Ticket #14530: 14530-4.patch
File 14530-4.patch, 13.5 KB (added by , 10 years ago) |
---|
-
wp-admin/options.php
45 45 } 46 46 47 47 if ( !current_user_can( $capability ) ) 48 wp_die( __( ' Cheatin’ uh?' ), 403 );48 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 49 49 50 50 // Handle admin email change requests 51 51 if ( is_multisite() ) { … … 69 69 } 70 70 71 71 if ( is_multisite() && !is_super_admin() && 'update' != $action ) 72 wp_die( __( ' Cheatin’ uh?' ), 403 );72 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 73 73 74 74 $whitelist_options = array( 75 75 'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ), -
wp-admin/edit-tags.php
18 18 wp_die( __( 'Invalid taxonomy' ) ); 19 19 20 20 if ( ! current_user_can( $tax->cap->manage_terms ) ) 21 wp_die( __( ' Cheatin’ uh?' ), 403 );21 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 22 22 23 23 // $post_type is set when the WP_Terms_List_Table instance is created 24 24 global $post_type; … … 50 50 check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); 51 51 52 52 if ( !current_user_can( $tax->cap->edit_terms ) ) 53 wp_die( __( ' Cheatin’ uh?' ), 403 );53 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 54 54 55 55 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); 56 56 $location = 'edit-tags.php?taxonomy=' . $taxonomy; … … 86 86 check_admin_referer( 'delete-tag_' . $tag_ID ); 87 87 88 88 if ( !current_user_can( $tax->cap->delete_terms ) ) 89 wp_die( __( ' Cheatin’ uh?' ), 403 );89 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 90 90 91 91 wp_delete_term( $tag_ID, $taxonomy ); 92 92 … … 98 98 check_admin_referer( 'bulk-tags' ); 99 99 100 100 if ( !current_user_can( $tax->cap->delete_terms ) ) 101 wp_die( __( ' Cheatin’ uh?' ), 403 );101 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 102 102 103 103 $tags = (array) $_REQUEST['delete_tags']; 104 104 foreach ( $tags as $tag_ID ) { … … 136 136 check_admin_referer( 'update-tag_' . $tag_ID ); 137 137 138 138 if ( !current_user_can( $tax->cap->edit_terms ) ) 139 wp_die( __( ' Cheatin’ uh?' ), 403 );139 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 140 140 141 141 $tag = get_term( $tag_ID, $taxonomy ); 142 142 if ( ! $tag ) -
wp-admin/post-new.php
50 50 $editing = true; 51 51 52 52 if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) ) 53 wp_die( __( ' Cheatin’ uh?' ), 403 );53 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 54 54 55 55 // Schedule auto-draft cleanup 56 56 if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) ) -
wp-admin/network/site-users.php
133 133 134 134 // If the user doesn't already belong to the blog, bail. 135 135 if ( !is_user_member_of_blog( $user_id ) ) 136 wp_die( __( ' Cheatin’ uh?' ), 403 );136 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 137 137 138 138 $user = get_userdata( $user_id ); 139 139 $user->set_role( $_REQUEST['new_role'] ); -
wp-admin/includes/bookmark.php
27 27 */ 28 28 function edit_link( $link_id = 0 ) { 29 29 if ( !current_user_can( 'manage_links' ) ) 30 wp_die( __( ' Cheatin’ uh?' ), 403 );30 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 31 31 32 32 $_POST['link_url'] = esc_html( $_POST['link_url'] ); 33 33 $_POST['link_url'] = esc_url($_POST['link_url']); -
wp-admin/edit-comments.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 if ( !current_user_can('edit_posts') ) 12 wp_die( __( ' Cheatin’ uh?' ), 403 );12 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 13 13 14 14 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 15 15 $pagenum = $wp_list_table->get_pagenum(); -
wp-admin/press-this.php
14 14 header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); 15 15 16 16 if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) 17 wp_die( __( ' Cheatin’ uh?' ), 403 );17 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 18 18 19 19 /** 20 20 * Press It form handler. -
wp-admin/media-upload.php
32 32 33 33 // Require an ID for the edit screen. 34 34 if ( isset($action) && $action == 'edit' && !$ID ) { 35 wp_die( __( ' Cheatin’ uh?' ), 403 );35 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 36 36 } 37 37 38 38 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) { 39 wp_die( __( ' Cheatin’ uh?' ), 403 );39 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 40 40 } 41 41 42 42 // Upload type: image, video, file, ..? -
wp-admin/themes.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) 13 wp_die( __( ' Cheatin’ uh?' ), 403 );13 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 14 14 15 15 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { 16 16 if ( 'activate' == $_GET['action'] ) { 17 17 check_admin_referer('switch-theme_' . $_GET['stylesheet']); 18 18 $theme = wp_get_theme( $_GET['stylesheet'] ); 19 19 if ( ! $theme->exists() || ! $theme->is_allowed() ) 20 wp_die( __( ' Cheatin’ uh?' ), 403 );20 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 21 21 switch_theme( $theme->get_stylesheet() ); 22 22 wp_redirect( admin_url('themes.php?activated=true') ); 23 23 exit; … … 25 25 check_admin_referer('delete-theme_' . $_GET['stylesheet']); 26 26 $theme = wp_get_theme( $_GET['stylesheet'] ); 27 27 if ( !current_user_can('delete_themes') || ! $theme->exists() ) 28 wp_die( __( ' Cheatin’ uh?' ), 403 );28 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 29 29 $active = wp_get_theme(); 30 30 if ( $active->get( 'Template' ) == $_GET['stylesheet'] ) { 31 31 wp_redirect( admin_url( 'themes.php?delete-active-child=true' ) ); -
