Make WordPress Core

Changeset 16990


Ignore:
Timestamp:
12/16/2010 08:43:22 AM (14 years ago)
Author:
nacin
Message:

Remove check_permissions() calls outside of AJAX context. Also only check for switch_themes in check_permissions() for the themes table. see #15326.

Location:
trunk/wp-admin
Files:
19 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/edit-comments.php

    r16900 r16990  
    1313
    1414$wp_list_table = get_list_table('WP_Comments_List_Table');
    15 $wp_list_table->check_permissions();
    1615$pagenum = $wp_list_table->get_pagenum();
    1716
  • trunk/wp-admin/edit-tags.php

    r16980 r16990  
    1414
    1515$wp_list_table = get_list_table('WP_Terms_List_Table');
    16 $wp_list_table->check_permissions();
    1716
    1817$title = $tax->labels->name;
  • trunk/wp-admin/edit.php

    r16980 r16990  
    2525
    2626$wp_list_table = get_list_table('WP_Posts_List_Table');
    27 $wp_list_table->check_permissions();
    2827$pagenum = $wp_list_table->get_pagenum();
    2928
  • trunk/wp-admin/includes/class-wp-ms-themes-list-table.php

    r16967 r16990  
    4040        $menu_perms = get_site_option( 'menu_items', array() );
    4141
    42         if ( empty( $menu_perms['themes'] ) ) {
    43             if ( !is_super_admin() )
    44                 wp_die( __( 'Cheatin’ uh?' ) );
    45         }
     42        if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
     43            wp_die( __( 'Cheatin’ uh?' ) );
    4644
    4745        if ( $this->is_site_themes && !current_user_can('manage_sites') )
    4846            wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
    49         else if ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
     47        elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') )
    5048            wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) );
    5149    }
  • trunk/wp-admin/includes/class-wp-plugins-list-table.php

    r16988 r16990  
    3232            $menu_perms = get_site_option( 'menu_items', array() );
    3333
    34             if ( empty( $menu_perms['plugins'] ) ) {
    35                 if ( !is_super_admin() )
    36                     wp_die( __( 'Cheatin’ uh?' ) );
    37             }
     34            if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
     35                wp_die( __( 'Cheatin’ uh?' ) );
    3836        }
    3937
  • trunk/wp-admin/includes/class-wp-themes-list-table.php

    r16838 r16990  
    1313
    1414    function check_permissions() {
    15         if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
     15        // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes.
     16        if ( !current_user_can('switch_themes') )
    1617            wp_die( __( 'Cheatin’ uh?' ) );
    1718    }
  • trunk/wp-admin/includes/class-wp-users-list-table.php

    r16900 r16990  
    2626
    2727    function check_permissions() {
    28         if ( !current_user_can('list_users') )
    29             wp_die(__('Cheatin’ uh?'));
    30 
    31         if ( $this->is_site_users && !current_user_can('manage_sites') )
    32             wp_die(__('You do not have sufficient permissions to edit this site.'));
     28        if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) )
     29            wp_die( __( 'Cheatin’ uh?' ) );
     30
     31        if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) )
     32            wp_die(__( 'You do not have sufficient permissions to edit this site.' ) );
    3333    }
    3434
  • trunk/wp-admin/link-manager.php

    r16980 r16990  
    1313
    1414$wp_list_table = get_list_table('WP_Links_List_Table');
    15 $wp_list_table->check_permissions();
    1615
    1716// Handle bulk deletes
  • trunk/wp-admin/network/site-themes.php

    r16984 r16990  
    1616$menu_perms = get_site_option( 'menu_items', array() );
    1717
    18 if ( empty( $menu_perms['themes'] ) ) {
    19     if ( !is_super_admin() )
    20         wp_die( __( 'Cheatin’ uh?' ) );
    21 }
     18if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
     19    wp_die( __( 'Cheatin’ uh?' ) );
    2220
    23 if ( !current_user_can('manage_sites') )
     21if ( ! current_user_can( 'manage_sites' ) )
    2422    wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );
    2523
     
