Ticket #37492: 37492.2.patch
| File 37492.2.patch, 15.8 KB (added by , 9 years ago) |
|---|
-
wp-admin/custom-header.php
722 722 public function step_2() { 723 723 check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload'); 724 724 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) { 725 wp_die( 726 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 727 '<p>' . __( 'The current theme does not support uploading a custom header image.' ) . '</p>', 728 403 729 ); 725 wp_die( __( 'The current theme does not support uploading a custom header image.' ), 403 ); 730 726 } 731 727 732 728 if ( empty( $_POST ) && isset( $_GET['file'] ) ) { … … 880 876 check_admin_referer( 'custom-header-crop-image' ); 881 877 882 878 if ( ! current_theme_supports( 'custom-header', 'uploads' ) ) { 883 wp_die( 884 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 885 '<p>' . __( 'The current theme does not support uploading a custom header image.' ) . '</p>', 886 403 887 ); 879 wp_die( __( 'The current theme does not support uploading a custom header image.' ), 403 ); 888 880 } 889 881 890 882 if ( ! empty( $_POST['skip-cropping'] ) && ! ( current_theme_supports( 'custom-header', 'flex-height' ) || current_theme_supports( 'custom-header', 'flex-width' ) ) ) { 891 wp_die( 892 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 893 '<p>' . __( 'The current theme does not support a flexible sized header image.' ) . '</p>', 894 403 895 ); 883 wp_die( __( 'The current theme does not support a flexible sized header image.' ), 403 ); 896 884 } 897 885 898 886 if ( $_POST['oitar'] > 1 ) { -
wp-admin/customize.php
13 13 require_once( dirname( __FILE__ ) . '/admin.php' ); 14 14 15 15 if ( ! current_user_can( 'customize' ) ) { 16 wp_die( 17 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 18 '<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>', 19 403 20 ); 16 wp_die( __( 'Sorry, you are not allowed to customize this site.' ), 403 ); 21 17 } 22 18 23 19 wp_reset_vars( array( 'url', 'return', 'autofocus' ) ); -
wp-admin/edit-comments.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 if ( ! current_user_can( 'edit_posts' ) ) { 12 wp_die( 13 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 14 '<p>' . __( 'Sorry, you are not allowed to edit comments.' ) . '</p>', 15 403 16 ); 12 wp_die( __( 'Sorry, you are not allowed to edit comments.' ), 403 ); 17 13 } 18 14 19 15 $wp_list_table = _get_list_table('WP_Comments_List_Table'); -
wp-admin/edit-tags.php
22 22 } 23 23 24 24 if ( ! current_user_can( $tax->cap->manage_terms ) ) { 25 wp_die( 26 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 27 '<p>' . __( 'Sorry, you are not allowed to manage these items.' ) . '</p>', 28 403 29 ); 25 wp_die( __( 'Sorry, you are not allowed to manage these items.' ), 403 ); 30 26 } 31 27 32 28 /** … … 69 65 check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); 70 66 71 67 if ( ! current_user_can( $tax->cap->edit_terms ) ) { 72 wp_die( 73 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 74 '<p>' . __( 'Sorry, you are not allowed to add this item.' ) . '</p>', 75 403 76 ); 68 wp_die( __( 'Sorry, you are not allowed to add this item.' ), 403 ); 77 69 } 78 70 79 71 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); … … 109 101 check_admin_referer( 'delete-tag_' . $tag_ID ); 110 102 111 103 if ( ! current_user_can( 'delete_term', $tag_ID ) ) { 112 wp_die( 113 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 114 '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', 115 403 116 ); 104 wp_die( __( 'Sorry, you are not allowed to delete this item.' ), 403 ); 117 105 } 118 106 119 107 wp_delete_term( $tag_ID, $taxonomy ); … … 126 114 check_admin_referer( 'bulk-tags' ); 127 115 128 116 if ( ! current_user_can( $tax->cap->delete_terms ) ) { 129 wp_die( 130 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 131 '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>', 132 403 133 ); 117 wp_die( __( 'Sorry, you are not allowed to delete these items.' ), 403 ); 134 118 } 135 119 136 120 $tags = (array) $_REQUEST['delete_tags']; … … 169 153 check_admin_referer( 'update-tag_' . $tag_ID ); 170 154 171 155 if ( ! current_user_can( 'edit_term', $tag_ID ) ) { 172 wp_die( 173 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 174 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 175 403 176 ); 156 wp_die( __( 'Sorry, you are not allowed to edit this item.' ), 403 ); 177 157 } 178 158 179 159 $tag = get_term( $tag_ID, $taxonomy ); -
