Make WordPress Core

Changeset 21195


Ignore:
Timestamp:
06/30/2012 12:08:18 PM (12 years ago)
Author:
nacin
Message:

Cap checks in the upgrader so we do not show links the user cannot access. props linuxologos for the initial patch. see #19824.

Also fixes a rare fatal error when theme_info is not set when updating a theme that is already up to date.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/includes/class-wp-upgrader.php

    r21131 r21195  
    852852            $this->update_current++;
    853853
     854            $this->skin->theme_info = $this->theme_info($theme);
     855
    854856            if ( !isset( $current->response[ $theme ] ) ) {
    855857                $this->skin->set_result(false);
     
    860862                continue;
    861863            }
    862 
    863             $this->skin->theme_info = $this->theme_info($theme);
    864864
    865865            // Get the URL to the zip file
     
    13521352            'updates_page' => '<a href="' . self_admin_url('update-core.php') . '" title="' . esc_attr__('Go to WordPress Updates page') . '" target="_parent">' . __('Return to WordPress Updates') . '</a>'
    13531353        );
     1354        if ( ! current_user_can( 'activate_plugins' ) )
     1355            unset( $update_actions['plugins_page'] );
    13541356
    13551357        $update_actions = apply_filters('update_bulk_plugins_complete_actions', $update_actions, $this->plugin_info);
     
    13851387            'updates_page' => '<a href="' . self_admin_url('update-core.php') . '" title="' . esc_attr__('Go to WordPress Updates page') . '" target="_parent">' . __('Return to WordPress Updates') . '</a>'
    13861388        );
     1389        if ( ! current_user_can( 'switch_themes' ) && ! current_user_can( 'edit_theme_options' ) )
     1390            unset( $update_actions['themes_page'] );
    13871391
    13881392        $update_actions = apply_filters('update_bulk_theme_complete_actions', $update_actions, $this->theme_info );
     
    15181522        if ( $this->type == 'web' )
    15191523            $install_actions['themes_page'] = '<a href="' . self_admin_url('theme-install.php') . '" title="' . esc_attr__('Return to Theme Installer') . '" target="_parent">' . __('Return to Theme Installer') . '</a>';
    1520         else
     1524        elseif ( current_user_can( 'switch_themes' ) || current_user_can( 'edit_theme_options' ) )
    15211525            $install_actions['themes_page'] = '<a href="' . self_admin_url('themes.php') . '" title="' . esc_attr__('Themes page') . '" target="_parent">' . __('Return to Themes page') . '</a>';
    15221526
    1523         if ( ! $this->result || is_wp_error($this->result) || is_network_admin() )
     1527        if ( ! $this->result || is_wp_error($this->result) || is_network_admin() || ! current_user_can( 'switch_themes' ) )
    15241528            unset( $install_actions['activate'], $install_actions['preview'] );
    15251529
     
    15731577
    15741578            if ( get_stylesheet() == $stylesheet ) {
    1575                 $update_actions['preview']  = '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Customize &#8220;%s&#8221;'), $name ) ) . '">' . __('Customize') . '</a>';
    1576             } else {
     1579                if ( current_user_can( 'edit_theme_options' ) )
     1580                    $update_actions['preview']  = '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Customize &#8220;%s&#8221;'), $name ) ) . '">' . __('Customize') . '</a>';
     1581            } elseif ( current_user_can( 'switch_themes' ) ) {
    15771582                $update_actions['preview']  = '<a href="' . esc_url( $preview_link ) . '" class="hide-if-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Preview') . '</a>';
    15781583                $update_actions['preview'] .= '<a href="' . wp_customize_url( $stylesheet ) . '" class="hide-if-no-customize load-customize" title="' . esc_attr( sprintf( __('Preview &#8220;%s&#8221;'), $name ) ) . '">' . __('Live Preview') . '</a>';
Note: See TracChangeset for help on using the changeset viewer.