WordPress.org

Make WordPress Core

Changeset 16990


Ignore:
Timestamp:
12/16/10 08:43:22 (4 years ago)
Author:
nacin
Message:

Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.

Location:
trunk/wp-admin
Files:
19 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-comments.php

    r16900 r16990  
    1313 
    1414$wp_list_table = get_list_table('WP_Comments_List_Table'); 
    15 $wp_list_table->check_permissions(); 
    1615$pagenum = $wp_list_table->get_pagenum(); 
    1716 
  • trunk/wp-admin/edit-tags.php

    r16980 r16990  
    1414 
    1515$wp_list_table = get_list_table('WP_Terms_List_Table'); 
    16 $wp_list_table->check_permissions(); 
    1716 
    1817$title = $tax->labels->name; 
  • trunk/wp-admin/edit.php

    r16980 r16990  
    2525 
    2626$wp_list_table = get_list_table('WP_Posts_List_Table'); 
    27 $wp_list_table->check_permissions(); 
    2827$pagenum = $wp_list_table->get_pagenum(); 
    2928 
  • trunk/wp-admin/includes/class-wp-ms-themes-list-table.php

    r16967 r16990  
    4040        $menu_perms = get_site_option( 'menu_items', array() ); 
    4141 
    42         if ( empty( $menu_perms['themes'] ) ) { 
    43             if ( !is_super_admin() ) 
    44                 wp_die( __( 'Cheatin’ uh?' ) ); 
    45         } 
     42        if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) 
     43            wp_die( __( 'Cheatin’ uh?' ) ); 
    4644 
    4745        if ( $this->is_site_themes && !current_user_can('manage_sites') ) 
    4846            wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) ); 
    49         else if ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) 
     47        elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) 
    5048            wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) ); 
    5149    } 
  • trunk/wp-admin/includes/class-wp-plugins-list-table.php

    r16988 r16990  
    3232            $menu_perms = get_site_option( 'menu_items', array() ); 
    3333 
    34             if ( empty( $menu_perms['plugins'] ) ) { 
    35                 if ( !is_super_admin() ) 
    36                     wp_die( __( 'Cheatin’ uh?' ) ); 
    37             } 
     34            if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) 
     35                wp_die( __( 'Cheatin’ uh?' ) ); 
    3836        } 
    3937 
  • trunk/wp-admin/includes/class-wp-themes-list-table.php

    r16838 r16990  
    1313 
    1414    function check_permissions() { 
    15         if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) 
     15        // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes. 
     16        if ( !current_user_can('switch_themes') ) 
    1617            wp_die( __( 'Cheatin’ uh?' ) ); 
    1718    } 
  • trunk/wp-admin/includes/class-wp-users-list-table.php

    r16900 r16990  
    2626 
    2727    function check_permissions() { 
    28         if ( !current_user_can('list_users') ) 
    29             wp_die(__('Cheatin’ uh?')); 
    30  
    31         if ( $this->is_site_users && !current_user_can('manage_sites') ) 
    32             wp_die(__('You do not have sufficient permissions to edit this site.')); 
     28        if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) ) 
     29            wp_die( __( 'Cheatin’ uh?' ) ); 
     30 
     31        if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) ) 
     32            wp_die(__( 'You do not have sufficient permissions to edit this site.' ) ); 
    3333    } 
    3434 
  • trunk/wp-admin/link-manager.php

    r16980 r16990  
    1313 
    1414$wp_list_table = get_list_table('WP_Links_List_Table'); 
    15 $wp_list_table->check_permissions(); 
    1615 
    1716// Handle bulk deletes 
  • trunk/wp-admin/network/site-themes.php

    r16984 r16990  
    1616$menu_perms = get_site_option( 'menu_items', array() ); 
    1717 
    18 if ( empty( $menu_perms['themes'] ) ) { 
    19     if ( !is_super_admin() ) 
    20         wp_die( __( 'Cheatin’ uh?' ) ); 
    21 } 
     18if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) 
     19    wp_die( __( 'Cheatin’ uh?' ) ); 
    2220 
    23 if ( !current_user_can('manage_sites') ) 
     21if ( ! current_user_can( 'manage_sites' ) ) 
    2422    wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) ); 
    2523 
     
