Ticket #14530: 14530.3.diff
File 14530.3.diff, 18.1 KB (added by , 10 years ago) |
---|
-
src/wp-admin/custom-header.php
681 681 */ 682 682 public function step_2() { 683 683 check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload'); 684 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) 685 wp_die( __( 'Cheatin’ uh?' ), 403 ); 684 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) { 685 wp_die( 686 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 687 '<p>' . __( 'The current theme does not support uploading a custom header image.' ) . '</p>', 688 403 ); 689 } 686 690 687 691 if ( empty( $_POST ) && isset( $_GET['file'] ) ) { 688 692 $attachment_id = absint( $_GET['file'] ); … … 832 836 public function step_3() { 833 837 check_admin_referer( 'custom-header-crop-image' ); 834 838 835 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) 836 wp_die( __( 'Cheatin’ uh?' ), 403 ); 839 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) { 840 wp_die( 841 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 842 '<p>' . __( 'The current theme does not support uploading a custom header image.' ) . '</p>', 843 403 ); 844 } 837 845 838 if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) ) 839 wp_die( __( 'Cheatin’ uh?' ), 403 ); 846 if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) ) { 847 wp_die( 848 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 849 '<p>' . __( 'The current theme does not support a flexible sized header image.' ) . '</p>', 850 403 ); 851 } 840 852 841 853 if ( $_POST['oitar'] > 1 ) { 842 854 $_POST['x1'] = $_POST['x1'] * $_POST['oitar']; -
src/wp-admin/customize.php
13 13 require_once( dirname( __FILE__ ) . '/admin.php' ); 14 14 15 15 if ( ! current_user_can( 'customize' ) ) { 16 wp_die( __( 'Cheatin’ uh?' ), 403 ); 16 wp_die( 17 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 18 '<p>' . __( 'You are not allowed to customize the site's appearance.' ) . '</p>', 19 403 ); 17 20 } 18 21 19 22 wp_reset_vars( array( 'url', 'return' ) ); -
src/wp-admin/edit-comments.php
8 8 9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 if ( !current_user_can('edit_posts') ) 12 wp_die( __( 'Cheatin’ uh?' ), 403 ); 11 if ( !current_user_can('edit_posts') ) { 12 wp_die( 13 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 14 '<p>' . __( 'You are not allowed to edit posts.' ) . '</p>', 15 403 ); 16 } 13 17 14 18 $wp_list_table = _get_list_table('WP_Comments_List_Table'); 15 19 $pagenum = $wp_list_table->get_pagenum(); -
src/wp-admin/edit-tags.php
17 17 if ( ! $tax ) 18 18 wp_die( __( 'Invalid taxonomy' ) ); 19 19 20 if ( ! current_user_can( $tax->cap->manage_terms ) ) 21 wp_die( __( 'Cheatin’ uh?' ), 403 ); 20 if ( ! current_user_can( $tax->cap->manage_terms ) ) { 21 wp_die( 22 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 23 '<p>' . __( 'You are not allowed to manage these items.' ) . '</p>', 24 403 ); 25 } 22 26 27 23 28 // $post_type is set when the WP_Terms_List_Table instance is created 24 29 global $post_type; 25 30 … … 49 54 50 55 check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); 51 56 52 if ( !current_user_can( $tax->cap->edit_terms ) ) 53 wp_die( __( 'Cheatin’ uh?' ), 403 ); 57 if ( ! current_user_can( $tax->cap->edit_terms ) ) { 58 wp_die( 59 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 60 '<p>' . __( 'You are not allowed to edit create this item.' ) . '</p>', 61 403 ); 62 } 54 63 55 64 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); 56 65 $location = 'edit-tags.php?taxonomy=' . $taxonomy; … … 85 94 $tag_ID = (int) $_REQUEST['tag_ID']; 86 95 check_admin_referer( 'delete-tag_' . $tag_ID ); 87 96 88 if ( !current_user_can( $tax->cap->delete_terms ) ) 89 wp_die( __( 'Cheatin’ uh?' ), 403 ); 97 if ( !current_user_can( $tax->cap->delete_terms ) ) { 98 wp_die( 99 