    3533
    3634$wp_list_table = get_list_table('WP_MS_Themes_List_Table');
    37 $wp_list_table->check_permissions();
    3835
    3936$action = $wp_list_table->current_action();
  • trunk/wp-admin/network/site-users.php

    r16984 r16990  
    1818
    1919$wp_list_table = get_list_table('WP_Users_List_Table');
    20 $wp_list_table->check_permissions();
    2120$wp_list_table->prepare_items();
    2221
  • trunk/wp-admin/network/sites.php

    r16981 r16990  
    1414    wp_die( __( 'Multisite support is not enabled.' ) );
    1515
     16if ( ! current_user_can( 'manage_sites' ) )
     17    wp_die( __( 'You do not have permission to access this page.' ) );
     18
    1619$wp_list_table = get_list_table('WP_MS_Sites_List_Table');
    17 $wp_list_table->check_permissions();
    1820
    1921$title = __( 'Sites' );
  • trunk/wp-admin/network/themes.php

    r16981 r16990  
    1616$menu_perms = get_site_option( 'menu_items', array() );
    1717
    18 if ( empty( $menu_perms['themes'] ) ) {
    19     if ( !is_super_admin() )
    20         wp_die( __( 'Cheatin’ uh?' ) );
    21 }
     18if ( empty( $menu_perms['themes'] ) && ! is_super_admin() )
     19    wp_die( __( 'Cheatin’ uh?' ) );
    2220
    2321if ( !current_user_can('manage_network_themes') )
     
    2523
    2624$wp_list_table = get_list_table('WP_MS_Themes_List_Table');
    27 $wp_list_table->check_permissions();
    2825
    2926$action = $wp_list_table->current_action();
  • trunk/wp-admin/network/users.php

    r16983 r16990  
    1414    wp_die( __( 'Multisite support is not enabled.' ) );
    1515
     16if ( ! current_user_can( 'manage_network_users' ) )
     17    wp_die( __( 'You do not have permission to access this page.' ) );
     18
    1619$wp_list_table = get_list_table('WP_MS_Users_List_Table');
    17 $wp_list_table->check_permissions();
    1820$wp_list_table->prepare_items();
    1921
  • trunk/wp-admin/plugin-install.php

    r16900 r16990  
    1212/** WordPress Administration Bootstrap */
    1313require_once('./admin.php');
     14
    1415if ( ! current_user_can('install_plugins') )
    1516    wp_die(__('You do not have sufficient permissions to install plugins on this site.'));
     
    2122
    2223$wp_list_table = get_list_table('WP_Plugin_Install_List_Table');
    23 $wp_list_table->check_permissions();
    2424$wp_list_table->prepare_items();
    2525
  • trunk/wp-admin/plugins.php

    r16989 r16990  
    1010require_once('./admin.php');
    1111
     12if ( is_multisite() ) {
     13    $menu_perms = get_site_option( 'menu_items', array() );
     14
     15    if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() )
     16        wp_die( __( 'Cheatin’ uh?' ) );
     17}
     18
    1219if ( !current_user_can('activate_plugins') )
    1320    wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) );
    1421
    1522$wp_list_table = get_list_table('WP_Plugins_List_Table');
    16 $wp_list_table->check_permissions();
    1723
    1824$action = $wp_list_table->current_action();
  • trunk/wp-admin/theme-install.php

    r16900 r16990  
    1212/** WordPress Administration Bootstrap */
    1313require_once('./admin.php');
     14
    1415if ( ! current_user_can('install_themes') )
    1516    wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
     
    2122
    2223$wp_list_table = get_list_table('WP_Theme_Install_List_Table');
    23 $wp_list_table->check_permissions();
    2424$wp_list_table->prepare_items();
    2525
  • trunk/wp-admin/themes.php

    r16979 r16990  
    99/** WordPress Administration Bootstrap */
    1010require_once('./admin.php');
     11
    1112if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') )
    1213    wp_die( __( 'Cheatin’ uh?' ) );
    1314
    1415$wp_list_table = get_list_table('WP_Themes_List_Table');
    15 $wp_list_table->check_permissions();
    1616
    1717if ( current_user_can( 'switch_themes' ) && isset($_GET['action'] ) ) {
  • trunk/wp-admin/upload.php

    r16868 r16990  
    1010require_once( './admin.php' );
    1111
     12if ( !current_user_can('upload_files') )
     13    wp_die( __( 'You do not have permission to upload files.' ) );
     14
    1215$wp_list_table = get_list_table('WP_Media_List_Table');
    13 $wp_list_table->check_permissions();
    1416
    1517// Handle bulk actions
  • trunk/wp-admin/users.php

    r16980 r16990  
    1010require_once( './admin.php' );
    1111
     12if ( ! current_user_can( 'list_users' ) )
     13    wp_die( __( 'Cheatin’ uh?' ) );
     14
    1215$wp_list_table = get_list_table('WP_Users_List_Table');
    13 $wp_list_table->check_permissions();
    1416
    1517$title = __('Users');
Note: See TracChangeset for help on using the changeset viewer.