WordPress.org

Make WordPress Core

Changeset 6256


Ignore:
Timestamp:
10/16/2007 04:09:37 PM (11 years ago)
Author:
ryan
Message:

Add current_user_can() checks to link.php. Props DD32. fixes #4627 for 2.3

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/2.3/wp-admin/link.php

    r5637 r6256  
    33
    44wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]'));
     5
     6if ( ! current_user_can('manage_links') )
     7    wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
    58
    69if ('' != $_POST['deletebookmarks'])
     
    1417
    1518switch ($action) {
    16         case 'deletebookmarks' :
     19    case 'deletebookmarks' :
    1720        check_admin_referer('bulk-bookmarks');
    18 
    19         // check the current user's level first.
    20         if (!current_user_can('manage_links'))
    21             wp_die(__('Cheatin’ uh?'));
    2221
    2322        //for each link id (in $linkcheck[]) change category to selected value
     
    4241        check_admin_referer('bulk-bookmarks');
    4342
    44         // check the current user's level first.
    45         if (!current_user_can('manage_links'))
    46             wp_die(__('Cheatin’ uh?'));
    47 
    4843        //for each link id (in $linkcheck[]) change category to selected value
    4944        if (count($linkcheck) == 0) {
     
    6459        add_link();
    6560
    66         wp_redirect(wp_get_referer().'?added=true');
     61        wp_redirect( wp_get_referer() . '?added=true' );
    6762        exit;
    6863        break;
     
    8277        check_admin_referer('delete-bookmark_' . $link_id);
    8378
    84         if (!current_user_can('manage_links'))
    85             wp_die(__('Cheatin’ uh?'));
    86 
    8779        wp_delete_link($link_id);
    8880
     
    9890        $submenu_file = 'link-manager.php';
    9991        $title = __('Edit Link');
    100         include_once ('admin-header.php');
    101         if (!current_user_can('manage_links'))
    102             wp_die(__('You do not have sufficient permissions to edit the links for this blog.'));
    10392
    10493        $link_id = (int) $_GET['link_id'];
     
    10796            wp_die(__('Link not found.'));
    10897
     98        include_once ('admin-header.php');
    10999        include ('edit-link-form.php');
     100        include ('admin-footer.php');
    110101        break;
    111102
     
    113104        break;
    114105}
    115 
    116 include ('admin-footer.php');
    117106?>
Note: See TracChangeset for help on using the changeset viewer.