Add current_user_can() checks to link.php. Props DD32. fixes #4627

git-svn-id: http://svn.automattic.com/wordpress/trunk@6255 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2007-10-16 16:09:01 +00:00
parent 9c6dc8f1be
commit 2762527a1e
1 changed files with 8 additions and 19 deletions

View File

@ -3,6 +3,9 @@ require_once ('admin.php');
wp_reset_vars(array('action', 'cat_id', 'linkurl', 'name', 'image', 'description', 'visible', 'target', 'category', 'link_id', 'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel', 'notes', 'linkcheck[]'));
if ( ! current_user_can('manage_links') )
wp_die( __('You do not have sufficient permissions to edit the links for this blog.') );
if ('' != $_POST['deletebookmarks'])
$action = 'deletebookmarks';
if ('' != $_POST['move'])
@ -13,13 +16,9 @@ if ('' != $_POST['linkcheck'])
$this_file = 'link-manager.php';
switch ($action) {
case 'deletebookmarks' :
case 'deletebookmarks' :
check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
//for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) {
wp_redirect($this_file);
@ -41,10 +40,6 @@ switch ($action) {
case 'move' :
check_admin_referer('bulk-bookmarks');
// check the current user's level first.
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
//for each link id (in $linkcheck[]) change category to selected value
if (count($linkcheck) == 0) {
wp_redirect($this_file);
@ -63,7 +58,7 @@ switch ($action) {
add_link();
wp_redirect(wp_get_referer().'?added=true');
wp_redirect( wp_get_referer() . '?added=true' );
exit;
break;
@ -81,9 +76,6 @@ switch ($action) {
$link_id = (int) $_GET['link_id'];
check_admin_referer('delete-bookmark_' . $link_id);
if (!current_user_can('manage_links'))
wp_die(__('Cheatin’ uh?'));
wp_delete_link($link_id);
wp_redirect($this_file);
@ -97,21 +89,18 @@ switch ($action) {
$parent_file = 'link-manager.php';
$submenu_file = 'link-manager.php';
$title = __('Edit Link');
include_once ('admin-header.php');
if (!current_user_can('manage_links'))
wp_die(__('You do not have sufficient permissions to edit the links for this blog.'));
$link_id = (int) $_GET['link_id'];
if (!$link = get_link_to_edit($link_id))
wp_die(__('Link not found.'));
include_once ('admin-header.php');
include ('edit-link-form.php');
include ('admin-footer.php');
break;
default :
break;
}
include ('admin-footer.php');
?>