wp-admin/nav-menus.php
20 20 21 21 // Permissions Check 22 22 if ( ! current_user_can('edit_theme_options') ) 23 wp_die( __( ' Cheatin’ uh?' ), 403 );23 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 24 24 25 25 wp_enqueue_script( 'nav-menu' ); 26 26 -
wp-admin/edit.php
27 27 wp_die( __( 'Invalid post type' ) ); 28 28 29 29 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) 30 wp_die( __( ' Cheatin’ uh?' ), 403 );30 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 31 31 32 32 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 33 33 $pagenum = $wp_list_table->get_pagenum(); -
wp-admin/custom-header.php
682 682 public function step_2() { 683 683 check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload'); 684 684 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) 685 wp_die( __( ' Cheatin’ uh?' ), 403 );685 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 686 686 687 687 if ( empty( $_POST ) && isset( $_GET['file'] ) ) { 688 688 $attachment_id = absint( $_GET['file'] ); … … 833 833 check_admin_referer( 'custom-header-crop-image' ); 834 834 835 835 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) 836 wp_die( __( ' Cheatin’ uh?' ), 403 );836 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 837 837 838 838 if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) ) 839 wp_die( __( ' Cheatin’ uh?' ), 403 );839 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 840 840 841 841 if ( $_POST['oitar'] > 1 ) { 842 842 $_POST['x1'] = $_POST['x1'] * $_POST['oitar']; -
wp-admin/widgets.php
13 13 require_once(ABSPATH . 'wp-admin/includes/widgets.php'); 14 14 15 15 if ( ! current_user_can('edit_theme_options') ) 16 wp_die( __( ' Cheatin’ uh?' ), 403 );16 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 17 17 18 18 $widgets_access = get_user_setting( 'widgets_access' ); 19 19 if ( isset($_GET['widgets-access']) ) { -
wp-includes/class-wp-customize-manager.php
144 144 wp_die( $ajax_message ); 145 145 146 146 if ( ! $message ) 147 $message = __( ' Cheatin’ uh?' );147 $message = __( 'You do not have permission to access this page.' ); 148 148 149 149 wp_die( $message ); 150 150 } -
wp-admin/users.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( ! current_user_can( 'list_users' ) ) 13 wp_die( __( ' Cheatin’ uh?' ), 403 );13 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 14 14 15 15 $wp_list_table = _get_list_table('WP_Users_List_Table'); 16 16 $pagenum = $wp_list_table->get_pagenum(); … … 128 128 129 129 // If the user doesn't already belong to the blog, bail. 130 130 if ( is_multisite() && !is_user_member_of_blog( $id ) ) 131 wp_die( __( ' Cheatin’ uh?' ), 403 );131 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 132 132 133 133 $user = get_userdata( $id ); 134 134 $user->set_role($_REQUEST['new_role']); -
wp-includes/script-loader.php
392 392 'saved' => __( 'Saved' ), 393 393 'cancel' => __( 'Cancel' ), 394 394 'close' => __( 'Close' ), 395 'cheatin' => __( ' Cheatin’ uh?' ),395 'cheatin' => __( 'You do not have permission to access this page.' ), 396 396 397 397 // Used for overriding the file types allowed in plupload. 398 398 'allowedFiles' => __( 'Allowed Files' ), -
wp-admin/user-new.php
11 11 12 12 if ( is_multisite() ) { 13 13 if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) 14 wp_die( __( ' Cheatin’ uh?' ), 403 );14 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 15 15 } elseif ( ! current_user_can( 'create_users' ) ) { 16 wp_die( __( ' Cheatin’ uh?' ), 403 );16 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 17 17 } 18 18 19 19 if ( is_multisite() ) { … … 55 55 } 56 56 57 57 if ( ! current_user_can('promote_user', $user_details->ID) ) 58 wp_die( __( ' Cheatin’ uh?' ), 403 );58 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 59 59 60 60 // Adding an existing user to this blog 61 61 $new_user_email = $user_details->user_email; … … 92 92 check_admin_referer( 'create-user', '_wpnonce_create-user' ); 93 93 94 94 if ( ! current_user_can('create_users') ) 95 wp_die( __( ' Cheatin’ uh?' ), 403 );95 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 96 96 97 97 if ( ! is_multisite() ) { 98 98 $user_id = edit_user(); -
wp-admin/customize.php
13 13 require_once( dirname( __FILE__ ) . '/admin.php' ); 14 14 15 15 if ( ! current_user_can( 'customize' ) ) { 16 wp_die( __( ' Cheatin’ uh?' ), 403 );16 wp_die( __( 'You do not have permission to access this page.' ), 403 ); 17 17 } 18 18 19 19 wp_reset_vars( array( 'url', 'return' ) );