WordPress.org

Make WordPress Core


Ignore:
Timestamp:
07/27/2016 05:42:01 PM (3 years ago)
Author:
ocean90
Message:

Plugins: Move capability checks further up in wp_ajax_update_plugin() and wp_ajax_delete_plugin().

Add tests for both Ajax handlers.

Props Yorick Koster, swissspidy.
Fixes #37490.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/ajax-actions.php

    r38167 r38168  
    36543654    }
    36553655
    3656     $plugin      = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );
    3657     $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
     3656    $plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );
    36583657
    36593658    $status = array(
    36603659        'update'     => 'plugin',
    3661         'plugin'     => $plugin,
    36623660        'slug'       => sanitize_key( wp_unslash( $_POST['slug'] ) ),
    3663         'pluginName' => $plugin_data['Name'],
    36643661        'oldVersion' => '',
    36653662        'newVersion' => '',
    36663663    );
    36673664
     3665    if ( ! current_user_can( 'update_plugins' ) || 0 !== validate_file( $plugin ) ) {
     3666        $status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
     3667        wp_send_json_error( $status );
     3668    }
     3669
     3670    $plugin_data          = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
     3671    $status['plugin']     = $plugin;
     3672    $status['pluginName'] = $plugin_data['Name'];
     3673
    36683674    if ( $plugin_data['Version'] ) {
    36693675        /* translators: %s: Plugin version */
    36703676        $status['oldVersion'] = sprintf( __( 'Version %s' ), $plugin_data['Version'] );
    3671     }
    3672 
    3673     if ( ! current_user_can( 'update_plugins' ) ) {
    3674         $status['errorMessage'] = __( 'Sorry, you are not allowed to update plugins for this site.' );
    3675         wp_send_json_error( $status );
    36763677    }
    36773678
     
    37493750
    37503751    if ( empty( $_POST['slug'] ) || empty( $_POST['plugin'] ) ) {
    3751         wp_send_json_error( array( 'errorCode' => 'no_plugin_specified' ) );
    3752     }
    3753 
    3754     $plugin      = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );
    3755     $plugin_data = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
     3752        wp_send_json_error( array(
     3753            'slug'         => '',
     3754            'errorCode'    => 'no_plugin_specified',
     3755            'errorMessage' => __( 'No plugin specified.' ),
     3756        ) );
     3757    }
     3758
     3759    $plugin = plugin_basename( sanitize_text_field( wp_unslash( $_POST['plugin'] ) ) );
    37563760
    37573761    $status = array(
    3758         'delete'     => 'plugin',
    3759         'slug'       => sanitize_key( wp_unslash( $_POST['slug'] ) ),
    3760         'plugin'     => $plugin,
    3761         'pluginName' => $plugin_data['Name'],
     3762        'delete' => 'plugin',
     3763        'slug'   => sanitize_key( wp_unslash( $_POST['slug'] ) ),
    37623764    );
    37633765
    3764     if ( ! current_user_can( 'delete_plugins' ) ) {
     3766    if ( ! current_user_can( 'delete_plugins' ) || 0 !== validate_file( $plugin ) ) {
    37653767        $status['errorMessage'] = __( 'Sorry, you are not allowed to delete plugins for this site.' );
    37663768        wp_send_json_error( $status );
    37673769    }
     3770
     3771    $plugin_data          = get_plugin_data( WP_PLUGIN_DIR . '/' . $plugin );
     3772    $status['plugin']     = $plugin;
     3773    $status['pluginName'] = $plugin_data['Name'];
    37683774
    37693775    if ( is_plugin_active( $plugin ) ) {
Note: See TracChangeset for help on using the changeset viewer.