Make WordPress Core


Ignore:
Timestamp:
08/01/2009 09:12:17 PM (15 years ago)
Author:
ryan
Message:

Add some CYA cap checks.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/plugins.php

    r11554 r11761  
    99/** WordPress Administration Bootstrap */
    1010require_once('admin.php');
     11
     12if ( ! current_user_can('activate_plugins') )
     13    wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
    1114
    1215if ( isset($_POST['clear-recent-list']) )
     
    3841    switch ( $action ) {
    3942        case 'activate':
     43            if ( ! current_user_can('activate_plugins') )
     44                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     45
    4046            check_admin_referer('activate-plugin_' . $plugin);
    4147
     
    5460            break;
    5561        case 'activate-selected':
     62            if ( ! current_user_can('activate_plugins') )
     63                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     64           
    5665            check_admin_referer('bulk-manage-plugins');
    5766
     
    7685            break;
    7786        case 'error_scrape':
     87            if ( ! current_user_can('activate_plugins') )
     88                wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
     89
    7890            check_admin_referer('plugin-activation-error_' . $plugin);
    7991
     
    89101            break;
    90102        case 'deactivate':
     103            if ( ! current_user_can('activate_plugins') )
     104                wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
     105
    91106            check_admin_referer('deactivate-plugin_' . $plugin);
    92107            deactivate_plugins($plugin);
     
    96111            break;
    97112        case 'deactivate-selected':
     113            if ( ! current_user_can('activate_plugins') )
     114                wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
     115
    98116            check_admin_referer('bulk-manage-plugins');
    99117
Note: See TracChangeset for help on using the changeset viewer.