WordPress.org
Get WordPress

Make WordPress Core


Ignore:
Timestamp:
08/18/2017 06:30:28 PM (6 years ago)
Author:
flixos90
Message:

Role/Capability: Introduce capabilities dedicated to installing and updating language files.

The new meta capabilities are called install_languages and update_languages. Prior to this change, there were no proper capability checks applied. Instead only the filesystem and related constants were checked, and for actual permissions a rather vague fallback was used where a user needed to have at least one of the other updating capabilities. In addition to being generally more verbose, the new capabilities make it possible for example to allow a user to update languages, but nothing else. By default they fall back to the original way of how they were handled.

Props johnbillion, flixos90.
Fixes #39677.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/wp-admin/update-core.php

    r39808 r41268  
    2020}
    2121
    22 if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) )
     22if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_themes' ) && ! current_user_can( 'update_plugins' ) && ! current_user_can( 'update_languages' ) )
    2323    wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
    2424
     
    609609    echo '</p>';
    610610
    611     if ( $core = current_user_can( 'update_core' ) )
     611    if ( current_user_can( 'update_core' ) ) {
    612612        core_upgrade_preamble();
    613     if ( $plugins = current_user_can( 'update_plugins' ) )
     613    }
     614    if ( current_user_can( 'update_plugins' ) ) {
    614615        list_plugin_updates();
    615     if ( $themes = current_user_can( 'update_themes' ) )
     616    }
     617    if ( current_user_can( 'update_themes' ) ) {
    616618        list_theme_updates();
    617     if ( $core || $plugins || $themes )
     619    }
     620    if ( current_user_can( 'update_languages' ) ) {
    618621        list_translation_updates();
    619     unset( $core, $plugins, $themes );
     622    }
     623
    620624    /**
    621625     * Fires after the core, plugin, and theme update tables.
     
    730734} elseif ( 'do-translation-upgrade' == $action ) {
    731735
    732     if ( ! current_user_can( 'update_core' ) && ! current_user_can( 'update_plugins' ) && ! current_user_can( 'update_themes' ) )
     736    if ( ! current_user_can( 'update_languages' ) )
    733737        wp_die( __( 'Sorry, you are not allowed to update this site.' ) );
    734738
Note: See TracChangeset for help on using the changeset viewer.