WordPress.org

Make WordPress Core

Changeset 11761


Ignore:
Timestamp:
08/01/09 21:12:17 (6 years ago)
Author:
ryan
Message:

Add some CYA cap checks.

Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options-discussion.php

    r11591 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Discussion Settings'); 
  • trunk/wp-admin/options-general.php

    r11597 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('./admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('General Settings'); 
  • trunk/wp-admin/options-media.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Media Settings'); 
  • trunk/wp-admin/options-misc.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Miscellaneous Settings'); 
  • trunk/wp-admin/options-permalink.php

    r11450 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Permalink Settings'); 
  • trunk/wp-admin/options-privacy.php

    r11380 r11761  
    99/** Load WordPress Administration Bootstrap */ 
    1010require_once('./admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Privacy Settings'); 
  • trunk/wp-admin/options-reading.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Reading Settings'); 
  • trunk/wp-admin/options-writing.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('manage_options') ) 
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.')); 
    1114 
    1215$title = __('Writing Settings'); 
  • trunk/wp-admin/plugins.php

    r11554 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( ! current_user_can('activate_plugins') ) 
     13    wp_die(__('You do not have sufficient permissions to manage plugins for this blog.')); 
    1114 
    1215if ( isset($_POST['clear-recent-list']) ) 
     
    3841    switch ( $action ) { 
    3942        case 'activate': 
     43            if ( ! current_user_can('activate_plugins') ) 
     44                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 
     45 
    4046            check_admin_referer('activate-plugin_' . $plugin); 
    4147 
     
    5460            break; 
    5561        case 'activate-selected': 
     62            if ( ! current_user_can('activate_plugins') ) 
     63                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 
     64             
    5665            check_admin_referer('bulk-manage-plugins'); 
    5766 
     
    7685            break; 
    7786        case 'error_scrape': 
     87            if ( ! current_user_can('activate_plugins') ) 
     88                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.')); 
     89 
    7890            check_admin_referer('plugin-activation-error_' . $plugin); 
    7991 
     
    89101            break; 
    90102        case 'deactivate': 
     103            if ( ! current_user_can('activate_plugins') ) 
     104                wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.')); 
     105 
    91106            check_admin_referer('deactivate-plugin_' . $plugin); 
    92107            deactivate_plugins($plugin); 
     
    96111            break; 
    97112        case 'deactivate-selected': 
     113            if ( ! current_user_can('activate_plugins') ) 
     114                wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.')); 
     115 
    98116            check_admin_referer('bulk-manage-plugins'); 
    99117 
  • trunk/wp-admin/themes.php

    r11554 r11761  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('admin.php'); 
     11 
     12if ( !current_user_can('switch_themes') ) 
     13    wp_die( __( 'Cheatin’ uh?' ) ); 
    1114 
    1215if ( isset($_GET['action']) ) { 
  • trunk/wp-includes/vars.php

    r11379 r11761  
    1818    preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches); 
    1919    $pagenow = $self_matches[1]; 
     20    $pagenow = trim($pagenow, '/'); 
    2021    $pagenow = preg_replace('#\?.*?$#', '', $pagenow); 
    2122    if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) { 
Note: See TracChangeset for help on using the changeset viewer.