From b764af371770e70b33d47365a695c084b6762e80 Mon Sep 17 00:00:00 2001
From: ryan <ryan@1a063a9b-81f0-0310-95a4-ce76da25c4cd>
Date: Wed, 26 Jul 2006 22:56:56 +0000
Subject: [PATCH] Menu and plugin tweaks.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
---
 wp-admin/admin-functions.php        | 23 ++++++++++++++++-------
 wp-admin/admin.php                  | 12 +++++++++---
 wp-content/plugins/wp-db-backup.php |  7 +++++--
 xmlrpc.php                          |  4 +++-
 4 files changed, 33 insertions(+), 13 deletions(-)

diff --git a/wp-admin/admin-functions.php b/wp-admin/admin-functions.php
index 60ede19a67..6b9be7541b 100644
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@@ -361,7 +361,7 @@ function edit_user($user_id = 0) {
 	if (isset ($_POST['pass2']))
 		$pass2 = $_POST['pass2'];
 
-	if (isset ($_POST['role'])) {
+	if (isset ($_POST['role']) && current_user_can('edit_users')) {
 		if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
 			$user->role = $_POST['role'];
 	}
@@ -1214,6 +1214,7 @@ function user_can_access_admin_page() {
 	global $pagenow;
 	global $menu;
 	global $submenu;
+	global $plugin_page;
 
 	$parent = get_admin_page_parent();
 
@@ -1229,15 +1230,23 @@ function user_can_access_admin_page() {
 	}
 
 	if (isset ($submenu[$parent])) {
-		foreach ($submenu[$parent] as $submenu_array) {
-			if ($submenu_array[2] == $pagenow) {
-				if (!current_user_can($submenu_array[1])) {
-					return false;
-				} else {
-					return true;
+		if ( isset($plugin_page) ) {
+			foreach ($submenu[$parent] as $submenu_array) {
+				if ( $submenu_array[2] == $plugin_page ) {
+					if (!current_user_can($submenu_array[1]))
+						return false;
 				}
 			}
 		}
+
+		foreach ($submenu[$parent] as $submenu_array) {		
+			if ($submenu_array[2] == $pagenow) {
+				if (!current_user_can($submenu_array[1]))
+					return false;
+				else
+					return true;
+			}
+		}
 	}
 
 	return true;
diff --git a/wp-admin/admin.php b/wp-admin/admin.php
index 29726d0fa8..756cc48062 100644
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@@ -42,12 +42,15 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 
 $xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
 
-require(ABSPATH . '/wp-admin/menu.php');
-
-// Handle plugin admin pages.
 if (isset($_GET['page'])) {
 	$plugin_page = stripslashes($_GET['page']);
 	$plugin_page = plugin_basename($plugin_page);
+}
+
+require(ABSPATH . '/wp-admin/menu.php');
+
+// Handle plugin admin pages.
+if (isset($plugin_page)) {
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
 
 	if ( $page_hook ) {
@@ -76,6 +79,9 @@ if (isset($_GET['page'])) {
 	
 	$importer = $_GET['import'];
 
+	if ( ! current_user_can('import') )
+		wp_die(__('You are not allowed to import.'));
+
 	if ( validate_file($importer) ) {
 		die(__('Invalid importer.'));
 	}
diff --git a/wp-content/plugins/wp-db-backup.php b/wp-content/plugins/wp-db-backup.php
index 914135c5d0..4c92a7f608 100644
--- a/wp-content/plugins/wp-db-backup.php
+++ b/wp-content/plugins/wp-db-backup.php
@@ -320,11 +320,11 @@ class wpdbBackup {
 	
 	///////////////////////////////
 	function admin_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
 	}
 
 	function fragment_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
 	}
 
 	/////////////////////////////////////////////////////////
@@ -885,6 +885,9 @@ class wpdbBackup {
 
 function wpdbBackup_init() {
 	global $mywpdbbackup;
+
+	if ( !current_user_can('import') ) return;
+
 	$mywpdbbackup = new wpdbBackup(); 	
 }
 
diff --git a/xmlrpc.php b/xmlrpc.php
index 045acba767..c5b361778f 100644
--- a/xmlrpc.php
+++ b/xmlrpc.php
@@ -1228,10 +1228,12 @@ class wp_xmlrpc_server extends IXR_Server {
 		$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
 		$original_title = $title;
 
-		$comment_post_ID = $post_ID;
+		$comment_post_ID = (int) $post_ID;
 		$comment_author = $title;
+		$this->escape($comment_author);
 		$comment_author_url = $pagelinkedfrom;
 		$comment_content = $context;
+		$this->escape($comment_content);
 		$comment_type = 'pingback';
 
 		$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');