    3533 
    3634$wp_list_table = get_list_table('WP_MS_Themes_List_Table'); 
    37 $wp_list_table->check_permissions(); 
    3835 
    3936$action = $wp_list_table->current_action(); 
  • trunk/wp-admin/network/site-users.php

    r16984 r16990  
    1818 
    1919$wp_list_table = get_list_table('WP_Users_List_Table'); 
    20 $wp_list_table->check_permissions(); 
    2120$wp_list_table->prepare_items(); 
    2221 
  • trunk/wp-admin/network/sites.php

    r16981 r16990  
    1414    wp_die( __( 'Multisite support is not enabled.' ) ); 
    1515 
     16if ( ! current_user_can( 'manage_sites' ) ) 
     17    wp_die( __( 'You do not have permission to access this page.' ) ); 
     18 
    1619$wp_list_table = get_list_table('WP_MS_Sites_List_Table'); 
    17 $wp_list_table->check_permissions(); 
    1820 
    1921$title = __( 'Sites' ); 
  • trunk/wp-admin/network/themes.php

    r16981 r16990  
    1616$menu_perms = get_site_option( 'menu_items', array() ); 
    1717 
    18 if ( empty( $menu_perms['themes'] ) ) { 
    19     if ( !is_super_admin() ) 
    20         wp_die( __( 'Cheatin’ uh?' ) ); 
    21 } 
     18if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) 
     19    wp_die( __( 'Cheatin’ uh?' ) ); 
    2220 
    2321if ( !current_user_can('manage_network_themes') ) 
     
    2523 
    2624$wp_list_table = get_list_table('WP_MS_Themes_List_Table'); 
    27 $wp_list_table->check_permissions(); 
    2825 
    2926$action = $wp_list_table->current_action(); 
  • trunk/wp-admin/network/users.php

    r16983 r16990  
    1414    wp_die( __( 'Multisite support is not enabled.' ) ); 
    1515 
     16if ( ! current_user_can( 'manage_network_users' ) ) 
     17    wp_die( __( 'You do not have permission to access this page.' ) ); 
     18 
    1619$wp_list_table = get_list_table('WP_MS_Users_List_Table'); 
    17 $wp_list_table->check_permissions(); 
    1820$wp_list_table->prepare_items(); 
    1921 
  • trunk/wp-admin/plugin-install.php

    r16900 r16990  
    1212/** WordPress Administration Bootstrap */ 
    1313require_once('./admin.php'); 
     14 
    1415if ( ! current_user_can('install_plugins') ) 
    1516    wp_die(__('You do not have sufficient permissions to install plugins on this site.')); 
     
    2122 
    2223$wp_list_table = get_list_table('WP_Plugin_Install_List_Table'); 
    23 $wp_list_table->check_permissions(); 
    2424$wp_list_table->prepare_items(); 
    2525 
  • trunk/wp-admin/plugins.php

    r16989 r16990  
    1010require_once('./admin.php'); 
    1111 
     12if ( is_multisite() ) { 
     13    $menu_perms = get_site_option( 'menu_items', array() ); 
     14 
     15    if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) 
     16        wp_die( __( 'Cheatin’ uh?' ) ); 
     17} 
     18 
    1219if ( !current_user_can('activate_plugins') ) 
    1320    wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); 
    1421 
    1522$wp_list_table = get_list_table('WP_Plugins_List_Table'); 
    16 $wp_list_table->check_permissions(); 
    1723 
    1824$action = $wp_list_table->current_action(); 
  • trunk/wp-admin/theme-install.php

    r16900 r16990  
    1212/** WordPress Administration Bootstrap */ 
    1313require_once('./admin.php'); 
     14 
    1415if ( ! current_user_can('install_themes') ) 
    1516    wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); 
     
    2122 
    2223$wp_list_table = get_list_table('WP_Theme_Install_List_Table'); 
    23 $wp_list_table->check_permissions(); 
    2424$wp_list_table->prepare_items(); 
    2525 
  • trunk/wp-admin/themes.php

    r16979 r16990  
    99/** WordPress Administration Bootstrap */ 
    1010require_once('./admin.php'); 
     11 
    1112if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) 
    1213    wp_die( __( 'Cheatin’ uh?' ) ); 
    1314 
    1415$wp_list_table = get_list_table('WP_Themes_List_Table'); 
    15 $wp_list_table->check_permissions(); 
    1616 
    1717if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) { 
  • trunk/wp-admin/upload.php

    r16868 r16990  
    1010require_once( './admin.php' ); 
    1111 
     12if ( !current_user_can('upload_files') ) 
     13    wp_die( __( 'You do not have permission to upload files.' ) ); 
     14 
    1215$wp_list_table = get_list_table('WP_Media_List_Table'); 
    13 $wp_list_table->check_permissions(); 
    1416 
    1517// Handle bulk actions 
  • trunk/wp-admin/users.php

    r16980 r16990  
    1010require_once( './admin.php' ); 
    1111 
     12if ( ! current_user_can( 'list_users' ) ) 
     13    wp_die( __( 'Cheatin’ uh?' ) ); 
     14 
    1215$wp_list_table = get_list_table('WP_Users_List_Table'); 
    13 $wp_list_table->check_permissions(); 
    1416 
    1517$title = __('Users'); 
Note: See TracChangeset for help on using the changeset viewer.