Make WordPress Core

Ticket #42404: 42404.4.patch

File 42404.4.patch, 8.9 KB (added by antonioeatgoat, 7 years ago)

Handled singular capability 'update_plugin'. It still needs unit tests.

  • src/wp-admin/includes/ajax-actions.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    41054105                'newVersion' => '',
    41064106        );
    41074107
    4108         if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) {
    4109                 $status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
     4108        if ( ! current_user_can( 'update_plugin', $plugin ) || 0 !== validate_file( $plugin ) ) {
     4109                $status['errorMessage'] = __( 'Sorry, you are not allowed to update this plugin.' );
    41104110                wp_send_json_error( $status );
    41114111        }
    41124112
  • src/wp-admin/includes/plugin-install.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    420420                                $status      = 'update_available';
    421421                                $update_file = $file;
    422422                                $version     = $plugin->new_version;
    423                                 if ( current_user_can( 'update_plugins' ) ) {
     423                                if ( current_user_can( 'update_plugin', $file ) ) {
    424424                                        $url = wp_nonce_url( self_admin_url( 'update.php?action=upgrade-plugin&plugin=' . $update_file ), 'upgrade-plugin_' . $update_file );
    425425                                }
    426426                                break;
  • src/wp-admin/includes/update.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    344344        return $upgrade_plugins;
    345345}
    346346
     347/**
     348 * Returns the number of plugins that the current user isn't allowed to update
     349 *
     350 * @return int
     351 */
     352function wp_get_plugin_updates_disallowed_count() {
     353
     354        // The number of plugins that current user cannot update
     355        $not_allowed_to_update_count = 0;
     356
     357        $all_plugins = get_plugins();
     358        foreach ( (array) $all_plugins as $plugin_file => $plugin_data ) {
     359                if ( ! current_user_can( 'update_plugin', $plugin_file ) ) {
     360                        $not_allowed_to_update_count++;
     361                }
     362        }
     363
     364        return $not_allowed_to_update_count;
     365}
     366
    347367/**
    348368 * @since 2.9.0
    349369 */
     
    403423
    404424                echo '<tr class="plugin-update-tr' . $active_class . '" id="' . esc_attr( $response->slug . '-update' ) . '" data-slug="' . esc_attr( $response->slug ) . '" data-plugin="' . esc_attr( $file ) . '"><td colspan="' . esc_attr( $wp_list_table->get_column_count() ) . '" class="plugin-update colspanchange"><div class="update-message notice inline notice-warning notice-alt"><p>';
    405425
    406                 if ( ! current_user_can( 'update_plugins' ) ) {
     426                if ( ! current_user_can( 'update_plugin', $file ) ) {
    407427                        /* translators: 1: plugin name, 2: details URL, 3: additional link attributes, 4: version number */
    408428                        printf(
    409429                                __( 'There is a new version of %1$s available. <a href="%2$s" %3$s>View version %4$s details</a>.' ),
  • src/wp-admin/plugin-editor.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    1818$plugin = isset( $_REQUEST['plugin'] ) ? wp_unslash( sanitize_text_field( $_REQUEST['plugin'] ) ) : '';
    1919
    2020if ( ! current_user_can( 'edit_plugin', $plugin) ) {
    21     if( empty( $plugin ) )
     21    if ( empty( $plugin ) )
    2222            wp_die( __( 'Sorry, you are not allowed to edit plugins for this site.' ) );
    2323    else
    2424            wp_die( __( 'Sorry, you are not allowed to edit this plugin.' ) );
     
    216216<?php
    217217foreach ( $plugins as $plugin_key => $a_plugin ) {
    218218
    219     if( ! current_user_can( 'edit_plugin', $plugin_key) )
     219    if ( ! current_user_can( 'edit_plugin', $plugin_key) )
    220220        continue;
    221221
    222222        $plugin_name = $a_plugin['Name'];
  • src/wp-admin/update-core.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    233233
    234234        require_once( ABSPATH . 'wp-admin/includes/plugin-install.php' );
    235235        $plugins = get_plugin_updates();
    236         if ( empty( $plugins ) ) {
     236
     237        // If all plugins are up to date or the only plugins to update cannot be update by the current user
     238        if ( empty( $plugins ) || count( $plugins ) == wp_get_plugin_updates_disallowed_count()) {
    237239                echo '<h2>' . __( 'Plugins' ) . '</h2>';
    238                 echo '<p>' . __( 'Your plugins are all up to date.' ) . '</p>';
     240                echo '<p>' . __( "There isn't any plugin to update." ) . '</p>';
    239241                return;
    240242        }
    241243        $form_action = 'update-core.php?action=do-plugin-upgrade';
     
