WordPress.org

Make WordPress Core


Ignore:
Timestamp:
01/09/2015 09:06:13 PM (7 years ago)
Author:
wonderboymusic
Message:

In Custom_Background and Custom_Header:

  • In ->init(), don't check current_user_can() since add_theme_page() will return false immediately if the cap check fails.
  • Bail if add_theme_page() returns false
  • wp_check_filetype_and_ext() doesn't need a 3rd param, it already defaults to null. Passing false would fail a strict check.

See #30799.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/custom-background.php

    r30885 r31116  
    126126     */
    127127    public function init() {
    128         if ( ! current_user_can('edit_theme_options') )
     128        $page = add_theme_page( __( 'Background' ), __( 'Background' ), 'edit_theme_options', 'custom-background', array( $this, 'admin_page' ) );
     129        if ( ! $page ) {
    129130            return;
    130 
    131         $this->page = $page = add_theme_page(__('Background'), __('Background'), 'edit_theme_options', 'custom-background', array($this, 'admin_page'));
    132 
    133         add_action("load-$page", array($this, 'admin_load'));
    134         add_action("load-$page", array($this, 'take_action'), 49);
    135         add_action("load-$page", array($this, 'handle_upload'), 49);
    136 
    137         if ( $this->admin_header_callback )
    138             add_action("admin_head-$page", $this->admin_header_callback, 51);
     131        }
     132
     133        $this->page = $page;
     134
     135        add_action( "load-$page", array( $this, 'admin_load' ) );
     136        add_action( "load-$page", array( $this, 'take_action' ), 49 );
     137        add_action( "load-$page", array( $this, 'handle_upload' ), 49 );
     138
     139        if ( $this->admin_header_callback ) {
     140            add_action( "admin_head-$page", $this->admin_header_callback, 51 );
     141        }
    139142    }
    140143
     
    428431
    429432        $uploaded_file = $_FILES['import'];
    430         $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'], false );
     433        $wp_filetype = wp_check_filetype_and_ext( $uploaded_file['tmp_name'], $uploaded_file['name'] );
    431434        if ( ! wp_match_mime_types( 'image', $wp_filetype['type'] ) )
    432435            wp_die( __( 'The uploaded file is not a valid image. Please try again.' ) );
Note: See TracChangeset for help on using the changeset viewer.