Make WordPress Core

Changeset 4051


Ignore:
Timestamp:
07/26/2006 10:56:56 PM (18 years ago)
Author:
ryan
Message:

Menu and plugin tweaks.

Location:
branches/2.0
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • branches/2.0/wp-admin/admin-functions.php

    r4036 r4051  
    362362        $pass2 = $_POST['pass2'];
    363363
    364     if (isset ($_POST['role'])) {
     364    if (isset ($_POST['role']) && current_user_can('edit_users')) {
    365365        if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
    366366            $user->role = $_POST['role'];
     
    12151215    global $menu;
    12161216    global $submenu;
     1217    global $plugin_page;
    12171218
    12181219    $parent = get_admin_page_parent();
     
    12301231
    12311232    if (isset ($submenu[$parent])) {
    1232         foreach ($submenu[$parent] as $submenu_array) {
     1233        if ( isset($plugin_page) ) {
     1234            foreach ($submenu[$parent] as $submenu_array) {
     1235                if ( $submenu_array[2] == $plugin_page ) {
     1236                    if (!current_user_can($submenu_array[1]))
     1237                        return false;
     1238                }
     1239            }
     1240        }
     1241
     1242        foreach ($submenu[$parent] as $submenu_array) {     
    12331243            if ($submenu_array[2] == $pagenow) {
    1234                 if (!current_user_can($submenu_array[1])) {
     1244                if (!current_user_can($submenu_array[1]))
    12351245                    return false;
    1236                 } else {
     1246                else
    12371247                    return true;
    1238                 }
    12391248            }
    12401249        }
  • branches/2.0/wp-admin/admin.php

    r3771 r4051  
    4343$xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
    4444
     45if (isset($_GET['page'])) {
     46    $plugin_page = stripslashes($_GET['page']);
     47    $plugin_page = plugin_basename($plugin_page);
     48}
     49
    4550require(ABSPATH . '/wp-admin/menu.php');
    4651
    4752// Handle plugin admin pages.
    48 if (isset($_GET['page'])) {
    49     $plugin_page = stripslashes($_GET['page']);
    50     $plugin_page = plugin_basename($plugin_page);
     53if (isset($plugin_page)) {
    5154    $page_hook = get_plugin_page_hook($plugin_page, $pagenow);
    5255
     
    7679   
    7780    $importer = $_GET['import'];
     81
     82    if ( ! current_user_can('import') )
     83        wp_die(__('You are not allowed to import.'));
    7884
    7985    if ( validate_file($importer) ) {
  • branches/2.0/wp-content/plugins/wp-db-backup.php

    r3820 r4051  
    321321    ///////////////////////////////
    322322    function admin_menu() {
    323         add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
     323        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
    324324    }
    325325
    326326    function fragment_menu() {
    327         add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
     327        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
    328328    }
    329329
     
    886886function wpdbBackup_init() {
    887887    global $mywpdbbackup;
     888
     889    if ( !current_user_can('import') ) return;
     890
    888891    $mywpdbbackup = new wpdbBackup();   
    889892}
  • branches/2.0/xmlrpc.php

    r3498 r4051  
    12291229        $original_title = $title;
    12301230
    1231         $comment_post_ID = $post_ID;
     1231        $comment_post_ID = (int) $post_ID;
    12321232        $comment_author = $title;
     1233        $this->escape($comment_author);
    12331234        $comment_author_url = $pagelinkedfrom;
    12341235        $comment_content = $context;
     1236        $this->escape($comment_content);
    12351237        $comment_type = 'pingback';
    12361238
Note: See TracChangeset for help on using the changeset viewer.