Add some CYA cap checks.
git-svn-id: http://svn.automattic.com/wordpress/trunk@11761 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
a431376de5
commit
a8890b9160
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Discussion Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('./admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('General Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
/* translators: date and time format for exact current time, mainly about timezones, see http://php.net/date */
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Media Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Miscellaneous Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Permalink Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** Load WordPress Administration Bootstrap */
|
||||
require_once('./admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Privacy Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Reading Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('manage_options') )
|
||||
wp_die(__('You do not have sufficient permissions to manage options for this blog.'));
|
||||
|
||||
$title = __('Writing Settings');
|
||||
$parent_file = 'options-general.php';
|
||||
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( ! current_user_can('activate_plugins') )
|
||||
wp_die(__('You do not have sufficient permissions to manage plugins for this blog.'));
|
||||
|
||||
if ( isset($_POST['clear-recent-list']) )
|
||||
$action = 'clear-recent-list';
|
||||
elseif ( !empty($_REQUEST['action']) )
|
||||
|
@ -37,6 +40,9 @@ $_SERVER['REQUEST_URI'] = remove_query_arg(array('error', 'deleted', 'activate',
|
|||
if ( !empty($action) ) {
|
||||
switch ( $action ) {
|
||||
case 'activate':
|
||||
if ( ! current_user_can('activate_plugins') )
|
||||
wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
|
||||
|
||||
check_admin_referer('activate-plugin_' . $plugin);
|
||||
|
||||
$result = activate_plugin($plugin, 'plugins.php?error=true&plugin=' . $plugin);
|
||||
|
@ -53,6 +59,9 @@ if ( !empty($action) ) {
|
|||
exit;
|
||||
break;
|
||||
case 'activate-selected':
|
||||
if ( ! current_user_can('activate_plugins') )
|
||||
wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
|
||||
|
||||
check_admin_referer('bulk-manage-plugins');
|
||||
|
||||
$plugins = (array) $_POST['checked'];
|
||||
|
@ -75,6 +84,9 @@ if ( !empty($action) ) {
|
|||
exit;
|
||||
break;
|
||||
case 'error_scrape':
|
||||
if ( ! current_user_can('activate_plugins') )
|
||||
wp_die(__('You do not have sufficient permissions to activate plugins for this blog.'));
|
||||
|
||||
check_admin_referer('plugin-activation-error_' . $plugin);
|
||||
|
||||
$valid = validate_plugin($plugin);
|
||||
|
@ -88,6 +100,9 @@ if ( !empty($action) ) {
|
|||
exit;
|
||||
break;
|
||||
case 'deactivate':
|
||||
if ( ! current_user_can('activate_plugins') )
|
||||
wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
|
||||
|
||||
check_admin_referer('deactivate-plugin_' . $plugin);
|
||||
deactivate_plugins($plugin);
|
||||
update_option('recently_activated', array($plugin => time()) + (array)get_option('recently_activated'));
|
||||
|
@ -95,6 +110,9 @@ if ( !empty($action) ) {
|
|||
exit;
|
||||
break;
|
||||
case 'deactivate-selected':
|
||||
if ( ! current_user_can('activate_plugins') )
|
||||
wp_die(__('You do not have sufficient permissions to deactivate plugins for this blog.'));
|
||||
|
||||
check_admin_referer('bulk-manage-plugins');
|
||||
|
||||
$plugins = (array) $_POST['checked'];
|
||||
|
|
|
@ -9,6 +9,9 @@
|
|||
/** WordPress Administration Bootstrap */
|
||||
require_once('admin.php');
|
||||
|
||||
if ( !current_user_can('switch_themes') )
|
||||
wp_die( __( 'Cheatin’ uh?' ) );
|
||||
|
||||
if ( isset($_GET['action']) ) {
|
||||
if ( 'activate' == $_GET['action'] ) {
|
||||
check_admin_referer('switch-theme_' . $_GET['template']);
|
||||
|
|
|
@ -17,6 +17,7 @@ if ( is_admin() ) {
|
|||
// wp-admin pages are checked more carefully
|
||||
preg_match('#/wp-admin/?(.*?)$#i', $PHP_SELF, $self_matches);
|
||||
$pagenow = $self_matches[1];
|
||||
$pagenow = trim($pagenow, '/');
|
||||
$pagenow = preg_replace('#\?.*?$#', '', $pagenow);
|
||||
if ( '' === $pagenow || 'index' === $pagenow || 'index.php' === $pagenow ) {
|
||||
$pagenow = 'index.php';
|
||||
|
|
Loading…
Reference in New Issue