Make WordPress Core

Opened 15 years ago

Closed 15 years ago

#12455 closed defect (bug) (fixed)

Options.php cleanup

Reported by: dd32's profile dd32 Owned by: dd32's profile dd32
Milestone: 3.0 Priority: normal
Severity: normal Version: 3.0
Component: General Keywords: has-patch needs-testing
Focuses: Cc:

Description

The 2.9 options.php only contained 2 cases where exiting was required, Specifically, if ( !current_user_can('manage_options') ) and if the whitelisted page was not available.

trunk currently contains a few Multisite additions for death of the loading, Some of these apply to non-MS installs as well.

Attached patch is an attempt at cleaning up some blocks of the code.

  • Consolidates wp_die()'s to the top of the file
    • Multisite checks allow for non-super-admins to update options, not to access the options.php page
  • Code formatting
  • Reduced if branching
  • Removes single-case switch in favour of if

Attachments (1)

12455.diff (5.6 KB) - added by dd32 15 years ago.

Download all attachments as: .zip

Change History (7)

#1 @dd32
15 years ago

  • Keywords needs-testing added

Some testing under Multisite, and with various plugins would be appreciated.

@dd32
15 years ago

#2 @dd32
15 years ago

  • Owner set to dd32
  • Status changed from new to accepted

#3 follow-up: @Denis-de-Bernardy
15 years ago

I'd like to suggest an additional enhancement: if the site is not multisite, only the user whose email corresponds to the admin email can browse that screen.

#4 in reply to: ↑ 3 @nacin
15 years ago

Replying to Denis-de-Bernardy:

I'd like to suggest an additional enhancement: if the site is not multisite, only the user whose email corresponds to the admin email can browse that screen.

-1 for two reasons. One, this should be handled by capabilities. If manage_options isn't specific enough, then we can come up with another that can be removed by a plugin for certain users. Even then, a plugin should be able to deny options.php for certain holders of a manage_options cap.

Two, there's zero guarantee that there is a matching account to the admin email. If we ever start thinking about an owner/super-admin role that can be linked directly to the admin email, then this perhaps comes into play, but otherwise, you can't make that assumption.

#5 @dd32
15 years ago

(In [13627]) Cleanup of options.php. Adds concise&early wp_die()'s, reformats some poorly chosen branching. See #12455

#6 @dd32
15 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed
Note: See TracTickets for help on using tickets.