Changeset 6255

Timestamp:

10/16/2007 04:09:01 PM (17 years ago)

Author:

ryan

Message:

Add current_user_can() checks to link.php. Props DD32. fixes #4627

File:

• trunk/wp-admin/link.php (modified) (8 diffs)

trunk/wp-admin/link.php

@@ -3 +3 @@
 
 wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]'));
+
+if ( ! current_user_can('manage_links') )
+    wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
 
 if ('' != $_POST['deletebookmarks'])
@@ -14 +17 @@
 
 switch ($action) {
-        case 'deletebookmarks' :
+    case 'deletebookmarks' :
         check_admin_referer('bulk-bookmarks');
-
-        // check the current user's level first.
-        if (!current_user_can('manage_links'))
-            wp_die(__('Cheatin’ uh?'));
 
         //for each link id (in $linkcheck[]) change category to selected value
@@ -42 +41 @@
         check_admin_referer('bulk-bookmarks');
 
-        // check the current user's level first.
-        if (!current_user_can('manage_links'))
-            wp_die(__('Cheatin’ uh?'));
-
         //for each link id (in $linkcheck[]) change category to selected value
         if (count($linkcheck) == 0) {
@@ -64 +59 @@
         add_link();
 
-        wp_redirect(wp_get_referer().'?added=true');
+        wp_redirect( wp_get_referer() . '?added=true' );
         exit;
         break;
@@ -82 +77 @@
         check_admin_referer('delete-bookmark_' . $link_id);
 
-        if (!current_user_can('manage_links'))
-            wp_die(__('Cheatin’ uh?'));
-
         wp_delete_link($link_id);
 
@@ -98 +90 @@
         $submenu_file = 'link-manager.php';
         $title = __('Edit Link');
-        include_once ('admin-header.php');
-        if (!current_user_can('manage_links'))
-            wp_die(__('You do not have sufficient permissions to edit the links for this blog.'));
 
         $link_id = (int) $_GET['link_id'];
@@ -107 +96 @@
             wp_die(__('Link not found.'));
 
+        include_once ('admin-header.php');
         include ('edit-link-form.php');
+        include ('admin-footer.php');
         break;
 
@@ -113 +104 @@
         break;
 }
-
-include ('admin-footer.php');
 ?>