Changeset 41290
- Timestamp:
- 08/22/2017 02:01:36 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 8 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/wp-admin/includes/ajax-actions.php
r41289 r41290 3705 3705 $plugins_url = ( 'import' === $pagenow ) ? admin_url( 'plugins.php' ) : network_admin_url( 'plugins.php' ); 3706 3706 3707 if ( current_user_can( 'activate_plugin s') && is_plugin_inactive( $install_status['file'] ) ) {3707 if ( current_user_can( 'activate_plugin', $install_status['file'] ) && is_plugin_inactive( $install_status['file'] ) ) { 3708 3708 $status['activateUrl'] = add_query_arg( array( 3709 3709 '_wpnonce' => wp_create_nonce( 'activate-plugin_' . $install_status['file'] ), -
trunk/src/wp-admin/includes/class-plugin-installer-skin.php
r41161 r41290 72 72 if ( ! $this->result || is_wp_error($this->result) ) { 73 73 unset( $install_actions['activate_plugin'], $install_actions['network_activate'] ); 74 } elseif ( ! current_user_can( 'activate_plugin s') ) {74 } elseif ( ! current_user_can( 'activate_plugin', $plugin_file ) ) { 75 75 unset( $install_actions['activate_plugin'] ); 76 76 } -
trunk/src/wp-admin/includes/class-plugin-upgrader-skin.php
r41161 r41290 52 52 'plugins_page' => '<a href="' . self_admin_url( 'plugins.php' ) . '" target="_parent">' . __( 'Return to Plugins page' ) . '</a>' 53 53 ); 54 if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugin s') )54 if ( $this->plugin_active || ! $this->result || is_wp_error( $this->result ) || ! current_user_can( 'activate_plugin', $this->plugin ) ) 55 55 unset( $update_actions['activate_plugin'] ); 56 56 -
trunk/src/wp-admin/includes/class-wp-plugin-install-list-table.php
r41289 r41290 469 469 if ( is_plugin_active( $status['file'] ) ) { 470 470 $action_links[] = '<button type="button" class="button button-disabled" disabled="disabled">' . _x( 'Active', 'plugin' ) . '</button>'; 471 } elseif ( current_user_can( 'activate_plugin s') ) {471 } elseif ( current_user_can( 'activate_plugin', $status['file'] ) ) { 472 472 $button_text = __( 'Activate' ); 473 473 /* translators: %s: Plugin name */ -
trunk/src/wp-admin/includes/class-wp-plugins-list-table.php
r41231 r41290 621 621 ); 622 622 } elseif ( $is_active ) { 623 /* translators: %s: plugin name */ 624 $actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&plugin=' . $plugin_file . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>'; 623 if ( current_user_can( 'deactivate_plugin', $plugin_file ) ) { 624 /* translators: %s: plugin name */ 625 $actions['deactivate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=deactivate&plugin=' . $plugin_file . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'deactivate-plugin_' . $plugin_file ) . '" aria-label="' . esc_attr( sprintf( _x( 'Deactivate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Deactivate' ) . '</a>'; 626 } 625 627 } else { 626 /* translators: %s: plugin name */ 627 $actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&plugin=' . $plugin_file . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>'; 628 if ( current_user_can( 'activate_plugin', $plugin_file ) ) { 629 /* translators: %s: plugin name */ 630 $actions['activate'] = '<a href="' . wp_nonce_url( 'plugins.php?action=activate&plugin=' . $plugin_file . '&plugin_status=' . $context . '&paged=' . $page . '&s=' . $s, 'activate-plugin_' . $plugin_file ) . '" class="edit" aria-label="' . esc_attr( sprintf( _x( 'Activate %s', 'plugin' ), $plugin_data['Name'] ) ) . '">' . __( 'Activate' ) . '</a>'; 631 } 628 632 629 633 if ( ! is_multisite() && current_user_can( 'delete_plugins' ) ) { -
