Changeset 4049
- Timestamp:
- 07/26/2006 10:18:36 PM (18 years ago)
- Location:
- trunk
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/wp-admin/admin-functions.php
r4041 r4049 380 380 global $current_user, $wp_roles; 381 381 $user_id = func_get_arg(0); 382 382 383 if (isset ($_POST['role'])) { 383 384 if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) { … … 413 414 $pass2 = $_POST['pass2']; 414 415 415 if (isset ($_POST['role']) ) {416 if (isset ($_POST['role']) && current_user_can('edit_users')) { 416 417 if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users')) 417 418 $user->role = $_POST['role']; … … 1331 1332 global $submenu; 1332 1333 global $menu_nopriv; 1334 global $plugin_page; 1333 1335 1334 1336 $parent = get_admin_page_parent(); … … 1337 1339 return false; 1338 1340 1341 if ( isset($plugin_page) && isset($menu_nopriv[$plugin_page]) ) 1342 return false; 1343 1339 1344 if ( empty($parent) ) 1340 1345 return true; -
trunk/wp-admin/admin.php
r3985 r4049 31 31 $editing = false; 32 32 33 if (isset($_GET['page'])) { 34 $plugin_page = stripslashes($_GET['page']); 35 $plugin_page = plugin_basename($plugin_page); 36 } 37 33 38 require(ABSPATH . '/wp-admin/menu.php'); 34 39 35 40 // Handle plugin admin pages. 36 if (isset($_GET['page'])) { 37 $plugin_page = stripslashes($_GET['page']); 38 $plugin_page = plugin_basename($plugin_page); 41 if (isset($plugin_page)) { 39 42 $page_hook = get_plugin_page_hook($plugin_page, $pagenow); 40 43 … … 64 67 65 68 $importer = $_GET['import']; 69 70 if ( ! current_user_can('import') ) 71 wp_die(__('You are not allowed to import.')); 66 72 67 73 if ( validate_file($importer) ) { -
trunk/wp-content/plugins/wp-db-backup.php
r3819 r4049 323 323 /////////////////////////////// 324 324 function admin_menu() { 325 add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));325 add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu')); 326 326 } 327 327 328 328 function fragment_menu() { 329 add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));329 add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script')); 330 330 } 331 331 … … 885 885 function wpdbBackup_init() { 886 886 global $mywpdbbackup; 887 888 if ( !current_user_can('import') ) return; 889 887 890 $mywpdbbackup = new wpdbBackup(); 888 891 } -
trunk/xmlrpc.php
r3849 r4049 1229 1229 $original_title = $title; 1230 1230 1231 $comment_post_ID = $post_ID;1231 $comment_post_ID = (int) $post_ID; 1232 1232 $comment_author = $title; 1233 $this->escape($comment_author); 1233 1234 $comment_author_url = $pagelinkedfrom; 1234 1235 $comment_content = $context; 1236 $this->escape($comment_content); 1235 1237 $comment_type = 'pingback'; 1236 1238
Note: See TracChangeset
for help on using the changeset viewer.