Make WordPress Core

Changeset 32913


Ignore:
Timestamp:
06/23/2015 06:19:43 PM (10 years ago)
Author:
wonderboymusic
Message:

The query-attachments AJAX action immediately errors out if the user doesn't have the upload_files cap. As such, the Customizer shouldn't show buttons that launch the media modal when the user doesn't have the proper permissions to query attachments.

See #32654.

Location:
trunk/src
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/custom-background.php

    r32734 r32913  
    260260<?php endif; ?>
    261261
     262<?php if ( current_user_can( 'upload_files' ) ): ?>
    262263<tr>
    263264<th scope="row"><?php _e('Select Image'); ?></th>
     
    279280</td>
    280281</tr>
     282<?php endif; ?>
    281283</tbody>
    282284</table>
  • trunk/src/wp-admin/custom-header.php

    r32735 r32913  
    510510<?php endif; ?>
    511511
    512 <?php if ( current_theme_supports( 'custom-header', 'uploads' ) ) : ?>
     512<?php if ( current_user_can( 'upload_files' ) && current_theme_supports( 'custom-header', 'uploads' ) ) : ?>
    513513<tr>
    514514<th scope="row"><?php _e( 'Select Image' ); ?></th>
  • trunk/src/wp-includes/class-wp-customize-control.php

    r32895 r32913  
    722722        $this->json['mime_type'] = $this->mime_type;
    723723        $this->json['button_labels'] = $this->button_labels;
     724        $this->json['canUpload'] = current_user_can( 'upload_files' );
    724725
    725726        $value = $this->value();
     
    824825            </div>
    825826            <div class="actions">
     827                <# if ( data.canUpload ) { #>
    826828                <button type="button" class="button remove-button"><?php echo $this->button_labels['remove']; ?></button>
    827829                <button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['change']; ?></button>
    828830                <div style="clear:both"></div>
     831                <# } #>
    829832            </div>
    830833        <# } else { #>
     
    844847                    <button type="button" class="button default-button"><?php echo $this->button_labels['default']; ?></button>
    845848                <# } #>
     849                <# if ( data.canUpload ) { #>
    846850                <button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['select']; ?></button>
     851                <# } #>
    847852                <div style="clear:both"></div>
    848853            </div>
     
    11591164        $height = absint( get_theme_support( 'custom-header', 'height' ) );
    11601165        ?>
    1161 
    1162 
    11631166        <div class="customize-control-content">
    11641167            <p class="customizer-section-intro">
     
    11811184            </div>
    11821185            <div class="actions">
     1186                <?php if ( current_user_can( 'upload_files' ) ): ?>
    11831187                <?php /* translators: Hide as in hide header image via the Customizer */ ?>
    11841188                <button type="button"<?php echo $visibility ?> class="button remove"><?php _ex( 'Hide image', 'custom header' ); ?></button>
     
    11861190                <button type="button" class="button new"><?php _ex( 'Add new image', 'header image' ); ?></button>
    11871191                <div style="clear:both"></div>
     1192                <?php endif; ?>
    11881193            </div>
    11891194            <div class="choices">
Note: See TracChangeset for help on using the changeset viewer.