Add some CYA cap checks.

git-svn-id: http://svn.automattic.com/wordpress/trunk@11763 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
ryan 2009-08-01 21:58:59 +00:00
parent a8890b9160
commit 9bb224cf1e
3 changed files with 9 additions and 0 deletions

View File

@ -9,6 +9,9 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('admin.php'); require_once('admin.php');
if ( !current_user_can('edit_posts') )
wp_die(__('Cheatin’ uh?'));
wp_enqueue_script('admin-comments'); wp_enqueue_script('admin-comments');
enqueue_comment_hotkeys_js(); enqueue_comment_hotkeys_js();

View File

@ -9,6 +9,9 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('admin.php'); require_once('admin.php');
if ( !current_user_can('edit_pages') )
wp_die(__('Cheatin’ uh?'));
// Handle bulk actions // Handle bulk actions
if ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delete_all']) || isset($_GET['delete_all2']) ) { if ( isset($_GET['doaction']) || isset($_GET['doaction2']) || isset($_GET['delete_all']) || isset($_GET['delete_all2']) ) {
check_admin_referer('bulk-pages'); check_admin_referer('bulk-pages');

View File

@ -9,6 +9,9 @@
/** WordPress Administration Bootstrap */ /** WordPress Administration Bootstrap */
require_once('admin.php'); require_once('admin.php');
if ( !current_user_can('edit_posts') )
wp_die(__('Cheatin’ uh?'));
// Back-compat for viewing comments of an entry // Back-compat for viewing comments of an entry
if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) { if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) ); wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );