Make WordPress Core

Changeset 29634


Ignore:
Timestamp:
08/27/2014 01:31:05 AM (10 years ago)
Author:
nacin
Message:

Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters.

Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes.

Also:

  • Use the same nice design for the plugin upload screen as the theme upload screen.
  • Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578.
  • Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button.
  • Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'.

fixes #29236.

Location:
trunk/src
Files:
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/css/themes.css

    r29616 r29634  
    10921092    display: inline;
    10931093}
    1094 .upload-theme {
     1094.upload-theme,
     1095.upload-plugin {
    10951096    -webkit-box-sizing: border-box;
    10961097    -moz-box-sizing: border-box;
     
    11041105    top: 10px;
    11051106}
    1106 body.show-upload-theme .upload-theme {
    1107     display: block;
    1108 }
    1109 .upload-theme .wp-upload-form {
     1107body.show-upload-theme .upload-theme,
     1108.upload-plugin {
     1109    display: block;
     1110}
     1111.upload-theme .wp-upload-form,
     1112.upload-plugin .wp-upload-form {
    11101113    background: #fafafa;
    11111114    border: 1px solid #e5e5e5;
     
    11141117    max-width: 380px;
    11151118}
    1116 .upload-theme .install-help {
     1119.upload-theme .install-help,
     1120.upload-plugin .install-help {
    11171121    color: #999;
    11181122    font-size: 18px;
  • trunk/src/wp-admin/includes/class-wp-plugin-install-list-table.php

    r29597 r29634  
    7070            $tabs['beta']      = _x( 'Beta Testing', 'Plugin Installer' );
    7171        }
    72 
    73         $nonmenu_tabs = array( 'upload', 'plugin-information' ); //Valid actions to perform which do not have a Menu item.
     72        if ( current_user_can( 'upload_plugins' ) ) {
     73            // No longer a real tab. Here for filter compatibility.
     74            // Gets juggled into $nonmenu_tabs below.
     75            $tabs['upload'] = __( 'Upload Plugin' );
     76        }
     77
     78        $nonmenu_tabs = array( 'plugin-information' ); // Valid actions to perform which do not have a Menu item.
    7479
    7580        /**
     
    9196         */
    9297        $nonmenu_tabs = apply_filters( 'install_plugins_nonmenu_tabs', $nonmenu_tabs );
     98
     99        if ( isset( $tabs['upload'] ) ) {
     100            unset( $tabs['upload'] );
     101            $nonmenu_tabs[] = 'upload';
     102        }
    93103
    94104        // If a non-valid menu tab has been selected, And it's not a non-menu action.
  • trunk/src/wp-admin/includes/plugin-install.php

    r29597 r29634  
    196196function install_plugins_upload( $page = 1 ) {
    197197?>
    198     <h4><?php _e('Install a plugin in .zip format'); ?></h4>
     198<div class="upload-plugin">
    199199    <p class="install-help"><?php _e('If you have a plugin in a .zip format, you may install it by uploading it here.'); ?></p>
    200200    <form method="post" enctype="multipart/form-data" class="wp-upload-form" action="<?php echo self_admin_url('update.php?action=upload-plugin'); ?>">
     
    204204        <?php submit_button( __( 'Install Now' ), 'button', 'install-plugin-submit', false ); ?>
    205205    </form>
     206</div>
    206207<?php
    207208}
  • trunk/src/wp-admin/plugin-install.php

    r29218 r29634  
    2727$wp_list_table->prepare_items();
    2828
    29 $title = __('Install Plugins');
     29$title = __( 'Add Plugins' );
    3030$parent_file = 'plugins.php';
    3131
     
    7676<h2>
    7777    <?php
    78         echo esc_html( $title );
    79         $href = self_admin_url( 'plugin-install.php?tab=upload' );
     78    echo esc_html( $title );
     79    if ( ! empty( $tabs['upload'] ) && current_user_can( 'upload_plugins' ) ) {
     80        if ( $tab === 'upload' ) {
     81            $href = self_admin_url( 'plugin-install.php' );
     82            $text = _x( 'Browse', 'plugins' );
     83        } else {
     84            $href = self_admin_url( 'plugin-install.php?tab=upload' );
     85            $text = __( 'Upload Plugin' );
     86        }
     87        echo ' <a href="' . $href . '" class="upload add-new-h2">' . $text . '</a>';
     88    }
    8089    ?>
    81     <a href="<?php echo $href; ?>" class="upload add-new-h2"><?php _e( 'Upload Plugin' ); ?></a>
    8290</h2>
    8391
    84 <?php $wp_list_table->views(); ?>
     92<?php
     93if ( $tab !== 'upload' ) {
     94    $wp_list_table->views();
     95    echo '<br class="clear" />';
     96}
    8597
    86 <br class="clear" />
    87 <?php
    8898/**
    8999 * Fires after the plugins list table in each tab of the Install Plugins screen.
  • trunk/src/wp-admin/theme-install.php

