Ticket #37492: 37492.patch
File 37492.patch, 12.5 KB (added by , 9 years ago) |
---|
-
wp-admin/customize.php
13 13 require_once( dirname( __FILE__ ) . '/admin.php' ); 14 14 15 15 if ( ! current_user_can( 'customize' ) ) { 16 wp_die( 17 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 18 '<p>' . __( 'Sorry, you are not allowed to customize this site.' ) . '</p>', 19 403 20 ); 16 wp_die( __( 'Sorry, you are not allowed to customize this site.' ), 403 ); 21 17 } 22 18 23 19 wp_reset_vars( array( 'url', 'return', 'autofocus' ) ); -
wp-admin/edit-comments.php
9 9 /** WordPress Administration Bootstrap */ 10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 if ( ! current_user_can( 'edit_posts' ) ) { 12 wp_die( 13 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 14 '<p>' . __( 'Sorry, you are not allowed to edit comments.' ) . '</p>', 15 403 16 ); 12 wp_die( __( 'Sorry, you are not allowed to edit comments.' ), 403 ); 17 13 } 18 14 19 15 $wp_list_table = _get_list_table('WP_Comments_List_Table'); -
wp-admin/edit-tags.php
18 18 wp_die( __( 'Invalid taxonomy.' ) ); 19 19 20 20 if ( ! in_array( $tax->name, get_taxonomies( array( 'show_ui' => true ) ) ) ) { 21 21 wp_die( __( 'Sorry, you are not allowed to manage these items.' ) ); 22 22 } 23 23 24 24 if ( ! current_user_can( $tax->cap->manage_terms ) ) { 25 wp_die( 26 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 27 '<p>' . __( 'Sorry, you are not allowed to manage these items.' ) . '</p>', 28 403 29 ); 25 wp_die( __( 'Sorry, you are not allowed to manage these items.' ), 403 ); 30 26 } 31 27 32 28 /** … … 69 65 check_admin_referer( 'add-tag', '_wpnonce_add-tag' ); 70 66 71 67 if ( ! current_user_can( $tax->cap->edit_terms ) ) { 72 wp_die( 73 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 74 '<p>' . __( 'Sorry, you are not allowed to add this item.' ) . '</p>', 75 403 76 ); 68 wp_die( __( 'Sorry, you are not allowed to add this item.' ), 403 ); 77 69 } 78 70 79 71 $ret = wp_insert_term( $_POST['tag-name'], $taxonomy, $_POST ); … … 109 101 check_admin_referer( 'delete-tag_' . $tag_ID ); 110 102 111 103 if ( ! current_user_can( $tax->cap->delete_terms ) ) { 112 wp_die( 113 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 114 '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', 115 403 116 ); 104 wp_die( __( 'Sorry, you are not allowed to delete this item.' ), 403 ); 117 105 } 118 106 119 107 wp_delete_term( $tag_ID, $taxonomy ); … … 126 114 check_admin_referer( 'bulk-tags' ); 127 115 128 116 if ( ! current_user_can( $tax->cap->delete_terms ) ) { 129 wp_die( 130 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 131 '<p>' . __( 'Sorry, you are not allowed to delete these items.' ) . '</p>', 132 403 133 ); 117 wp_die( __( 'Sorry, you are not allowed to delete these items.' ), 403 ); 134 118 } 135 119 136 120 $tags = (array) $_REQUEST['delete_tags']; … … 169 153 check_admin_referer( 'update-tag_' . $tag_ID ); 170 154 171 155 if ( ! current_user_can( $tax->cap->edit_terms ) ) { 172 wp_die( 173 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 174 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 175 403 176 ); 156 wp_die( __( 'Sorry, you are not allowed to edit this item.' ), 403 ); 177 157 } 178 158 179 159 $tag = get_term( $tag_ID, $taxonomy ); … … 295 275 require_once( ABSPATH . 'wp-admin/admin-header.php' ); 296 276 297 277 if ( ! current_user_can( $tax->cap->edit_terms ) ) { 298 wp_die( 299 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 300 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 301 403 302 ); 278 wp_die( __( 'Sorry, you are not allowed to edit this item.' ), 403 ); 303 279 } 304 280 305 281 /** Also used by the Edit Tag form */ -
wp-admin/edit.php
35 35 wp_die( __( 'Invalid post type.' ) ); 36 36 37 37 if ( ! current_user_can( $post_type_object->cap->edit_posts ) ) { 38 wp_die( 39 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 40 '<p>' . __( 'Sorry, you are not allowed to edit posts in this post type.' ) . '</p>', 41 403 42 ); 38 wp_die( __( 'Sorry, you are not allowed to edit posts in this post type.' ), 403 ); 43 39 } 44 40 45 41 $wp_list_table = _get_list_table('WP_Posts_List_Table'); -
wp-admin/includes/bookmark.php
27 27 */ 28 28 function edit_link( $link_id = 0 ) { 29 29 if ( ! current_user_can( 'manage_links' ) ) { 30 wp_die( 31 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 32 '<p>' . __( 'Sorry, you are not allowed to edit the links for this site.' ) . '</p>', 33 403 34 ); 30 wp_die( __( 'Sorry, you are not allowed to edit the links for this site.' ), 403 ); 35 31 } 36 32 37 33 $_POST['link_url'] = esc_html( $_POST['link_url'] ); -
wp-admin/media-upload.php
41 41 } 42 42 43 43 if ( ! empty( $_REQUEST['post_id'] ) && ! current_user_can( 'edit_post' , $_REQUEST['post_id'] ) ) { 44 wp_die( 45 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 46 '<p>' . __( 'Sorry, you are not allowed to edit this item.' ) . '</p>', 47 403 48 ); 44 wp_die( __( 'Sorry, you are not allowed to edit this item.' ), 403 ); 49 45 } 50 46 51 47 // Upload type: image, video, file, ..? -
wp-admin/nav-menus.php
20 20 21 21 // Permissions Check 22 22 if ( ! current_user_can( 'edit_theme_options' ) ) { 23 wp_die( 24 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 25 '<p>' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '</p>', 26 403 27 ); 23 wp_die( __( 'Sorry, you are not allowed to edit theme options on this site.' ), 403 ); 28 24 } 29 25 30 26 wp_enqueue_script( 'nav-menu' ); -
wp-admin/options.php
45 45 } 46 46 47 47 if ( ! current_user_can( $capability ) ) { 48 wp_die( 49 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 50 '<p>' . __( 'Sorry, you are not allowed to manage these items.' ) . '</p>', 51 403 52 ); 48 wp_die( __( 'Sorry, you are not allowed to manage these items.' ), 403 ); 53 49 } 54 50 55 51 // Handle admin email change requests -
wp-admin/post-new.php
55 55 $editing = true; 56 56 57 57 if ( ! current_user_can( $post_type_object->cap->edit_posts ) || ! current_user_can( $post_type_object->cap->create_posts ) ) { 58 wp_die( 59 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 60 '<p>' . __( 'Sorry, you are not allowed to create posts as this user.' ) . '</p>', 61 403 62 ); 58 wp_die( __( 'Sorry, you are not allowed to create posts as this user.' ), 403 ); 63 59 } 64 60 65 61 // Schedule auto-draft cleanup -
wp-admin/press-this.php
12 12 require_once( dirname( __FILE__ ) . '/admin.php' ); 13 13 14 14 if ( ! current_user_can( 'edit_posts' ) || ! current_user_can( get_post_type_object( 'post' )->cap->create_posts ) ) { 15 wp_die( 16 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 17 '<p>' . __( 'Sorry, you are not allowed to create posts as this user.' ) . '</p>', 18 403 19 ); 15 wp_die( __( 'Sorry, you are not allowed to create posts as this user.' ), 403 ); 20 16 } 21 17 22 18 /** -
wp-admin/term.php
33 33 if ( ! in_array( $taxonomy, get_taxonomies( array( 'show_ui' => true ) ) ) || 34 34 ! current_user_can( $tax->cap->manage_terms ) 35 35 ) { 36 wp_die( 37 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 38 '<p>' . __( 'Sorry, you are not allowed to manage this item.' ) . '</p>', 39 403 40 ); 36 wp_die( __( 'Sorry, you are not allowed to manage this item.' ), 403 ); 41 37 } 42 38 43 39 $post_type = get_current_screen()->post_type; -
wp-admin/themes.php
10 10 require_once( dirname( __FILE__ ) . '/admin.php' ); 11 11 12 12 if ( ! current_user_can( 'switch_themes' ) && ! current_user_can( 'edit_theme_options' ) ) { 13 wp_die( 14 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 15 '<p>' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '</p>', 16 403 17 ); 13 wp_die( __( 'Sorry, you are not allowed to edit theme options on this site.' ), 403 ); 18 14 } 19 15 20 16 if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { … … 38 34 $theme = wp_get_theme( $_GET['stylesheet'] ); 39 35 40 36 if ( ! current_user_can( 'delete_themes' ) ) { 41 wp_die( 42 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 43 '<p>' . __( 'Sorry, you are not allowed to delete this item.' ) . '</p>', 44 403 45 ); 37 wp_die( __( 'Sorry, you are not allowed to delete this item.' ), 403 ); 46 38 } 47 39 48 40 if ( ! $theme->exists() ) { -
wp-admin/user-new.php
11 11 12 12 if ( is_multisite() ) { 13 13 if ( ! current_user_can( 'create_users' ) && ! current_user_can( 'promote_users' ) ) { 14 wp_die( 15 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 16 '<p>' . __( 'Sorry, you are not allowed to add users to this network.' ) . '</p>', 17 403 18 ); 14 wp_die( __( 'Sorry, you are not allowed to add users to this network.' ), 403 ); 19 15 } 20 16 } elseif ( ! current_user_can( 'create_users' ) ) { 21 wp_die( 22 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 23 '<p>' . __( 'Sorry, you are not allowed to create users.' ) . '</p>', 24 403 25 ); 17 wp_die( __( 'Sorry, you are not allowed to create users.' ), 403 ); 26 18 } 27 19 28 20 if ( is_multisite() ) { … … 51 43 } 52 44 53 45 if ( ! current_user_can( 'promote_user', $user_details->ID ) ) { 54 wp_die( 55 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 56 '<p>' . __( 'Sorry, you are not allowed to add users to this network.' ) . '</p>', 57 403 58 ); 46 wp_die( __( 'Sorry, you are not allowed to add users to this network.' ), 403 ); 59 47 } 60 48 61 49 // Adding an existing user to this blog … … 105 93 check_admin_referer( 'create-user', '_wpnonce_create-user' ); 106 94 107 95 if ( ! current_user_can( 'create_users' ) ) { 108 wp_die( 109 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 110 '<p>' . __( 'Sorry, you are not allowed to create users.' ) . '</p>', 111 403 112 ); 96 wp_die( __( 'Sorry, you are not allowed to create users.' ), 403 ); 113 97 } 114 98 115 99 if ( ! is_multisite() ) { -
wp-admin/users.php
11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 13 if ( ! current_user_can( 'list_users' ) ) { 14 wp_die( 15 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 16 '<p>' . __( 'Sorry, you are not allowed to browse users.' ) . '</p>', 17 403 18 ); 14 wp_die( __( 'Sorry, you are not allowed to browse users.' ), 403 ); 19 15 } 20 16 21 17 $wp_list_table = _get_list_table('WP_Users_List_Table'); -
wp-admin/widgets.php
13 13 require_once(ABSPATH . 'wp-admin/includes/widgets.php'); 14 14 15 15 if ( ! current_user_can( 'edit_theme_options' ) ) { 16 wp_die( 17 '<h1>' . __( 'Cheatin’ uh?' ) . '</h1>' . 18 '<p>' . __( 'Sorry, you are not allowed to edit theme options on this site.' ) . '</p>', 19 403 20 ); 16 wp_die( __( 'Sorry, you are not allowed to edit theme options on this site.' ), 403 ); 21 17 } 22 18 23 19 $widgets_access = get_user_setting( 'widgets_access' );