Changeset 4051

Timestamp:

07/26/2006 10:56:56 PM (19 years ago)

Author:

ryan

Message:

Menu and plugin tweaks.

Location:

branches/2.0

Files:

• wp-admin/admin-functions.php (modified) (3 diffs)
• wp-admin/admin.php (modified) (2 diffs)
• wp-content/plugins/wp-db-backup.php (modified) (2 diffs)
• xmlrpc.php (modified) (1 diff)

branches/2.0/wp-admin/admin-functions.php

@@ -362 +362 @@
         $pass2 = $_POST['pass2'];
 
-    if (isset ($_POST['role'])) {
+    if (isset ($_POST['role']) && current_user_can('edit_users')) {
         if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
             $user->role = $_POST['role'];
@@ -1215 +1215 @@
     global $menu;
     global $submenu;
+    global $plugin_page;
 
     $parent = get_admin_page_parent();
@@ -1230 +1231 @@
 
     if (isset ($submenu[$parent])) {
-        foreach ($submenu[$parent] as $submenu_array) {
+        if ( isset($plugin_page) ) {
+            foreach ($submenu[$parent] as $submenu_array) {
+                if ( $submenu_array[2] == $plugin_page ) {
+                    if (!current_user_can($submenu_array[1]))
+                        return false;
+                }
+            }
+        }
+
+        foreach ($submenu[$parent] as $submenu_array) {     
             if ($submenu_array[2] == $pagenow) {
-                if (!current_user_can($submenu_array[1])) {
+                if (!current_user_can($submenu_array[1]))
                     return false;
-                } else {
+                else
                     return true;
-                }
             }
         }

branches/2.0/wp-admin/admin.php

@@ -43 +43 @@
 $xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
 
+if (isset($_GET['page'])) {
+    $plugin_page = stripslashes($_GET['page']);
+    $plugin_page = plugin_basename($plugin_page);
+}
+
 require(ABSPATH . '/wp-admin/menu.php');
 
 // Handle plugin admin pages.
-if (isset($_GET['page'])) {
-    $plugin_page = stripslashes($_GET['page']);
-    $plugin_page = plugin_basename($plugin_page);
+if (isset($plugin_page)) {
     $page_hook = get_plugin_page_hook($plugin_page, $pagenow);
 
@@ -76 +79 @@
     
     $importer = $_GET['import'];
+
+    if ( ! current_user_can('import') )
+        wp_die(__('You are not allowed to import.'));
 
     if ( validate_file($importer) ) {

branches/2.0/wp-content/plugins/wp-db-backup.php

@@ -321 +321 @@
     ///////////////////////////////
     function admin_menu() {
-        add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
     }
 
     function fragment_menu() {
-        add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+        add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
     }
 
@@ -886 +886 @@
 function wpdbBackup_init() {
     global $mywpdbbackup;
+
+    if ( !current_user_can('import') ) return;
+
     $mywpdbbackup = new wpdbBackup();   
 }

branches/2.0/xmlrpc.php

@@ -1229 +1229 @@
         $original_title = $title;
 
-        $comment_post_ID = $post_ID;
+        $comment_post_ID = (int) $post_ID;
         $comment_author = $title;
+        $this->escape($comment_author);
         $comment_author_url = $pagelinkedfrom;
         $comment_content = $context;
+        $this->escape($comment_content);
         $comment_type = 'pingback';