From 46cd784f3cb75ddc8ec6a1d5c678979a74aa2dab Mon Sep 17 00:00:00 2001 From: westi Date: Tue, 7 Dec 2010 21:06:19 +0000 Subject: [PATCH] Restore some more cap checks for clarity. See #15326. git-svn-id: http://svn.automattic.com/wordpress/trunk@16776 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/edit.php | 4 +++- wp-admin/link-manager.php | 2 ++ wp-admin/plugin-install.php | 4 +++- wp-admin/plugins.php | 3 +++ wp-admin/theme-install.php | 2 ++ wp-admin/themes.php | 4 +++- 6 files changed, 16 insertions(+), 3 deletions(-) diff --git a/wp-admin/edit.php b/wp-admin/edit.php index f5e47b5c0d..c038559674 100644 --- a/wp-admin/edit.php +++ b/wp-admin/edit.php @@ -8,7 +8,9 @@ /** WordPress Administration Bootstrap */ require_once( './admin.php' ); - +if ( !current_user_can( $post_type_object->cap->edit_posts ) ) + wp_die( __( 'Cheatin’ uh?' ) ); + $wp_list_table = get_list_table('WP_Posts_List_Table'); $wp_list_table->check_permissions(); diff --git a/wp-admin/link-manager.php b/wp-admin/link-manager.php index 752ccb1fb9..95223a9b2c 100644 --- a/wp-admin/link-manager.php +++ b/wp-admin/link-manager.php @@ -8,6 +8,8 @@ /** Load WordPress Administration Bootstrap */ require_once ('admin.php'); +if ( ! current_user_can( 'manage_links' ) ) + wp_die( __( 'You do not have sufficient permissions to edit the links for this site.' ) ); $wp_list_table = get_list_table('WP_Links_List_Table'); $wp_list_table->check_permissions(); diff --git a/wp-admin/plugin-install.php b/wp-admin/plugin-install.php index 0662677b43..57b07c589e 100644 --- a/wp-admin/plugin-install.php +++ b/wp-admin/plugin-install.php @@ -11,7 +11,9 @@ if ( !defined( 'IFRAME_REQUEST' ) && isset( $_GET['tab'] ) && ( 'plugin-informat /** WordPress Administration Bootstrap */ require_once('./admin.php'); - +if ( ! current_user_can('install_plugins') ) + wp_die(__('You do not have sufficient permissions to install plugins on this site.')); + if ( is_multisite() && ! is_network_admin() ) { wp_redirect( network_admin_url( 'plugin-install.php' ) ); exit(); diff --git a/wp-admin/plugins.php b/wp-admin/plugins.php index 38c63cfd3e..5f790e3704 100644 --- a/wp-admin/plugins.php +++ b/wp-admin/plugins.php @@ -9,6 +9,9 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); +if ( !current_user_can('activate_plugins') ) + wp_die( __( 'You do not have sufficient permissions to manage plugins for this site.' ) ); + $wp_list_table = get_list_table('WP_Plugins_List_Table'); $wp_list_table->check_permissions(); diff --git a/wp-admin/theme-install.php b/wp-admin/theme-install.php index e48885f9e1..2ada2cd62d 100644 --- a/wp-admin/theme-install.php +++ b/wp-admin/theme-install.php @@ -11,6 +11,8 @@ if ( !defined( 'IFRAME_REQUEST' ) && isset( $_GET['tab'] ) && ( 'theme-informati /** WordPress Administration Bootstrap */ require_once('./admin.php'); +if ( ! current_user_can('install_themes') ) + wp_die( __( 'You do not have sufficient permissions to install themes on this site.' ) ); if ( is_multisite() && ! is_network_admin() ) { wp_redirect( network_admin_url( 'theme-install.php' ) ); diff --git a/wp-admin/themes.php b/wp-admin/themes.php index 58bab5c164..f48f77c78e 100644 --- a/wp-admin/themes.php +++ b/wp-admin/themes.php @@ -8,7 +8,9 @@ /** WordPress Administration Bootstrap */ require_once('./admin.php'); - +if ( !current_user_can('switch_themes') && !current_user_can('edit_theme_options') ) + wp_die( __( 'Cheatin’ uh?' ) ); + $wp_list_table = get_list_table('WP_Themes_List_Table'); $wp_list_table->check_permissions();