IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
|
|
|
373 | 373 | if ( ! empty( $args['plugin'] ) ) { |
374 | 374 | $plugin = $args['plugin']; |
375 | 375 | |
376 | | if ( ! current_user_can( 'edit_plugins' ) ) { |
377 | | return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit plugins for this site.' ) ); |
| 376 | if ( ! current_user_can( 'edit_plugin', $plugin ) ) { |
| 377 | return new WP_Error( 'unauthorized', __( 'Sorry, you are not allowed to edit this plugin.' ) ); |
378 | 378 | } |
379 | 379 | |
380 | 380 | if ( ! wp_verify_nonce( $args['nonce'], 'edit-plugin_' . $file ) ) { |
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
|
|
|
14 | 14 | exit(); |
15 | 15 | } |
16 | 16 | |
17 | | if ( ! current_user_can( 'edit_plugins' ) ) { |
18 | | wp_die( __( 'Sorry, you are not allowed to edit plugins for this site.' ) ); |
| 17 | $file = ( isset( $_REQUEST['file'] ) ) ? wp_unslash( $_REQUEST['file'] ) : ''; |
| 18 | $plugin = isset( $_REQUEST['plugin'] ) ? wp_unslash( sanitize_text_field( $_REQUEST['plugin'] ) ) : ''; |
| 19 | |
| 20 | if ( ! current_user_can( 'edit_plugin', $plugin) ) { |
| 21 | if( empty( $plugin ) ) |
| 22 | wp_die( __( 'Sorry, you are not allowed to edit plugins for this site.' ) ); |
| 23 | else |
| 24 | wp_die( __( 'Sorry, you are not allowed to edit this plugin.' ) ); |
19 | 25 | } |
20 | 26 | |
21 | 27 | $title = __( 'Edit Plugins' ); |
… |
… |
|
35 | 41 | exit; |
36 | 42 | } |
37 | 43 | |
38 | | $file = ''; |
39 | | $plugin = ''; |
40 | | if ( isset( $_REQUEST['file'] ) ) { |
41 | | $file = wp_unslash( $_REQUEST['file'] ); |
42 | | } |
43 | | |
44 | | if ( isset( $_REQUEST['plugin'] ) ) { |
45 | | $plugin = wp_unslash( $_REQUEST['plugin'] ); |
46 | | } |
47 | | |
48 | 44 | if ( empty( $plugin ) ) { |
49 | 45 | if ( $file ) { |
50 | 46 | |
… |
… |
|
219 | 215 | <select name="plugin" id="plugin"> |
220 | 216 | <?php |
221 | 217 | foreach ( $plugins as $plugin_key => $a_plugin ) { |
| 218 | |
| 219 | if( ! current_user_can( 'edit_plugin', $plugin_key) ) |
| 220 | continue; |
| 221 | |
222 | 222 | $plugin_name = $a_plugin['Name']; |
223 | 223 | if ( $plugin_key == $plugin ) { |
224 | 224 | $selected = " selected='selected'"; |
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
|
|
|
402 | 402 | break; |
403 | 403 | case 'edit_files': |
404 | 404 | case 'edit_plugins': |
| 405 | case 'edit_plugin': |
405 | 406 | case 'edit_themes': |
406 | 407 | // Disallow the file editors. |
407 | 408 | if ( defined( 'DISALLOW_FILE_EDIT' ) && DISALLOW_FILE_EDIT ) { |
… |
… |
|
411 | 412 | } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) { |
412 | 413 | $caps[] = 'do_not_allow'; |
413 | 414 | } else { |
414 | | $caps[] = $cap; |
| 415 | $caps[] = ( $cap == 'edit_plugin' ) ? 'edit_plugins' : $cap; |
415 | 416 | } |
416 | 417 | break; |
417 | 418 | case 'update_plugins': |