WordPress.org

Make WordPress Core

Changeset 13043


Ignore:
Timestamp:
02/10/10 16:49:16 (6 years ago)
Author:
ryan
Message:

Use switch_themes instead of edit_themes so that non super admins on multisite installs can customize headers and backgrounds. Add CYA cap checks.

Location:
trunk/wp-admin
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/custom-background.php

    r13041 r13043  
    5353     */ 
    5454    function init() { 
     55        if ( ! current_user_can('switch_themes') ) 
     56            return; 
     57 
    5558        $page = add_theme_page(__('Custom Background'), __('Custom Background'), 'switch_themes', 'custom-background', array(&$this, 'admin_page')); 
    5659 
     
    8487     */ 
    8588    function take_action() { 
     89        if ( ! current_user_can('switch_themes') ) 
     90            return; 
     91 
    8692        if ( isset($_POST['reset-background']) ) { 
    8793            check_admin_referer('custom-background'); 
     
    235241     */ 
    236242    function admin_page() { 
     243        if ( ! current_user_can('switch_themes') ) 
     244            wp_die(__('You do not have permission to customize the background.')); 
    237245        $step = $this->step(); 
    238246        if ( 1 == $step ) 
  • trunk/wp-admin/custom-header.php

    r12890 r13043  
    5353     */ 
    5454    function init() { 
    55         $page = add_theme_page(__('Custom Header'), __('Custom Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page')); 
     55        if ( ! current_user_can('switch_themes') ) 
     56            return; 
     57 
     58        $page = add_theme_page(__('Custom Header'), __('Custom Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page')); 
    5659 
    5760        add_action("admin_print_scripts-$page", array(&$this, 'js_includes')); 
     
    114117     */ 
    115118    function take_action() { 
     119        if ( ! current_user_can('switch_themes') ) 
     120            return; 
     121 
    116122        if ( isset( $_POST['textcolor'] ) ) { 
    117123            check_admin_referer('custom-header'); 
     
    484490     */ 
    485491    function admin_page() { 
     492        if ( ! current_user_can('switch_themes') ) 
     493            wp_die(__('You do not have permission to customize headers.')); 
    486494        $step = $this->step(); 
    487495        if ( 1 == $step ) 
Note: See TracChangeset for help on using the changeset viewer.