET['linkcheck'] as $link_id ) {
     
    4443$this_file = $parent_file = 'link-manager.php';
    4544include_once ("./admin-header.php");
    4645
    47 if (!current_user_can('manage_links'))
    48         wp_die(__("You do not have sufficient permissions to edit the links for this blog."));
     46check_authorization('manage_links', 'edit the links for this blog.');
    4947
    5048switch ($order_by) {
    5149        case 'order_id' :
  • wp-admin/theme-install.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('install_themes') )
    13         wp_die(__('You do not have sufficient permissions to install themes on this blog.'));
     12check_authorization('install_themes', 'install themes on this blog.');
    1413
    1514include(ABSPATH . 'wp-admin/includes/theme-install.php');
    1615
  • wp-admin/update-core.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('update_plugins') )
    13         wp_die(__('You do not have sufficient permissions to update plugins for this blog.'));
     12check_authorization('update_plugins', 'update plugins for this blog.');
    1413
    1514function list_core_update( $update ) {
    1615        global $wp_local_package;
  • wp-admin/import.php

     
    99/** Load WordPress Bootstrap */
    1010require_once ('admin.php');
    1111
    12 if ( !current_user_can('edit_files') )
    13         wp_die(__('You do not have sufficient permissions to import content in this blog.'));
     12check_authorization('edit_files', 'import content in this blog.');
    1413
    1514$title = __('Import');
    1615require_once ('admin-header.php');
  • wp-admin/options-permalink.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Permalink Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/options-writing.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( ! current_user_can('manage_options') )
    13         wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
     12check_authorization('manage_options', 'manage options for this blog.');
    1413
    1514$title = __('Writing Settings');
    1615$parent_file = 'options-general.php';
  • wp-admin/export.php

     
    99/** Load WordPress Bootstrap */
    1010require_once ('admin.php');
    1111
    12 if ( !current_user_can('edit_files') )
    13         wp_die(__('You do not have sufficient permissions to export the content of this blog.'));
     12check_authorization('edit_files', 'export the content of this blog.');
    1413
    1514/** Load WordPress export API */
    1615require_once('includes/export.php');
  • wp-admin/plugin-editor.php

     
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
    1111
    12 if ( !current_user_can('edit_plugins') )
    13         wp_die('<p>'.__('You do not have sufficient permissions to edit plugins for this blog.').'</p>');
     12check_authorization('edit_plugins', 'edit plugins for this blog.');
    1413
    1514$title = __("Edit Plugins");
    1615$parent_file = 'plugins.php';