trunk/src/wp-admin/plugins.php
r40169 r41290 30 30 switch ( $action ) { 31 31 case 'activate': 32 if ( ! current_user_can('activate_plugins') ) 33 wp_die(__('Sorry, you are not allowed to activate plugins for this site.')); 32 if ( ! current_user_can( 'activate_plugin', $plugin ) ) { 33 wp_die( __( 'Sorry, you are not allowed to activate this plugin.' ) ); 34 } 34 35 35 36 if ( is_multisite() && ! is_network_admin() && is_network_only_plugin( $plugin ) ) { … … 89 90 unset( $plugins[ $i ] ); 90 91 } 92 // Only activate plugins which the user can activate. 93 if ( ! current_user_can( 'activate_plugin', $plugin ) ) { 94 unset( $plugins[ $i ] ); 95 } 91 96 } 92 97 } … … 147 152 148 153 case 'error_scrape': 149 if ( ! current_user_can('activate_plugins') ) 150 wp_die(__('Sorry, you are not allowed to activate plugins for this site.')); 154 if ( ! current_user_can( 'activate_plugin', $plugin ) ) { 155 wp_die( __( 'Sorry, you are not allowed to activate this plugin.' ) ); 156 } 151 157 152 158 check_admin_referer('plugin-activation-error_' . $plugin); … … 168 174 169 175 case 'deactivate': 170 if ( ! current_user_can('activate_plugins') ) 171 wp_die(__('Sorry, you are not allowed to deactivate plugins for this site.')); 176 if ( ! current_user_can( 'deactivate_plugin', $plugin ) ) { 177 wp_die( __( 'Sorry, you are not allowed to deactivate this plugin.' ) ); 178 } 172 179 173 180 check_admin_referer('deactivate-plugin_' . $plugin); … … 193 200 194 201 case 'deactivate-selected': 195 if ( ! current_user_can( 'activate_plugins') )202 if ( ! current_user_can( 'deactivate_plugins' ) ) { 196 203 wp_die(__('Sorry, you are not allowed to deactivate plugins for this site.')); 204 } 197 205 198 206 check_admin_referer('bulk-plugins'); … … 205 213 $plugins = array_filter( $plugins, 'is_plugin_active' ); 206 214 $plugins = array_diff( $plugins, array_filter( $plugins, 'is_plugin_active_for_network' ) ); 215 216 foreach ( $plugins as $i => $plugin ) { 217 // Only deactivate plugins which the user can deactivate. 218 if ( ! current_user_can( 'deactivate_plugin', $plugin ) ) { 219 unset( $plugins[ $i ] ); 220 } 221 } 222 207 223 } 208 224 if ( empty($plugins) ) { -
trunk/src/wp-includes/capabilities.php
r41268 r41290 408 408 break; 409 409 case 'activate_plugins': 410 $caps[] = $cap; 410 case 'deactivate_plugins': 411 case 'activate_plugin': 412 case 'deactivate_plugin': 413 $caps[] = 'activate_plugins'; 411 414 if ( is_multisite() ) { 412 415 // update_, install_, and delete_ are handled above with is_super_admin(). -
trunk/tests/phpunit/tests/user/capabilities.php
r41268 r41290 236 236 'install_languages' => array( 'administrator' ), 237 237 'update_languages' => array( 'administrator' ), 238 'deactivate_plugins' => array( 'administrator' ), 238 239 239 240 'edit_categories' => array( 'administrator', 'editor' ), … … 266 267 'install_languages' => array(), 267 268 'update_languages' => array(), 269 'deactivate_plugins' => array(), 268 270 269 271 'customize' => array( 'administrator' ), … … 426 428 $expected['manage_links'], 427 429 // Singular object meta capabilities (where an object ID is passed) are not tested: 430 $expected['activate_plugin'], 431 $expected['deactivate_plugin'], 428 432 $expected['remove_user'], 429 433 $expected['promote_user'],
Note: See TracChangeset
for help on using the changeset viewer.