Capability checks missing for some links after a plugin/theme upgrade

[linuxologos]

After a plugin's/theme's update has been finished through the Dashboard > Updates (update-core.php) screen, the "Return to Plugins page" or "Return to Themes page" links are offered, but there is no check if current user can access those pages (plugins.php/themes.php).

This problem can show up, if a user is given the update_core and one or both of update_plugins, update_themes capabilities, but doesn't have any of activate_plugins, edit_theme_options, switch_themes capabilities.

[nacin]

Looks good.

Worth noting that update-core.php can only be accessed if you have the update_core cap. Perhaps that page should be changed to allow for someone to have only update_plugins and/or update_themes?

[nacin]

In [21195]:

Cap checks in the upgrader so we do not show links the user cannot access. props linuxologos for the initial patch. see #19824.

Also fixes a rare fatal error when theme_info is not set when updating a theme that is already up to date.

[nacin]

In [21196]:

Have the correct screen icon in place when the top level Plugins menu is plugin-install.php. This occurs when the user can install but not activate plugins. see #19824.

[nacin]

In [21197]:

Cap checks for links in the upgrader, for plugins. fixes #19824.

[nacin]

In [21200]:

Un-indent after [21198]. see #19824.