wp-admin/edit.php
35 35 wp_die( __( 'Invalid post type.' ) ); 36 36 37 37 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) { 38 wp_die( 39 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 40 '<p>' . __( 'Sorry, you are not allowed to edit posts in this post type.' ) . '</p>', 41 403 42 ); 38 wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ), 403 ); 43 39 } 44 40 45 41 $wp_list_table = _get_list_table('WP_Posts_List_Table'); -
wp-admin/includes/bookmark.php
27 27 */ 28 28 function edit_link( $link_id = 0 ) { 29 29 if ( ! current_user_can( 'manage_links' ) ) { 30 wp_die( 31 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 32 '<p>' . __( 'Sorry, you are not allowed to edit the links for this site.' ) . '</p>', 33 403 34 ); 30 wp_die( __( 'Sorry, you are not allowed to edit the links for this site.' ), 403 ); 35 31 } 36 32 37 33 $_POST['link_url'] = esc_html( $_POST['link_url'] ); -
wp-admin/media-upload.php
33 33 34 34 // Require an ID for the edit screen. 35 35 if ( isset( $action ) && $action == 'edit' && !$ID ) { 36 wp_die( 37 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 38 '<p>' . __( 'Invalid item ID.' ) . '</p>', 39 403 40 ); 36 wp_die( __( 'Invalid item ID.' ), 403 ); 41 37 } 42 38 43 39 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) { 44 wp_die( 45 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 46 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 47 403 48 ); 40 wp_die( __( 'Sorry, you are not allowed to edit this item.' ), 403 ); 49 41 } 50 42 51 43 // Upload type: image, video, file, ..? -
wp-admin/nav-menus.php
20 20 21 21 // Permissions Check 22 22 if ( ! current_user_can( 'edit_theme_options' ) ) { 23 wp_die( 24 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 25 '<p>' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '</p>', 26 403 27 ); 23 wp_die( __( 'Sorry, you are not allowed to edit theme options on this site.' ), 403 ); 28 24 } 29 25 30 26 wp_enqueue_script( 'nav-menu' ); -
wp-admin/network/site-users.php
150 150 151 151 // If the user doesn't already belong to the blog, bail. 152 152 if ( ! is_user_member_of_blog( $user_id ) ) { 153 wp_die( 154 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 155 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>', 156 403 157 ); 153 wp_die( __( 'One of the selected users is not a member of this site.' ), 403 ); 158 154 } 159 155 160 156 $user = get_userdata( $user_id ); -
wp-admin/options.php
45 45 } 46 46 47 47 if ( ! current_user_can( $capability ) ) { 48 wp_die( 49 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 50 '<p>' . __( 'Sorry, you are not allowed to manage these items.' ) . '</p>', 51 403 52 ); 48 wp_die( __( 'Sorry, you are not allowed to manage these items.' ), 403 ); 53 49 } 54 50 55 51 // Handle admin email change requests … … 75 71 } 76 72 77 73 if ( is_multisite() && ! is_super_admin() && 'update' != $action ) { 78 wp_die( 79 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 80 '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>', 81 403 82 ); 74 wp_die( __( 'Sorry, you are not allowed to delete these items.' ), 403 ); 83 75 } 84 76 85 77 $whitelist_options = array( -
wp-admin/post-new.php
55 55 $editing = true; 56 56 57 57 if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) ) { 58 wp_die( 59 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 60 '<p>' . __( 'Sorry, you are not allowed to create posts as this user.' ) . '</p>', 61 403 62 ); 58 wp_die( __( 'Sorry, you are not allowed to create posts as this user.' ), 403 ); 63 59 } 64 60 65 61 // Schedule auto-draft cleanup -
wp-admin/press-this.php
12 12 require_once( dirname( __FILE__ ) . '/admin.php' ); 13 13 14 14 if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) { 15 wp_die( 16 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 17 '<p>' . __( 'Sorry, you are not allowed to create posts as this user.' ) . '</p>', 18 403 19 ); 15 wp_die( __( 'Sorry, you are not allowed to create posts as this user.' ), 403 ); 20 16 } 21 17 22 18 include( ABSPATH . 'wp-admin/includes/class-wp-press-this.php' ); -
wp-admin/term.php
33 33 if ( ! in_array( $taxonomy, get_taxonomies( array( 'show_ui' => true ) ) ) || 34 34 ! current_user_can( 'edit_term', $tag->term_id ) 35 35 ) { 36 wp_die( 37 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 38 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 39 403 40 ); 36 wp_die( __( 'Sorry, you are not allowed to edit this item.' ), 403 ); 41 37 } 42 38 43 39 $post_type = get_current_screen()->post_type; -
