Changeset 16992
- Timestamp:
- 12/16/2010 09:18:28 AM (14 years ago)
- Location:
- trunk/wp-admin
- Files:
-
- 15 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-ajax.php
r16991 r16992 62 62 die( '0' ); 63 63 64 $wp_list_table->check_permissions(); 64 if ( ! $wp_list_table->ajax_user_can() ) 65 die( '-1' ); 66 65 67 $wp_list_table->ajax_response(); 66 68 … … 1201 1203 check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' ); 1202 1204 1203 set_current_screen( 'edit-' . $_POST['taxonomy'] ); 1205 $taxonomy = sanitize_key( $_POST['taxonomy'] ); 1206 $tax = get_taxonomy( $taxonomy ); 1207 if ( ! $tax ) 1208 die( '0' ); 1209 1210 if ( ! current_user_can( $tax->cap->edit_terms ) ) 1211 die( '-1' ); 1212 1213 set_current_screen( 'edit-' . $taxonomy ); 1204 1214 1205 1215 $wp_list_table = get_list_table('WP_Terms_List_Table'); 1206 1207 $wp_list_table->check_permissions('edit');1208 1216 1209 1217 if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) ) -
trunk/wp-admin/includes/class-wp-comments-list-table.php
r16911 r16992 34 34 } 35 35 36 function check_permissions() { 37 if ( !current_user_can('edit_posts') ) 38 wp_die(__('Cheatin’ uh?')); 36 function ajax_user_can() { 37 return current_user_can('edit_posts'); 39 38 } 40 39 -
trunk/wp-admin/includes/class-wp-links-list-table.php
r16536 r16992 15 15 } 16 16 17 function check_permissions() { 18 if ( ! current_user_can( 'manage_links' ) ) 19 wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) ); 17 function ajax_user_can() { 18 return current_user_can( 'manage_links' ); 20 19 } 21 20 -
trunk/wp-admin/includes/class-wp-list-table.php
r16991 r16992 106 106 * @access public 107 107 */ 108 function check_permissions() {109 die( 'function WP_List_Table:: check_permissions() must be over-ridden in a sub-class.' );108 function ajax_user_can() { 109 die( 'function WP_List_Table::ajax_user_can() must be over-ridden in a sub-class.' ); 110 110 } 111 111 -
trunk/wp-admin/includes/class-wp-media-list-table.php
r16593 r16992 17 17 } 18 18 19 function check_permissions() { 20 if ( !current_user_can('upload_files') ) 21 wp_die( __( 'You do not have permission to upload files.' ) ); 19 function ajax_user_can() { 20 return current_user_can('upload_files'); 22 21 } 23 22 -
trunk/wp-admin/includes/class-wp-ms-sites-list-table.php
r16900 r16992 15 15 } 16 16 17 function check_permissions() { 18 if ( ! current_user_can( 'manage_sites' ) ) 19 wp_die( __( 'You do not have permission to access this page.' ) ); 17 function ajax_user_can() { 18 return current_user_can( 'manage_sites' ); 20 19 } 21 20 -
trunk/wp-admin/includes/class-wp-ms-themes-list-table.php
r16990 r16992 37 37 } 38 38 39 function check_permissions() {39 function ajax_user_can() { 40 40 $menu_perms = get_site_option( 'menu_items', array() ); 41 41 42 42 if ( empty( $menu_perms['themes'] ) && ! is_super_admin() ) 43 wp_die( __( 'Cheatin’ uh?' ) );43 return false; 44 44 45 45 if ( $this->is_site_themes && !current_user_can('manage_sites') ) 46 wp_die( __( 'You do not have sufficient permissions to manage themes for this site.' ) );46 return false; 47 47 elseif ( !$this->is_site_themes && !current_user_can('manage_network_themes') ) 48 wp_die( __( 'You do not have sufficient permissions to manage network themes.' ) ); 48 return false; 49 return true; 49 50 } 50 51 -
trunk/wp-admin/includes/class-wp-ms-users-list-table.php
