Changeset 12833 for trunk/wp-admin/admin-ajax.php
- Timestamp:
- 01/26/2010 11:32:04 AM (15 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r12818 r12833 205 205 $taxonomy = get_taxonomy(substr($action, 4)); 206 206 check_ajax_referer( $action ); 207 if ( !current_user_can( 'manage_categories') )207 if ( !current_user_can( $taxonomy->manage_cap ) ) 208 208 die('-1'); 209 209 $names = explode(',', $_POST['new'.$taxonomy->name]); … … 330 330 $tag_id = (int) $_POST['tag_ID']; 331 331 check_ajax_referer( "delete-tag_$tag_id" ); 332 if ( !current_user_can( 'manage_categories' ) )333 die('-1');334 332 335 333 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 334 $tax = get_taxonomy($taxonomy); 335 336 if ( !current_user_can( $tax->delete_cap ) ) 337 die('-1'); 336 338 337 339 $tag = get_term( $tag_id, $taxonomy ); … … 600 602 case 'add-tag' : // From Manage->Tags 601 603 check_ajax_referer( 'add-tag' ); 602 if ( !current_user_can( 'manage_categories' ) )603 die('-1');604 604 605 605 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : 'post_tag'; 606 $tax = get_taxonomy($taxonomy); 607 608 if ( !current_user_can( $tax->edit_cap ) ) 609 die('-1'); 610 606 611 $tag = wp_insert_term($_POST['tag-name'], $taxonomy, $_POST ); 607 612 … … 1176 1181 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1177 1182 1178 if ( ! current_user_can('manage_categories') ) 1183 $taxonomy = !empty($_POST['taxonomy']) ? $_POST['taxonomy'] : false; 1184 if ( ! $taxonomy ) 1185 die( __('Cheatin’ uh?') ); 1186 $tax = get_taxonomy($taxonomy); 1187 1188 if ( ! current_user_can( $tax->edit_cap ) ) 1179 1189 die( __('Cheatin’ uh?') ); 1180 1190
Note: See TracChangeset
for help on using the changeset viewer.