Ticket #35614: 35614.patch
File 35614.patch, 10.7 KB (added by , 8 years ago) |
---|
-
src/wp-includes/taxonomy.php
61 61 'show_ui' => true, 62 62 'show_admin_column' => true, 63 63 '_builtin' => true, 64 'capabilities' => array( 65 'manage_terms' => 'manage_categories', 66 'edit_terms' => 'edit_categories', 67 'delete_terms' => 'delete_categories', 68 'assign_terms' => 'assign_categories', 69 ), 64 70 ) ); 65 71 66 72 register_taxonomy( 'post_tag', 'post', array( … … 71 77 'show_ui' => true, 72 78 'show_admin_column' => true, 73 79 '_builtin' => true, 80 'capabilities' => array( 81 'manage_terms' => 'manage_post_tags', 82 'edit_terms' => 'edit_post_tags', 83 'delete_terms' => 'delete_post_tags', 84 'assign_terms' => 'assign_post_tags', 85 ), 74 86 ) ); 75 87 76 88 register_taxonomy( 'nav_menu', 'nav_menu_item', array( -
src/wp-includes/link-template.php
930 930 } 931 931 932 932 $tax = get_taxonomy( $term->taxonomy ); 933 if ( ! $tax || ! current_user_can( $tax->cap->edit_terms) ) {933 if ( ! $tax || ! current_user_can( 'edit_term', $term->term_id ) ) { 934 934 return; 935 935 } 936 936 … … 984 984 return; 985 985 986 986 $tax = get_taxonomy( $term->taxonomy ); 987 if ( ! current_user_can( $tax->cap->edit_terms ) )987 if ( ! current_user_can( 'edit_term', $term->term_id ) ) { 988 988 return; 989 } 989 990 990 991 if ( empty( $link ) ) 991 992 $link = __('Edit This'); -
src/wp-includes/class-wp-xmlrpc-server.php
1882 1882 1883 1883 $taxonomy = get_taxonomy( $content_struct['taxonomy'] ); 1884 1884 1885 if ( ! current_user_can( $taxonomy->cap-> manage_terms ) )1885 if ( ! current_user_can( $taxonomy->cap->edit_terms ) ) { 1886 1886 return new IXR_Error( 401, __( 'Sorry, you are not allowed to create terms in this taxonomy.' ) ); 1887 } 1887 1888 1888 1889 $taxonomy = (array) $taxonomy; 1889 1890 … … 2065 2066 2066 2067 $taxonomy = get_taxonomy( $taxonomy ); 2067 2068 2068 if ( ! current_user_can( $taxonomy->cap->delete_terms ) ) 2069 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete terms in this taxonomy.' ) ); 2069 if ( ! current_user_can( 'delete_term', $term_id ) ) { 2070 return new IXR_Error( 401, __( 'Sorry, you are not allowed to delete this term.' ) ); 2071 } 2070 2072 2071 2073 $term = get_term( $term_id, $taxonomy->name ); 2072 2074 -
src/wp-includes/capabilities.php
402 402 case 'delete_site': 403 403 $caps[] = 'manage_options'; 404 404 break; 405 case 'edit_term': 406 case 'delete_term': 407 case 'assign_term': 408 $term_id = $args[0]; 409 $term = get_term( $term_id ); 410 if ( ! $term || is_wp_error( $term ) ) { 411 $caps[] = 'do_not_allow'; 412 break; 413 } 414 415 $tax = get_taxonomy( $term->taxonomy ); 416 if ( ! $tax ) { 417 $caps[] = 'do_not_allow'; 418 break; 419 } 420 421 if ( 'delete_term' === $cap && ( $term->term_id == get_option( 'default_' . $term->taxonomy ) ) ) { 422 $caps[] = 'do_not_allow'; 423 break; 424 } 425 426 $taxo_cap = $cap . 's'; 427 428 $caps = map_meta_cap( $tax->cap->$taxo_cap, $user_id, $term_id ); 429 430 break; 431 case 'manage_categories': 432 case 'manage_post_tags': 433 case 'edit_categories': 434 case 'edit_post_tags': 435 case 'delete_categories': 436 case 'delete_post_tags': 437 $caps[] = 'manage_categories'; 438 break; 439 case 'assign_categories': 440 case 'assign_post_tags': 441 $caps[] = 'edit_posts'; 442 break; 405 443 default: 406 444 // Handle meta capabilities for custom post types. 407 445 global $post_type_meta_caps; … … 413 451 // If no meta caps match, return the original cap. 414 452 $caps[] = $cap; 415 453 } 416 454 417 455 /** 418 456 * Filters a user's capabilities depending on specific context and/or privilege. 419 457 * -