wp-admin/themes.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( ! current_user_can( 'switch_themes' ) && ! current_user_can( 'edit_theme_options' ) ) { 13 wp_die( 14 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 15 '<p>' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '</p>', 16 403 17 ); 13 wp_die( __( 'Sorry, you are not allowed to edit theme options on this site.' ), 403 ); 18 14 } 19 15 20 16 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { … … 23 19 $theme = wp_get_theme( $_GET['stylesheet'] ); 24 20 25 21 if ( ! $theme->exists() || ! $theme->is_allowed() ) { 26 wp_die( 27 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 28 '<p>' . __( 'The requested theme does not exist.' ) . '</p>', 29 403 30 ); 22 wp_die( __( 'The requested theme does not exist.' ), 403 ); 31 23 } 32 24 33 25 switch_theme( $theme->get_stylesheet() ); … … 38 30 $theme = wp_get_theme( $_GET['stylesheet'] ); 39 31 40 32 if ( ! current_user_can( 'delete_themes' ) ) { 41 wp_die( 42 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 43 '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', 44 403 45 ); 33 wp_die( __( 'Sorry, you are not allowed to delete this item.' ), 403 ); 46 34 } 47 35 48 36 if ( ! $theme->exists() ) { 49 wp_die( 50 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 51 '<p>' . __( 'The requested theme does not exist.' ) . '</p>', 52 403 53 ); 37 wp_die( __( 'The requested theme does not exist.' ), 403 ); 54 38 } 55 39 56 40 $active = wp_get_theme(); -
wp-admin/user-new.php
11 11 12 12 if ( is_multisite() ) { 13 13 if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) { 14 wp_die( 15 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 16 '<p>' . __( 'Sorry, you are not allowed to add users to this network.' ) . '</p>', 17 403 18 ); 14 wp_die( __( 'Sorry, you are not allowed to add users to this network.' ), 403 ); 19 15 } 20 16 } elseif ( ! current_user_can( 'create_users' ) ) { 21 wp_die( 22 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 23 '<p>' . __( 'Sorry, you are not allowed to create users.' ) . '</p>', 24 403 25 ); 17 wp_die( __( 'Sorry, you are not allowed to create users.' ), 403 ); 26 18 } 27 19 28 20 if ( is_multisite() ) { … … 51 43 } 52 44 53 45 if ( ! current_user_can( 'promote_user', $user_details->ID ) ) { 54 wp_die( 55 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 56 '<p>' . __( 'Sorry, you are not allowed to add users to this network.' ) . '</p>', 57 403 58 ); 46 wp_die( __( 'Sorry, you are not allowed to add users to this network.' ), 403 ); 59 47 } 60 48 61 49 // Adding an existing user to this blog … … 105 93 check_admin_referer( 'create-user', '_wpnonce_create-user' ); 106 94 107 95 if ( ! current_user_can( 'create_users' ) ) { 108 wp_die( 109 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 110 '<p>' . __( 'Sorry, you are not allowed to create users.' ) . '</p>', 111 403 112 ); 96 wp_die( __( 'Sorry, you are not allowed to create users.' ), 403 ); 113 97 } 114 98 115 99 if ( ! is_multisite() ) { -
wp-admin/users.php
11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 13 if ( ! current_user_can( 'list_users' ) ) { 14 wp_die( 15 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 16 '<p>' . __( 'Sorry, you are not allowed to browse users.' ) . '</p>', 17 403 18 ); 14 wp_die( __( 'Sorry, you are not allowed to browse users.' ), 403 ); 19 15 } 20 16 21 17 $wp_list_table = _get_list_table('WP_Users_List_Table'); … … 129 125 130 126 // If the user doesn't already belong to the blog, bail. 131 127 if ( is_multisite() && !is_user_member_of_blog( $id ) ) { 132 wp_die( 133 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 134 '<p>' . __( 'One of the selected users is not a member of this site.' ) . '</p>', 135 403 136 ); 128 wp_die( __( 'One of the selected users is not a member of this site.' ), 403 ); 137 129 } 138 130 139 131 $user = get_userdata( $id ); -
wp-admin/widgets.php
13 13 require_once(ABSPATH . 'wp-admin/includes/widgets.php'); 14 14 15 15 if ( ! current_user_can( 'edit_theme_options' ) ) { 16 wp_die( 17 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 18 '<p>' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '</p>', 19 403 20 ); 16 wp_die( __( 'Sorry, you are not allowed to edit theme options on this site.' ), 403 ); 21 17 } 22 18 23 19 $widgets_access = get_user_setting( 'widgets_access' );