Changeset 13043 for trunk/wp-admin/custom-header.php

Timestamp:

02/10/2010 04:49:16 PM (16 years ago)

Author:

ryan

Message:

Use switch_themes instead of edit_themes so that non super admins on multisite installs can customize headers and backgrounds. Add CYA cap checks.

File:

• trunk/wp-admin/custom-header.php (modified) (3 diffs)

trunk/wp-admin/custom-header.php

@@ -53 +53 @@
      */
     function init() {
-        $page = add_theme_page(__('Custom Header'), __('Custom Header'), 'edit_themes', 'custom-header', array(&$this, 'admin_page'));
+        if ( ! current_user_can('switch_themes') )
+            return;
+
+        $page = add_theme_page(__('Custom Header'), __('Custom Header'), 'switch_themes', 'custom-header', array(&$this, 'admin_page'));
 
         add_action("admin_print_scripts-$page", array(&$this, 'js_includes'));
@@ -114 +117 @@
      */
     function take_action() {
+        if ( ! current_user_can('switch_themes') )
+            return;
+
         if ( isset( $_POST['textcolor'] ) ) {
             check_admin_referer('custom-header');
@@ -484 +490 @@
      */
     function admin_page() {
+        if ( ! current_user_can('switch_themes') )
+            wp_die(__('You do not have permission to customize headers.'));
         $step = $this->step();
         if ( 1 == $step )