src/wp-includes/admin-bar.php
605 605 ) ); 606 606 } elseif ( ! empty( $current_object->taxonomy ) 607 607 && ( $tax = get_taxonomy( $current_object->taxonomy ) ) 608 && current_user_can( $tax->cap->edit_terms)608 && current_user_can( 'edit_term', $current_object->term_id ) 609 609 && $edit_term_link = get_edit_term_link( $current_object->term_id, $current_object->taxonomy ) ) 610 610 { 611 611 $wp_admin_bar->add_menu( array( -
src/wp-admin/term.php
31 31 $title = $tax->labels->edit_item; 32 32 33 33 if ( ! in_array( $taxonomy, get_taxonomies( array( 'show_ui' => true ) ) ) || 34 ! current_user_can( $tax->cap->manage_terms)34 ! current_user_can( 'edit_term', $tag->term_id ) 35 35 ) { 36 36 wp_die( 37 37 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 38 '<p>' . __( 'Sorry, you are not allowed to managethis item.' ) . '</p>',38 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 39 39 403 40 40 ); 41 41 } -
src/wp-admin/includes/class-wp-terms-list-table.php
332 332 * @return string 333 333 */ 334 334 public function column_cb( $tag ) { 335 $default_term = get_option( 'default_' . $this->screen->taxonomy ); 336 337 if ( current_user_can( get_taxonomy( $this->screen->taxonomy )->cap->delete_terms ) && $tag->term_id != $default_term ) 335 if ( current_user_can( 'delete_term', $tag->term_id ) ) { 338 336 return '<label class="screen-reader-text" for="cb-select-' . $tag->term_id . '">' . sprintf( __( 'Select %s' ), $tag->name ) . '</label>' 339 337 . '<input type="checkbox" name="delete_tags[]" value="' . $tag->term_id . '" id="cb-select-' . $tag->term_id . '" />'; 338 } 340 339 341 340 return ' '; 342 341 } … … 411 410 * @since 4.3.0 412 411 * @access protected 413 412 * 414 * @param object$tag Tag being acted upon.415 * @param string $column_name Current column name.416 * @param string $primary Primary column name.413 * @param WP_Term $tag Tag being acted upon. 414 * @param string $column_name Current column name. 415 * @param string $primary Primary column name. 417 416 * @return string Row actions output for terms. 418 417 */ 419 418 protected function handle_row_actions( $tag, $column_name, $primary ) { … … 423 422 424 423 $taxonomy = $this->screen->taxonomy; 425 424 $tax = get_taxonomy( $taxonomy ); 426 $default_term = get_option( 'default_' . $taxonomy );427 428 425 $uri = wp_doing_ajax() ? wp_get_referer() : $_SERVER['REQUEST_URI']; 429 426 430 427 $edit_link = add_query_arg( … … 434 431 ); 435 432 436 433 $actions = array(); 437 if ( current_user_can( $tax->cap->edit_terms) ) {434 if ( current_user_can( 'edit_term', $tag->term_id ) ) { 438 435 $actions['edit'] = sprintf( 439 436 '<a href="%s" aria-label="%s">%s</a>', 440 437 esc_url( $edit_link ), … … 449 446 __( 'Quick Edit' ) 450 447 ); 451 448 } 452 if ( current_user_can( $tax->cap->delete_terms ) && $tag->term_id != $default_term) {449 if ( current_user_can( 'delete_term', $tag->term_id ) ) { 453 450 $actions['delete'] = sprintf( 454 451 '<a href="%s" class="delete-tag aria-button-if-js" aria-label="%s">%s</a>', 455 452 wp_nonce_url( "edit-tags.php?action=delete&taxonomy=$taxonomy&tag_ID=$tag->term_id", 'delete-tag_' . $tag->term_id ), -
