Ticket #39156: 39156.diff
File 39156.diff, 15.4 KB (added by , 8 years ago) |
---|
-
src/wp-admin/includes/class-wp-ms-sites-list-table.php
516 516 'visit' => '', 517 517 ); 518 518 519 $actions['edit'] = '<a href="' . esc_url( network_admin_url( 'site-info.php?id=' . $blog['blog_id'] ) ) . '">' . __( 'Edit' ) . '</a>'; 519 if ( current_user_can( 'edit_site', $blog['blog_id'] ) ) { 520 $actions['edit'] = '<a href="' . esc_url( network_admin_url( 'site-info.php?id=' . $blog['blog_id'] ) ) . '">' . __( 'Edit' ) . '</a>'; 521 } 522 520 523 $actions['backend'] = "<a href='" . esc_url( get_admin_url( $blog['blog_id'] ) ) . "' class='edit'>" . __( 'Dashboard' ) . '</a>'; 521 if ( get_network()->site_id != $blog['blog_id'] ) { 524 525 if ( current_user_can( 'activate_site', $blog['blog_id'] ) ) { 522 526 if ( $blog['deleted'] == '1' ) { 523 527 $actions['activate'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=activateblog&id=' . $blog['blog_id'] ), 'activateblog_' . $blog['blog_id'] ) ) . '">' . __( 'Activate' ) . '</a>'; 524 528 } else { 525 529 $actions['deactivate'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deactivateblog&id=' . $blog['blog_id'] ), 'deactivateblog_' . $blog['blog_id'] ) ) . '">' . __( 'Deactivate' ) . '</a>'; 526 530 } 531 } 527 532 533 if ( current_user_can( 'archive_site', $blog['blog_id'] ) ) { 528 534 if ( $blog['archived'] == '1' ) { 529 535 $actions['unarchive'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=unarchiveblog&id=' . $blog['blog_id'] ), 'unarchiveblog_' . $blog['blog_id'] ) ) . '">' . __( 'Unarchive' ) . '</a>'; 530 536 } else { 531 537 $actions['archive'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=archiveblog&id=' . $blog['blog_id'] ), 'archiveblog_' . $blog['blog_id'] ) ) . '">' . _x( 'Archive', 'verb; site' ) . '</a>'; 532 538 } 539 } 533 540 541 if ( current_user_can( 'spam_site', $blog['blog_id'] ) ) { 534 542 if ( $blog['spam'] == '1' ) { 535 543 $actions['unspam'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=unspamblog&id=' . $blog['blog_id'] ), 'unspamblog_' . $blog['blog_id'] ) ) . '">' . _x( 'Not Spam', 'site' ) . '</a>'; 536 544 } else { 537 545 $actions['spam'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=spamblog&id=' . $blog['blog_id'] ), 'spamblog_' . $blog['blog_id'] ) ) . '">' . _x( 'Spam', 'site' ) . '</a>'; 538 546 } 547 } 539 548 540 if ( current_user_can( 'delete_site', $blog['blog_id'] ) ) { 541 $actions['delete'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deleteblog&id=' . $blog['blog_id'] ), 'deleteblog_' . $blog['blog_id'] ) ) . '">' . __( 'Delete' ) . '</a>'; 542 } 549 if ( current_user_can( 'delete_site', $blog['blog_id'] ) ) { 550 $actions['delete'] = '<a href="' . esc_url( wp_nonce_url( network_admin_url( 'sites.php?action=confirm&action2=deleteblog&id=' . $blog['blog_id'] ), 'deleteblog_' . $blog['blog_id'] ) ) . '">' . __( 'Delete' ) . '</a>'; 543 551 } 544 552 545 553 $actions['visit'] = "<a href='" . esc_url( get_home_url( $blog['blog_id'], '/' ) ) . "' rel='permalink'>" . __( 'Visit' ) . '</a>'; -
src/wp-admin/menu.php
241 241 $submenu['tools.php'][10] = array( __('Import'), 'import', 'import.php' ); 242 242 $submenu['tools.php'][15] = array( __('Export'), 'export', 'export.php' ); 243 243 if ( is_multisite() && !is_main_site() ) 244 $submenu['tools.php'][25] = array( __('Delete Site'), 'delete_ site', 'ms-delete-site.php' );244 $submenu['tools.php'][25] = array( __('Delete Site'), 'delete_admin_site', 'ms-delete-site.php' ); 245 245 if ( ! is_multisite() && defined('WP_ALLOW_MULTISITE') && WP_ALLOW_MULTISITE ) 246 246 $submenu['tools.php'][50] = array(__('Network Setup'), 'manage_options', 'network.php'); 247 247 -
