From b3458cc79c6111df7705f0318158b40abc8a473f Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Sun, 2 Aug 2009 23:11:54 +0000
Subject: [PATCH] Add some CYA cap checks.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/edit-comments.php | 3 +++
 wp-admin/edit-pages.php    | 3 +++
 wp-admin/edit.php          | 3 +++
 3 files changed, 9 insertions(+)

diff --git a/wp-admin/edit-comments.php b/wp-admin/edit-comments.php
index 7df0210332..dd5f867a42 100644
--- a/wp-admin/edit-comments.php
+++ b/wp-admin/edit-comments.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 wp_enqueue_script('admin-comments');
 enqueue_comment_hotkeys_js();
 
diff --git a/wp-admin/edit-pages.php b/wp-admin/edit-pages.php
index 0cf1680e10..b2fa38b86b 100644
--- a/wp-admin/edit-pages.php
+++ b/wp-admin/edit-pages.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_pages') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Handle bulk actions
 if ( isset($_GET['action']) && ( -1 != $_GET['action'] || -1 != $_GET['action2'] ) ) {
 	$doaction = ( -1 != $_GET['action'] ) ? $_GET['action'] : $_GET['action2'];
diff --git a/wp-admin/edit.php b/wp-admin/edit.php
index eb6b9f1c49..ae5bee9c6f 100644
--- a/wp-admin/edit.php
+++ b/wp-admin/edit.php
@@ -9,6 +9,9 @@
 /** WordPress Administration Bootstrap */
 require_once('admin.php');
 
+if ( !current_user_can('edit_posts') )
+	wp_die(__('Cheatin&#8217; uh?'));
+
 // Back-compat for viewing comments of an entry
 if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
 	wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );