WordPress.org

Make WordPress Core

Changeset 13043


Ignore:
Timestamp:
02/10/2010 04:49:16 PM (8 years ago)
Author:
ryan
Message:

Use switch_themes instead of edit_themes so that non super admins on multisite installs can customize headers and backgrounds. Add CYA cap checks.

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/custom-background.php

    r13041 r13043  
    5353     */
    5454    function init() {
     55        if ( ! current_user_can('switch_themes') )
     56            return;
     57
    5558        $page = add_theme_page(__('Custom Background'), __('Custom Background'), 'switch_themes', 'custom-background', array(&$this, 'admin_page'));
    5659
     
    8487     */
    8588    function take_action() {
     89        if ( ! current_user_can('switch_themes') )
     90            return;
     91
    8692        if ( isset($_POST['reset-background']) ) {
    8793            check_admin_referer('custom-background');
     
    235241     */
    236242    function admin_page() {
     243        if ( ! current_user_can('switch_themes') )
     244            wp_die(__('You do not have permission to customize the background.'));
    237245        $step = $this->step();
    238246        if ( 1 == $step )
  • trunk/wp-admin/custom-header.php

    r12890 r13043  
    5353     */
    5454    function init() {
    55         $page = add_theme_page(__('Custom Header'), __('Custom Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
     55        if ( ! current_user_can('switch_themes') )
     56            return;
     57
     58        $page = add_theme_page(__('Custom Header'), __('Custom Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page'));
    5659
    5760        add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
     
    114117     */
    115118    function take_action() {
     119        if ( ! current_user_can('switch_themes') )
     120            return;
     121
    116122        if ( isset( $_POST['textcolor'] ) ) {
    117123            check_admin_referer('custom-header');
     
    484490     */
    485491    function admin_page() {
     492        if ( ! current_user_can('switch_themes') )
     493            wp_die(__('You do not have permission to customize headers.'));
    486494        $step = $this->step();
    487495        if ( 1 == $step )
Note: See TracChangeset for help on using the changeset viewer.