src/wp-admin/ms-delete-site.php
12 12 if ( !is_multisite() ) 13 13 wp_die( __( 'Multisite support is not enabled.' ) ); 14 14 15 if ( ! current_user_can( 'delete_ site' ) )15 if ( ! current_user_can( 'delete_admin_site' ) ) 16 16 wp_die(__( 'Sorry, you are not allowed to delete this site.')); 17 17 18 18 if ( isset( $_GET['h'] ) && $_GET['h'] != '' && get_option( 'delete_blog_hash' ) != false ) { -
src/wp-admin/network/site-info.php
10 10 /** Load WordPress Administration Bootstrap */ 11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 if ( ! current_user_can( 'manage_sites' ) ) { 13 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0; 14 15 if ( ! current_user_can( 'edit_site', $id ) ) { 14 16 wp_die( __( 'Sorry, you are not allowed to edit this site.' ) ); 15 17 } 16 18 … … 31 33 '<p>' . __( '<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>' ) . '</p>' 32 34 ); 33 35 34 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0;35 36 if ( ! $id ) {37 wp_die( __('Invalid site ID.') );38 }39 40 36 $details = get_site( $id ); 41 if ( ! $details ) {42 wp_die( __( 'The requested site does not exist.' ) );43 }44 37 45 38 if ( ! can_edit_network( $details->site_id ) ) { 46 39 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); … … 183 176 </tr> 184 177 <?php 185 178 $attribute_fields = array( 'public' => __( 'Public' ) ); 186 if ( ! $is_main_site) {179 if ( current_user_can( 'archive_site', $details->id ) ) { 187 180 $attribute_fields['archived'] = __( 'Archived' ); 188 $attribute_fields['spam'] = _x( 'Spam', 'site' );189 $attribute_fields['deleted'] = __( 'Deleted' );190 181 } 191 $attribute_fields['mature'] = __( 'Mature' ); 182 if ( current_user_can( 'spam_site', $details->id ) ) { 183 $attribute_fields['spam'] = _x( 'Spam', 'site' ); 184 } 185 if ( current_user_can( 'activate_site', $details->id ) ) { 186 $attribute_fields['deleted'] = __( 'Deleted' ); 187 } 188 if ( current_user_can( 'mature_site', $details->id ) ) { 189 $attribute_fields['mature'] = __( 'Mature' ); 190 } 192 191 ?> 193 192 <tr> 194 193 <th scope="row"><?php _e( 'Attributes' ); ?></th> -
src/wp-admin/network/site-new.php
13 13 /** WordPress Translation Install API */ 14 14 require_once( ABSPATH . 'wp-admin/includes/translation-install.php' ); 15 15 16 if ( ! current_user_can( ' manage_sites' ) )16 if ( ! current_user_can( 'create_sites' ) ) 17 17 wp_die( __( 'Sorry, you are not allowed to add sites to this network.' ) ); 18 18 19 19 get_current_screen()->add_help_tab( array( -
src/wp-admin/network/site-settings.php
10 10 /** Load WordPress Administration Bootstrap */ 11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 if ( ! current_user_can( 'manage_sites' ) ) 13 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0; 14 15 if ( ! current_user_can( 'edit_site', $id ) ) { 14 16 wp_die( __( 'Sorry, you are not allowed to edit this site.' ) ); 17 } 15 18 16 19 get_current_screen()->add_help_tab( array( 17 20 'id' => 'overview', … … 30 33 '<p>' . __('<a href="https://wordpress.org/support/forum/multisite/">Support Forums</a>') . '</p>' 31 34 ); 32 35 33 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0;34 35 if ( ! $id )36 wp_die( __('Invalid site ID.') );37 38 36 $details = get_site( $id ); 39 if ( ! $details ) {40 wp_die( __( 'The requested site does not exist.' ) );41 }42 37 43 38 if ( !can_edit_network( $details->site_id ) ) 44 39 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); -
