Add some CYA cap checks.
git-svn-id: http://svn.automattic.com/wordpress/branches/2.8@11766 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
57dad41e07
commit
b3458cc79c
|
@ -9,6 +9,9 @@
|
||||||
/** WordPress Administration Bootstrap */
|
/** WordPress Administration Bootstrap */
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
|
if ( !current_user_can('edit_posts') )
|
||||||
|
wp_die(__('Cheatin’ uh?'));
|
||||||
|
|
||||||
wp_enqueue_script('admin-comments');
|
wp_enqueue_script('admin-comments');
|
||||||
enqueue_comment_hotkeys_js();
|
enqueue_comment_hotkeys_js();
|
||||||
|
|
||||||
|
|
|
@ -9,6 +9,9 @@
|
||||||
/** WordPress Administration Bootstrap */
|
/** WordPress Administration Bootstrap */
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
|
if ( !current_user_can('edit_pages') )
|
||||||
|
wp_die(__('Cheatin’ uh?'));
|
||||||
|
|
||||||
// Handle bulk actions
|
// Handle bulk actions
|
||||||
if ( isset($_GET['action']) && ( -1 != $_GET['action'] || -1 != $_GET['action2'] ) ) {
|
if ( isset($_GET['action']) && ( -1 != $_GET['action'] || -1 != $_GET['action2'] ) ) {
|
||||||
$doaction = ( -1 != $_GET['action'] ) ? $_GET['action'] : $_GET['action2'];
|
$doaction = ( -1 != $_GET['action'] ) ? $_GET['action'] : $_GET['action2'];
|
||||||
|
|
|
@ -9,6 +9,9 @@
|
||||||
/** WordPress Administration Bootstrap */
|
/** WordPress Administration Bootstrap */
|
||||||
require_once('admin.php');
|
require_once('admin.php');
|
||||||
|
|
||||||
|
if ( !current_user_can('edit_posts') )
|
||||||
|
wp_die(__('Cheatin’ uh?'));
|
||||||
|
|
||||||
// Back-compat for viewing comments of an entry
|
// Back-compat for viewing comments of an entry
|
||||||
if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
|
if ( $_redirect = intval( max( @$_GET['p'], @$_GET['attachment_id'], @$_GET['page_id'] ) ) ) {
|
||||||
wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );
|
wp_redirect( admin_url('edit-comments.php?p=' . $_redirect ) );
|
||||||
|
|
Loading…
Reference in New Issue