WordPress.org

Make WordPress Core


Ignore:
Timestamp:
08/27/2014 01:31:05 AM (7 years ago)
Author:
nacin
Message:

Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters.

Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes.

Also:

  • Use the same nice design for the plugin upload screen as the theme upload screen.
  • Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578.
  • Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button.
  • Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'.

fixes #29236.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/update.php

    r28500 r29634  
    124124    } elseif ( 'upload-plugin' == $action ) {
    125125
    126         if ( ! current_user_can('install_plugins') )
     126        if ( ! current_user_can( 'upload_plugins' ) ) {
    127127            wp_die( __( 'You do not have sufficient permissions to install plugins on this site.' ) );
     128        }
    128129
    129130        check_admin_referer('plugin-upload');
     
    228229    } elseif ( 'upload-theme' == $action ) {
    229230
    230         if ( ! current_user_can('install_themes') )
     231        if ( ! current_user_can( 'upload_themes' ) ) {
    231232            wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
     233        }
    232234
    233235        check_admin_referer('theme-upload');
Note: See TracChangeset for help on using the changeset viewer.