Make WordPress Core


Ignore:
Timestamp:
08/18/2017 06:30:28 PM (7 years ago)
Author:
flixos90
Message:

Role/Capability: Introduce capabilities dedicated to installing and updating language files.

The new meta capabilities are called install_languages and update_languages. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/network/site-new.php

    r41064 r41268  
    6767        if ( '' === $_POST['WPLANG'] ) {
    6868            $meta['WPLANG'] = ''; // en_US
    69         } elseif ( wp_can_install_language_pack() ) {
     69        } elseif ( in_array( $_POST['WPLANG'], get_available_languages() ) ) {
     70            $meta['WPLANG'] = $_POST['WPLANG'];
     71        } elseif ( current_user_can( 'install_languages' ) ) {
    7072            $language = wp_download_language_pack( wp_unslash( $_POST['WPLANG'] ) );
    7173            if ( $language ) {
     
    235237                        'languages'                   => $languages,
    236238                        'translations'                => $translations,
    237                         'show_available_translations' => wp_can_install_language_pack(),
     239                        'show_available_translations' => current_user_can( 'install_languages' ),
    238240                    ) );
    239241                    ?>
Note: See TracChangeset for help on using the changeset viewer.