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 100 '<p>' . __( 'You are not allowed to delete this item.' ) . '</p>', 101 403 ); 102 } 90 103 91 104 wp_delete_term( $tag_ID, $taxonomy ); 92 105 … … 97 110 case 'bulk-delete': 98 111 check_admin_referer( 'bulk-tags' ); 99 112 100 if ( !current_user_can( $tax->cap->delete_terms ) ) 101 wp_die( __( 'Cheatin’ uh?' ), 403 ); 113 if ( !current_user_can( $tax->cap->delete_terms ) ) { 114 wp_die( 115 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 116 '<p>' . __( 'You are not allowed to delete these items.' ) . '</p>', 117 403 ); 118 } 102 119 103 120 $tags = (array) $_REQUEST['delete_tags']; 104 121 foreach ( $tags as $tag_ID ) { … … 135 152 $tag_ID = (int) $_POST['tag_ID']; 136 153 check_admin_referer( 'update-tag_' . $tag_ID ); 137 154 138 if ( !current_user_can( $tax->cap->edit_terms ) ) 139 wp_die( __( 'Cheatin’ uh?' ), 403 ); 155 if ( !current_user_can( $tax->cap->edit_terms ) ) { 156 wp_die( 157 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 158 '<p>' . __( 'You are not allowed to edit this item.' ) . '</p>', 159 403 ); 160 } 140 161 141 162 $tag = get_term( $tag_ID, $taxonomy ); 142 163 if ( ! $tag ) … … 248 269 249 270 require_once( ABSPATH . 'wp-admin/admin-header.php' ); 250 271 251 if ( !current_user_can($tax->cap->edit_terms) ) 252 wp_die( __('You are not allowed to edit this item.') ); 272 if ( !current_user_can($tax->cap->edit_terms) ) { 273 wp_die( 274 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 275 '<p>' . __( 'You are not allowed to edit these items.' ) . '</p>', 276 403 ); 277 } 253 278 254 279 $messages = array(); 255 280 $messages['_item'] = array( -
src/wp-admin/edit.php
26 26 if ( ! $post_type_object ) 27 27 wp_die( __( 'Invalid post type' ) ); 28 28 29 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) 30 wp_die( __( 'Cheatin’ uh?' ), 403 ); 29 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) { 30 wp_die( 31 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 32 '<p>' . __( 'You are not allowed to edit these items.' ) . '</p>', 33 403 ); 34 } 31 35 32 36 $wp_list_table = _get_list_table('WP_Posts_List_Table'); 33 37 $pagenum = $wp_list_table->get_pagenum(); -
src/wp-admin/includes/bookmark.php
26 26 * @return int|WP_Error Value 0 or WP_Error on failure. The link ID on success. 27 27 */ 28 28 function edit_link( $link_id = 0 ) { 29 if ( !current_user_can( 'manage_links' ) ) 30 wp_die( __( 'Cheatin’ uh?' ), 403 ); 29 if ( !current_user_can( 'manage_links' ) ) { 30 wp_die( 31 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 32 '<p>' . sprintf( __( 'You are not allowed to edit links.' ) ) . '</p>', 33 403 ); 34 } 31 35 32 36 $_POST['link_url'] = esc_html( $_POST['link_url'] ); 33 37 $_POST['link_url'] = esc_url($_POST['link_url']); -
src/wp-admin/media-upload.php
36 36 } 37 37 38 38 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) { 39 wp_die( __( 'Cheatin’ uh?' ), 403 ); 39 wp_die( 40 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 41 '<p>' . __( 'You are not allowed to edit this post.' ) . '</p>', 42 403 ); 40 43 } 41 44 42 45 // Upload type: image, video, file, ..? -
src/wp-admin/nav-menus.php
19 19 wp_die( __( 'Your theme does not support navigation menus or widgets.' ) ); 20 20 21 21 // Permissions Check 22 if ( ! current_user_can('edit_theme_options') ) 23 wp_die( __( 'Cheatin’ uh?' ), 403 ); 22 if ( ! current_user_can('edit_theme_options') ) { 23 wp_die( 24 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 25 '<p>' . sprintf( __( 'You are not allowed to manage theme options.' ) ) . '</p>', 26 403 ); 27 } 24 28 25 29 wp_enqueue_script( 'nav-menu' ); 26 30 -
src/wp-admin/network/site-users.php
