WordPress.org

Make WordPress Core

Changeset 4049


Ignore:
Timestamp:
07/26/06 22:18:36 (8 years ago)
Author:
ryan
Message:

Menu and plugin tweakage.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r4041 r4049  
    380380        global $current_user, $wp_roles; 
    381381        $user_id = func_get_arg(0); 
     382 
    382383        if (isset ($_POST['role'])) { 
    383384            if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) { 
     
    413414        $pass2 = $_POST['pass2']; 
    414415 
    415     if (isset ($_POST['role'])) { 
     416    if (isset ($_POST['role']) && current_user_can('edit_users')) {  
    416417        if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) 
    417418            $user->role = $_POST['role']; 
     
    13311332    global $submenu; 
    13321333    global $menu_nopriv; 
     1334    global $plugin_page; 
    13331335 
    13341336    $parent = get_admin_page_parent(); 
     
    13371339        return false; 
    13381340 
     1341    if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) ) 
     1342        return false; 
     1343     
    13391344    if ( empty($parent) ) 
    13401345        return true; 
  • trunk/wp-admin/admin.php

    r3985 r4049  
    3131$editing = false; 
    3232 
     33if (isset($_GET['page'])) { 
     34    $plugin_page = stripslashes($_GET['page']); 
     35    $plugin_page = plugin_basename($plugin_page); 
     36} 
     37 
    3338require(ABSPATH . '/wp-admin/menu.php'); 
    3439 
    3540// Handle plugin admin pages. 
    36 if (isset($_GET['page'])) { 
    37     $plugin_page = stripslashes($_GET['page']); 
    38     $plugin_page = plugin_basename($plugin_page); 
     41if (isset($plugin_page)) { 
    3942    $page_hook = get_plugin_page_hook($plugin_page, $pagenow); 
    4043 
     
    6467 
    6568    $importer = $_GET['import']; 
     69 
     70    if ( ! current_user_can('import') ) 
     71        wp_die(__('You are not allowed to import.')); 
    6672 
    6773    if ( validate_file($importer) ) { 
  • trunk/wp-content/plugins/wp-db-backup.php

    r3819 r4049  
    323323    /////////////////////////////// 
    324324    function admin_menu() { 
    325         add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu')); 
     325        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu')); 
    326326    } 
    327327 
    328328    function fragment_menu() { 
    329         add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script')); 
     329        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script')); 
    330330    } 
    331331 
     
    885885function wpdbBackup_init() { 
    886886    global $mywpdbbackup; 
     887 
     888    if ( !current_user_can('import') ) return; 
     889 
    887890    $mywpdbbackup = new wpdbBackup();    
    888891} 
  • trunk/xmlrpc.php

    r3849 r4049  
    12291229        $original_title = $title; 
    12301230 
    1231         $comment_post_ID = $post_ID; 
     1231        $comment_post_ID = (int) $post_ID; 
    12321232        $comment_author = $title; 
     1233        $this->escape($comment_author); 
    12331234        $comment_author_url = $pagelinkedfrom; 
    12341235        $comment_content = $context; 
     1236        $this->escape($comment_content); 
    12351237        $comment_type = 'pingback'; 
    12361238 
Note: See TracChangeset for help on using the changeset viewer.