WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
05/12/2010 07:19:57 PM (15 years ago)
Author:
nacin
Message:

Use the edit_theme_options capability. fixes #13290.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/wp-admin/themes.php

    r14443 r14581  
    1010require_once('./admin.php');
    1111
    12 if ( !current_user_can('switch_themes') )
     12if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
    1313    wp_die( __( 'Cheatin’ uh?' ) );
    1414
    15 if ( isset($_GET['action']) ) {
     15if ( current_user_can('switch_themes') && isset($_GET['action']) ) {
    1616    if ( 'activate' == $_GET['action'] ) {
    1717        check_admin_referer('switch-theme_' . $_GET['template']);
     
    3232$parent_file = 'themes.php';
    3333
     34if ( current_user_can( 'switch_themes' ) ) :
     35
    3436$help = '<p>' . __('Themes give your WordPress style. Once a theme is installed, you may preview it, activate it or deactivate it here.') . '</p>';
    3537if ( current_user_can('install_themes') ) {
     
    4345wp_enqueue_script( 'theme-preview' );
    4446
     47endif;
     48
    4549require_once('./admin-header.php');
    4650if ( is_multisite() && current_user_can('edit_themes') ) {
     
    5256<div id="message1" class="updated"><p><?php _e('The active theme is broken.  Reverting to the default theme.'); ?></p></div>
    5357<?php elseif ( isset($_GET['activated']) ) :
    54         if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) ) { ?>
     58        if ( isset($wp_registered_sidebars) && count( (array) $wp_registered_sidebars ) && current_user_can('edit_theme_options') ) { ?>
    5559<div id="message2" class="updated"><p><?php printf( __('New theme activated. This theme supports widgets, please visit the <a href="%s">widgets settings</a> screen to configure them.'), admin_url( 'widgets.php' ) ); ?></p></div><?php
    5660        } else { ?>
     
    115119
    116120<div class="clear"></div>
     121<?php
     122if ( ! current_user_can( 'switch_themes' ) ) {
     123    echo '</div>';
     124    require( './admin-footer.php' );
     125    exit;
     126}
     127?>
    117128<h3><?php _e('Available Themes'); ?></h3>
    118129<div class="clear"></div>
Note: See TracChangeset for help on using the changeset viewer.