132 132 $user_id = (int) $user_id; 133 133 134 134 // If the user doesn't already belong to the blog, bail. 135 if ( !is_user_member_of_blog( $user_id ) ) 136 wp_die( __( 'Cheatin’ uh?' ), 403 ); 135 if ( !is_user_member_of_blog( $user_id ) ) { 136 wp_die( 137 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 138 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>', 139 403 ); 140 } 137 141 138 142 $user = get_userdata( $user_id ); 139 143 $user->set_role( $_REQUEST['new_role'] ); -
src/wp-admin/options.php
44 44 $capability = apply_filters( "option_page_capability_{$option_page}", $capability ); 45 45 } 46 46 47 if ( !current_user_can( $capability ) ) 48 wp_die( __( 'Cheatin’ uh?' ), 403 ); 47 if ( !current_user_can( $capability ) ) { 48 wp_die( 49 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 50 '<p>' . sprintf( __( 'You are not allowed to manage these options.' ) ) . '</p>', 51 403 ); 52 } 49 53 50 54 // Handle admin email change requests 51 55 if ( is_multisite() ) { … … 68 72 } 69 73 } 70 74 71 if ( is_multisite() && !is_super_admin() && 'update' != $action ) 72 wp_die( __( 'Cheatin’ uh?' ), 403 ); 75 if ( is_multisite() && !is_super_admin() && 'update' != $action ) { 76 wp_die( 77 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 78 '<p>' . __( 'You are not allowed to edit options.' ) . '</p>', 79 403 ); 80 } 73 81 74 82 $whitelist_options = array( 75 83 'general' => array( 'blogname', 'blogdescription', 'gmt_offset', 'date_format', 'time_format', 'start_of_week', 'timezone_string', 'WPLANG' ), -
src/wp-admin/post-new.php
49 49 50 50 $editing = true; 51 51 52 if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) ) 53 wp_die( __( 'Cheatin’ uh?' ), 403 ); 52 if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) ) { 53 wp_die( 54 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 55 '<p>' . __( 'You are not allowed to create these items.' ) . '</p>', 56 403 ); 57 } 54 58 55 59 // Schedule auto-draft cleanup 56 60 if ( ! wp_next_scheduled( 'wp_scheduled_auto_draft_delete' ) ) -
src/wp-admin/press-this.php
13 13 14 14 header('Content-Type: ' . get_option('html_type') . '; charset=' . get_option('blog_charset')); 15 15 16 if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) 17 wp_die( __( 'Cheatin’ uh?' ), 403 ); 16 if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) { 17 wp_die( 18 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 19 '<p>' . __( 'You are not allowed to create posts.' ) . '</p>', 20 403 ); 21 } 18 22 19 23 /** 20 24 * Press It form handler. -
src/wp-admin/themes.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) 13 wp_die( __( 'Cheatin’ uh?' ), 403 ); 12 if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) { 13 wp_die( 14 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 15 '<p>' . sprintf( __( 'You are not allowed to manage themes.' ) ) . '</p>', 16 403 ); 17 } 14 18 15 19 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { 16 20 if ( 'activate' == $_GET['action'] ) { 17 21 check_admin_referer('switch-theme_' . $_GET['stylesheet']); 18 22 $theme = wp_get_theme( $_GET['stylesheet'] ); 19 if ( ! $theme->exists() || ! $theme->is_allowed() ) 20 wp_die( __( 'Cheatin’ uh?' ), 403 ); 23 if ( ! $theme->exists() ) { 24 wp_die( 25 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 26 '<p>' . sprintf( __( 'This theme does not exist.' ) ) . '</p>', 27 403 ); 28 } 29 if ( ! $theme->is_allowed() ) { 30 wp_die( 31 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 32 '<p>' . sprintf( __( 'This theme is not allowed to be activated on this site.' ) ) . '</p>', 33 403 ); 34 } 21 35 switch_theme( $theme->get_stylesheet() ); 22 36 wp_redirect( admin_url('themes.php?activated=true') ); 23 37 exit; … … 24 38 } elseif ( 'delete' == $_GET['action'] ) { 25 39 check_admin_referer('delete-theme_' . $_GET['stylesheet']); 26 40 $theme = wp_get_theme( $_GET['stylesheet'] ); 27 if ( !current_user_can('delete_themes') || ! $theme->exists() ) 