Make WordPress Core

Changeset 11761


Ignore:
Timestamp:
08/01/2009 09:12:17 PM (15 years ago)
Author:
ryan
Message:

Add some CYA cap checks.

Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/options-discussion.php

    r11591 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Discussion Settings');
  • trunk/wp-admin/options-general.php

    r11597 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('./admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('General Settings');
  • trunk/wp-admin/options-media.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Media Settings');
  • trunk/wp-admin/options-misc.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Miscellaneous Settings');
  • trunk/wp-admin/options-permalink.php

    r11450 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Permalink Settings');
  • trunk/wp-admin/options-privacy.php

    r11380 r11761  
    99/** Load WordPress Administration Bootstrap */
    1010require_once('./admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Privacy Settings');
  • trunk/wp-admin/options-reading.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Reading Settings');
  • trunk/wp-admin/options-writing.php

    r11380 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('manage_options') )
     13    wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
    1114
    1215$title = __('Writing Settings');
  • trunk/wp-admin/plugins.php

    r11554 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('activate_plugins') )
     13    wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
    1114
    1215if ( isset($_POST['clear-recent-list']) )
     
    3841    switch ( $action ) {
    3942        case 'activate':
     43            if ( ! current_user_can('activate_plugins') )
     44                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     45
    4046            check_admin_referer('activate-plugin_' . $plugin);
    4147
     
    5460            break;
    5561        case 'activate-selected':
     62            if ( ! current_user_can('activate_plugins') )
     63                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     64           
    5665            check_admin_referer('bulk-manage-plugins');
    5766
     
    7685            break;
    7786        case 'error_scrape':
     87            if ( ! current_user_can('activate_plugins') )
     88                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     89
    7890            check_admin_referer('plugin-activation-error_' . $plugin);
    7991
     
    89101            break;
    90102        case 'deactivate':
     103            if ( ! current_user_can('activate_plugins') )
     104                wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
     105
    91106            check_admin_referer('deactivate-plugin_' . $plugin);
    92107            deactivate_plugins($plugin);
     
    96111            break;
    97112        case 'deactivate-selected':
     113            if ( ! current_user_can('activate_plugins') )
     114                wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
     115
    98116            check_admin_referer('bulk-manage-plugins');
    99117
  • trunk/wp-admin/themes.php

    r11554 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( !current_user_can('switch_themes') )
     13    wp_die( __( 'Cheatin’ uh?' ) );
    1114
    1215if ( isset($_GET['action']) ) {
  • trunk/wp-includes/vars.php

    r11379 r11761  
    1818    preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
    1919    $pagenow = $self_matches[1];
     20    $pagenow = trim($pagenow, '/');
    2021    $pagenow = preg_replace('#\?.*?$#', '', $pagenow);
    2122    if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
Note: See TracChangeset for help on using the changeset viewer.