WordPress.org

Make WordPress Core

Changeset 31334


Ignore:
Timestamp:
02/05/2015 06:04:32 AM (7 years ago)
Author:
pento
Message:

Shiny Updates: Add capability checks to the ajax callbacks, to ensure the current user is allowed to install/update plugins.

See #29820

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r31333 r31334  
    28362836 */
    28372837function wp_ajax_install_plugin() {
     2838    if ( ! current_user_can( 'install_plugins' ) ) {
     2839        wp_die( __('You do not have sufficient permissions to install plugins on this site.') );
     2840    }
     2841
    28382842    check_ajax_referer( 'updates' );
    28392843
     
    28762880 */
    28772881function wp_ajax_update_plugin() {
     2882    if ( ! current_user_can( 'update_plugins' ) ) {
     2883        wp_die( __('You do not have sufficient permissions to install plugins on this site.') );
     2884    }
     2885
    28782886    check_ajax_referer( 'updates' );
    28792887
Note: See TracChangeset for help on using the changeset viewer.