Menu and plugin tweaks.

git-svn-id: http://svn.automattic.com/wordpress/branches/2.0@4051 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2006-07-26 22:56:56 +00:00 · 2006-07-26 22:56:56 +00:00 · b764af3717
parent 17af24fdff
commit b764af3717
4 changed files with 33 additions and 13 deletions
--- a/wp-admin/admin-functions.php
+++ b/wp-admin/admin-functions.php
@ -361,7 +361,7 @@ function edit_user($user_id = 0) {
 	if (isset ($_POST['pass2']))
 		$pass2 = $_POST['pass2'];
-	if (isset ($_POST['role'])) {
+	if (isset ($_POST['role']) && current_user_can('edit_users')) {
 		if($user_id != $current_user->id || $wp_roles->role_objects[$_POST['role']]->has_cap('edit_users'))
 			$user->role = $_POST['role'];
 	}
@ -1214,6 +1214,7 @@ function user_can_access_admin_page() {
 	global $pagenow;
 	global $menu;
 	global $submenu;
 	global $plugin_page;
 	$parent = get_admin_page_parent();
@ -1229,15 +1230,23 @@ function user_can_access_admin_page() {
 	}
 	if (isset ($submenu[$parent])) {
-		foreach ($submenu[$parent] as $submenu_array) {
+		if ( isset($plugin_page) ) {
-			if ($submenu_array[2] == $pagenow) {
+			foreach ($submenu[$parent] as $submenu_array) {
-				if (!current_user_can($submenu_array[1])) {
+				if ( $submenu_array[2] == $plugin_page ) {
-					return false;
+					if (!current_user_can($submenu_array[1]))
-				} else {
+						return false;
 					return true;
 				}
 			}
 		}
 		foreach ($submenu[$parent] as $submenu_array) {		
 			if ($submenu_array[2] == $pagenow) {
 				if (!current_user_can($submenu_array[1]))
 					return false;
 				else
 					return true;
 			}
 		}
 	}
 	return true;
--- a/wp-admin/admin.php
+++ b/wp-admin/admin.php
@ -42,12 +42,15 @@ for ($i=0; $i<count($wpvarstoreset); $i += 1) {
 $xfn_js = $sack_js = $list_js = $cat_js = $dbx_js = $editing = false;
 require(ABSPATH . '/wp-admin/menu.php');
 // Handle plugin admin pages.
 if (isset($_GET['page'])) {
 	$plugin_page = stripslashes($_GET['page']);
 	$plugin_page = plugin_basename($plugin_page);
 }
 require(ABSPATH . '/wp-admin/menu.php');
 // Handle plugin admin pages.
 if (isset($plugin_page)) {
 	$page_hook = get_plugin_page_hook($plugin_page, $pagenow);
 	if ( $page_hook ) {
@ -76,6 +79,9 @@ if (isset($_GET['page'])) {
 	$importer = $_GET['import'];
 	if ( ! current_user_can('import') )
 		wp_die(__('You are not allowed to import.'));
 	if ( validate_file($importer) ) {
 		die(__('Invalid importer.'));
 	}
--- a/wp-content/plugins/wp-db-backup.php
+++ b/wp-content/plugins/wp-db-backup.php
@ -320,11 +320,11 @@ class wpdbBackup {
 	///////////////////////////////
 	function admin_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'backup_menu'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'backup_menu'));
 	}
 	function fragment_menu() {
-		add_management_page(__('Backup'), __('Backup'), 9, basename(__FILE__), array(&$this, 'build_backup_script'));
+		add_management_page(__('Backup'), __('Backup'), 'import', basename(__FILE__), array(&$this, 'build_backup_script'));
 	}
 	/////////////////////////////////////////////////////////
@ -885,6 +885,9 @@ class wpdbBackup {
 function wpdbBackup_init() {
 	global $mywpdbbackup;
 	if ( !current_user_can('import') ) return;
 	$mywpdbbackup = new wpdbBackup(); 	
 }
--- a/xmlrpc.php
+++ b/xmlrpc.php
@ -1228,10 +1228,12 @@ class wp_xmlrpc_server extends IXR_Server {
 		$pagelinkedfrom = $wpdb->escape( $pagelinkedfrom );
 		$original_title = $title;
-		$comment_post_ID = $post_ID;
+		$comment_post_ID = (int) $post_ID;
 		$comment_author = $title;
 		$this->escape($comment_author);
 		$comment_author_url = $pagelinkedfrom;
 		$comment_content = $context;
 		$this->escape($comment_content);
 		$comment_type = 'pingback';
 		$commentdata = compact('comment_post_ID', 'comment_author', 'comment_author_url', 'comment_content', 'comment_type');