WordPress.org

Make WordPress Core

Changeset 6255


Ignore:
Timestamp:
10/16/07 16:09:01 (7 years ago)
Author:
ryan
Message:

Add current_user_can() checks to link.php. Props DD32. fixes #4627

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-admin/link.php

    r5637 r6255  
    33 
    44wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]')); 
     5 
     6if ( ! current_user_can('manage_links') ) 
     7    wp_die( __('You do not have sufficient permissions to edit the links for this blog.') ); 
    58 
    69if ('' != $_POST['deletebookmarks']) 
     
    1417 
    1518switch ($action) { 
    16         case 'deletebookmarks' : 
     19    case 'deletebookmarks' : 
    1720        check_admin_referer('bulk-bookmarks'); 
    18  
    19         // check the current user's level first. 
    20         if (!current_user_can('manage_links')) 
    21             wp_die(__('Cheatin’ uh?')); 
    2221 
    2322        //for each link id (in $linkcheck[]) change category to selected value 
     
    4241        check_admin_referer('bulk-bookmarks'); 
    4342 
    44         // check the current user's level first. 
    45         if (!current_user_can('manage_links')) 
    46             wp_die(__('Cheatin’ uh?')); 
    47  
    4843        //for each link id (in $linkcheck[]) change category to selected value 
    4944        if (count($linkcheck) == 0) { 
     
    6459        add_link(); 
    6560 
    66         wp_redirect(wp_get_referer().'?added=true'); 
     61        wp_redirect( wp_get_referer() . '?added=true' ); 
    6762        exit; 
    6863        break; 
     
    8277        check_admin_referer('delete-bookmark_' . $link_id); 
    8378 
    84         if (!current_user_can('manage_links')) 
    85             wp_die(__('Cheatin’ uh?')); 
    86  
    8779        wp_delete_link($link_id); 
    8880 
     
    9890        $submenu_file = 'link-manager.php'; 
    9991        $title = __('Edit Link'); 
    100         include_once ('admin-header.php'); 
    101         if (!current_user_can('manage_links')) 
    102             wp_die(__('You do not have sufficient permissions to edit the links for this blog.')); 
    10392 
    10493        $link_id = (int) $_GET['link_id']; 
     
    10796            wp_die(__('Link not found.')); 
    10897 
     98        include_once ('admin-header.php'); 
    10999        include ('edit-link-form.php'); 
     100        include ('admin-footer.php'); 
    110101        break; 
    111102 
     
    113104        break; 
    114105} 
    115  
    116 include ('admin-footer.php'); 
    117106?> 
Note: See TracChangeset for help on using the changeset viewer.