Changeset 16992 for trunk/wp-admin/admin-ajax.php

Timestamp:

12/16/2010 09:18:28 AM (14 years ago)

Author:

nacin

Message:

Replace check_permissions() with ajax_user_can(). New method returns true/false to current_user_can(), which we then handle in admin ajax. see #15326.

File:

• trunk/wp-admin/admin-ajax.php (modified) (2 diffs)

trunk/wp-admin/admin-ajax.php

@@ -62 +62 @@
         die( '0' );
 
-    $wp_list_table->check_permissions();
+    if ( ! $wp_list_table->ajax_user_can() )
+        die( '-1' );
+
     $wp_list_table->ajax_response();
 
@@ -1201 +1203 @@
     check_ajax_referer( 'taxinlineeditnonce', '_inline_edit' );
 
-    set_current_screen( 'edit-' . $_POST['taxonomy'] );
+    $taxonomy = sanitize_key( $_POST['taxonomy'] );
+    $tax = get_taxonomy( $taxonomy );
+    if ( ! $tax )
+        die( '0' );
+
+    if ( ! current_user_can( $tax->cap->edit_terms ) )
+        die( '-1' );
+
+    set_current_screen( 'edit-' . $taxonomy );
 
     $wp_list_table = get_list_table('WP_Terms_List_Table');
-
-    $wp_list_table->check_permissions('edit');
 
     if ( ! isset($_POST['tax_ID']) || ! ( $id = (int) $_POST['tax_ID'] ) )