WordPress.org

Make WordPress Core

Ticket #15866: 15866.2.diff

File 15866.2.diff, 3.9 KB (added by nacin, 9 years ago)

Cap check fixes. Untested.

  • wp-admin/network/menu.php

     
    6161$update_title = !empty($update_title) ? esc_attr(implode(', ', $update_title)) : '';
    6262
    6363$menu[30] = array(sprintf( __('Updates %s'), "<span class='update-plugins count-$update_count' title='$update_title'><span class='update-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'manage_network', 'upgrade.php', '', 'menu-top menu-icon-tools', 'menu-update', 'div');
    64 $submenu[ 'upgrade.php' ][10] = array( __( 'Updates' ), 'install_plugins',  'update-core.php' );
     64$submenu[ 'upgrade.php' ][10] = array( __( 'Updates' ), 'update_core',  'update-core.php' );
    6565$submenu[ 'upgrade.php' ][15] = array( __( 'Update Network' ), 'manage_network', 'upgrade.php' );
    6666unset($plugin_update_count, $theme_update_count, $wordpress_update_count, $update_count, $update_title, $update_themes, $update_plugins, $update_wordpress);
    6767
  • wp-admin/menu.php

     
    5151
    5252        $update_title = !empty($update_title) ? esc_attr(implode(', ', $update_title)) : '';
    5353
    54         $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "<span class='update-plugins count-$update_count' title='$update_title'><span class='update-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'install_plugins',  'update-core.php');
     54        $submenu[ 'index.php' ][10] = array( sprintf( __('Updates %s'), "<span class='update-plugins count-$update_count' title='$update_title'><span class='update-count'>" . number_format_i18n($update_count) . "</span></span>" ), 'update_core',  'update-core.php');
    5555        unset($plugin_update_count, $theme_update_count, $wordpress_update_count, $update_count, $update_title, $update_themes, $update_plugins, $update_wordpress);
    5656}
    5757
  • wp-admin/update-core.php

     
    1414        exit();
    1515}
    1616
    17 if ( ! current_user_can( 'update_plugins' ) )
     17if ( ! current_user_can( 'update_core' ) )
    1818        wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
    1919
    2020function list_core_update( $update ) {
     
    164164        echo '<p>' . __( 'While your site is being updated, it will be in maintenance mode. As soon as your updates are complete, your site will return to normal.' ) . '</p>';
    165165        dismissed_updates();
    166166
    167         list_plugin_updates();
    168         list_theme_updates();
     167        if ( current_user_can( 'update_plugins' ) )
     168                list_plugin_updates();
     169        if ( current_user_can( 'update_themes' ) )
     170                list_theme_updates();
    169171        do_action('core_upgrade_preamble');
    170172        echo '</div>';
    171173}
     
    406408);
    407409
    408410if ( 'upgrade-core' == $action ) {
     411
    409412        wp_version_check();
    410413        require_once(ABSPATH . 'wp-admin/admin-header.php');
    411414        core_upgrade_preamble();
     415
    412416} elseif ( 'do-core-upgrade' == $action || 'do-core-reinstall' == $action ) {
    413417        check_admin_referer('upgrade-core');
    414418
     
    429433                do_core_upgrade($reinstall);
    430434
    431435} elseif ( 'do-plugin-upgrade' == $action ) {
     436
     437        if ( ! current_user_can( 'update_plugins' ) )
     438                wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
     439
    432440        check_admin_referer('upgrade-core');
    433441
    434442        if ( isset( $_GET['plugins'] ) ) {
     
    451459        echo '<h2>' . esc_html__('Update Plugins') . '</h2>';
    452460        echo "<iframe src='$url' style='width: 100%; height: 100%; min-height: 750px;' frameborder='0'></iframe>";
    453461        echo '</div>';
     462
    454463} elseif ( 'do-theme-upgrade' == $action ) {
     464
     465        if ( ! current_user_can( 'update_themes' ) )
     466                wp_die( __( 'You do not have sufficient permissions to update this site.' ) );
     467
    455468        check_admin_referer('upgrade-core');
    456469
    457470        if ( isset( $_GET['themes'] ) ) {