    263265        <tbody class="plugins">
    264266<?php
    265267foreach ( (array) $plugins as $plugin_file => $plugin_data ) {
     268
     269    if ( ! current_user_can( 'update_plugin', $plugin_file) )
     270        continue;
     271
    266272        $plugin_data = (object) _get_plugin_data_markup_translate( $plugin_file, (array) $plugin_data, false, true );
    267273
    268274        $icon            = '<span class="dashicons dashicons-admin-plugins"></span>';
     
    719725} elseif ( 'do-plugin-upgrade' == $action ) {
    720726
    721727        if ( ! current_user_can( 'update_plugins' ) ) {
    722                 wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
     728                wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) );
    723729        }
    724730
    725731        check_admin_referer( 'upgrade-core' );
  • src/wp-admin/update.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    3535                        $plugins = array();
    3636                }
    3737
     38                foreach ( $plugins as $plugin_file ) {
     39                        if ( ! current_user_can( 'update_plugin', $plugin_file ) ) {
     40                                if ( ( $key = array_search( $plugin_file, $plugins ) ) !== false ) {
     41                                        unset( $plugins[ $key ] );
     42                                }
     43                        }
     44                }
     45
    3846                $plugins = array_map( 'urldecode', $plugins );
    3947
    4048                $url   = 'update.php?action=update-selected&amp;plugins=' . urlencode( implode( ',', $plugins ) );
     
    4957                iframe_footer();
    5058
    5159        } elseif ( 'upgrade-plugin' == $action ) {
    52                 if ( ! current_user_can( 'update_plugins' ) ) {
    53                         wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) );
     60                if ( ! current_user_can( 'update_plugin', $plugin ) ) {
     61                        wp_die( __( 'Sorry, you are not allowed to update this plugin.' ) );
    5462                }
    5563
    5664                check_admin_referer( 'upgrade-plugin_' . $plugin );
     
    7179                include( ABSPATH . 'wp-admin/admin-footer.php' );
    7280
    7381        } elseif ( 'activate-plugin' == $action ) {
    74                 if ( ! current_user_can( 'update_plugins' ) ) {
    75                         wp_die( __( 'Sorry, you are not allowed to update plugins for this site.' ) );
     82                if ( ! current_user_can( 'update_plugin', $plugin ) ) {
     83                        wp_die( __( 'Sorry, you are not allowed to update this plugin.' ) );
    7684                }
    7785
    7886                check_admin_referer( 'activate-plugin_' . $plugin );
  • src/wp-includes/capabilities.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    416416                        }
    417417                        break;
    418418                case 'update_plugins':
     419                case 'update_plugin':
    419420                case 'delete_plugins':
    420421                case 'delete_plugin':
    421422                case 'install_plugins':
     
    436437                        } elseif ( 'upload_plugins' === $cap ) {
    437438                                $caps[] = 'install_plugins';
    438439                        } else {
    439                                 $caps[] = ( $cap == 'delete_plugin' ) ? 'delete_plugins' : $cap;
     440
     441                                if (  $cap == 'delete_plugin' )
     442                                        $caps[] = 'delete_plugins';
     443                                elseif (  $cap == 'update_plugin' )
     444                                        $caps[] = 'update_plugins';
     445                                else
     446                                        $caps[] = $cap;
    440447                        }
    441448                        break;
    442449                case 'install_languages':
  • src/wp-includes/update.php

    IDEA additional info:
    Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
    <+>UTF-8
     
    636636        if ( $plugins = current_user_can( 'update_plugins' ) ) {
    637637                $update_plugins = get_site_transient( 'update_plugins' );
    638638                if ( ! empty( $update_plugins->response ) ) {
    639                         $counts['plugins'] = count( $update_plugins->response );
     639                        $counts['plugins'] = count( $update_plugins->response ) - wp_get_plugin_updates_disallowed_count();
    640640                }
    641641        }
    642642