Introduce DISALLOW_FILE_MOD for disabling all ops that modify core, theme, or plugins files. see #13000

git-svn-id: http://svn.automattic.com/wordpress/trunk@14088 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2010-04-14 17:22:11 +00:00 · 2010-04-14 17:22:11 +00:00 · c4a677dea9
parent 5e923222fa
commit c4a677dea9
1 changed files with 8 additions and 1 deletions
--- a/wp-includes/capabilities.php
+++ b/wp-includes/capabilities.php
@ -993,7 +993,6 @@ function map_meta_cap( $cap, $user_id ) {
 			break;
 		}
 		// Fall through if not DISALLOW_FILE_EDIT.
-	case 'unfiltered_html':
 	case 'update_plugins':
 	case 'delete_plugins':
 	case 'install_plugins':
@ -1001,6 +1000,14 @@ function map_meta_cap( $cap, $user_id ) {
 	case 'delete_themes':
 	case 'install_themes':
 	case 'update_core':
+		// Disallow anything that creates, deletes, or edits core, plugin, or theme files.
+		// Files in uploads are excepted.
+		if ( defined('DISALLOW_FILE_MODS') && DISALLOW_FILE_MODS ) {
+			$caps[] = 'do_not_allow';
+			break;
+		}
+		// Fall through if not DISALLOW_FILE_MODS.
+	case 'unfiltered_html':
 	case 'delete_user':
 	case 'delete_users':
 		// If multisite these caps are allowed only for super admins.