src/wp-admin/network/site-themes.php
10 10 /** Load WordPress Administration Bootstrap */ 11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 if ( ! current_user_can( 'manage_sites' ) ) 14 wp_die( __( 'Sorry, you are not allowed to manage themes for this site.' ) ); 13 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0; 14 15 if ( ! current_user_can( 'edit_site', $id ) ) { 16 wp_die( __( 'Sorry, you are not allowed to edit this site.' ) ); 17 } 15 18 16 19 get_current_screen()->add_help_tab( array( 17 20 'id' => 'overview', … … 51 54 $referer = add_query_arg( 'paged', (int) $_REQUEST['paged'], $referer ); 52 55 } 53 56 54 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0; 55 56 if ( ! $id ) 57 wp_die( __('Invalid site ID.') ); 57 $details = get_site( $id ); 58 58 59 59 $wp_list_table->prepare_items(); 60 60 61 $details = get_site( $id );62 if ( ! $details ) {63 wp_die( __( 'The requested site does not exist.' ) );64 }65 66 61 if ( !can_edit_network( $details->site_id ) ) 67 62 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); 68 63 -
src/wp-admin/network/site-users.php
10 10 /** Load WordPress Administration Bootstrap */ 11 11 require_once( dirname( __FILE__ ) . '/admin.php' ); 12 12 13 if ( ! current_user_can('manage_sites') ) 14 wp_die(__('Sorry, you are not allowed to edit this site.')); 13 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0; 14 15 if ( ! current_user_can( 'edit_site', $id ) ) { 16 wp_die( __( 'Sorry, you are not allowed to edit this site.' ) ); 17 } 15 18 16 19 $wp_list_table = _get_list_table('WP_Users_List_Table'); 17 20 $wp_list_table->prepare_items(); … … 46 49 $referer = add_query_arg( 'paged', (int) $_REQUEST['paged'], $referer ); 47 50 } 48 51 49 $id = isset( $_REQUEST['id'] ) ? intval( $_REQUEST['id'] ) : 0;50 51 if ( ! $id )52 wp_die( __('Invalid site ID.') );53 54 52 $details = get_site( $id ); 55 if ( ! $details ) {56 wp_die( __( 'The requested site does not exist.' ) );57 }58 53 59 54 if ( ! can_edit_network( $details->site_id ) ) 60 55 wp_die( __( 'Sorry, you are not allowed to access this page.' ), 403 ); -
src/wp-admin/network/sites.php
126 126 wp_die( __( 'Sorry, you are not allowed to access this page.' ), '', array( 'response' => 403 ) ); 127 127 128 128 $updated_action = 'not_deleted'; 129 if ( $id != '0' && $id != get_network()->site_id &¤t_user_can( 'delete_site', $id ) ) {129 if ( current_user_can( 'delete_site', $id ) ) { 130 130 wpmu_delete_blog( $id, true ); 131 131 $updated_action = 'delete'; 132 132 } … … 137 137 $doaction = $_POST['action'] != -1 ? $_POST['action'] : $_POST['action2']; 138 138 139 139 foreach ( (array) $_POST['allblogs'] as $key => $val ) { 140 if ( $val != '0' && $val != get_network()->site_id) {141 switch ( $doaction ) {142 case 'delete':143 if ( ! current_user_can( 'delete_site', $val ) )144 wp_die( __( 'Sorry, you are not allowed to delete the site.' ) ); 145 146 $updated_action = 'all_delete';147 wpmu_delete_blog( $val, true );148 break; 149 150 case 'spam':151 case 'notspam':152 $updated_action = ( 'spam' === $doaction ) ? 