28 wp_die( __( 'Cheatin’ uh?' ), 403 ); 41 if ( !current_user_can('delete_themes') ) { 42 wp_die( 43 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 44 '<p>' . sprintf( __( 'You are not allowed to delete themes.' ) ) . '</p>', 45 403 ); 46 } 47 if ( ! $theme->exists() ) { 48 wp_die( 49 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 50 '<p>' . sprintf( __( 'This theme does not exist.' ) ) . '</p>', 51 403 ); 52 } 29 53 $active = wp_get_theme(); 30 54 if ( $active->get( 'Template' ) == $_GET['stylesheet'] ) { 31 55 wp_redirect( admin_url( 'themes.php?delete-active-child=true' ) ); -
src/wp-admin/user-new.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( is_multisite() ) { 13 if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) 14 wp_die( __( 'Cheatin’ uh?' ), 403 ); 13 if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) { 14 wp_die( 15 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 16 '<p>' . __( 'You are not allowed to create users.' ) . '</p>', 17 403 ); 18 } 15 19 } elseif ( ! current_user_can( 'create_users' ) ) { 16 wp_die( __( 'Cheatin’ uh?' ), 403 ); 20 wp_die( 21 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 22 '<p>' . __( 'You are not allowed to create users.' ) . '</p>', 23 403 ); 17 24 } 18 25 19 26 if ( is_multisite() ) { … … 54 61 die(); 55 62 } 56 63 57 if ( ! current_user_can('promote_user', $user_details->ID) ) 58 wp_die( __( 'Cheatin’ uh?' ), 403 ); 64 if ( ! current_user_can('promote_user', $user_details->ID) ) { 65 wp_die( 66 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 67 '<p>' . __( 'You are not allowed to add the user to this site.' ) . '</p>', 68 403 ); 69 } 59 70 60 71 // Adding an existing user to this blog 61 72 $new_user_email = $user_details->user_email; … … 91 102 } elseif ( isset($_REQUEST['action']) && 'createuser' == $_REQUEST['action'] ) { 92 103 check_admin_referer( 'create-user', '_wpnonce_create-user' ); 93 104 94 if ( ! current_user_can('create_users') ) 95 wp_die( __( 'Cheatin’ uh?' ), 403 ); 105 if ( ! current_user_can('create_users') ) { 106 wp_die( 107 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 108 '<p>' . __( 'You are not allowed to create users.' ) . '</p>', 109 403 ); 110 } 96 111 97 112 if ( ! is_multisite() ) { 98 113 $user_id = edit_user(); -
src/wp-admin/users.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 if ( ! current_user_can( 'list_users' ) ) 13 wp_die( __( 'Cheatin’ uh?' ), 403 ); 12 if ( ! current_user_can( 'list_users' ) ) { 13 wp_die( 14 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 15 '<p>' . __( 'You are not allowed to browse users.' ) . '</p>', 16 403 ); 17 } 14 18 15 19 $wp_list_table = _get_list_table('WP_Users_List_Table'); 16 20 $pagenum = $wp_list_table->get_pagenum(); … … 127 131 } 128 132 129 133 // If the user doesn't already belong to the blog, bail. 130 if ( is_multisite() && !is_user_member_of_blog( $id ) ) 131 wp_die( __( 'Cheatin’ uh?' ), 403 ); 134 if ( is_multisite() && !is_user_member_of_blog( $id ) ) { 135 wp_die( 136 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 137 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>', 138 403 ); 139 } 132 140 133 141 $user = get_userdata( $id ); 134 142 $user->set_role($_REQUEST['new_role']); -
src/wp-admin/widgets.php
12 12 /** WordPress Administration Widgets API */ 13 13 require_once(ABSPATH . 'wp-admin/includes/widgets.php'); 14 14 15 if ( ! current_user_can('edit_theme_options') ) 16 wp_die( __( 'Cheatin’ uh?' ), 403 ); 15 if ( ! current_user_can('edit_theme_options') ) { 16 wp_die( 17 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1> ' . 18 '<p>' . __( 'You are not allowed to manage widgets.' ) . '</p>', 19 403 ); 20 } 17 21 18 22 $widgets_access = get_user_setting( 'widgets_access' ); 19 23 if ( isset($_GET['widgets-access']) ) {