    r29596 r29634  
    2727    $submenu_file = 'themes.php';
    2828}
    29 
    30 $tabs = array(
    31     'upload'        => __( 'Upload Theme' ),
    32     'browse-themes' => _x( 'Browse', 'themes' ),
    33 );
    3429
    3530$sections = array(
     
    114109?>
    115110<div class="wrap">
    116     <h2>
    117         <?php echo esc_html( $title ); ?>
    118         <?php
    119         /**
    120          * Filter the tabs shown on the Install Themes screen.
    121          *
    122          * @since 2.8.0
    123          * @param array $tabs The tabs shown on the Install Themes screen. Defaults are
    124          *                    'upload' and 'browse-themes'.
    125          */
    126         $tabs = apply_filters( 'install_themes_tabs', $tabs );
    127         foreach ( $tabs as $tab_slug => $tab_name ) {
    128             echo '<a href="#" class="' . esc_attr( $tab_slug ) . ' add-new-h2">' . $tab_name . '</a>';
    129         }
    130         ?>
    131     </h2>
     111    <h2><?php
     112    echo esc_html( $title );
     113
     114    /**
     115     * Filter the tabs shown on the Add Themes screen.
     116     *
     117     * This filter is for backwards compatibility only,
     118     * for the suppression of the upload tab.
     119     *
     120     * @since 2.8.0
     121     * @param array $tabs The tabs shown on the Add Themes screen. Default is 'upload'.
     122     */
     123    $tabs = apply_filters( 'install_themes_tabs', array( 'upload' => __( 'Upload Theme' ) ) );
     124    if ( ! empty( $tabs['upload'] ) && current_user_can( 'upload_themes' ) ) {
     125        echo ' <a href="#" class="upload add-new-h2">' . __( 'Upload Theme' ) . '</a>';
     126        echo ' <a href="#" class="browse-themes add-new-h2">' . _x( 'Browse', 'themes' ) . '</a>';
     127    }
     128    ?></h2>
    132129
    133130    <div class="upload-theme">
  • trunk/src/wp-admin/update.php

    r28500 r29634  
    124124    } elseif ( 'upload-plugin' == $action ) {
    125125
    126         if ( ! current_user_can('install_plugins') )
     126        if ( ! current_user_can( 'upload_plugins' ) ) {
    127127            wp_die( __( 'You do not have sufficient permissions to install plugins on this site.' ) );
     128        }
    128129
    129130        check_admin_referer('plugin-upload');
     
    228229    } elseif ( 'upload-theme' == $action ) {
    229230
    230         if ( ! current_user_can('install_themes') )
     231        if ( ! current_user_can( 'upload_themes' ) ) {
    231232            wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
     233        }
    232234
    233235        check_admin_referer('theme-upload');
  • trunk/src/wp-includes/capabilities.php

    r29170 r29634  
    12631263    case 'delete_plugins':
    12641264    case 'install_plugins':
     1265    case 'upload_plugins':
    12651266    case 'update_themes':
    12661267    case 'delete_themes':
    12671268    case 'install_themes':
     1269    case 'upload_themes':
    12681270    case 'update_core':
    12691271        // Disallow anything that creates, deletes, or updates core, plugin, or theme files.
    12701272        // Files in uploads are excepted.
    1271         if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS )
     1273        if ( defined( 'DISALLOW_FILE_MODS' ) && DISALLOW_FILE_MODS ) {
    12721274            $caps[] = 'do_not_allow';
    1273         elseif ( is_multisite() && ! is_super_admin( $user_id ) )
     1275        } elseif ( is_multisite() && ! is_super_admin( $user_id ) ) {
    12741276            $caps[] = 'do_not_allow';
    1275         else
     1277        } elseif ( 'upload_themes' === $cap ) {
     1278            $caps[] = 'install_themes';
     1279        } elseif ( 'upload_plugins' === $cap ) {
     1280            $caps[] = 'install_plugins';
     1281        } else {
    12761282            $caps[] = $cap;
     1283        }
    12771284        break;
    12781285    case 'activate_plugins':
Note: See TracChangeset for help on using the changeset viewer.