Make WordPress Core

Changeset 4049


Ignore:
Timestamp:
07/26/2006 10:18:36 PM (18 years ago)
Author:
ryan
Message:

Menu and plugin tweakage.

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/admin-functions.php

    r4041 r4049  
    380380        global $current_user, $wp_roles;
    381381        $user_id = func_get_arg(0);
     382
    382383        if (isset ($_POST['role'])) {
    383384            if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) {
     
    413414        $pass2 = $_POST['pass2'];
    414415
    415     if (isset ($_POST['role'])) {
     416    if (isset ($_POST['role']) && current_user_can('edit_users')) {
    416417        if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
    417418            $user->role = $_POST['role'];
     
    13311332    global $submenu;
    13321333    global $menu_nopriv;
     1334    global $plugin_page;
    13331335
    13341336    $parent = get_admin_page_parent();
     
    13371339        return false;
    13381340
     1341    if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) )
     1342        return false;
     1343   
    13391344    if ( empty($parent) )
    13401345        return true;
  • trunk/wp-admin/admin.php

    r3985 r4049  
    3131$editing = false;
    3232
     33if (isset($_GET['page'])) {
     34    $plugin_page = stripslashes($_GET['page']);
     35    $plugin_page = plugin_basename($plugin_page);
     36}
     37
    3338require(ABSPATH . '/wp-admin/menu.php');
    3439
    3540// Handle plugin admin pages.
    36 if (isset($_GET['page'])) {
    37     $plugin_page = stripslashes($_GET['page']);
    38     $plugin_page = plugin_basename($plugin_page);
     41if (isset($plugin_page)) {
    3942    $page_hook = get_plugin_page_hook($plugin_page, $pagenow);
    4043
     
    6467
    6568    $importer = $_GET['import'];
     69
     70    if ( ! current_user_can('import') )
     71        wp_die(__('You are not allowed to import.'));
    6672
    6773    if ( validate_file($importer) ) {
  • trunk/wp-content/plugins/wp-db-backup.php

    r3819 r4049  
    323323    ///////////////////////////////
    324324    function admin_menu() {
    325         add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
     325        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
    326326    }
    327327
    328328    function fragment_menu() {
    329         add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
     329        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
    330330    }
    331331
     
    885885function wpdbBackup_init() {
    886886    global $mywpdbbackup;
     887
     888    if ( !current_user_can('import') ) return;
     889
    887890    $mywpdbbackup = new wpdbBackup();   
    888891}
  • trunk/xmlrpc.php

    r3849 r4049  
    12291229        $original_title = $title;
    12301230
    1231         $comment_post_ID = $post_ID;
     1231        $comment_post_ID = (int) $post_ID;
    12321232        $comment_author = $title;
     1233        $this->escape($comment_author);
    12331234        $comment_author_url = $pagelinkedfrom;
    12341235        $comment_content = $context;
     1236        $this->escape($comment_content);
    12351237        $comment_type = 'pingback';
    12361238
Note: See TracChangeset for help on using the changeset viewer.