r16968 r16992 9 9 class WP_MS_Users_List_Table extends WP_List_Table { 10 10 11 function check_permissions() { 12 if ( ! current_user_can( 'manage_network_users' ) ) 13 wp_die( __( 'You do not have permission to access this page.' ) ); 11 function ajax_user_can() { 12 return current_user_can( 'manage_network_users' ); 14 13 } 15 14 -
trunk/wp-admin/includes/class-wp-plugin-install-list-table.php
r16734 r16992 9 9 class WP_Plugin_Install_List_Table extends WP_List_Table { 10 10 11 function check_permissions() { 12 if ( ! current_user_can('install_plugins') ) 13 wp_die(__('You do not have sufficient permissions to install plugins on this site.')); 11 function ajax_user_can() { 12 return current_user_can('install_plugins'); 14 13 } 15 14 -
trunk/wp-admin/includes/class-wp-plugins-list-table.php
r16990 r16992 28 28 } 29 29 30 function check_permissions() {30 function ajax_user_can() { 31 31 if ( is_multisite() ) { 32 32 $menu_perms = get_site_option( 'menu_items', array() ); 33 33 34 34 if ( empty( $menu_perms['plugins'] ) && ! is_super_admin() ) 35 wp_die( __( 'Cheatin’ uh?' ) ); 36 } 37 38 if ( !current_user_can('activate_plugins') ) 39 wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); 35 return false; 36 } 37 38 return current_user_can('activate_plugins'); 40 39 } 41 40 -
trunk/wp-admin/includes/class-wp-posts-list-table.php
r16966 r16992 79 79 } 80 80 81 function check_permissions() {81 function ajax_user_can() { 82 82 global $post_type_object; 83 83 84 if ( !current_user_can( $post_type_object->cap->edit_posts ) ) 85 wp_die( __( 'Cheatin’ uh?' ) ); 84 return current_user_can( $post_type_object->cap->edit_posts ); 86 85 } 87 86 -
trunk/wp-admin/includes/class-wp-terms-list-table.php
r16900 r16992 33 33 } 34 34 35 function check_permissions( $type = '') {35 function ajax_user_can() { 36 36 global $tax; 37 37 38 $cap = 'edit' == $type ? $tax->cap->edit_terms : $tax->cap->manage_terms; 39 if ( !current_user_can( $cap ) ) 40 wp_die( __( 'Cheatin’ uh?' ) ); 38 return current_user_can( $tax->cap->manage_terms ); 41 39 } 42 40 -
trunk/wp-admin/includes/class-wp-theme-install-list-table.php
r16710 r16992 9 9 class WP_Theme_Install_List_Table extends WP_List_Table { 10 10 11 function check_permissions() { 12 if ( ! current_user_can('install_themes') ) 13 wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); 11 function ajax_user_can() { 12 return current_user_can('install_themes'); 14 13 } 15 14 -
trunk/wp-admin/includes/class-wp-themes-list-table.php
r16990 r16992 12 12 var $features = array(); 13 13 14 function check_permissions() {14 function ajax_user_can() { 15 15 // Do not check edit_theme_options here. AJAX calls for available themes require switch_themes. 16 if ( !current_user_can('switch_themes') ) 17 wp_die( __( 'Cheatin’ uh?' ) ); 16 return current_user_can('switch_themes'); 18 17 } 19 18 -
trunk/wp-admin/includes/class-wp-users-list-table.php
r16990 r16992 25 25 } 26 26 27 function check_permissions() { 28 if ( ! $this->is_site_users && ! current_user_can( 'list_users' ) ) 29 wp_die( __( 'Cheatin’ uh?' ) ); 30 31 if ( $this->is_site_users && ! current_user_can( 'manage_sites' ) ) 32 wp_die(__( 'You do not have sufficient permissions to edit this site.' ) ); 27 function ajax_user_can() { 28 if ( $this->is_site_users ) 29 return current_user_can( 'manage_sites' ); 30 else 31 return current_user_can( 'list_users' ); 33 32 } 34 33
Note: See TracChangeset
for help on using the changeset viewer.