Changeset 29634 for trunk/src/wp-admin/update.php

Timestamp:

08/27/2014 01:31:05 AM (11 years ago)

Author:

nacin

Message:

Plugin/Theme Uploads: New capabilities; unify UIs; ensure compatibility with old filters.

Introduce upload_plugins and upload_themes capabilities to allow blocking of plugin and theme uploads, versus the old hacky (and not secure) ways of just hiding UI tabs. These are simply meta capabilities that map to install_plugins and install_themes.

Also:

• Use the same nice design for the plugin upload screen as the theme upload screen.
• Better compatibility for the old install_themes_tabs filter added in [29002]. see #28578.
• Ensure using the install_plugins_tabs filter to remove the upload tab removes the new button.
• Use 'Add Plugins' instead of 'Install Plugins' to match 'Add Themes'.

fixes #29236.

File:

• trunk/src/wp-admin/update.php (modified) (2 diffs)

trunk/src/wp-admin/update.php

@@ -124 +124 @@
     } elseif ( 'upload-plugin' == $action ) {
 
-        if ( ! current_user_can('install_plugins') )
+        if ( ! current_user_can( 'upload_plugins' ) ) {
             wp_die( __( 'You do not have sufficient permissions to install plugins on this site.' ) );
+        }
 
         check_admin_referer('plugin-upload');
@@ -228 +229 @@
     } elseif ( 'upload-theme' == $action ) {
 
-        if ( ! current_user_can('install_themes') )
+        if ( ! current_user_can( 'upload_themes' ) ) {
             wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) );
+        }
 
         check_admin_referer('theme-upload');