Index: wp-includes/theme.php =================================================================== --- wp-includes/theme.php (revision 15606) +++ wp-includes/theme.php (working copy) @@ -1402,6 +1402,7 @@ add_action('wp_head', $header_callback); add_theme_support( 'custom-header' ); + add_theme_support( 'custom-header-uploads' ); if ( ! is_admin() ) return; Index: wp-admin/custom-header.php =================================================================== --- wp-admin/custom-header.php (revision 15606) +++ wp-admin/custom-header.php (working copy) @@ -456,7 +456,7 @@ - +
+ show_default_header_selector(); ?> @@ -568,6 +573,11 @@ */ function step_2() { check_admin_referer('custom-header-upload', '_wpnonce-custom-header-upload'); + if ( ! current_theme_supports('custom-header-uploads') ): + _e( 'You are not authorized to upload custom headers.' ); + return; + endif; + $overrides = array('test_form' => false); $file = wp_handle_upload($_FILES['import'], $overrides); @@ -647,7 +657,11 @@ * @since 2.1.0 */ function step_3() { - check_admin_referer('custom-header-crop-image'); + check_admin_referer('custom-header-crop-image'); + if ( ! current_theme_supports('custom-header-uploads') ): + _e( 'You are not authorized to upload custom headers.' ); + return; + endif; if ( $_POST['oitar'] > 1 ) { $_POST['x1'] = $_POST['x1'] * $_POST['oitar']; $_POST['y1'] = $_POST['y1'] * $_POST['oitar'];