'all_spam' : 'all_notspam';153 update_blog_status( $val, 'spam', ( 'spam' === $doaction ) ? '1' : '0' );154 break; 155 }156 } else {157 wp_die( __( 'Sorry, you are not allowed to change the current site.' ) );140 switch ( $doaction ) { 141 case 'delete': 142 if ( ! current_user_can( 'delete_site', $val ) ) 143 wp_die( __( 'Sorry, you are not allowed to delete the site.' ) ); 144 145 $updated_action = 'all_delete'; 146 wpmu_delete_blog( $val, true ); 147 break; 148 149 case 'spam': 150 case 'notspam': 151 if ( ! current_user_can( 'spam_site', $val ) ) { 152 wp_die( __( 'Sorry, you are not allowed to change the spam status of the site.' ) ); 153 } 154 155 $updated_action = ( 'spam' === $doaction ) ? 'all_spam' : 'all_notspam'; 156 update_blog_status( $val, 'spam', ( 'spam' === $doaction ) ? '1' : '0' ); 157 break; 158 158 } 159 159 } 160 160 if ( ! in_array( $doaction, array( 'delete', 'spam', 'notspam' ), true ) ) { … … 177 177 178 178 case 'archiveblog': 179 179 case 'unarchiveblog': 180 if ( ! current_user_can( 'archive_site', $val ) ) { 181 wp_die( __( 'Sorry, you are not allowed to change the archive status of the site.' ) ); 182 } 183 180 184 update_blog_status( $id, 'archived', ( 'archiveblog' === $_GET['action'] ) ? '1' : '0' ); 181 185 break; 182 186 183 187 case 'activateblog': 188 if ( ! current_user_can( 'activate_site', $val ) ) { 189 wp_die( __( 'Sorry, you are not allowed to activate the site.' ) ); 190 } 191 184 192 update_blog_status( $id, 'deleted', '0' ); 185 193 186 194 /** … … 194 202 break; 195 203 196 204 case 'deactivateblog': 205 if ( ! current_user_can( 'activate_site', $val ) ) { 206 wp_die( __( 'Sorry, you are not allowed to deactivate the site.' ) ); 207 } 208 197 209 /** 198 210 * Fires before a network site is deactivated. 199 211 * … … 207 219 208 220 case 'unspamblog': 209 221 case 'spamblog': 222 if ( ! current_user_can( 'spam_site', $val ) ) { 223 wp_die( __( 'Sorry, you are not allowed to change the spam status of the site.' ) ); 224 } 225 210 226 update_blog_status( $id, 'spam', ( 'spamblog' === $_GET['action'] ) ? '1' : '0' ); 211 227 break; 212 228 213 229 case 'unmatureblog': 214 230 case 'matureblog': 231 if ( ! current_user_can( 'mature_site', $val ) ) { 232 wp_die( __( 'Sorry, you are not allowed to change the mature status of the site.' ) ); 233 } 234 215 235 update_blog_status( $id, 'mature', ( 'matureblog' === $_GET['action'] ) ? '1' : '0' ); 216 236 break; 217 237 } -
src/wp-includes/capabilities.php
421 421 case 'customize' : 422 422 $caps[] = 'edit_theme_options'; 423 423 break; 424 case 'delete_ site':424 case 'delete_admin_site': 425 425 if ( is_multisite() ) { 426 426 $caps[] = 'manage_options'; 427 427 } else { … … 465 465 case 'assign_post_tags': 466 466 $caps[] = 'edit_posts'; 467 467 break; 468 case 'edit_site': 469 case 'delete_site': 470 case 'archive_site': 471 case 'spam_site': 472 case 'activate_site': 473 case 'mature_site': 474 if ( is_multisite() ) { 475 $site_id = $args[0]; 476 if ( 0 == $site_id ) { 477 $caps[] = 'do_not_allow'; 478 break; 479 } 480 481 $site = get_site( $site_id ); 482 if ( ! $site ) { 483 $caps[] = 'do_not_allow'; 484 break; 485 } 486 487 if ( 'edit_site' !== $cap && 'mature_site' !== $cap ) { 488 if ( $site->id == get_network()->site_id ) { 489 $caps[] = 'do_not_allow'; 490 break; 491 } 492 } 493 494 if ( 'delete_site' === $cap ) { 495 $caps[] = 'delete_sites'; 496 } else { 497 $caps[] = 'manage_sites'; 498 } 499 } else { 500 $caps[] = 'do_not_allow'; 501 } 502 break; 468 503 case 'create_sites': 469 504 case 'delete_sites': 470 505 case 'manage_network':