src/wp-admin/includes/ajax-actions.php
597 597 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 598 598 $tax = get_taxonomy($taxonomy); 599 599 600 if ( ! current_user_can( $tax->cap->delete_terms ) )600 if ( ! current_user_can( 'delete_term', $tag_id ) ) { 601 601 wp_die( -1 ); 602 } 602 603 603 604 $tag = get_term( $tag_id, $taxonomy ); 604 605 if ( !$tag || is_wp_error( $tag ) ) … … 786 787 } 787 788 788 789 /** 789 * Ajax handler for deleting a link category.790 * Ajax handler for inserting a link category. 790 791 * 791 792 * @since 3.1.0 792 793 * … … 796 797 if ( empty( $action ) ) 797 798 $action = 'add-link-category'; 798 799 check_ajax_referer( $action ); 799 if ( !current_user_can( 'manage_categories' ) ) 800 $tax = get_taxonomy( 'link_category' ); 801 if ( ! current_user_can( $tax->cap->manage_terms ) ) { 800 802 wp_die( -1 ); 803 } 801 804 $names = explode(',', wp_unslash( $_POST['newcat'] ) ); 802 805 $x = new WP_Ajax_Response(); 803 806 foreach ( $names as $cat_name ) { … … 1702 1705 if ( ! $tax ) 1703 1706 wp_die( 0 ); 1704 1707 1705 if ( ! current_user_can( $tax->cap->edit_terms ) )1708 if ( ! isset( $_POST['tax_ID'] ) || ! ( $id = (int) $_POST['tax_ID'] ) ) { 1706 1709 wp_die( -1 ); 1710 } 1707 1711 1708 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); 1709 1710 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) 1712 if ( ! current_user_can( 'edit_term', $id ) ) { 1711 1713 wp_die( -1 ); 1714 } 1715 1716 $wp_list_table = _get_list_table( 'WP_Terms_List_Table', array( 'screen' => 'edit-' . $taxonomy ) ); 1712 1717 1713 1718 $tag = get_term( $id, $taxonomy ); 1714 1719 $_POST['description'] = $tag->description; -
src/wp-admin/edit-tags.php
108 108 $tag_ID = (int) $_REQUEST['tag_ID']; 109 109 check_admin_referer( 'delete-tag_' . $tag_ID ); 110 110 111 if ( ! current_user_can( $tax->cap->delete_terms) ) {111 if ( ! current_user_can( 'delete_term', $tag_ID ) ) { 112 112 wp_die( 113 113 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 114 114 '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', … … 168 168 $tag_ID = (int) $_POST['tag_ID']; 169 169 check_admin_referer( 'update-tag_' . $tag_ID ); 170 170 171 if ( ! current_user_can( $tax->cap->edit_terms) ) {171 if ( ! current_user_can( 'edit_term', $tag_ID ) ) { 172 172 wp_die( 173 173 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 174 174 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', … … 294 294 295 295 require_once( ABSPATH . 'wp-admin/admin-header.php' ); 296 296 297 if ( ! current_user_can( $tax->cap->edit_terms ) ) {298 wp_die(299 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' .300 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>',301 403302 );303 }304 305 297 /** Also used by the Edit Tag form */ 306 298 require_once( ABSPATH . 'wp-admin/includes/edit-tag-messages.php' ); 307 299